diff --git a/.cargo/config.toml b/.cargo/config.toml
index a2d21df..81ce1bc 100644
--- a/.cargo/config.toml
+++ b/.cargo/config.toml
@@ -1,5 +1,5 @@
 [target.xtensa-esp32-none-elf]
-runner = "espflash flash --monitor"
+runner = "espflash flash --monitor --baud 921600"
 
 rustflags = [
   "-C", "link-arg=-Tlinkall.x",
@@ -9,7 +9,7 @@ rustflags = [
 ]
 
 [target.riscv32imc-unknown-none-elf]
-runner = "espflash flash --monitor"
+runner = "espflash flash --monitor --baud 921600"
 
 rustflags = [
   "-C", "link-arg=-Tlinkall.x",
@@ -36,8 +36,34 @@ rustflags = [
   "--cfg", 'target_has_atomic="ptr"',
 ]
 
+[target.xtensa-esp32s2-none-elf]
+runner = "espflash flash --monitor --baud 921600"
+
+rustflags = [
+    #"-C", "linker=rust-lld",    
+    
+    "-C", "link-arg=-Tlinkall.x",
+    "-C", "link-arg=-Trom_functions.x",
+
+    # Enable the atomic codegen option for Xtensa
+    "-C", "target-feature=+s32c1i",
+
+  # tell the core library have atomics even though it's not specified in the target definition
+  "--cfg", "target_has_atomic_load_store",
+  "--cfg", 'target_has_atomic_load_store="8"',
+  "--cfg", 'target_has_atomic_load_store="16"',
+  "--cfg", 'target_has_atomic_load_store="32"',
+  "--cfg", 'target_has_atomic_load_store="ptr"',
+  # enable cas
+  "--cfg", "target_has_atomic",
+  "--cfg", 'target_has_atomic="8"',
+  "--cfg", 'target_has_atomic="16"',
+  "--cfg", 'target_has_atomic="32"',
+  "--cfg", 'target_has_atomic="ptr"',
+]
+
 [target.xtensa-esp32s3-none-elf]
-runner = "espflash flash --monitor"
+runner = "espflash flash --monitor --baud 921600"
 
 rustflags = [
   "-C", "link-arg=-Tlinkall.x",
@@ -48,3 +74,6 @@ rustflags = [
 
 [unstable]
 build-std = ["core"]
+
+[alias]
+xtask = "run --manifest-path ./xtask/Cargo.toml --"
diff --git a/Cargo.toml b/Cargo.toml
index 869abdb..8f94d3c 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -19,9 +19,10 @@ lto = false
 opt-level = 3
 
 [dependencies]
-esp32-hal = { version = "0.13.0", optional = true }
-esp32c3-hal = { version = "0.10.0", optional = true }
-esp32s3-hal = { version = "0.10.0", optional = true }
+esp32-hal = { version = "0.15.0", optional = true }
+esp32c3-hal = { version = "0.12.0", optional = true }
+esp32s2-hal = { version = "0.12.0", optional = true }
+esp32s3-hal = { version = "0.12.0", optional = true }
 esp-backtrace = { version = "0.6.0", features = ["panic-handler", "print-uart", "exception-handler"] }
 esp-println       = { version = "0.4.0", features = ["log"] }
 
@@ -29,7 +30,7 @@ embassy-time = { version = "0.1.0", features = ["nightly"], optional = true }
 embassy-executor = { version = "0.2.0", package = "embassy-executor", features = ["nightly", "executor-thread", "integrated-timers"], optional = true }
 embassy-net = { version = "0.1.0", features = ["nightly", "tcp", "udp", "dhcpv4", "medium-ethernet"], optional = true }
 
-esp-wifi = { git = "https://github.com/esp-rs/esp-wifi.git", features = ["big-heap", "phy-enable-usb", "embedded-svc", "wifi"], rev = "68dc11bbb2c0efa29c4acbbf134d6f142441065e" }
+esp-wifi = { git = "https://github.com/esp-rs/esp-wifi.git", features = ["big-heap", "phy-enable-usb", "embedded-svc", "wifi"], rev = "fbb8417fc450ec0701067b36629770c11338231c" }
 smoltcp = { version = "0.10.0", default-features=false, features = ["proto-igmp", "proto-ipv4", "socket-tcp", "socket-icmp", "socket-udp", "medium-ethernet", "proto-dhcpv4", "socket-raw", "socket-dhcpv4"] }
 embedded-svc = { version = "0.25.0", default-features = false}
 log = "0.4.16"
@@ -59,8 +60,9 @@ name              = "async_server_mTLS"
 required-features = ["async"]
 
 [features]
-esp32 = ["esp32-hal/embassy-time-timg0", "esp-backtrace/esp32", "esp-println/esp32", "embassy-executor?/arch-xtensa", "esp-wifi/esp32"]
-esp32c3 = ["esp32c3-hal/embassy-time-timg0", "esp-backtrace/esp32c3", "esp-println/esp32c3", "embassy-executor?/arch-riscv32", "esp-wifi/esp32c3"]
-esp32s3 = ["esp32s3-hal/embassy-time-timg0", "esp-backtrace/esp32s3", "esp-println/esp32s3", "embassy-executor?/arch-xtensa", "esp-wifi/esp32s3"]
+esp32 = ["esp32-hal/embassy-time-timg0", "esp-backtrace/esp32", "esp-println/esp32", "embassy-executor?/arch-xtensa", "esp-wifi/esp32", "esp-mbedtls/esp32"]
+esp32c3 = ["esp32c3-hal/embassy-time-timg0", "esp-backtrace/esp32c3", "esp-println/esp32c3", "embassy-executor?/arch-riscv32", "esp-wifi/esp32c3", "esp-mbedtls/esp32c3"]
+esp32s2 = ["esp32s2-hal/embassy-time-timg0", "esp-backtrace/esp32s2", "esp-println/esp32s2", "embassy-executor?/arch-xtensa", "esp-wifi/esp32s2", "esp-mbedtls/esp32s2"]
+esp32s3 = ["esp32s3-hal/embassy-time-timg0", "esp-backtrace/esp32s3", "esp-println/esp32s3", "embassy-executor?/arch-xtensa", "esp-wifi/esp32s3", "esp-mbedtls/esp32s3"]
 async = ["esp-wifi/async", "esp-wifi/embassy-net", "embassy-executor", "embassy-net", "embassy-time", "embedded-io/async", "esp-mbedtls/async"]
 
diff --git a/README.md b/README.md
index 6d0692f..fb76ccc 100644
--- a/README.md
+++ b/README.md
@@ -32,6 +32,8 @@ Examples are available for:
 - esp32c3
 - esp32s3
 
+Limited support is also available for `esp32s2` but it won't compile for async.
+
 To run examples, you need to specify the architecture as a feature, the example name, the target and the toolchain.
 
 You also need to set `SSID` and `PASSWORD` as your environment variables
diff --git a/build_mbedtls/build_all.sh b/build_mbedtls/build_all.sh
deleted file mode 100644
index c34106d..0000000
--- a/build_mbedtls/build_all.sh
+++ /dev/null
@@ -1,64 +0,0 @@
-#!/bin/bash
-
-rm -rf target
-rm -rf tmpsrc
-mkdir target
-mkdir tmpsrc
-cp -r ../mbedtls tmpsrc
-
-# Remove "-Wdocumentation" since Clang will complain
-sed -i "s/-Wdocumentation//g" tmpsrc/mbedtls/library/CMakeLists.txt
-
-cp config.h tmpsrc/mbedtls/include/mbedtls/mbedtls_config.h
-cd target
-
-cmake -DCMAKE_BUILD_TYPE=Release -DUSE_SHARED_MBEDTLS_LIBRARY=OFF -DUSE_STATIC_MBEDTLS_LIBRARY=ON -DENABLE_PROGRAMS=OFF -DENABLE_TESTING=OFF -DCMAKE_EXPORT_COMPILE_COMMANDS=ON -DCMAKE_TOOLCHAIN_FILE=$IDF_PATH/tools/cmake/toolchain-esp32c3.cmake ../tmpsrc/mbedtls
-make
-
-cp library/libmbedcrypto.a ../../libs/riscv32imc-unknown-none-elf/libmbedcrypto.a
-cp library/libmbedtls.a ../../libs/riscv32imc-unknown-none-elf/libmbedtls.a
-cp library/libmbedx509.a ../../libs/riscv32imc-unknown-none-elf/libmbedx509.a
-
-cd ..
-
-# on Xtensa varargs don't work right yet - use a no debug output build
-cp config_no_debug.h tmpsrc/mbedtls/include/mbedtls/mbedtls_config.h
-
-rm -rf target
-mkdir target
-cd target
-
-cmake -DCMAKE_BUILD_TYPE=Release -DUSE_SHARED_MBEDTLS_LIBRARY=OFF -DUSE_STATIC_MBEDTLS_LIBRARY=ON -DENABLE_PROGRAMS=OFF -DENABLE_TESTING=OFF -DCMAKE_EXPORT_COMPILE_COMMANDS=ON -DCMAKE_TOOLCHAIN_FILE=$IDF_PATH/tools/cmake/toolchain-clang-esp32.cmake ../tmpsrc/mbedtls
-make
-
-cp library/libmbedcrypto.a ../../libs/xtensa-esp32-none-elf/libmbedcrypto.a
-cp library/libmbedtls.a ../../libs/xtensa-esp32-none-elf/libmbedtls.a
-cp library/libmbedx509.a ../../libs/xtensa-esp32-none-elf/libmbedx509.a
-
-cd ..
-rm -rf target
-mkdir target
-cd target
-
-cmake -DCMAKE_BUILD_TYPE=Release -DUSE_SHARED_MBEDTLS_LIBRARY=OFF -DUSE_STATIC_MBEDTLS_LIBRARY=ON -DENABLE_PROGRAMS=OFF -DENABLE_TESTING=OFF -DCMAKE_EXPORT_COMPILE_COMMANDS=ON -DCMAKE_TOOLCHAIN_FILE=$IDF_PATH/tools/cmake/toolchain-clang-esp32s2.cmake ../tmpsrc/mbedtls
-make
-
-cp library/libmbedcrypto.a ../../libs/xtensa-esp32s2-none-elf/libmbedcrypto.a
-cp library/libmbedtls.a ../../libs/xtensa-esp32s2-none-elf/libmbedtls.a
-cp library/libmbedx509.a ../../libs/xtensa-esp32s2-none-elf/libmbedx509.a
-
-cd ..
-rm -rf target
-mkdir target
-cd target
-
-cmake -DCMAKE_BUILD_TYPE=Release -DUSE_SHARED_MBEDTLS_LIBRARY=OFF -DUSE_STATIC_MBEDTLS_LIBRARY=ON -DENABLE_PROGRAMS=OFF -DENABLE_TESTING=OFF -DCMAKE_EXPORT_COMPILE_COMMANDS=ON -DCMAKE_TOOLCHAIN_FILE=$IDF_PATH/tools/cmake/toolchain-clang-esp32s3.cmake ../tmpsrc/mbedtls
-make
-
-cp library/libmbedcrypto.a ../../libs/xtensa-esp32s3-none-elf/libmbedcrypto.a
-cp library/libmbedtls.a ../../libs/xtensa-esp32s3-none-elf/libmbedtls.a
-cp library/libmbedx509.a ../../libs/xtensa-esp32s3-none-elf/libmbedx509.a
-
-cd ..
-rm -rf target
-rm -rf tmpsrc
diff --git a/esp-mbedtls-sys/Cargo.toml b/esp-mbedtls-sys/Cargo.toml
index fe51547..fa332c6 100644
--- a/esp-mbedtls-sys/Cargo.toml
+++ b/esp-mbedtls-sys/Cargo.toml
@@ -7,3 +7,12 @@ edition = "2021"
 anyhow = "1.0.68"
 
 [dependencies]
+
+[features]
+default = []
+
+# Exactly *one* chip MUST be selected via its feature:
+esp32 = []
+esp32c3 = []
+esp32s2 = []
+esp32s3 = []
diff --git a/esp-mbedtls-sys/build.rs b/esp-mbedtls-sys/build.rs
index b4de6f1..0418f64 100644
--- a/esp-mbedtls-sys/build.rs
+++ b/esp-mbedtls-sys/build.rs
@@ -88,7 +88,7 @@ fn main() -> Result<()> {
     println!("cargo:rustc-link-lib={}", "mbedx509");
     println!("cargo:rustc-link-lib={}", "mbedcrypto");
     println!("cargo:rustc-link-search={}", out.display());
-
+    println!("cargo:rerun-if-changed=../libs");
     Ok(())
 }
 
diff --git a/build_mbedtls/config_no_debug.h b/esp-mbedtls-sys/headers/esp32/config.h
similarity index 100%
rename from build_mbedtls/config_no_debug.h
rename to esp-mbedtls-sys/headers/esp32/config.h
diff --git a/build_mbedtls/config.h b/esp-mbedtls-sys/headers/esp32c3/config.h
similarity index 99%
rename from build_mbedtls/config.h
rename to esp-mbedtls-sys/headers/esp32c3/config.h
index f884439..7eb82a8 100644
--- a/build_mbedtls/config.h
+++ b/esp-mbedtls-sys/headers/esp32c3/config.h
@@ -3918,3 +3918,4 @@
 //#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
 
 /** \} name SECTION: Module configuration options */
+
diff --git a/esp-mbedtls-sys/headers/esp32s2/config.h b/esp-mbedtls-sys/headers/esp32s2/config.h
new file mode 100644
index 0000000..1f366db
--- /dev/null
+++ b/esp-mbedtls-sys/headers/esp32s2/config.h
@@ -0,0 +1,3920 @@
+/**
+ * \file mbedtls_config.h
+ *
+ * \brief Configuration options (set of defines)
+ *
+ *  This set of compile-time options may be used to enable
+ *  or disable features selectively, and reduce the global
+ *  memory footprint.
+ */
+/*
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+ * This is an optional version symbol that enables compatibility handling of
+ * config files.
+ *
+ * It is equal to the #MBEDTLS_VERSION_NUMBER of the Mbed TLS version that
+ * introduced the config format we want to be compatible with.
+ */
+//#define MBEDTLS_CONFIG_VERSION 0x03000000
+
+/**
+ * \name SECTION: System support
+ *
+ * This section sets system specific settings.
+ * \{
+ */
+
+/**
+ * \def MBEDTLS_HAVE_ASM
+ *
+ * The compiler has support for asm().
+ *
+ * Requires support for asm() in compiler.
+ *
+ * Used in:
+ *      library/aesni.h
+ *      library/aria.c
+ *      library/bn_mul.h
+ *      library/constant_time.c
+ *      library/padlock.h
+ *
+ * Required by:
+ *      MBEDTLS_AESCE_C
+ *      MBEDTLS_AESNI_C (on some platforms)
+ *      MBEDTLS_PADLOCK_C
+ *
+ * Comment to disable the use of assembly code.
+ */
+#define MBEDTLS_HAVE_ASM
+
+/**
+ * \def MBEDTLS_NO_UDBL_DIVISION
+ *
+ * The platform lacks support for double-width integer division (64-bit
+ * division on a 32-bit platform, 128-bit division on a 64-bit platform).
+ *
+ * Used in:
+ *      include/mbedtls/bignum.h
+ *      library/bignum.c
+ *
+ * The bignum code uses double-width division to speed up some operations.
+ * Double-width division is often implemented in software that needs to
+ * be linked with the program. The presence of a double-width integer
+ * type is usually detected automatically through preprocessor macros,
+ * but the automatic detection cannot know whether the code needs to
+ * and can be linked with an implementation of division for that type.
+ * By default division is assumed to be usable if the type is present.
+ * Uncomment this option to prevent the use of double-width division.
+ *
+ * Note that division for the native integer type is always required.
+ * Furthermore, a 64-bit type is always required even on a 32-bit
+ * platform, but it need not support multiplication or division. In some
+ * cases it is also desirable to disable some double-width operations. For
+ * example, if double-width division is implemented in software, disabling
+ * it can reduce code size in some embedded targets.
+ */
+//#define MBEDTLS_NO_UDBL_DIVISION
+
+/**
+ * \def MBEDTLS_NO_64BIT_MULTIPLICATION
+ *
+ * The platform lacks support for 32x32 -> 64-bit multiplication.
+ *
+ * Used in:
+ *      library/poly1305.c
+ *
+ * Some parts of the library may use multiplication of two unsigned 32-bit
+ * operands with a 64-bit result in order to speed up computations. On some
+ * platforms, this is not available in hardware and has to be implemented in
+ * software, usually in a library provided by the toolchain.
+ *
+ * Sometimes it is not desirable to have to link to that library. This option
+ * removes the dependency of that library on platforms that lack a hardware
+ * 64-bit multiplier by embedding a software implementation in Mbed TLS.
+ *
+ * Note that depending on the compiler, this may decrease performance compared
+ * to using the library function provided by the toolchain.
+ */
+//#define MBEDTLS_NO_64BIT_MULTIPLICATION
+
+/**
+ * \def MBEDTLS_HAVE_SSE2
+ *
+ * CPU supports SSE2 instruction set.
+ *
+ * Uncomment if the CPU supports SSE2 (IA-32 specific).
+ */
+//#define MBEDTLS_HAVE_SSE2
+
+/**
+ * \def MBEDTLS_HAVE_TIME
+ *
+ * System has time.h and time().
+ * The time does not need to be correct, only time differences are used,
+ * by contrast with MBEDTLS_HAVE_TIME_DATE
+ *
+ * Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT,
+ * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and
+ * MBEDTLS_PLATFORM_STD_TIME.
+ *
+ * Comment if your system does not support time functions.
+ *
+ * \note If MBEDTLS_TIMING_C is set - to enable the semi-portable timing
+ *       interface - timing.c will include time.h on suitable platforms
+ *       regardless of the setting of MBEDTLS_HAVE_TIME, unless
+ *       MBEDTLS_TIMING_ALT is used. See timing.c for more information.
+ */
+//#define MBEDTLS_HAVE_TIME
+
+/**
+ * \def MBEDTLS_HAVE_TIME_DATE
+ *
+ * System has time.h, time(), and an implementation for
+ * mbedtls_platform_gmtime_r() (see below).
+ * The time needs to be correct (not necessarily very accurate, but at least
+ * the date should be correct). This is used to verify the validity period of
+ * X.509 certificates.
+ *
+ * Comment if your system does not have a correct clock.
+ *
+ * \note mbedtls_platform_gmtime_r() is an abstraction in platform_util.h that
+ * behaves similarly to the gmtime_r() function from the C standard. Refer to
+ * the documentation for mbedtls_platform_gmtime_r() for more information.
+ *
+ * \note It is possible to configure an implementation for
+ * mbedtls_platform_gmtime_r() at compile-time by using the macro
+ * MBEDTLS_PLATFORM_GMTIME_R_ALT.
+ */
+//#define MBEDTLS_HAVE_TIME_DATE
+
+/**
+ * \def MBEDTLS_PLATFORM_MEMORY
+ *
+ * Enable the memory allocation layer.
+ *
+ * By default mbed TLS uses the system-provided calloc() and free().
+ * This allows different allocators (self-implemented or provided) to be
+ * provided to the platform abstraction layer.
+ *
+ * Enabling MBEDTLS_PLATFORM_MEMORY without the
+ * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide
+ * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and
+ * free() function pointer at runtime.
+ *
+ * Enabling MBEDTLS_PLATFORM_MEMORY and specifying
+ * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the
+ * alternate function at compile time.
+ *
+ * Requires: MBEDTLS_PLATFORM_C
+ *
+ * Enable this layer to allow use of alternative memory allocators.
+ */
+//#define MBEDTLS_PLATFORM_MEMORY
+
+/**
+ * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
+ *
+ * Do not assign standard functions in the platform layer (e.g. calloc() to
+ * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF)
+ *
+ * This makes sure there are no linking errors on platforms that do not support
+ * these functions. You will HAVE to provide alternatives, either at runtime
+ * via the platform_set_xxx() functions or at compile time by setting
+ * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a
+ * MBEDTLS_PLATFORM_XXX_MACRO.
+ *
+ * Requires: MBEDTLS_PLATFORM_C
+ *
+ * Uncomment to prevent default assignment of standard functions in the
+ * platform layer.
+ */
+//#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
+
+/**
+ * \def MBEDTLS_PLATFORM_EXIT_ALT
+ *
+ * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the
+ * function in the platform abstraction layer.
+ *
+ * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will
+ * provide a function "mbedtls_platform_set_printf()" that allows you to set an
+ * alternative printf function pointer.
+ *
+ * All these define require MBEDTLS_PLATFORM_C to be defined!
+ *
+ * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows;
+ * it will be enabled automatically by check_config.h
+ *
+ * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as
+ * MBEDTLS_PLATFORM_XXX_MACRO!
+ *
+ * Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME
+ *
+ * Uncomment a macro to enable alternate implementation of specific base
+ * platform function
+ */
+//#define MBEDTLS_PLATFORM_SETBUF_ALT
+//#define MBEDTLS_PLATFORM_EXIT_ALT
+//#define MBEDTLS_PLATFORM_TIME_ALT
+//#define MBEDTLS_PLATFORM_FPRINTF_ALT
+//#define MBEDTLS_PLATFORM_PRINTF_ALT
+//#define MBEDTLS_PLATFORM_SNPRINTF_ALT
+//#define MBEDTLS_PLATFORM_VSNPRINTF_ALT
+//#define MBEDTLS_PLATFORM_NV_SEED_ALT
+//#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT
+
+/**
+ * \def MBEDTLS_DEPRECATED_WARNING
+ *
+ * Mark deprecated functions and features so that they generate a warning if
+ * used. Functionality deprecated in one version will usually be removed in the
+ * next version. You can enable this to help you prepare the transition to a
+ * new major version by making sure your code is not using this functionality.
+ *
+ * This only works with GCC and Clang. With other compilers, you may want to
+ * use MBEDTLS_DEPRECATED_REMOVED
+ *
+ * Uncomment to get warnings on using deprecated functions and features.
+ */
+//#define MBEDTLS_DEPRECATED_WARNING
+
+/**
+ * \def MBEDTLS_DEPRECATED_REMOVED
+ *
+ * Remove deprecated functions and features so that they generate an error if
+ * used. Functionality deprecated in one version will usually be removed in the
+ * next version. You can enable this to help you prepare the transition to a
+ * new major version by making sure your code is not using this functionality.
+ *
+ * Uncomment to get errors on using deprecated functions and features.
+ */
+//#define MBEDTLS_DEPRECATED_REMOVED
+
+/** \} name SECTION: System support */
+
+/**
+ * \name SECTION: mbed TLS feature support
+ *
+ * This section sets support for features that are or are not needed
+ * within the modules that are enabled.
+ * \{
+ */
+
+/**
+ * \def MBEDTLS_TIMING_ALT
+ *
+ * Uncomment to provide your own alternate implementation for
+ * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay()
+ *
+ * Only works if you have MBEDTLS_TIMING_C enabled.
+ *
+ * You will need to provide a header "timing_alt.h" and an implementation at
+ * compile time.
+ */
+//#define MBEDTLS_TIMING_ALT
+
+/**
+ * \def MBEDTLS_AES_ALT
+ *
+ * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your
+ * alternate core implementation of a symmetric crypto, an arithmetic or hash
+ * module (e.g. platform specific assembly optimized implementations). Keep
+ * in mind that the function prototypes should remain the same.
+ *
+ * This replaces the whole module. If you only want to replace one of the
+ * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags.
+ *
+ * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer
+ * provide the "struct mbedtls_aes_context" definition and omit the base
+ * function declarations and implementations. "aes_alt.h" will be included from
+ * "aes.h" to include the new function definitions.
+ *
+ * Uncomment a macro to enable alternate implementation of the corresponding
+ * module.
+ *
+ * \warning   MD5, DES and SHA-1 are considered weak and their
+ *            use constitutes a security risk. If possible, we recommend
+ *            avoiding dependencies on them, and considering stronger message
+ *            digests and ciphers instead.
+ *
+ */
+//#define MBEDTLS_AES_ALT
+//#define MBEDTLS_ARIA_ALT
+//#define MBEDTLS_CAMELLIA_ALT
+//#define MBEDTLS_CCM_ALT
+//#define MBEDTLS_CHACHA20_ALT
+//#define MBEDTLS_CHACHAPOLY_ALT
+//#define MBEDTLS_CMAC_ALT
+//#define MBEDTLS_DES_ALT
+//#define MBEDTLS_DHM_ALT
+//#define MBEDTLS_ECJPAKE_ALT
+//#define MBEDTLS_GCM_ALT
+//#define MBEDTLS_NIST_KW_ALT
+//#define MBEDTLS_MD5_ALT
+//#define MBEDTLS_POLY1305_ALT
+//#define MBEDTLS_RIPEMD160_ALT
+//#define MBEDTLS_RSA_ALT
+//#define MBEDTLS_SHA1_ALT
+//#define MBEDTLS_SHA256_ALT
+//#define MBEDTLS_SHA512_ALT
+
+/*
+ * When replacing the elliptic curve module, please consider, that it is
+ * implemented with two .c files:
+ *      - ecp.c
+ *      - ecp_curves.c
+ * You can replace them very much like all the other MBEDTLS__MODULE_NAME__ALT
+ * macros as described above. The only difference is that you have to make sure
+ * that you provide functionality for both .c files.
+ */
+//#define MBEDTLS_ECP_ALT
+
+/**
+ * \def MBEDTLS_SHA256_PROCESS_ALT
+ *
+ * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you
+ * alternate core implementation of symmetric crypto or hash function. Keep in
+ * mind that function prototypes should remain the same.
+ *
+ * This replaces only one function. The header file from mbed TLS is still
+ * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags.
+ *
+ * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will
+ * no longer provide the mbedtls_sha1_process() function, but it will still provide
+ * the other function (using your mbedtls_sha1_process() function) and the definition
+ * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible
+ * with this definition.
+ *
+ * \note If you use the AES_xxx_ALT macros, then it is recommended to also set
+ *       MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES
+ *       tables.
+ *
+ * Uncomment a macro to enable alternate implementation of the corresponding
+ * function.
+ *
+ * \warning   MD5, DES and SHA-1 are considered weak and their use
+ *            constitutes a security risk. If possible, we recommend avoiding
+ *            dependencies on them, and considering stronger message digests
+ *            and ciphers instead.
+ *
+ * \warning   If both MBEDTLS_ECDSA_SIGN_ALT and MBEDTLS_ECDSA_DETERMINISTIC are
+ *            enabled, then the deterministic ECDH signature functions pass the
+ *            the static HMAC-DRBG as RNG to mbedtls_ecdsa_sign(). Therefore
+ *            alternative implementations should use the RNG only for generating
+ *            the ephemeral key and nothing else. If this is not possible, then
+ *            MBEDTLS_ECDSA_DETERMINISTIC should be disabled and an alternative
+ *            implementation should be provided for mbedtls_ecdsa_sign_det_ext().
+ *
+ */
+//#define MBEDTLS_MD5_PROCESS_ALT
+//#define MBEDTLS_RIPEMD160_PROCESS_ALT
+//#define MBEDTLS_SHA1_PROCESS_ALT
+//#define MBEDTLS_SHA256_PROCESS_ALT
+//#define MBEDTLS_SHA512_PROCESS_ALT
+//#define MBEDTLS_DES_SETKEY_ALT
+//#define MBEDTLS_DES_CRYPT_ECB_ALT
+//#define MBEDTLS_DES3_CRYPT_ECB_ALT
+//#define MBEDTLS_AES_SETKEY_ENC_ALT
+//#define MBEDTLS_AES_SETKEY_DEC_ALT
+//#define MBEDTLS_AES_ENCRYPT_ALT
+//#define MBEDTLS_AES_DECRYPT_ALT
+//#define MBEDTLS_ECDH_GEN_PUBLIC_ALT
+//#define MBEDTLS_ECDH_COMPUTE_SHARED_ALT
+//#define MBEDTLS_ECDSA_VERIFY_ALT
+//#define MBEDTLS_ECDSA_SIGN_ALT
+//#define MBEDTLS_ECDSA_GENKEY_ALT
+
+/**
+ * \def MBEDTLS_ECP_INTERNAL_ALT
+ *
+ * Expose a part of the internal interface of the Elliptic Curve Point module.
+ *
+ * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use your
+ * alternative core implementation of elliptic curve arithmetic. Keep in mind
+ * that function prototypes should remain the same.
+ *
+ * This partially replaces one function. The header file from mbed TLS is still
+ * used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation
+ * is still present and it is used for group structures not supported by the
+ * alternative.
+ *
+ * The original implementation can in addition be removed by setting the
+ * MBEDTLS_ECP_NO_FALLBACK option, in which case any function for which the
+ * corresponding MBEDTLS_ECP__FUNCTION_NAME__ALT macro is defined will not be
+ * able to fallback to curves not supported by the alternative implementation.
+ *
+ * Any of these options become available by defining MBEDTLS_ECP_INTERNAL_ALT
+ * and implementing the following functions:
+ *      unsigned char mbedtls_internal_ecp_grp_capable(
+ *          const mbedtls_ecp_group *grp )
+ *      int  mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp )
+ *      void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp )
+ * The mbedtls_internal_ecp_grp_capable function should return 1 if the
+ * replacement functions implement arithmetic for the given group and 0
+ * otherwise.
+ * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_free are
+ * called before and after each point operation and provide an opportunity to
+ * implement optimized set up and tear down instructions.
+ *
+ * Example: In case you set MBEDTLS_ECP_INTERNAL_ALT and
+ * MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac()
+ * function, but will use your mbedtls_internal_ecp_double_jac() if the group
+ * for the operation is supported by your implementation (i.e. your
+ * mbedtls_internal_ecp_grp_capable() function returns 1 for this group). If the
+ * group is not supported by your implementation, then the original mbed TLS
+ * implementation of ecp_double_jac() is used instead, unless this fallback
+ * behaviour is disabled by setting MBEDTLS_ECP_NO_FALLBACK (in which case
+ * ecp_double_jac() will return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE).
+ *
+ * The function prototypes and the definition of mbedtls_ecp_group and
+ * mbedtls_ecp_point will not change based on MBEDTLS_ECP_INTERNAL_ALT, so your
+ * implementation of mbedtls_internal_ecp__function_name__ must be compatible
+ * with their definitions.
+ *
+ * Uncomment a macro to enable alternate implementation of the corresponding
+ * function.
+ */
+/* Required for all the functions in this section */
+//#define MBEDTLS_ECP_INTERNAL_ALT
+/* Turn off software fallback for curves not supported in hardware */
+//#define MBEDTLS_ECP_NO_FALLBACK
+/* Support for Weierstrass curves with Jacobi representation */
+//#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT
+//#define MBEDTLS_ECP_ADD_MIXED_ALT
+//#define MBEDTLS_ECP_DOUBLE_JAC_ALT
+//#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT
+//#define MBEDTLS_ECP_NORMALIZE_JAC_ALT
+/* Support for curves with Montgomery arithmetic */
+//#define MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT
+//#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT
+//#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT
+
+/**
+ * \def MBEDTLS_ENTROPY_HARDWARE_ALT
+ *
+ * Uncomment this macro to let mbed TLS use your own implementation of a
+ * hardware entropy collector.
+ *
+ * Your function must be called \c mbedtls_hardware_poll(), have the same
+ * prototype as declared in library/entropy_poll.h, and accept NULL as first
+ * argument.
+ *
+ * Uncomment to use your own hardware entropy collector.
+ */
+//#define MBEDTLS_ENTROPY_HARDWARE_ALT
+
+/**
+ * \def MBEDTLS_AES_ROM_TABLES
+ *
+ * Use precomputed AES tables stored in ROM.
+ *
+ * Uncomment this macro to use precomputed AES tables stored in ROM.
+ * Comment this macro to generate AES tables in RAM at runtime.
+ *
+ * Tradeoff: Using precomputed ROM tables reduces RAM usage by ~8kb
+ * (or ~2kb if \c MBEDTLS_AES_FEWER_TABLES is used) and reduces the
+ * initialization time before the first AES operation can be performed.
+ * It comes at the cost of additional ~8kb ROM use (resp. ~2kb if \c
+ * MBEDTLS_AES_FEWER_TABLES below is used), and potentially degraded
+ * performance if ROM access is slower than RAM access.
+ *
+ * This option is independent of \c MBEDTLS_AES_FEWER_TABLES.
+ *
+ */
+#define MBEDTLS_AES_ROM_TABLES
+
+/**
+ * \def MBEDTLS_AES_FEWER_TABLES
+ *
+ * Use less ROM/RAM for AES tables.
+ *
+ * Uncommenting this macro omits 75% of the AES tables from
+ * ROM / RAM (depending on the value of \c MBEDTLS_AES_ROM_TABLES)
+ * by computing their values on the fly during operations
+ * (the tables are entry-wise rotations of one another).
+ *
+ * Tradeoff: Uncommenting this reduces the RAM / ROM footprint
+ * by ~6kb but at the cost of more arithmetic operations during
+ * runtime. Specifically, one has to compare 4 accesses within
+ * different tables to 4 accesses with additional arithmetic
+ * operations within the same table. The performance gain/loss
+ * depends on the system and memory details.
+ *
+ * This option is independent of \c MBEDTLS_AES_ROM_TABLES.
+ *
+ */
+//#define MBEDTLS_AES_FEWER_TABLES
+
+/**
+ * \def MBEDTLS_CAMELLIA_SMALL_MEMORY
+ *
+ * Use less ROM for the Camellia implementation (saves about 768 bytes).
+ *
+ * Uncomment this macro to use less memory for Camellia.
+ */
+//#define MBEDTLS_CAMELLIA_SMALL_MEMORY
+
+/**
+ * \def MBEDTLS_CHECK_RETURN_WARNING
+ *
+ * If this macro is defined, emit a compile-time warning if application code
+ * calls a function without checking its return value, but the return value
+ * should generally be checked in portable applications.
+ *
+ * This is only supported on platforms where #MBEDTLS_CHECK_RETURN is
+ * implemented. Otherwise this option has no effect.
+ *
+ * Uncomment to get warnings on using fallible functions without checking
+ * their return value.
+ *
+ * \note  This feature is a work in progress.
+ *        Warnings will be added to more functions in the future.
+ *
+ * \note  A few functions are considered critical, and ignoring the return
+ *        value of these functions will trigger a warning even if this
+ *        macro is not defined. To completely disable return value check
+ *        warnings, define #MBEDTLS_CHECK_RETURN with an empty expansion.
+ */
+//#define MBEDTLS_CHECK_RETURN_WARNING
+
+/**
+ * \def MBEDTLS_CIPHER_MODE_CBC
+ *
+ * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
+ */
+#define MBEDTLS_CIPHER_MODE_CBC
+
+/**
+ * \def MBEDTLS_CIPHER_MODE_CFB
+ *
+ * Enable Cipher Feedback mode (CFB) for symmetric ciphers.
+ */
+#define MBEDTLS_CIPHER_MODE_CFB
+
+/**
+ * \def MBEDTLS_CIPHER_MODE_CTR
+ *
+ * Enable Counter Block Cipher mode (CTR) for symmetric ciphers.
+ */
+#define MBEDTLS_CIPHER_MODE_CTR
+
+/**
+ * \def MBEDTLS_CIPHER_MODE_OFB
+ *
+ * Enable Output Feedback mode (OFB) for symmetric ciphers.
+ */
+#define MBEDTLS_CIPHER_MODE_OFB
+
+/**
+ * \def MBEDTLS_CIPHER_MODE_XTS
+ *
+ * Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES.
+ */
+#define MBEDTLS_CIPHER_MODE_XTS
+
+/**
+ * \def MBEDTLS_CIPHER_NULL_CIPHER
+ *
+ * Enable NULL cipher.
+ * Warning: Only do so when you know what you are doing. This allows for
+ * encryption or channels without any security!
+ *
+ * To enable the following ciphersuites:
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA
+ *      MBEDTLS_TLS_RSA_WITH_NULL_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_NULL_SHA
+ *      MBEDTLS_TLS_RSA_WITH_NULL_MD5
+ *      MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA
+ *      MBEDTLS_TLS_PSK_WITH_NULL_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_NULL_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_NULL_SHA
+ *
+ * Uncomment this macro to enable the NULL cipher and ciphersuites
+ */
+//#define MBEDTLS_CIPHER_NULL_CIPHER
+
+/**
+ * \def MBEDTLS_CIPHER_PADDING_PKCS7
+ *
+ * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for
+ * specific padding modes in the cipher layer with cipher modes that support
+ * padding (e.g. CBC)
+ *
+ * If you disable all padding modes, only full blocks can be used with CBC.
+ *
+ * Enable padding modes in the cipher layer.
+ */
+#define MBEDTLS_CIPHER_PADDING_PKCS7
+#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
+#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
+#define MBEDTLS_CIPHER_PADDING_ZEROS
+
+/** \def MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ *
+ * Uncomment this macro to use a 128-bit key in the CTR_DRBG module.
+ * By default, CTR_DRBG uses a 256-bit key.
+ */
+//#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+
+/**
+ * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED
+ *
+ * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve
+ * module.  By default all supported curves are enabled.
+ *
+ * Comment macros to disable the curve and functions for it
+ */
+/* Short Weierstrass curves (supporting ECP, ECDH, ECDSA) */
+#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
+#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
+#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
+#define MBEDTLS_ECP_DP_BP256R1_ENABLED
+#define MBEDTLS_ECP_DP_BP384R1_ENABLED
+#define MBEDTLS_ECP_DP_BP512R1_ENABLED
+/* Montgomery curves (supporting ECP) */
+#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
+#define MBEDTLS_ECP_DP_CURVE448_ENABLED
+
+/**
+ * \def MBEDTLS_ECP_NIST_OPTIM
+ *
+ * Enable specific 'modulo p' routines for each NIST prime.
+ * Depending on the prime and architecture, makes operations 4 to 8 times
+ * faster on the corresponding curve.
+ *
+ * Comment this macro to disable NIST curves optimisation.
+ */
+#define MBEDTLS_ECP_NIST_OPTIM
+
+/**
+ * \def MBEDTLS_ECP_RESTARTABLE
+ *
+ * Enable "non-blocking" ECC operations that can return early and be resumed.
+ *
+ * This allows various functions to pause by returning
+ * #MBEDTLS_ERR_ECP_IN_PROGRESS (or, for functions in the SSL module,
+ * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) and then be called later again in
+ * order to further progress and eventually complete their operation. This is
+ * controlled through mbedtls_ecp_set_max_ops() which limits the maximum
+ * number of ECC operations a function may perform before pausing; see
+ * mbedtls_ecp_set_max_ops() for more information.
+ *
+ * This is useful in non-threaded environments if you want to avoid blocking
+ * for too long on ECC (and, hence, X.509 or SSL/TLS) operations.
+ *
+ * This option:
+ * - Adds xxx_restartable() variants of existing operations in the
+ *   following modules, with corresponding restart context types:
+ *   - ECP (for Short Weierstrass curves only): scalar multiplication (mul),
+ *     linear combination (muladd);
+ *   - ECDSA: signature generation & verification;
+ *   - PK: signature generation & verification;
+ *   - X509: certificate chain verification.
+ * - Adds mbedtls_ecdh_enable_restart() in the ECDH module.
+ * - Changes the behaviour of TLS 1.2 clients (not servers) when using the
+ *   ECDHE-ECDSA key exchange (not other key exchanges) to make all ECC
+ *   computations restartable:
+ *   - ECDH operations from the key exchange, only for Short Weierstrass
+ *     curves, only when MBEDTLS_USE_PSA_CRYPTO is not enabled.
+ *   - verification of the server's key exchange signature;
+ *   - verification of the server's certificate chain;
+ *   - generation of the client's signature if client authentication is used,
+ *     with an ECC key/certificate.
+ *
+ * \note  In the cases above, the usual SSL/TLS functions, such as
+ *        mbedtls_ssl_handshake(), can now return
+ *        MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS.
+ *
+ * \note  When this option and MBEDTLS_USE_PSA_CRYPTO are both enabled,
+ *        restartable operations in PK, X.509 and TLS (see above) are not
+ *        using PSA. On the other hand, ECDH computations in TLS are using
+ *        PSA, and are not restartable. These are temporary limitations that
+ *        should be lifted in the future.
+ *
+ * \note  This option only works with the default software implementation of
+ *        elliptic curve functionality. It is incompatible with
+ *        MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT.
+ *
+ * Requires: MBEDTLS_ECP_C
+ *
+ * Uncomment this macro to enable restartable ECC computations.
+ */
+//#define MBEDTLS_ECP_RESTARTABLE
+
+/**
+ * \def MBEDTLS_ECDSA_DETERMINISTIC
+ *
+ * Enable deterministic ECDSA (RFC 6979).
+ * Standard ECDSA is "fragile" in the sense that lack of entropy when signing
+ * may result in a compromise of the long-term signing key. This is avoided by
+ * the deterministic variant.
+ *
+ * Requires: MBEDTLS_HMAC_DRBG_C, MBEDTLS_ECDSA_C
+ *
+ * Comment this macro to disable deterministic ECDSA.
+ */
+#define MBEDTLS_ECDSA_DETERMINISTIC
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+ *
+ * Enable the PSK based ciphersuite modes in SSL / TLS.
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ */
+#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+ *
+ * Enable the DHE-PSK based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_DHM_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *
+ * \warning    Using DHE constitutes a security risk as it
+ *             is not possible to validate custom DH parameters.
+ *             If possible, it is recommended users should consider
+ *             preferring other methods of key exchange.
+ *             See dhm.h for more details.
+ *
+ */
+#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+ *
+ * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+ *
+ * Enable the RSA-PSK based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ *           MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ */
+#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+ *
+ * Enable the RSA-only based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ *           MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+ *
+ * Enable the DHE-RSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ *           MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
+ *
+ * \warning    Using DHE constitutes a security risk as it
+ *             is not possible to validate custom DH parameters.
+ *             If possible, it is recommended users should consider
+ *             preferring other methods of key exchange.
+ *             See dhm.h for more details.
+ *
+ */
+#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+ *
+ * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ *           MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+ *
+ * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C,
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+ *
+ * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+ *
+ * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+ *
+ * Enable the ECJPAKE based ciphersuite modes in SSL / TLS.
+ *
+ * \warning This is currently experimental. EC J-PAKE support is based on the
+ * Thread v1.0.0 specification; incompatible changes to the specification
+ * might still happen. For this reason, this is disabled by default.
+ *
+ * Requires: MBEDTLS_ECJPAKE_C
+ *           SHA-256 (via MD if present, or via PSA, see MBEDTLS_ECJPAKE_C)
+ *           MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
+ */
+//#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+
+/**
+ * \def MBEDTLS_PK_PARSE_EC_EXTENDED
+ *
+ * Enhance support for reading EC keys using variants of SEC1 not allowed by
+ * RFC 5915 and RFC 5480.
+ *
+ * Currently this means parsing the SpecifiedECDomain choice of EC
+ * parameters (only known groups are supported, not arbitrary domains, to
+ * avoid validation issues).
+ *
+ * Disable if you only need to support RFC 5915 + 5480 key formats.
+ */
+#define MBEDTLS_PK_PARSE_EC_EXTENDED
+
+/**
+ * \def MBEDTLS_ERROR_STRERROR_DUMMY
+ *
+ * Enable a dummy error function to make use of mbedtls_strerror() in
+ * third party libraries easier when MBEDTLS_ERROR_C is disabled
+ * (no effect when MBEDTLS_ERROR_C is enabled).
+ *
+ * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're
+ * not using mbedtls_strerror() or error_strerror() in your application.
+ *
+ * Disable if you run into name conflicts and want to really remove the
+ * mbedtls_strerror()
+ */
+#define MBEDTLS_ERROR_STRERROR_DUMMY
+
+/**
+ * \def MBEDTLS_GENPRIME
+ *
+ * Enable the prime-number generation code.
+ *
+ * Requires: MBEDTLS_BIGNUM_C
+ */
+//#define MBEDTLS_GENPRIME
+
+/**
+ * \def MBEDTLS_FS_IO
+ *
+ * Enable functions that use the filesystem.
+ */
+//#define MBEDTLS_FS_IO
+
+/**
+ * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+ *
+ * Do not add default entropy sources in mbedtls_entropy_init().
+ *
+ * This is useful to have more control over the added entropy sources in an
+ * application.
+ *
+ * Uncomment this macro to prevent loading of default entropy functions.
+ */
+//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+
+/**
+ * \def MBEDTLS_NO_PLATFORM_ENTROPY
+ *
+ * Do not use built-in platform entropy functions.
+ * This is useful if your platform does not support
+ * standards like the /dev/urandom or Windows CryptoAPI.
+ *
+ * Uncomment this macro to disable the built-in platform entropy functions.
+ */
+#define MBEDTLS_NO_PLATFORM_ENTROPY
+
+/**
+ * \def MBEDTLS_ENTROPY_FORCE_SHA256
+ *
+ * Force the entropy accumulator to use a SHA-256 accumulator instead of the
+ * default SHA-512 based one (if both are available).
+ *
+ * Requires: MBEDTLS_SHA256_C
+ *
+ * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option
+ * if you have performance concerns.
+ *
+ * This option is only useful if both MBEDTLS_SHA256_C and
+ * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used.
+ */
+//#define MBEDTLS_ENTROPY_FORCE_SHA256
+
+/**
+ * \def MBEDTLS_ENTROPY_NV_SEED
+ *
+ * Enable the non-volatile (NV) seed file-based entropy source.
+ * (Also enables the NV seed read/write functions in the platform layer)
+ *
+ * This is crucial (if not required) on systems that do not have a
+ * cryptographic entropy source (in hardware or kernel) available.
+ *
+ * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C
+ *
+ * \note The read/write functions that are used by the entropy source are
+ *       determined in the platform layer, and can be modified at runtime and/or
+ *       compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used.
+ *
+ * \note If you use the default implementation functions that read a seedfile
+ *       with regular fopen(), please make sure you make a seedfile with the
+ *       proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at
+ *       least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from
+ *       and written to or you will get an entropy source error! The default
+ *       implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE
+ *       bytes from the file.
+ *
+ * \note The entropy collector will write to the seed file before entropy is
+ *       given to an external source, to update it.
+ */
+//#define MBEDTLS_ENTROPY_NV_SEED
+
+/* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
+ *
+ * Enable key identifiers that encode a key owner identifier.
+ *
+ * The owner of a key is identified by a value of type ::mbedtls_key_owner_id_t
+ * which is currently hard-coded to be int32_t.
+ *
+ * Note that this option is meant for internal use only and may be removed
+ * without notice.
+ */
+//#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
+
+/**
+ * \def MBEDTLS_MEMORY_DEBUG
+ *
+ * Enable debugging of buffer allocator memory issues. Automatically prints
+ * (to stderr) all (fatal) messages on memory allocation issues. Enables
+ * function for 'debug output' of allocated memory.
+ *
+ * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
+ *
+ * Uncomment this macro to let the buffer allocator print out error messages.
+ */
+//#define MBEDTLS_MEMORY_DEBUG
+
+/**
+ * \def MBEDTLS_MEMORY_BACKTRACE
+ *
+ * Include backtrace information with each allocated block.
+ *
+ * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
+ *           GLIBC-compatible backtrace() and backtrace_symbols() support
+ *
+ * Uncomment this macro to include backtrace information
+ */
+//#define MBEDTLS_MEMORY_BACKTRACE
+
+/**
+ * \def MBEDTLS_PK_RSA_ALT_SUPPORT
+ *
+ * Support external private RSA keys (eg from a HSM) in the PK layer.
+ *
+ * Comment this macro to disable support for external private RSA keys.
+ */
+#define MBEDTLS_PK_RSA_ALT_SUPPORT
+
+/**
+ * \def MBEDTLS_PKCS1_V15
+ *
+ * Enable support for PKCS#1 v1.5 encoding.
+ *
+ * Requires: MBEDTLS_RSA_C
+ *
+ * This enables support for PKCS#1 v1.5 operations.
+ */
+#define MBEDTLS_PKCS1_V15
+
+/**
+ * \def MBEDTLS_PKCS1_V21
+ *
+ * Enable support for PKCS#1 v2.1 encoding.
+ *
+ * Requires: MBEDTLS_RSA_C and (MBEDTLS_MD_C or MBEDTLS_PSA_CRYPTO_C).
+ *
+ * \warning If building without MBEDTLS_MD_C, you must call psa_crypto_init()
+ * before doing any PKCS#1 v2.1 operation.
+ *
+ * \warning When building with MBEDTLS_MD_C, all hashes used with this
+ * need to be available as built-ins (that is, for SHA-256, MBEDTLS_SHA256_C,
+ * etc.) as opposed to just PSA drivers. So far, PSA drivers are only used by
+ * this module in builds where MBEDTLS_MD_C is disabled.
+ *
+ * This enables support for RSAES-OAEP and RSASSA-PSS operations.
+ */
+#define MBEDTLS_PKCS1_V21
+
+/** \def MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
+ *
+ * Enable support for platform built-in keys. If you enable this feature,
+ * you must implement the function mbedtls_psa_platform_get_builtin_key().
+ * See the documentation of that function for more information.
+ *
+ * Built-in keys are typically derived from a hardware unique key or
+ * stored in a secure element.
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_C.
+ *
+ * \warning This interface is experimental and may change or be removed
+ * without notice.
+ */
+//#define MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
+
+/** \def MBEDTLS_PSA_CRYPTO_CLIENT
+ *
+ * Enable support for PSA crypto client.
+ *
+ * \note This option allows to include the code necessary for a PSA
+ *       crypto client when the PSA crypto implementation is not included in
+ *       the library (MBEDTLS_PSA_CRYPTO_C disabled). The code included is the
+ *       code to set and get PSA key attributes.
+ *       The development of PSA drivers partially relying on the library to
+ *       fulfill the hardware gaps is another possible usage of this option.
+ *
+ * \warning This interface is experimental and may change or be removed
+ * without notice.
+ */
+//#define MBEDTLS_PSA_CRYPTO_CLIENT
+
+/** \def MBEDTLS_PSA_CRYPTO_DRIVERS
+ *
+ * Enable support for the experimental PSA crypto driver interface.
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_C
+ *
+ * \warning This interface is experimental. We intend to maintain backward
+ *          compatibility with application code that relies on drivers,
+ *          but the driver interfaces may change without notice.
+ */
+//#define MBEDTLS_PSA_CRYPTO_DRIVERS
+
+/** \def MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
+ *
+ * Make the PSA Crypto module use an external random generator provided
+ * by a driver, instead of Mbed TLS's entropy and DRBG modules.
+ *
+ * \note This random generator must deliver random numbers with cryptographic
+ *       quality and high performance. It must supply unpredictable numbers
+ *       with a uniform distribution. The implementation of this function
+ *       is responsible for ensuring that the random generator is seeded
+ *       with sufficient entropy. If you have a hardware TRNG which is slow
+ *       or delivers non-uniform output, declare it as an entropy source
+ *       with mbedtls_entropy_add_source() instead of enabling this option.
+ *
+ * If you enable this option, you must configure the type
+ * ::mbedtls_psa_external_random_context_t in psa/crypto_platform.h
+ * and define a function called mbedtls_psa_external_get_random()
+ * with the following prototype:
+ * ```
+ * psa_status_t mbedtls_psa_external_get_random(
+ *     mbedtls_psa_external_random_context_t *context,
+ *     uint8_t *output, size_t output_size, size_t *output_length);
+ * );
+ * ```
+ * The \c context value is initialized to 0 before the first call.
+ * The function must fill the \c output buffer with \p output_size bytes
+ * of random data and set \c *output_length to \p output_size.
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_C
+ *
+ * \warning If you enable this option, code that uses the PSA cryptography
+ *          interface will not use any of the entropy sources set up for
+ *          the entropy module, nor the NV seed that MBEDTLS_ENTROPY_NV_SEED
+ *          enables.
+ *
+ * \note This option is experimental and may be removed without notice.
+ */
+#define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_SPM
+ *
+ * When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is built for SPM (Secure
+ * Partition Manager) integration which separates the code into two parts: a
+ * NSPE (Non-Secure Process Environment) and an SPE (Secure Process
+ * Environment).
+ *
+ * Module:  library/psa_crypto.c
+ * Requires: MBEDTLS_PSA_CRYPTO_C
+ *
+ */
+//#define MBEDTLS_PSA_CRYPTO_SPM
+
+/**
+ * \def MBEDTLS_PSA_INJECT_ENTROPY
+ *
+ * Enable support for entropy injection at first boot. This feature is
+ * required on systems that do not have a built-in entropy source (TRNG).
+ * This feature is currently not supported on systems that have a built-in
+ * entropy source.
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_STORAGE_C, MBEDTLS_ENTROPY_NV_SEED
+ *
+ */
+//#define MBEDTLS_PSA_INJECT_ENTROPY
+
+/**
+ * \def MBEDTLS_RSA_NO_CRT
+ *
+ * Do not use the Chinese Remainder Theorem
+ * for the RSA private operation.
+ *
+ * Uncomment this macro to disable the use of CRT in RSA.
+ *
+ */
+//#define MBEDTLS_RSA_NO_CRT
+
+/**
+ * \def MBEDTLS_SELF_TEST
+ *
+ * Enable the checkup functions (*_self_test).
+ */
+#define MBEDTLS_SELF_TEST
+
+/**
+ * \def MBEDTLS_SHA256_SMALLER
+ *
+ * Enable an implementation of SHA-256 that has lower ROM footprint but also
+ * lower performance.
+ *
+ * The default implementation is meant to be a reasonable compromise between
+ * performance and size. This version optimizes more aggressively for size at
+ * the expense of performance. Eg on Cortex-M4 it reduces the size of
+ * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about
+ * 30%.
+ *
+ * Uncomment to enable the smaller implementation of SHA256.
+ */
+//#define MBEDTLS_SHA256_SMALLER
+
+/**
+ * \def MBEDTLS_SHA512_SMALLER
+ *
+ * Enable an implementation of SHA-512 that has lower ROM footprint but also
+ * lower performance.
+ *
+ * Uncomment to enable the smaller implementation of SHA512.
+ */
+//#define MBEDTLS_SHA512_SMALLER
+
+/**
+ * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
+ *
+ * Enable sending of alert messages in case of encountered errors as per RFC.
+ * If you choose not to send the alert messages, mbed TLS can still communicate
+ * with other servers, only debugging of failures is harder.
+ *
+ * The advantage of not sending alert messages, is that no information is given
+ * about reasons for failures thus preventing adversaries of gaining intel.
+ *
+ * Enable sending of all alert messages
+ */
+#define MBEDTLS_SSL_ALL_ALERT_MESSAGES
+
+/**
+ * \def MBEDTLS_SSL_DTLS_CONNECTION_ID
+ *
+ * Enable support for the DTLS Connection ID (CID) extension,
+ * which allows to identify DTLS connections across changes
+ * in the underlying transport. The CID functionality is described
+ * in RFC 9146.
+ *
+ * Setting this option enables the SSL APIs `mbedtls_ssl_set_cid()`,
+ * mbedtls_ssl_get_own_cid()`, `mbedtls_ssl_get_peer_cid()` and
+ * `mbedtls_ssl_conf_cid()`. See the corresponding documentation for
+ * more information.
+ *
+ * The maximum lengths of outgoing and incoming CIDs can be configured
+ * through the options
+ * - MBEDTLS_SSL_CID_OUT_LEN_MAX
+ * - MBEDTLS_SSL_CID_IN_LEN_MAX.
+ *
+ * Requires: MBEDTLS_SSL_PROTO_DTLS
+ *
+ * Uncomment to enable the Connection ID extension.
+ */
+#define MBEDTLS_SSL_DTLS_CONNECTION_ID
+
+
+/**
+ * \def MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
+ *
+ * Defines whether RFC 9146 (default) or the legacy version
+ * (version draft-ietf-tls-dtls-connection-id-05,
+ * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05)
+ * is used.
+ *
+ * Set the value to 0 for the standard version, and
+ * 1 for the legacy draft version.
+ *
+ * \deprecated Support for the legacy version of the DTLS
+ *             Connection ID feature is deprecated. Please
+ *             switch to the standardized version defined
+ *             in RFC 9146 enabled by utilizing
+ *             MBEDTLS_SSL_DTLS_CONNECTION_ID without use
+ *             of MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT.
+ *
+ * Requires: MBEDTLS_SSL_DTLS_CONNECTION_ID
+ */
+#define MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 0
+
+/**
+ * \def MBEDTLS_SSL_ASYNC_PRIVATE
+ *
+ * Enable asynchronous external private key operations in SSL. This allows
+ * you to configure an SSL connection to call an external cryptographic
+ * module to perform private key operations instead of performing the
+ * operation inside the library.
+ *
+ * Requires: MBEDTLS_X509_CRT_PARSE_C
+ */
+//#define MBEDTLS_SSL_ASYNC_PRIVATE
+
+/**
+ * \def MBEDTLS_SSL_CONTEXT_SERIALIZATION
+ *
+ * Enable serialization of the TLS context structures, through use of the
+ * functions mbedtls_ssl_context_save() and mbedtls_ssl_context_load().
+ *
+ * This pair of functions allows one side of a connection to serialize the
+ * context associated with the connection, then free or re-use that context
+ * while the serialized state is persisted elsewhere, and finally deserialize
+ * that state to a live context for resuming read/write operations on the
+ * connection. From a protocol perspective, the state of the connection is
+ * unaffected, in particular this is entirely transparent to the peer.
+ *
+ * Note: this is distinct from TLS session resumption, which is part of the
+ * protocol and fully visible by the peer. TLS session resumption enables
+ * establishing new connections associated to a saved session with shorter,
+ * lighter handshakes, while context serialization is a local optimization in
+ * handling a single, potentially long-lived connection.
+ *
+ * Enabling these APIs makes some SSL structures larger, as 64 extra bytes are
+ * saved after the handshake to allow for more efficient serialization, so if
+ * you don't need this feature you'll save RAM by disabling it.
+ *
+ * Requires: MBEDTLS_GCM_C or MBEDTLS_CCM_C or MBEDTLS_CHACHAPOLY_C
+ *
+ * Comment to disable the context serialization APIs.
+ */
+#define MBEDTLS_SSL_CONTEXT_SERIALIZATION
+
+/**
+ * \def MBEDTLS_SSL_DEBUG_ALL
+ *
+ * Enable the debug messages in SSL module for all issues.
+ * Debug messages have been disabled in some places to prevent timing
+ * attacks due to (unbalanced) debugging function calls.
+ *
+ * If you need all error reporting you should enable this during debugging,
+ * but remove this for production servers that should log as well.
+ *
+ * Uncomment this macro to report all debug messages on errors introducing
+ * a timing side-channel.
+ *
+ */
+//#define MBEDTLS_SSL_DEBUG_ALL
+
+/** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ *
+ * Enable support for Encrypt-then-MAC, RFC 7366.
+ *
+ * This allows peers that both support it to use a more robust protection for
+ * ciphersuites using CBC, providing deep resistance against timing attacks
+ * on the padding or underlying cipher.
+ *
+ * This only affects CBC ciphersuites, and is useless if none is defined.
+ *
+ * Requires: MBEDTLS_SSL_PROTO_TLS1_2
+ *
+ * Comment this macro to disable support for Encrypt-then-MAC
+ */
+#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
+
+/** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET
+ *
+ * Enable support for RFC 7627: Session Hash and Extended Master Secret
+ * Extension.
+ *
+ * This was introduced as "the proper fix" to the Triple Handshake family of
+ * attacks, but it is recommended to always use it (even if you disable
+ * renegotiation), since it actually fixes a more fundamental issue in the
+ * original SSL/TLS design, and has implications beyond Triple Handshake.
+ *
+ * Requires: MBEDTLS_SSL_PROTO_TLS1_2
+ *
+ * Comment this macro to disable support for Extended Master Secret.
+ */
+#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
+
+/**
+ * \def MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
+ *
+ * This option controls the availability of the API mbedtls_ssl_get_peer_cert()
+ * giving access to the peer's certificate after completion of the handshake.
+ *
+ * Unless you need mbedtls_ssl_peer_cert() in your application, it is
+ * recommended to disable this option for reduced RAM usage.
+ *
+ * \note If this option is disabled, mbedtls_ssl_get_peer_cert() is still
+ *       defined, but always returns \c NULL.
+ *
+ * \note This option has no influence on the protection against the
+ *       triple handshake attack. Even if it is disabled, Mbed TLS will
+ *       still ensure that certificates do not change during renegotiation,
+ *       for example by keeping a hash of the peer's certificate.
+ *
+ * \note This option is required if MBEDTLS_SSL_PROTO_TLS1_3 is set.
+ *
+ * Comment this macro to disable storing the peer's certificate
+ * after the handshake.
+ */
+#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
+
+/**
+ * \def MBEDTLS_SSL_RENEGOTIATION
+ *
+ * Enable support for TLS renegotiation.
+ *
+ * The two main uses of renegotiation are (1) refresh keys on long-lived
+ * connections and (2) client authentication after the initial handshake.
+ * If you don't need renegotiation, it's probably better to disable it, since
+ * it has been associated with security issues in the past and is easy to
+ * misuse/misunderstand.
+ *
+ * Comment this to disable support for renegotiation.
+ *
+ * \note   Even if this option is disabled, both client and server are aware
+ *         of the Renegotiation Indication Extension (RFC 5746) used to
+ *         prevent the SSL renegotiation attack (see RFC 5746 Sect. 1).
+ *         (See \c mbedtls_ssl_conf_legacy_renegotiation for the
+ *          configuration of this extension).
+ *
+ */
+#define MBEDTLS_SSL_RENEGOTIATION
+
+/**
+ * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+ *
+ * Enable support for RFC 6066 max_fragment_length extension in SSL.
+ *
+ * Comment this macro to disable support for the max_fragment_length extension
+ */
+#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+
+/**
+ * \def MBEDTLS_SSL_RECORD_SIZE_LIMIT
+ *
+ * Enable support for RFC 8449 record_size_limit extension in SSL (TLS 1.3 only).
+ *
+ * \warning This extension is currently in development and must NOT be used except
+ *          for testing purposes.
+ *
+ * Requires: MBEDTLS_SSL_PROTO_TLS1_3
+ *
+ * Uncomment this macro to enable support for the record_size_limit extension
+ */
+//#define MBEDTLS_SSL_RECORD_SIZE_LIMIT
+
+/**
+ * \def MBEDTLS_SSL_PROTO_TLS1_2
+ *
+ * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled).
+ *
+ * Requires: Without MBEDTLS_USE_PSA_CRYPTO: MBEDTLS_MD_C and
+ *              (MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C)
+ *           With MBEDTLS_USE_PSA_CRYPTO:
+ *              PSA_WANT_ALG_SHA_1 or PSA_WANT_ALG_SHA_256 or
+ *              PSA_WANT_ALG_SHA_512
+ *
+ * \warning If building with MBEDTLS_USE_PSA_CRYPTO, you must call
+ * psa_crypto_init() before doing any TLS operations.
+ *
+ * Comment this macro to disable support for TLS 1.2 / DTLS 1.2
+ */
+#define MBEDTLS_SSL_PROTO_TLS1_2
+
+/**
+ * \def MBEDTLS_SSL_PROTO_TLS1_3
+ *
+ * Enable support for TLS 1.3.
+ *
+ * \note The support for TLS 1.3 is not comprehensive yet, in particular
+ *       pre-shared keys are not supported.
+ *       See docs/architecture/tls13-support.md for a description of the TLS
+ *       1.3 support that this option enables.
+ *
+ * Requires: MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
+ * Requires: MBEDTLS_PSA_CRYPTO_C
+ *
+ * \note TLS 1.3 uses PSA crypto for cryptographic operations that are
+ *       directly performed by TLS 1.3 code. As a consequence, you must
+ *       call psa_crypto_init() before the first TLS 1.3 handshake.
+ *
+ * \note Cryptographic operations performed indirectly via another module
+ *       (X.509, PK) or by code shared with TLS 1.2 (record protection,
+ *       running handshake hash) only use PSA crypto if
+ *       #MBEDTLS_USE_PSA_CRYPTO is enabled.
+ *
+ * Uncomment this macro to enable the support for TLS 1.3.
+ */
+#define MBEDTLS_SSL_PROTO_TLS1_3
+
+/**
+ * \def MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+ *
+ * Enable TLS 1.3 middlebox compatibility mode.
+ *
+ * As specified in Section D.4 of RFC 8446, TLS 1.3 offers a compatibility
+ * mode to make a TLS 1.3 connection more likely to pass through middle boxes
+ * expecting TLS 1.2 traffic.
+ *
+ * Turning on the compatibility mode comes at the cost of a few added bytes
+ * on the wire, but it doesn't affect compatibility with TLS 1.3 implementations
+ * that don't use it. Therefore, unless transmission bandwidth is critical and
+ * you know that middlebox compatibility issues won't occur, it is therefore
+ * recommended to set this option.
+ *
+ * Comment to disable compatibility mode for TLS 1.3. If
+ * MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any
+ * effect on the build.
+ *
+ */
+#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+
+/**
+ * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+ *
+ * Enable TLS 1.3 PSK key exchange mode.
+ *
+ * Comment to disable support for the PSK key exchange mode in TLS 1.3. If
+ * MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any
+ * effect on the build.
+ *
+ */
+#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+
+/**
+ * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+ *
+ * Enable TLS 1.3 ephemeral key exchange mode.
+ *
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C, MBEDTLS_ECDSA_C or
+ *           MBEDTLS_PKCS1_V21
+ *
+ * Comment to disable support for the ephemeral key exchange mode in TLS 1.3.
+ * If MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any
+ * effect on the build.
+ *
+ */
+#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+
+/**
+ * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+ *
+ * Enable TLS 1.3 PSK ephemeral key exchange mode.
+ *
+ * Requires: MBEDTLS_ECDH_C
+ *
+ * Comment to disable support for the PSK ephemeral key exchange mode in
+ * TLS 1.3. If MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not
+ * have any effect on the build.
+ *
+ */
+#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+
+/**
+ * \def MBEDTLS_SSL_EARLY_DATA
+ *
+ * Enable support for RFC 8446 TLS 1.3 early data.
+ *
+ * Requires: MBEDTLS_SSL_SESSION_TICKETS and either
+ *           MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED or
+ *           MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+ *
+ * Comment this to disable support for early data. If MBEDTLS_SSL_PROTO_TLS1_3
+ * is not enabled, this option does not have any effect on the build.
+ *
+ * This feature is experimental, not completed and thus not ready for
+ * production.
+ *
+ */
+//#define MBEDTLS_SSL_EARLY_DATA
+
+/**
+ * \def MBEDTLS_SSL_MAX_EARLY_DATA_SIZE
+ *
+ * The default maximum amount of 0-RTT data. See the documentation of
+ * \c mbedtls_ssl_tls13_conf_max_early_data_size() for more information.
+ *
+ * It must be positive and smaller than UINT32_MAX.
+ *
+ * If MBEDTLS_SSL_EARLY_DATA is not defined, this default value does not
+ * have any impact on the build.
+ *
+ * This feature is experimental, not completed and thus not ready for
+ * production.
+ *
+ */
+#define MBEDTLS_SSL_MAX_EARLY_DATA_SIZE        1024
+
+/**
+ * \def MBEDTLS_SSL_PROTO_DTLS
+ *
+ * Enable support for DTLS (all available versions).
+ *
+ * Enable this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2.
+ *
+ * Requires: MBEDTLS_SSL_PROTO_TLS1_2
+ *
+ * Comment this macro to disable support for DTLS
+ */
+#define MBEDTLS_SSL_PROTO_DTLS
+
+/**
+ * \def MBEDTLS_SSL_ALPN
+ *
+ * Enable support for RFC 7301 Application Layer Protocol Negotiation.
+ *
+ * Comment this macro to disable support for ALPN.
+ */
+#define MBEDTLS_SSL_ALPN
+
+/**
+ * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY
+ *
+ * Enable support for the anti-replay mechanism in DTLS.
+ *
+ * Requires: MBEDTLS_SSL_TLS_C
+ *           MBEDTLS_SSL_PROTO_DTLS
+ *
+ * \warning Disabling this is often a security risk!
+ * See mbedtls_ssl_conf_dtls_anti_replay() for details.
+ *
+ * Comment this to disable anti-replay in DTLS.
+ */
+#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
+
+/**
+ * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY
+ *
+ * Enable support for HelloVerifyRequest on DTLS servers.
+ *
+ * This feature is highly recommended to prevent DTLS servers being used as
+ * amplifiers in DoS attacks against other hosts. It should always be enabled
+ * unless you know for sure amplification cannot be a problem in the
+ * environment in which your server operates.
+ *
+ * \warning Disabling this can be a security risk! (see above)
+ *
+ * Requires: MBEDTLS_SSL_PROTO_DTLS
+ *
+ * Comment this to disable support for HelloVerifyRequest.
+ */
+#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
+
+/**
+ * \def MBEDTLS_SSL_DTLS_SRTP
+ *
+ * Enable support for negotiation of DTLS-SRTP (RFC 5764)
+ * through the use_srtp extension.
+ *
+ * \note This feature provides the minimum functionality required
+ * to negotiate the use of DTLS-SRTP and to allow the derivation of
+ * the associated SRTP packet protection key material.
+ * In particular, the SRTP packet protection itself, as well as the
+ * demultiplexing of RTP and DTLS packets at the datagram layer
+ * (see Section 5 of RFC 5764), are not handled by this feature.
+ * Instead, after successful completion of a handshake negotiating
+ * the use of DTLS-SRTP, the extended key exporter API
+ * mbedtls_ssl_conf_export_keys_cb() should be used to implement
+ * the key exporter described in Section 4.2 of RFC 5764 and RFC 5705
+ * (this is implemented in the SSL example programs).
+ * The resulting key should then be passed to an SRTP stack.
+ *
+ * Setting this option enables the runtime API
+ * mbedtls_ssl_conf_dtls_srtp_protection_profiles()
+ * through which the supported DTLS-SRTP protection
+ * profiles can be configured. You must call this API at
+ * runtime if you wish to negotiate the use of DTLS-SRTP.
+ *
+ * Requires: MBEDTLS_SSL_PROTO_DTLS
+ *
+ * Uncomment this to enable support for use_srtp extension.
+ */
+//#define MBEDTLS_SSL_DTLS_SRTP
+
+/**
+ * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
+ *
+ * Enable server-side support for clients that reconnect from the same port.
+ *
+ * Some clients unexpectedly close the connection and try to reconnect using the
+ * same source port. This needs special support from the server to handle the
+ * new connection securely, as described in section 4.2.8 of RFC 6347. This
+ * flag enables that support.
+ *
+ * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY
+ *
+ * Comment this to disable support for clients reusing the source port.
+ */
+#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
+
+/**
+ * \def MBEDTLS_SSL_SESSION_TICKETS
+ *
+ * Enable support for RFC 5077 session tickets in SSL.
+ * Client-side, provides full support for session tickets (maintenance of a
+ * session store remains the responsibility of the application, though).
+ * Server-side, you also need to provide callbacks for writing and parsing
+ * tickets, including authenticated encryption and key management. Example
+ * callbacks are provided by MBEDTLS_SSL_TICKET_C.
+ *
+ * Comment this macro to disable support for SSL session tickets
+ */
+#define MBEDTLS_SSL_SESSION_TICKETS
+
+/**
+ * \def MBEDTLS_SSL_SERVER_NAME_INDICATION
+ *
+ * Enable support for RFC 6066 server name indication (SNI) in SSL.
+ *
+ * Requires: MBEDTLS_X509_CRT_PARSE_C
+ *
+ * Comment this macro to disable support for server name indication in SSL
+ */
+#define MBEDTLS_SSL_SERVER_NAME_INDICATION
+
+/**
+ * \def MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
+ *
+ * When this option is enabled, the SSL buffer will be resized automatically
+ * based on the negotiated maximum fragment length in each direction.
+ *
+ * Requires: MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+ */
+//#define MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
+
+/**
+ * \def MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
+ *
+ * Enable testing of the constant-flow nature of some sensitive functions with
+ * clang's MemorySanitizer. This causes some existing tests to also test
+ * this non-functional property of the code under test.
+ *
+ * This setting requires compiling with clang -fsanitize=memory. The test
+ * suites can then be run normally.
+ *
+ * \warning This macro is only used for extended testing; it is not considered
+ * part of the library's API, so it may change or disappear at any time.
+ *
+ * Uncomment to enable testing of the constant-flow nature of selected code.
+ */
+//#define MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
+
+/**
+ * \def MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
+ *
+ * Enable testing of the constant-flow nature of some sensitive functions with
+ * valgrind's memcheck tool. This causes some existing tests to also test
+ * this non-functional property of the code under test.
+ *
+ * This setting requires valgrind headers for building, and is only useful for
+ * testing if the tests suites are run with valgrind's memcheck. This can be
+ * done for an individual test suite with 'valgrind ./test_suite_xxx', or when
+ * using CMake, this can be done for all test suites with 'make memcheck'.
+ *
+ * \warning This macro is only used for extended testing; it is not considered
+ * part of the library's API, so it may change or disappear at any time.
+ *
+ * Uncomment to enable testing of the constant-flow nature of selected code.
+ */
+//#define MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
+
+/**
+ * \def MBEDTLS_TEST_HOOKS
+ *
+ * Enable features for invasive testing such as introspection functions and
+ * hooks for fault injection. This enables additional unit tests.
+ *
+ * Merely enabling this feature should not change the behavior of the product.
+ * It only adds new code, and new branching points where the default behavior
+ * is the same as when this feature is disabled.
+ * However, this feature increases the attack surface: there is an added
+ * risk of vulnerabilities, and more gadgets that can make exploits easier.
+ * Therefore this feature must never be enabled in production.
+ *
+ * See `docs/architecture/testing/mbed-crypto-invasive-testing.md` for more
+ * information.
+ *
+ * Uncomment to enable invasive tests.
+ */
+//#define MBEDTLS_TEST_HOOKS
+
+/**
+ * \def MBEDTLS_THREADING_ALT
+ *
+ * Provide your own alternate threading implementation.
+ *
+ * Requires: MBEDTLS_THREADING_C
+ *
+ * Uncomment this to allow your own alternate threading implementation.
+ */
+//#define MBEDTLS_THREADING_ALT
+
+/**
+ * \def MBEDTLS_THREADING_PTHREAD
+ *
+ * Enable the pthread wrapper layer for the threading layer.
+ *
+ * Requires: MBEDTLS_THREADING_C
+ *
+ * Uncomment this to enable pthread mutexes.
+ */
+//#define MBEDTLS_THREADING_PTHREAD
+
+/**
+ * \def MBEDTLS_USE_PSA_CRYPTO
+ *
+ * Make the X.509 and TLS library use PSA for cryptographic operations, and
+ * enable new APIs for using keys handled by PSA Crypto.
+ *
+ * \note Development of this option is currently in progress, and parts of Mbed
+ * TLS's X.509 and TLS modules are not ported to PSA yet. However, these parts
+ * will still continue to work as usual, so enabling this option should not
+ * break backwards compatibility.
+ *
+ * \note See docs/use-psa-crypto.md for a complete description of what this
+ * option currently does, and of parts that are not affected by it so far.
+ *
+ * \warning If you enable this option, you need to call `psa_crypto_init()`
+ * before calling any function from the SSL/TLS, X.509 or PK modules.
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_C.
+ *
+ * Uncomment this to enable internal use of PSA Crypto and new associated APIs.
+ */
+//#define MBEDTLS_USE_PSA_CRYPTO
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_CONFIG
+ *
+ * This setting allows support for cryptographic mechanisms through the PSA
+ * API to be configured separately from support through the mbedtls API.
+ *
+ * When this option is disabled, the PSA API exposes the cryptographic
+ * mechanisms that can be implemented on top of the `mbedtls_xxx` API
+ * configured with `MBEDTLS_XXX` symbols.
+ *
+ * When this option is enabled, the PSA API exposes the cryptographic
+ * mechanisms requested by the `PSA_WANT_XXX` symbols defined in
+ * include/psa/crypto_config.h. The corresponding `MBEDTLS_XXX` settings are
+ * automatically enabled if required (i.e. if no PSA driver provides the
+ * mechanism). You may still freely enable additional `MBEDTLS_XXX` symbols
+ * in mbedtls_config.h.
+ *
+ * If the symbol #MBEDTLS_PSA_CRYPTO_CONFIG_FILE is defined, it specifies
+ * an alternative header to include instead of include/psa/crypto_config.h.
+ *
+ * This feature is still experimental and is not ready for production since
+ * it is not completed.
+ */
+//#define MBEDTLS_PSA_CRYPTO_CONFIG
+
+/**
+ * \def MBEDTLS_VERSION_FEATURES
+ *
+ * Allow run-time checking of compile-time enabled features. Thus allowing users
+ * to check at run-time if the library is for instance compiled with threading
+ * support via mbedtls_version_check_feature().
+ *
+ * Requires: MBEDTLS_VERSION_C
+ *
+ * Comment this to disable run-time checking and save ROM space
+ */
+#define MBEDTLS_VERSION_FEATURES
+
+/**
+ * \def MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+ *
+ * If set, this enables the X.509 API `mbedtls_x509_crt_verify_with_ca_cb()`
+ * and the SSL API `mbedtls_ssl_conf_ca_cb()` which allow users to configure
+ * the set of trusted certificates through a callback instead of a linked
+ * list.
+ *
+ * This is useful for example in environments where a large number of trusted
+ * certificates is present and storing them in a linked list isn't efficient
+ * enough, or when the set of trusted certificates changes frequently.
+ *
+ * See the documentation of `mbedtls_x509_crt_verify_with_ca_cb()` and
+ * `mbedtls_ssl_conf_ca_cb()` for more information.
+ *
+ * Requires: MBEDTLS_X509_CRT_PARSE_C
+ *
+ * Uncomment to enable trusted certificate callbacks.
+ */
+//#define MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+
+/**
+ * \def MBEDTLS_X509_REMOVE_INFO
+ *
+ * Disable mbedtls_x509_*_info() and related APIs.
+ *
+ * Uncomment to omit mbedtls_x509_*_info(), as well as mbedtls_debug_print_crt()
+ * and other functions/constants only used by these functions, thus reducing
+ * the code footprint by several KB.
+ */
+//#define MBEDTLS_X509_REMOVE_INFO
+
+/**
+ * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT
+ *
+ * Enable parsing and verification of X.509 certificates, CRLs and CSRS
+ * signed with RSASSA-PSS (aka PKCS#1 v2.1).
+ *
+ * Comment this macro to disallow using RSASSA-PSS in certificates.
+ */
+#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
+/** \} name SECTION: mbed TLS feature support */
+
+/**
+ * \name SECTION: mbed TLS modules
+ *
+ * This section enables or disables entire modules in mbed TLS
+ * \{
+ */
+
+/**
+ * \def MBEDTLS_AESNI_C
+ *
+ * Enable AES-NI support on x86-64 or x86-32.
+ *
+ * \note AESNI is only supported with certain compilers and target options:
+ * - Visual Studio 2013: supported.
+ * - GCC, x86-64, target not explicitly supporting AESNI:
+ *   requires MBEDTLS_HAVE_ASM.
+ * - GCC, x86-32, target not explicitly supporting AESNI:
+ *   not supported.
+ * - GCC, x86-64 or x86-32, target supporting AESNI: supported.
+ *   For this assembly-less implementation, you must currently compile
+ *   `library/aesni.c` and `library/aes.c` with machine options to enable
+ *   SSE2 and AESNI instructions: `gcc -msse2 -maes -mpclmul` or
+ *   `clang -maes -mpclmul`.
+ * - Non-x86 targets: this option is silently ignored.
+ * - Other compilers: this option is silently ignored.
+ *
+ * \note
+ * Above, "GCC" includes compatible compilers such as Clang.
+ * The limitations on target support are likely to be relaxed in the future.
+ *
+ * Module:  library/aesni.c
+ * Caller:  library/aes.c
+ *
+ * Requires: MBEDTLS_HAVE_ASM (on some platforms, see note)
+ *
+ * This modules adds support for the AES-NI instructions on x86.
+ */
+//#define MBEDTLS_AESNI_C
+
+/**
+ * \def MBEDTLS_AESCE_C
+ *
+ * Enable AES cryptographic extension support on 64-bit Arm.
+ *
+ * Module:  library/aesce.c
+ * Caller:  library/aes.c
+ *
+ * Requires: MBEDTLS_HAVE_ASM, MBEDTLS_AES_C
+ *
+ * \warning Runtime detection only works on Linux. For non-Linux operating
+ *          system, Armv8-A Cryptographic Extensions must be supported by
+ *          the CPU when this option is enabled.
+ *
+ * This module adds support for the AES Armv8-A Cryptographic Extensions on Aarch64 systems.
+ */
+//#define MBEDTLS_AESCE_C
+
+/**
+ * \def MBEDTLS_AES_C
+ *
+ * Enable the AES block cipher.
+ *
+ * Module:  library/aes.c
+ * Caller:  library/cipher.c
+ *          library/pem.c
+ *          library/ctr_drbg.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
+ *
+ * PEM_PARSE uses AES for decrypting encrypted keys.
+ */
+#define MBEDTLS_AES_C
+
+/**
+ * \def MBEDTLS_ASN1_PARSE_C
+ *
+ * Enable the generic ASN1 parser.
+ *
+ * Module:  library/asn1.c
+ * Caller:  library/x509.c
+ *          library/dhm.c
+ *          library/pkcs12.c
+ *          library/pkcs5.c
+ *          library/pkparse.c
+ */
+#define MBEDTLS_ASN1_PARSE_C
+
+/**
+ * \def MBEDTLS_ASN1_WRITE_C
+ *
+ * Enable the generic ASN1 writer.
+ *
+ * Module:  library/asn1write.c
+ * Caller:  library/ecdsa.c
+ *          library/pkwrite.c
+ *          library/x509_create.c
+ *          library/x509write_crt.c
+ *          library/x509write_csr.c
+ */
+#define MBEDTLS_ASN1_WRITE_C
+
+/**
+ * \def MBEDTLS_BASE64_C
+ *
+ * Enable the Base64 module.
+ *
+ * Module:  library/base64.c
+ * Caller:  library/pem.c
+ *
+ * This module is required for PEM support (required by X.509).
+ */
+#define MBEDTLS_BASE64_C
+
+/**
+ * \def MBEDTLS_BIGNUM_C
+ *
+ * Enable the multi-precision integer library.
+ *
+ * Module:  library/bignum.c
+ *          library/bignum_core.c
+ *          library/bignum_mod.c
+ *          library/bignum_mod_raw.c
+ * Caller:  library/dhm.c
+ *          library/ecp.c
+ *          library/ecdsa.c
+ *          library/rsa.c
+ *          library/rsa_alt_helpers.c
+ *          library/ssl_tls.c
+ *
+ * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support.
+ */
+#define MBEDTLS_BIGNUM_C
+
+/**
+ * \def MBEDTLS_CAMELLIA_C
+ *
+ * Enable the Camellia block cipher.
+ *
+ * Module:  library/camellia.c
+ * Caller:  library/cipher.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ */
+#define MBEDTLS_CAMELLIA_C
+
+/**
+ * \def MBEDTLS_ARIA_C
+ *
+ * Enable the ARIA block cipher.
+ *
+ * Module:  library/aria.c
+ * Caller:  library/cipher.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *
+ *      MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384
+ */
+#define MBEDTLS_ARIA_C
+
+/**
+ * \def MBEDTLS_CCM_C
+ *
+ * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher.
+ *
+ * Module:  library/ccm.c
+ *
+ * Requires: MBEDTLS_CIPHER_C, MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or
+ *                             MBEDTLS_ARIA_C
+ *
+ * This module enables the AES-CCM ciphersuites, if other requisites are
+ * enabled as well.
+ */
+#define MBEDTLS_CCM_C
+
+/**
+ * \def MBEDTLS_CHACHA20_C
+ *
+ * Enable the ChaCha20 stream cipher.
+ *
+ * Module:  library/chacha20.c
+ */
+#define MBEDTLS_CHACHA20_C
+
+/**
+ * \def MBEDTLS_CHACHAPOLY_C
+ *
+ * Enable the ChaCha20-Poly1305 AEAD algorithm.
+ *
+ * Module:  library/chachapoly.c
+ *
+ * This module requires: MBEDTLS_CHACHA20_C, MBEDTLS_POLY1305_C
+ */
+#define MBEDTLS_CHACHAPOLY_C
+
+/**
+ * \def MBEDTLS_CIPHER_C
+ *
+ * Enable the generic cipher layer.
+ *
+ * Module:  library/cipher.c
+ * Caller:  library/ccm.c
+ *          library/cmac.c
+ *          library/gcm.c
+ *          library/nist_kw.c
+ *          library/pkcs12.c
+ *          library/pkcs5.c
+ *          library/psa_crypto_aead.c
+ *          library/psa_crypto_mac.c
+ *          library/ssl_ciphersuites.c
+ *          library/ssl_msg.c
+ *          library/ssl_ticket.c (unless MBEDTLS_USE_PSA_CRYPTO is enabled)
+ *
+ * Uncomment to enable generic cipher wrappers.
+ */
+#define MBEDTLS_CIPHER_C
+
+/**
+ * \def MBEDTLS_CMAC_C
+ *
+ * Enable the CMAC (Cipher-based Message Authentication Code) mode for block
+ * ciphers.
+ *
+ * \note When #MBEDTLS_CMAC_ALT is active, meaning that the underlying
+ *       implementation of the CMAC algorithm is provided by an alternate
+ *       implementation, that alternate implementation may opt to not support
+ *       AES-192 or 3DES as underlying block ciphers for the CMAC operation.
+ *
+ * Module:  library/cmac.c
+ *
+ * Requires: MBEDTLS_CIPHER_C, MBEDTLS_AES_C or MBEDTLS_DES_C
+ *
+ */
+#define MBEDTLS_CMAC_C
+
+/**
+ * \def MBEDTLS_CTR_DRBG_C
+ *
+ * Enable the CTR_DRBG AES-based random generator.
+ * The CTR_DRBG generator uses AES-256 by default.
+ * To use AES-128 instead, enable \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY above.
+ *
+ * \note To achieve a 256-bit security strength with CTR_DRBG,
+ *       you must use AES-256 *and* use sufficient entropy.
+ *       See ctr_drbg.h for more details.
+ *
+ * Module:  library/ctr_drbg.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_AES_C
+ *
+ * This module provides the CTR_DRBG AES random number generator.
+ */
+#define MBEDTLS_CTR_DRBG_C
+
+/**
+ * \def MBEDTLS_DEBUG_C
+ *
+ * Enable the debug functions.
+ *
+ * Module:  library/debug.c
+ * Caller:  library/ssl_msg.c
+ *          library/ssl_tls.c
+ *          library/ssl_tls12_*.c
+ *          library/ssl_tls13_*.c
+ *
+ * This module provides debugging functions.
+ */
+//#define MBEDTLS_DEBUG_C
+
+/**
+ * \def MBEDTLS_DES_C
+ *
+ * Enable the DES block cipher.
+ *
+ * Module:  library/des.c
+ * Caller:  library/pem.c
+ *          library/cipher.c
+ *
+ * PEM_PARSE uses DES/3DES for decrypting encrypted keys.
+ *
+ * \warning   DES/3DES are considered weak ciphers and their use constitutes a
+ *            security risk. We recommend considering stronger ciphers instead.
+ */
+#define MBEDTLS_DES_C
+
+/**
+ * \def MBEDTLS_DHM_C
+ *
+ * Enable the Diffie-Hellman-Merkle module.
+ *
+ * Module:  library/dhm.c
+ * Caller:  library/ssl_tls.c
+ *          library/ssl*_client.c
+ *          library/ssl*_server.c
+ *
+ * This module is used by the following key exchanges:
+ *      DHE-RSA, DHE-PSK
+ *
+ * \warning    Using DHE constitutes a security risk as it
+ *             is not possible to validate custom DH parameters.
+ *             If possible, it is recommended users should consider
+ *             preferring other methods of key exchange.
+ *             See dhm.h for more details.
+ *
+ */
+#define MBEDTLS_DHM_C
+
+/**
+ * \def MBEDTLS_ECDH_C
+ *
+ * Enable the elliptic curve Diffie-Hellman library.
+ *
+ * Module:  library/ecdh.c
+ * Caller:  library/psa_crypto.c
+ *          library/ssl_tls.c
+ *          library/ssl*_client.c
+ *          library/ssl*_server.c
+ *
+ * This module is used by the following key exchanges:
+ *      ECDHE-ECDSA, ECDHE-RSA, DHE-PSK
+ *
+ * Requires: MBEDTLS_ECP_C
+ */
+#define MBEDTLS_ECDH_C
+
+/**
+ * \def MBEDTLS_ECDSA_C
+ *
+ * Enable the elliptic curve DSA library.
+ *
+ * Module:  library/ecdsa.c
+ * Caller:
+ *
+ * This module is used by the following key exchanges:
+ *      ECDHE-ECDSA
+ *
+ * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C,
+ *           and at least one MBEDTLS_ECP_DP_XXX_ENABLED for a
+ *           short Weierstrass curve.
+ */
+#define MBEDTLS_ECDSA_C
+
+/**
+ * \def MBEDTLS_ECJPAKE_C
+ *
+ * Enable the elliptic curve J-PAKE library.
+ *
+ * \note EC J-PAKE support is based on the Thread v1.0.0 specification.
+ *       It has not been reviewed for compliance with newer standards such as
+ *       Thread v1.1 or RFC 8236.
+ *
+ * Module:  library/ecjpake.c
+ * Caller:
+ *
+ * This module is used by the following key exchanges:
+ *      ECJPAKE
+ *
+ * Requires: MBEDTLS_ECP_C and either MBEDTLS_MD_C or MBEDTLS_PSA_CRYPTO_C
+ *
+ * \warning If building without MBEDTLS_MD_C, you must call psa_crypto_init()
+ * before doing any EC J-PAKE operations.
+ *
+ * \warning When building with MBEDTLS_MD_C, all hashes used with this
+ * need to be available as built-ins (that is, for SHA-256, MBEDTLS_SHA256_C,
+ * etc.) as opposed to just PSA drivers. So far, PSA drivers are only used by
+ * this module in builds where MBEDTLS_MD_C is disabled.
+ */
+#define MBEDTLS_ECJPAKE_C
+
+/**
+ * \def MBEDTLS_ECP_C
+ *
+ * Enable the elliptic curve over GF(p) library.
+ *
+ * Module:  library/ecp.c
+ * Caller:  library/ecdh.c
+ *          library/ecdsa.c
+ *          library/ecjpake.c
+ *
+ * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED
+ */
+#define MBEDTLS_ECP_C
+
+/**
+ * \def MBEDTLS_ENTROPY_C
+ *
+ * Enable the platform-specific entropy code.
+ *
+ * Module:  library/entropy.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C
+ *
+ * This module provides a generic entropy pool
+ */
+#define MBEDTLS_ENTROPY_C
+
+/**
+ * \def MBEDTLS_ERROR_C
+ *
+ * Enable error code to error string conversion.
+ *
+ * Module:  library/error.c
+ * Caller:
+ *
+ * This module enables mbedtls_strerror().
+ */
+#define MBEDTLS_ERROR_C
+
+/**
+ * \def MBEDTLS_GCM_C
+ *
+ * Enable the Galois/Counter Mode (GCM).
+ *
+ * Module:  library/gcm.c
+ *
+ * Requires: MBEDTLS_CIPHER_C, MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or
+ *                             MBEDTLS_ARIA_C
+ *
+ * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
+ * requisites are enabled as well.
+ */
+#define MBEDTLS_GCM_C
+
+/**
+ * \def MBEDTLS_HKDF_C
+ *
+ * Enable the HKDF algorithm (RFC 5869).
+ *
+ * Module:  library/hkdf.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_MD_C
+ *
+ * This module adds support for the Hashed Message Authentication Code
+ * (HMAC)-based key derivation function (HKDF).
+ */
+#define MBEDTLS_HKDF_C
+
+/**
+ * \def MBEDTLS_HMAC_DRBG_C
+ *
+ * Enable the HMAC_DRBG random generator.
+ *
+ * Module:  library/hmac_drbg.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_MD_C
+ *
+ * Uncomment to enable the HMAC_DRBG random number generator.
+ */
+#define MBEDTLS_HMAC_DRBG_C
+
+/**
+ * \def MBEDTLS_LMS_C
+ *
+ * Enable the LMS stateful-hash asymmetric signature algorithm.
+ *
+ * Module:  library/lms.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_C
+ *
+ * Uncomment to enable the LMS verification algorithm and public key operations.
+ */
+#define MBEDTLS_LMS_C
+
+/**
+ * \def MBEDTLS_LMS_PRIVATE
+ *
+ * Enable LMS private-key operations and signing code. Functions enabled by this
+ * option are experimental, and should not be used in production.
+ *
+ * Requires: MBEDTLS_LMS_C
+ *
+ * Uncomment to enable the LMS signature algorithm and private key operations.
+ */
+//#define MBEDTLS_LMS_PRIVATE
+
+/**
+ * \def MBEDTLS_NIST_KW_C
+ *
+ * Enable the Key Wrapping mode for 128-bit block ciphers,
+ * as defined in NIST SP 800-38F. Only KW and KWP modes
+ * are supported. At the moment, only AES is approved by NIST.
+ *
+ * Module:  library/nist_kw.c
+ *
+ * Requires: MBEDTLS_AES_C and MBEDTLS_CIPHER_C
+ */
+#define MBEDTLS_NIST_KW_C
+
+/**
+ * \def MBEDTLS_MD_C
+ *
+ * Enable the generic layer for message digest (hashing) and HMAC.
+ *
+ * Requires: one of: MBEDTLS_MD5_C, MBEDTLS_RIPEMD160_C, MBEDTLS_SHA1_C,
+ *                   MBEDTLS_SHA224_C, MBEDTLS_SHA256_C, MBEDTLS_SHA384_C,
+ *                   MBEDTLS_SHA512_C.
+ * Module:  library/md.c
+ * Caller:  library/constant_time.c
+ *          library/ecdsa.c
+ *          library/ecjpake.c
+ *          library/hkdf.c
+ *          library/hmac_drbg.c
+ *          library/pk.c
+ *          library/pkcs5.c
+ *          library/pkcs12.c
+ *          library/psa_crypto_ecp.c
+ *          library/psa_crypto_rsa.c
+ *          library/rsa.c
+ *          library/ssl_cookie.c
+ *          library/ssl_msg.c
+ *          library/ssl_tls.c
+ *          library/x509.c
+ *          library/x509_crt.c
+ *          library/x509write_crt.c
+ *          library/x509write_csr.c
+ *
+ * Uncomment to enable generic message digest wrappers.
+ */
+#define MBEDTLS_MD_C
+
+/**
+ * \def MBEDTLS_MD5_C
+ *
+ * Enable the MD5 hash algorithm.
+ *
+ * Module:  library/md5.c
+ * Caller:  library/md.c
+ *          library/pem.c
+ *          library/ssl_tls.c
+ *
+ * This module is required for TLS 1.2 depending on the handshake parameters.
+ * Further, it is used for checking MD5-signed certificates, and for PBKDF1
+ * when decrypting PEM-encoded encrypted keys.
+ *
+ * \warning   MD5 is considered a weak message digest and its use constitutes a
+ *            security risk. If possible, we recommend avoiding dependencies on
+ *            it, and considering stronger message digests instead.
+ *
+ */
+#define MBEDTLS_MD5_C
+
+/**
+ * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C
+ *
+ * Enable the buffer allocator implementation that makes use of a (stack)
+ * based buffer to 'allocate' dynamic memory. (replaces calloc() and free()
+ * calls)
+ *
+ * Module:  library/memory_buffer_alloc.c
+ *
+ * Requires: MBEDTLS_PLATFORM_C
+ *           MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS)
+ *
+ * Enable this module to enable the buffer memory allocator.
+ */
+//#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
+
+/**
+ * \def MBEDTLS_NET_C
+ *
+ * Enable the TCP and UDP over IPv6/IPv4 networking routines.
+ *
+ * \note This module only works on POSIX/Unix (including Linux, BSD and OS X)
+ * and Windows. For other platforms, you'll want to disable it, and write your
+ * own networking callbacks to be passed to \c mbedtls_ssl_set_bio().
+ *
+ * \note See also our Knowledge Base article about porting to a new
+ * environment:
+ * https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
+ *
+ * Module:  library/net_sockets.c
+ *
+ * This module provides networking routines.
+ */
+//#define MBEDTLS_NET_C
+
+/**
+ * \def MBEDTLS_OID_C
+ *
+ * Enable the OID database.
+ *
+ * Module:  library/oid.c
+ * Caller:  library/asn1write.c
+ *          library/pkcs5.c
+ *          library/pkparse.c
+ *          library/pkwrite.c
+ *          library/rsa.c
+ *          library/x509.c
+ *          library/x509_create.c
+ *          library/x509_crl.c
+ *          library/x509_crt.c
+ *          library/x509_csr.c
+ *          library/x509write_crt.c
+ *          library/x509write_csr.c
+ *
+ * This modules translates between OIDs and internal values.
+ */
+#define MBEDTLS_OID_C
+
+/**
+ * \def MBEDTLS_PADLOCK_C
+ *
+ * Enable VIA Padlock support on x86.
+ *
+ * Module:  library/padlock.c
+ * Caller:  library/aes.c
+ *
+ * Requires: MBEDTLS_HAVE_ASM
+ *
+ * This modules adds support for the VIA PadLock on x86.
+ */
+#define MBEDTLS_PADLOCK_C
+
+/**
+ * \def MBEDTLS_PEM_PARSE_C
+ *
+ * Enable PEM decoding / parsing.
+ *
+ * Module:  library/pem.c
+ * Caller:  library/dhm.c
+ *          library/pkparse.c
+ *          library/x509_crl.c
+ *          library/x509_crt.c
+ *          library/x509_csr.c
+ *
+ * Requires: MBEDTLS_BASE64_C
+ *
+ * This modules adds support for decoding / parsing PEM files.
+ */
+#define MBEDTLS_PEM_PARSE_C
+
+/**
+ * \def MBEDTLS_PEM_WRITE_C
+ *
+ * Enable PEM encoding / writing.
+ *
+ * Module:  library/pem.c
+ * Caller:  library/pkwrite.c
+ *          library/x509write_crt.c
+ *          library/x509write_csr.c
+ *
+ * Requires: MBEDTLS_BASE64_C
+ *
+ * This modules adds support for encoding / writing PEM files.
+ */
+#define MBEDTLS_PEM_WRITE_C
+
+/**
+ * \def MBEDTLS_PK_C
+ *
+ * Enable the generic public (asymmetric) key layer.
+ *
+ * Module:  library/pk.c
+ * Caller:  library/psa_crypto_rsa.c
+ *          library/ssl_tls.c
+ *          library/ssl*_client.c
+ *          library/ssl*_server.c
+ *          library/x509.c
+ *
+ * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C or MBEDTLS_ECP_C
+ *
+ * Uncomment to enable generic public key wrappers.
+ */
+#define MBEDTLS_PK_C
+
+/**
+ * \def MBEDTLS_PK_PARSE_C
+ *
+ * Enable the generic public (asymmetric) key parser.
+ *
+ * Module:  library/pkparse.c
+ * Caller:  library/x509_crt.c
+ *          library/x509_csr.c
+ *
+ * Requires: MBEDTLS_PK_C
+ *
+ * Uncomment to enable generic public key parse functions.
+ */
+#define MBEDTLS_PK_PARSE_C
+
+/**
+ * \def MBEDTLS_PK_WRITE_C
+ *
+ * Enable the generic public (asymmetric) key writer.
+ *
+ * Module:  library/pkwrite.c
+ * Caller:  library/x509write.c
+ *
+ * Requires: MBEDTLS_PK_C
+ *
+ * Uncomment to enable generic public key write functions.
+ */
+#define MBEDTLS_PK_WRITE_C
+
+/**
+ * \def MBEDTLS_PKCS5_C
+ *
+ * Enable PKCS#5 functions.
+ *
+ * Module:  library/pkcs5.c
+ *
+ * Requires: MBEDTLS_CIPHER_C and either MBEDTLS_MD_C or MBEDTLS_PSA_CRYPTO_C.
+ *
+ * \warning If building without MBEDTLS_MD_C, you must call psa_crypto_init()
+ * before doing any PKCS5 operation.
+ *
+ * \warning When building with MBEDTLS_MD_C, all hashes used with this
+ * need to be available as built-ins (that is, for SHA-256, MBEDTLS_SHA256_C,
+ * etc.) as opposed to just PSA drivers. So far, PSA drivers are only used by
+ * this module in builds where MBEDTLS_MD_C is disabled.
+ *
+ * This module adds support for the PKCS#5 functions.
+ */
+#define MBEDTLS_PKCS5_C
+
+/**
+ * \def MBEDTLS_PKCS7_C
+ *
+ * Enable PKCS #7 core for using PKCS #7-formatted signatures.
+ * RFC Link - https://tools.ietf.org/html/rfc2315
+ *
+ * Module:  library/pkcs7.c
+ *
+ * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C,
+ *           MBEDTLS_X509_CRT_PARSE_C MBEDTLS_X509_CRL_PARSE_C,
+ *           MBEDTLS_BIGNUM_C, MBEDTLS_MD_C
+ *
+ * This module is required for the PKCS #7 parsing modules.
+ */
+#define MBEDTLS_PKCS7_C
+
+/**
+ * \def MBEDTLS_PKCS12_C
+ *
+ * Enable PKCS#12 PBE functions.
+ * Adds algorithms for parsing PKCS#8 encrypted private keys
+ *
+ * Module:  library/pkcs12.c
+ * Caller:  library/pkparse.c
+ *
+ * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C and either
+ * MBEDTLS_MD_C or MBEDTLS_PSA_CRYPTO_C.
+ *
+ * \warning If building without MBEDTLS_MD_C, you must call psa_crypto_init()
+ * before doing any PKCS12 operation.
+ *
+ * \warning When building with MBEDTLS_MD_C, all hashes used with this
+ * need to be available as built-ins (that is, for SHA-256, MBEDTLS_SHA256_C,
+ * etc.) as opposed to just PSA drivers. So far, PSA drivers are only used by
+ * this module in builds where MBEDTLS_MD_C is disabled.
+ *
+ * This module enables PKCS#12 functions.
+ */
+#define MBEDTLS_PKCS12_C
+
+/**
+ * \def MBEDTLS_PLATFORM_C
+ *
+ * Enable the platform abstraction layer that allows you to re-assign
+ * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit().
+ *
+ * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT
+ * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned
+ * above to be specified at runtime or compile time respectively.
+ *
+ * \note This abstraction layer must be enabled on Windows (including MSYS2)
+ * as other modules rely on it for a fixed snprintf implementation.
+ *
+ * Module:  library/platform.c
+ * Caller:  Most other .c files
+ *
+ * This module enables abstraction of common (libc) functions.
+ */
+#define MBEDTLS_PLATFORM_C
+
+/**
+ * \def MBEDTLS_POLY1305_C
+ *
+ * Enable the Poly1305 MAC algorithm.
+ *
+ * Module:  library/poly1305.c
+ * Caller:  library/chachapoly.c
+ */
+#define MBEDTLS_POLY1305_C
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_C
+ *
+ * Enable the Platform Security Architecture cryptography API.
+ *
+ * Module:  library/psa_crypto.c
+ *
+ * Requires: MBEDTLS_CIPHER_C,
+ *           either MBEDTLS_CTR_DRBG_C and MBEDTLS_ENTROPY_C,
+ *           or MBEDTLS_HMAC_DRBG_C and MBEDTLS_ENTROPY_C,
+ *           or MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG.
+ *
+ */
+#define MBEDTLS_PSA_CRYPTO_C
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_SE_C
+ *
+ * Enable dynamic secure element support in the Platform Security Architecture
+ * cryptography API.
+ *
+ * \deprecated This feature is deprecated. Please switch to the driver
+ *             interface enabled by #MBEDTLS_PSA_CRYPTO_DRIVERS.
+ *
+ * Module:  library/psa_crypto_se.c
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_PSA_CRYPTO_STORAGE_C
+ *
+ */
+//#define MBEDTLS_PSA_CRYPTO_SE_C
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_STORAGE_C
+ *
+ * Enable the Platform Security Architecture persistent key storage.
+ *
+ * Module:  library/psa_crypto_storage.c
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_C,
+ *           either MBEDTLS_PSA_ITS_FILE_C or a native implementation of
+ *           the PSA ITS interface
+ */
+//#define MBEDTLS_PSA_CRYPTO_STORAGE_C
+
+/**
+ * \def MBEDTLS_PSA_ITS_FILE_C
+ *
+ * Enable the emulation of the Platform Security Architecture
+ * Internal Trusted Storage (PSA ITS) over files.
+ *
+ * Module:  library/psa_its_file.c
+ *
+ * Requires: MBEDTLS_FS_IO
+ */
+//#define MBEDTLS_PSA_ITS_FILE_C
+
+/**
+ * \def MBEDTLS_RIPEMD160_C
+ *
+ * Enable the RIPEMD-160 hash algorithm.
+ *
+ * Module:  library/ripemd160.c
+ * Caller:  library/md.c
+ *
+ */
+#define MBEDTLS_RIPEMD160_C
+
+/**
+ * \def MBEDTLS_RSA_C
+ *
+ * Enable the RSA public-key cryptosystem.
+ *
+ * Module:  library/rsa.c
+ *          library/rsa_alt_helpers.c
+ * Caller:  library/pk.c
+ *          library/psa_crypto.c
+ *          library/ssl_tls.c
+ *          library/ssl*_client.c
+ *          library/ssl*_server.c
+ *
+ * This module is used by the following key exchanges:
+ *      RSA, DHE-RSA, ECDHE-RSA, RSA-PSK
+ *
+ * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C
+ */
+#define MBEDTLS_RSA_C
+
+/**
+ * \def MBEDTLS_SHA1_C
+ *
+ * Enable the SHA1 cryptographic hash algorithm.
+ *
+ * Module:  library/sha1.c
+ * Caller:  library/md.c
+ *          library/psa_crypto_hash.c
+ *
+ * This module is required for TLS 1.2 depending on the handshake parameters,
+ * and for SHA1-signed certificates.
+ *
+ * \warning   SHA-1 is considered a weak message digest and its use constitutes
+ *            a security risk. If possible, we recommend avoiding dependencies
+ *            on it, and considering stronger message digests instead.
+ *
+ */
+#define MBEDTLS_SHA1_C
+
+/**
+ * \def MBEDTLS_SHA224_C
+ *
+ * Enable the SHA-224 cryptographic hash algorithm.
+ *
+ * Module:  library/sha256.c
+ * Caller:  library/md.c
+ *          library/ssl_cookie.c
+ *
+ * This module adds support for SHA-224.
+ */
+#define MBEDTLS_SHA224_C
+
+/**
+ * \def MBEDTLS_SHA256_C
+ *
+ * Enable the SHA-256 cryptographic hash algorithm.
+ *
+ * Module:  library/sha256.c
+ * Caller:  library/entropy.c
+ *          library/md.c
+ *          library/ssl_tls.c
+ *          library/ssl*_client.c
+ *          library/ssl*_server.c
+ *
+ * This module adds support for SHA-256.
+ * This module is required for the SSL/TLS 1.2 PRF function.
+ */
+#define MBEDTLS_SHA256_C
+
+/**
+ * \def MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
+ *
+ * Enable acceleration of the SHA-256 and SHA-224 cryptographic hash algorithms
+ * with the ARMv8 cryptographic extensions if they are available at runtime.
+ * If not, the library will fall back to the C implementation.
+ *
+ * \note If MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT is defined when building
+ * for a non-Aarch64 build it will be silently ignored.
+ *
+ * \warning MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT cannot be defined at the
+ * same time as MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY.
+ *
+ * Requires: MBEDTLS_SHA256_C.
+ *
+ * Module:  library/sha256.c
+ *
+ * Uncomment to have the library check for the A64 SHA-256 crypto extensions
+ * and use them if available.
+ */
+//#define MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
+
+/**
+ * \def MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
+ *
+ * Enable acceleration of the SHA-256 and SHA-224 cryptographic hash algorithms
+ * with the ARMv8 cryptographic extensions, which must be available at runtime
+ * or else an illegal instruction fault will occur.
+ *
+ * \note This allows builds with a smaller code size than with
+ * MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
+ *
+ * \warning MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY cannot be defined at the same
+ * time as MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT.
+ *
+ * Requires: MBEDTLS_SHA256_C.
+ *
+ * Module:  library/sha256.c
+ *
+ * Uncomment to have the library use the A64 SHA-256 crypto extensions
+ * unconditionally.
+ */
+//#define MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
+
+/**
+ * \def MBEDTLS_SHA384_C
+ *
+ * Enable the SHA-384 cryptographic hash algorithm.
+ *
+ * Module:  library/sha512.c
+ * Caller:  library/md.c
+ *          library/psa_crypto_hash.c
+ *          library/ssl_tls.c
+ *          library/ssl*_client.c
+ *          library/ssl*_server.c
+ *
+ * Comment to disable SHA-384
+ */
+#define MBEDTLS_SHA384_C
+
+/**
+ * \def MBEDTLS_SHA512_C
+ *
+ * Enable SHA-512 cryptographic hash algorithms.
+ *
+ * Module:  library/sha512.c
+ * Caller:  library/entropy.c
+ *          library/md.c
+ *          library/ssl_tls.c
+ *          library/ssl_cookie.c
+ *
+ * This module adds support for SHA-512.
+ */
+#define MBEDTLS_SHA512_C
+
+/**
+ * \def MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
+ *
+ * Enable acceleration of the SHA-512 and SHA-384 cryptographic hash algorithms
+ * with the ARMv8 cryptographic extensions if they are available at runtime.
+ * If not, the library will fall back to the C implementation.
+ *
+ * \note If MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT is defined when building
+ * for a non-Aarch64 build it will be silently ignored.
+ *
+ * \note The code uses the SHA-512 Neon intrinsics, so requires GCC >= 8 or
+ * Clang >= 7.
+ *
+ * \warning MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT cannot be defined at the
+ * same time as MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY.
+ *
+ * Requires: MBEDTLS_SHA512_C.
+ *
+ * Module:  library/sha512.c
+ *
+ * Uncomment to have the library check for the A64 SHA-512 crypto extensions
+ * and use them if available.
+ */
+//#define MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
+
+/**
+ * \def MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY
+ *
+ * Enable acceleration of the SHA-512 and SHA-384 cryptographic hash algorithms
+ * with the ARMv8 cryptographic extensions, which must be available at runtime
+ * or else an illegal instruction fault will occur.
+ *
+ * \note This allows builds with a smaller code size than with
+ * MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
+ *
+ * \note The code uses the SHA-512 Neon intrinsics, so requires GCC >= 8 or
+ * Clang >= 7.
+ *
+ * \warning MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY cannot be defined at the same
+ * time as MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT.
+ *
+ * Requires: MBEDTLS_SHA512_C.
+ *
+ * Module:  library/sha512.c
+ *
+ * Uncomment to have the library use the A64 SHA-512 crypto extensions
+ * unconditionally.
+ */
+//#define MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY
+
+/**
+ * \def MBEDTLS_SSL_CACHE_C
+ *
+ * Enable simple SSL cache implementation.
+ *
+ * Module:  library/ssl_cache.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_SSL_CACHE_C
+ */
+#define MBEDTLS_SSL_CACHE_C
+
+/**
+ * \def MBEDTLS_SSL_COOKIE_C
+ *
+ * Enable basic implementation of DTLS cookies for hello verification.
+ *
+ * Module:  library/ssl_cookie.c
+ * Caller:
+ */
+#define MBEDTLS_SSL_COOKIE_C
+
+/**
+ * \def MBEDTLS_SSL_TICKET_C
+ *
+ * Enable an implementation of TLS server-side callbacks for session tickets.
+ *
+ * Module:  library/ssl_ticket.c
+ * Caller:
+ *
+ * Requires: (MBEDTLS_CIPHER_C || MBEDTLS_USE_PSA_CRYPTO) &&
+ *           (MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C)
+ */
+#define MBEDTLS_SSL_TICKET_C
+
+/**
+ * \def MBEDTLS_SSL_CLI_C
+ *
+ * Enable the SSL/TLS client code.
+ *
+ * Module:  library/ssl*_client.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_SSL_TLS_C
+ *
+ * This module is required for SSL/TLS client support.
+ */
+#define MBEDTLS_SSL_CLI_C
+
+/**
+ * \def MBEDTLS_SSL_SRV_C
+ *
+ * Enable the SSL/TLS server code.
+ *
+ * Module:  library/ssl*_server.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_SSL_TLS_C
+ *
+ * This module is required for SSL/TLS server support.
+ */
+#define MBEDTLS_SSL_SRV_C
+
+/**
+ * \def MBEDTLS_SSL_TLS_C
+ *
+ * Enable the generic SSL/TLS code.
+ *
+ * Module:  library/ssl_tls.c
+ * Caller:  library/ssl*_client.c
+ *          library/ssl*_server.c
+ *
+ * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C
+ *           and at least one of the MBEDTLS_SSL_PROTO_XXX defines
+ *
+ * This module is required for SSL/TLS.
+ */
+#define MBEDTLS_SSL_TLS_C
+
+/**
+ * \def MBEDTLS_THREADING_C
+ *
+ * Enable the threading abstraction layer.
+ * By default mbed TLS assumes it is used in a non-threaded environment or that
+ * contexts are not shared between threads. If you do intend to use contexts
+ * between threads, you will need to enable this layer to prevent race
+ * conditions. See also our Knowledge Base article about threading:
+ * https://mbed-tls.readthedocs.io/en/latest/kb/development/thread-safety-and-multi-threading
+ *
+ * Module:  library/threading.c
+ *
+ * This allows different threading implementations (self-implemented or
+ * provided).
+ *
+ * You will have to enable either MBEDTLS_THREADING_ALT or
+ * MBEDTLS_THREADING_PTHREAD.
+ *
+ * Enable this layer to allow use of mutexes within mbed TLS
+ */
+//#define MBEDTLS_THREADING_C
+
+/**
+ * \def MBEDTLS_TIMING_C
+ *
+ * Enable the semi-portable timing interface.
+ *
+ * \note The provided implementation only works on POSIX/Unix (including Linux,
+ * BSD and OS X) and Windows. On other platforms, you can either disable that
+ * module and provide your own implementations of the callbacks needed by
+ * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide
+ * your own implementation of the whole module by setting
+ * \c MBEDTLS_TIMING_ALT in the current file.
+ *
+ * \note The timing module will include time.h on suitable platforms
+ *       regardless of the setting of MBEDTLS_HAVE_TIME, unless
+ *       MBEDTLS_TIMING_ALT is used. See timing.c for more information.
+ *
+ * \note See also our Knowledge Base article about porting to a new
+ * environment:
+ * https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
+ *
+ * Module:  library/timing.c
+ */
+//#define MBEDTLS_TIMING_C
+
+/**
+ * \def MBEDTLS_VERSION_C
+ *
+ * Enable run-time version information.
+ *
+ * Module:  library/version.c
+ *
+ * This module provides run-time version information.
+ */
+#define MBEDTLS_VERSION_C
+
+/**
+ * \def MBEDTLS_X509_USE_C
+ *
+ * Enable X.509 core for using certificates.
+ *
+ * Module:  library/x509.c
+ * Caller:  library/x509_crl.c
+ *          library/x509_crt.c
+ *          library/x509_csr.c
+ *
+ * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C,
+ *           (MBEDTLS_MD_C or MBEDTLS_USE_PSA_CRYPTO)
+ *
+ * \warning If building with MBEDTLS_USE_PSA_CRYPTO, you must call
+ * psa_crypto_init() before doing any X.509 operation.
+ *
+ * This module is required for the X.509 parsing modules.
+ */
+#define MBEDTLS_X509_USE_C
+
+/**
+ * \def MBEDTLS_X509_CRT_PARSE_C
+ *
+ * Enable X.509 certificate parsing.
+ *
+ * Module:  library/x509_crt.c
+ * Caller:  library/ssl_tls.c
+ *          library/ssl*_client.c
+ *          library/ssl*_server.c
+ *
+ * Requires: MBEDTLS_X509_USE_C
+ *
+ * This module is required for X.509 certificate parsing.
+ */
+#define MBEDTLS_X509_CRT_PARSE_C
+
+/**
+ * \def MBEDTLS_X509_CRL_PARSE_C
+ *
+ * Enable X.509 CRL parsing.
+ *
+ * Module:  library/x509_crl.c
+ * Caller:  library/x509_crt.c
+ *
+ * Requires: MBEDTLS_X509_USE_C
+ *
+ * This module is required for X.509 CRL parsing.
+ */
+#define MBEDTLS_X509_CRL_PARSE_C
+
+/**
+ * \def MBEDTLS_X509_CSR_PARSE_C
+ *
+ * Enable X.509 Certificate Signing Request (CSR) parsing.
+ *
+ * Module:  library/x509_csr.c
+ * Caller:  library/x509_crt_write.c
+ *
+ * Requires: MBEDTLS_X509_USE_C
+ *
+ * This module is used for reading X.509 certificate request.
+ */
+#define MBEDTLS_X509_CSR_PARSE_C
+
+/**
+ * \def MBEDTLS_X509_CREATE_C
+ *
+ * Enable X.509 core for creating certificates.
+ *
+ * Module:  library/x509_create.c
+ *
+ * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C,
+ *           (MBEDTLS_MD_C or MBEDTLS_USE_PSA_CRYPTO)
+ *
+ * \warning If building with MBEDTLS_USE_PSA_CRYPTO, you must call
+ * psa_crypto_init() before doing any X.509 create operation.
+ *
+ * This module is the basis for creating X.509 certificates and CSRs.
+ */
+#define MBEDTLS_X509_CREATE_C
+
+/**
+ * \def MBEDTLS_X509_CRT_WRITE_C
+ *
+ * Enable creating X.509 certificates.
+ *
+ * Module:  library/x509_crt_write.c
+ *
+ * Requires: MBEDTLS_X509_CREATE_C
+ *
+ * This module is required for X.509 certificate creation.
+ */
+#define MBEDTLS_X509_CRT_WRITE_C
+
+/**
+ * \def MBEDTLS_X509_CSR_WRITE_C
+ *
+ * Enable creating X.509 Certificate Signing Requests (CSR).
+ *
+ * Module:  library/x509_csr_write.c
+ *
+ * Requires: MBEDTLS_X509_CREATE_C
+ *
+ * This module is required for X.509 certificate request writing.
+ */
+#define MBEDTLS_X509_CSR_WRITE_C
+
+/** \} name SECTION: mbed TLS modules */
+
+/**
+ * \name SECTION: General configuration options
+ *
+ * This section contains Mbed TLS build settings that are not associated
+ * with a particular module.
+ *
+ * \{
+ */
+
+/**
+ * \def MBEDTLS_CONFIG_FILE
+ *
+ * If defined, this is a header which will be included instead of
+ * `"mbedtls/mbedtls_config.h"`.
+ * This header file specifies the compile-time configuration of Mbed TLS.
+ * Unlike other configuration options, this one must be defined on the
+ * compiler command line: a definition in `mbedtls_config.h` would have
+ * no effect.
+ *
+ * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
+ * non-standard feature of the C language, so this feature is only available
+ * with compilers that perform macro expansion on an <tt>\#include</tt> line.
+ *
+ * The value of this symbol is typically a path in double quotes, either
+ * absolute or relative to a directory on the include search path.
+ */
+//#define MBEDTLS_CONFIG_FILE "mbedtls/mbedtls_config.h"
+
+/**
+ * \def MBEDTLS_USER_CONFIG_FILE
+ *
+ * If defined, this is a header which will be included after
+ * `"mbedtls/mbedtls_config.h"` or #MBEDTLS_CONFIG_FILE.
+ * This allows you to modify the default configuration, including the ability
+ * to undefine options that are enabled by default.
+ *
+ * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
+ * non-standard feature of the C language, so this feature is only available
+ * with compilers that perform macro expansion on an <tt>\#include</tt> line.
+ *
+ * The value of this symbol is typically a path in double quotes, either
+ * absolute or relative to a directory on the include search path.
+ */
+//#define MBEDTLS_USER_CONFIG_FILE "/dev/null"
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_CONFIG_FILE
+ *
+ * If defined, this is a header which will be included instead of
+ * `"psa/crypto_config.h"`.
+ * This header file specifies which cryptographic mechanisms are available
+ * through the PSA API when #MBEDTLS_PSA_CRYPTO_CONFIG is enabled, and
+ * is not used when #MBEDTLS_PSA_CRYPTO_CONFIG is disabled.
+ *
+ * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
+ * non-standard feature of the C language, so this feature is only available
+ * with compilers that perform macro expansion on an <tt>\#include</tt> line.
+ *
+ * The value of this symbol is typically a path in double quotes, either
+ * absolute or relative to a directory on the include search path.
+ */
+//#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "psa/crypto_config.h"
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE
+ *
+ * If defined, this is a header which will be included after
+ * `"psa/crypto_config.h"` or #MBEDTLS_PSA_CRYPTO_CONFIG_FILE.
+ * This allows you to modify the default configuration, including the ability
+ * to undefine options that are enabled by default.
+ *
+ * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
+ * non-standard feature of the C language, so this feature is only available
+ * with compilers that perform macro expansion on an <tt>\#include</tt> line.
+ *
+ * The value of this symbol is typically a path in double quotes, either
+ * absolute or relative to a directory on the include search path.
+ */
+//#define MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE "/dev/null"
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_PLATFORM_FILE
+ *
+ * If defined, this is a header which will be included instead of
+ * `"psa/crypto_platform.h"`. This file should declare the same identifiers
+ * as the one in Mbed TLS, but with definitions adapted to the platform on
+ * which the library code will run.
+ *
+ * \note The required content of this header can vary from one version of
+ *       Mbed TLS to the next. Integrators who provide an alternative file
+ *       should review the changes in the original file whenever they
+ *       upgrade Mbed TLS.
+ *
+ * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
+ * non-standard feature of the C language, so this feature is only available
+ * with compilers that perform macro expansion on an <tt>\#include</tt> line.
+ *
+ * The value of this symbol is typically a path in double quotes, either
+ * absolute or relative to a directory on the include search path.
+ */
+//#define MBEDTLS_PSA_CRYPTO_PLATFORM_FILE "psa/crypto_platform_alt.h"
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_STRUCT_FILE
+ *
+ * If defined, this is a header which will be included instead of
+ * `"psa/crypto_struct.h"`. This file should declare the same identifiers
+ * as the one in Mbed TLS, but with definitions adapted to the environment
+ * in which the library code will run. The typical use for this feature
+ * is to provide alternative type definitions on the client side in
+ * client-server integrations of PSA crypto, where operation structures
+ * contain handles instead of cryptographic data.
+ *
+ * \note The required content of this header can vary from one version of
+ *       Mbed TLS to the next. Integrators who provide an alternative file
+ *       should review the changes in the original file whenever they
+ *       upgrade Mbed TLS.
+ *
+ * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
+ * non-standard feature of the C language, so this feature is only available
+ * with compilers that perform macro expansion on an <tt>\#include</tt> line.
+ *
+ * The value of this symbol is typically a path in double quotes, either
+ * absolute or relative to a directory on the include search path.
+ */
+//#define MBEDTLS_PSA_CRYPTO_STRUCT_FILE "psa/crypto_struct_alt.h"
+
+/** \} name SECTION: General configuration options */
+
+/**
+ * \name SECTION: Module configuration options
+ *
+ * This section allows for the setting of module specific sizes and
+ * configuration options. The default values are already present in the
+ * relevant header files and should suffice for the regular use cases.
+ *
+ * Our advice is to enable options and change their values here
+ * only if you have a good reason and know the consequences.
+ * \{
+ */
+/* The Doxygen documentation here is used when a user comments out a
+ * setting and runs doxygen themselves. On the other hand, when we typeset
+ * the full documentation including disabled settings, the documentation
+ * in specific modules' header files is used if present. When editing this
+ * file, make sure that each option is documented in exactly one place,
+ * plus optionally a same-line Doxygen comment here if there is a Doxygen
+ * comment in the specific module. */
+
+/* MPI / BIGNUM options */
+//#define MBEDTLS_MPI_WINDOW_SIZE            2 /**< Maximum window size used. */
+//#define MBEDTLS_MPI_MAX_SIZE            1024 /**< Maximum number of bytes for usable MPIs. */
+
+/* CTR_DRBG options */
+//#define MBEDTLS_CTR_DRBG_ENTROPY_LEN               48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
+//#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL        10000 /**< Interval before reseed is performed by default */
+//#define MBEDTLS_CTR_DRBG_MAX_INPUT                256 /**< Maximum number of additional input bytes */
+//#define MBEDTLS_CTR_DRBG_MAX_REQUEST             1024 /**< Maximum number of requested bytes per call */
+//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT           384 /**< Maximum size of (re)seed buffer */
+
+/* HMAC_DRBG options */
+//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL   10000 /**< Interval before reseed is performed by default */
+//#define MBEDTLS_HMAC_DRBG_MAX_INPUT           256 /**< Maximum number of additional input bytes */
+//#define MBEDTLS_HMAC_DRBG_MAX_REQUEST        1024 /**< Maximum number of requested bytes per call */
+//#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT      384 /**< Maximum size of (re)seed buffer */
+
+/* ECP options */
+//#define MBEDTLS_ECP_WINDOW_SIZE            4 /**< Maximum window size used */
+//#define MBEDTLS_ECP_FIXED_POINT_OPTIM      1 /**< Enable fixed-point speed-up */
+
+/* Entropy options */
+//#define MBEDTLS_ENTROPY_MAX_SOURCES                20 /**< Maximum number of sources supported */
+//#define MBEDTLS_ENTROPY_MAX_GATHER                128 /**< Maximum amount requested from entropy sources */
+//#define MBEDTLS_ENTROPY_MIN_HARDWARE               32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */
+
+/* Memory buffer allocator options */
+//#define MBEDTLS_MEMORY_ALIGN_MULTIPLE      4 /**< Align on multiples of this value */
+
+/* Platform options */
+//#define MBEDTLS_PLATFORM_STD_MEM_HDR   <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
+//#define MBEDTLS_PLATFORM_STD_CALLOC        calloc /**< Default allocator to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_FREE            free /**< Default free to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_SETBUF      setbuf /**< Default setbuf to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_EXIT            exit /**< Default exit to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_TIME            time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
+//#define MBEDTLS_PLATFORM_STD_FPRINTF      fprintf /**< Default fprintf to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_PRINTF        printf /**< Default printf to use, can be undefined */
+/* Note: your snprintf must correctly zero-terminate the buffer! */
+//#define MBEDTLS_PLATFORM_STD_SNPRINTF    snprintf /**< Default snprintf to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS       0 /**< Default exit value to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE       1 /**< Default exit value to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_NV_SEED_READ   mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE  mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE  "seedfile" /**< Seed file to read/write with default implementation */
+
+/* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */
+/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */
+//#define MBEDTLS_PLATFORM_CALLOC_MACRO        calloc /**< Default allocator macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_FREE_MACRO            free /**< Default free macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_EXIT_MACRO            exit /**< Default exit macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_SETBUF_MACRO      setbuf /**< Default setbuf macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_TIME_MACRO            time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
+//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO       time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
+//#define MBEDTLS_PLATFORM_FPRINTF_MACRO      fprintf /**< Default fprintf macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_PRINTF_MACRO        printf /**< Default printf macro to use, can be undefined */
+/* Note: your snprintf must correctly zero-terminate the buffer! */
+//#define MBEDTLS_PLATFORM_SNPRINTF_MACRO    snprintf /**< Default snprintf macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_VSNPRINTF_MACRO    vsnprintf /**< Default vsnprintf macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO   mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
+//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO  mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
+
+/** \def MBEDTLS_CHECK_RETURN
+ *
+ * This macro is used at the beginning of the declaration of a function
+ * to indicate that its return value should be checked. It should
+ * instruct the compiler to emit a warning or an error if the function
+ * is called without checking its return value.
+ *
+ * There is a default implementation for popular compilers in platform_util.h.
+ * You can override the default implementation by defining your own here.
+ *
+ * If the implementation here is empty, this will effectively disable the
+ * checking of functions' return values.
+ */
+//#define MBEDTLS_CHECK_RETURN __attribute__((__warn_unused_result__))
+
+/** \def MBEDTLS_IGNORE_RETURN
+ *
+ * This macro requires one argument, which should be a C function call.
+ * If that function call would cause a #MBEDTLS_CHECK_RETURN warning, this
+ * warning is suppressed.
+ */
+//#define MBEDTLS_IGNORE_RETURN( result ) ((void) !(result))
+
+/* PSA options */
+/**
+ * Use HMAC_DRBG with the specified hash algorithm for HMAC_DRBG for the
+ * PSA crypto subsystem.
+ *
+ * If this option is unset:
+ * - If CTR_DRBG is available, the PSA subsystem uses it rather than HMAC_DRBG.
+ * - Otherwise, the PSA subsystem uses HMAC_DRBG with either
+ *   #MBEDTLS_MD_SHA512 or #MBEDTLS_MD_SHA256 based on availability and
+ *   on unspecified heuristics.
+ */
+//#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256
+
+/** \def MBEDTLS_PSA_KEY_SLOT_COUNT
+ * Restrict the PSA library to supporting a maximum amount of simultaneously
+ * loaded keys. A loaded key is a key stored by the PSA Crypto core as a
+ * volatile key, or a persistent key which is loaded temporarily by the
+ * library as part of a crypto operation in flight.
+ *
+ * If this option is unset, the library will fall back to a default value of
+ * 32 keys.
+ */
+//#define MBEDTLS_PSA_KEY_SLOT_COUNT 32
+
+/* SSL Cache options */
+//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT       86400 /**< 1 day  */
+//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES      50 /**< Maximum entries in cache */
+
+/* SSL options */
+
+/** \def MBEDTLS_SSL_IN_CONTENT_LEN
+ *
+ * Maximum length (in bytes) of incoming plaintext fragments.
+ *
+ * This determines the size of the incoming TLS I/O buffer in such a way
+ * that it is capable of holding the specified amount of plaintext data,
+ * regardless of the protection mechanism used.
+ *
+ * \note When using a value less than the default of 16KB on the client, it is
+ *       recommended to use the Maximum Fragment Length (MFL) extension to
+ *       inform the server about this limitation. On the server, there
+ *       is no supported, standardized way of informing the client about
+ *       restriction on the maximum size of incoming messages, and unless
+ *       the limitation has been communicated by other means, it is recommended
+ *       to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN
+ *       while keeping the default value of 16KB for the incoming buffer.
+ *
+ * Uncomment to set the maximum plaintext size of the incoming I/O buffer.
+ */
+//#define MBEDTLS_SSL_IN_CONTENT_LEN              16384
+
+/** \def MBEDTLS_SSL_CID_IN_LEN_MAX
+ *
+ * The maximum length of CIDs used for incoming DTLS messages.
+ *
+ */
+//#define MBEDTLS_SSL_CID_IN_LEN_MAX 32
+
+/** \def MBEDTLS_SSL_CID_OUT_LEN_MAX
+ *
+ * The maximum length of CIDs used for outgoing DTLS messages.
+ *
+ */
+//#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32
+
+/** \def MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY
+ *
+ * This option controls the use of record plaintext padding
+ * in TLS 1.3 and when using the Connection ID extension in DTLS 1.2.
+ *
+ * The padding will always be chosen so that the length of the
+ * padded plaintext is a multiple of the value of this option.
+ *
+ * Note: A value of \c 1 means that no padding will be used
+ *       for outgoing records.
+ *
+ * Note: On systems lacking division instructions,
+ *       a power of two should be preferred.
+ */
+//#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16
+
+/** \def MBEDTLS_SSL_OUT_CONTENT_LEN
+ *
+ * Maximum length (in bytes) of outgoing plaintext fragments.
+ *
+ * This determines the size of the outgoing TLS I/O buffer in such a way
+ * that it is capable of holding the specified amount of plaintext data,
+ * regardless of the protection mechanism used.
+ *
+ * It is possible to save RAM by setting a smaller outward buffer, while keeping
+ * the default inward 16384 byte buffer to conform to the TLS specification.
+ *
+ * The minimum required outward buffer size is determined by the handshake
+ * protocol's usage. Handshaking will fail if the outward buffer is too small.
+ * The specific size requirement depends on the configured ciphers and any
+ * certificate data which is sent during the handshake.
+ *
+ * Uncomment to set the maximum plaintext size of the outgoing I/O buffer.
+ */
+//#define MBEDTLS_SSL_OUT_CONTENT_LEN             16384
+
+/** \def MBEDTLS_SSL_DTLS_MAX_BUFFERING
+ *
+ * Maximum number of heap-allocated bytes for the purpose of
+ * DTLS handshake message reassembly and future message buffering.
+ *
+ * This should be at least 9/8 * MBEDTLS_SSL_IN_CONTENT_LEN
+ * to account for a reassembled handshake message of maximum size,
+ * together with its reassembly bitmap.
+ *
+ * A value of 2 * MBEDTLS_SSL_IN_CONTENT_LEN (32768 by default)
+ * should be sufficient for all practical situations as it allows
+ * to reassembly a large handshake message (such as a certificate)
+ * while buffering multiple smaller handshake messages.
+ *
+ */
+//#define MBEDTLS_SSL_DTLS_MAX_BUFFERING             32768
+
+//#define MBEDTLS_PSK_MAX_LEN               32 /**< Max size of TLS pre-shared keys, in bytes (default 256 or 384 bits) */
+//#define MBEDTLS_SSL_COOKIE_TIMEOUT        60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
+
+/**
+ * Complete list of ciphersuites to use, in order of preference.
+ *
+ * \warning No dependency checking is done on that field! This option can only
+ * be used to restrict the set of available ciphersuites. It is your
+ * responsibility to make sure the needed modules are active.
+ *
+ * Use this to save a few hundred bytes of ROM (default ordering of all
+ * available ciphersuites) and a few to a few hundred bytes of RAM.
+ *
+ * The value below is only an example, not the default.
+ */
+//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+
+/**
+ * \def MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE
+ *
+ * Maximum time difference in milliseconds tolerated between the age of a
+ * ticket from the server and client point of view.
+ * From the client point of view, the age of a ticket is the time difference
+ * between the time when the client proposes to the server to use the ticket
+ * (time of writing of the Pre-Shared Key Extension including the ticket) and
+ * the time the client received the ticket from the server.
+ * From the server point of view, the age of a ticket is the time difference
+ * between the time when the server receives a proposition from the client
+ * to use the ticket and the time when the ticket was created by the server.
+ * The server age is expected to be always greater than the client one and
+ * MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE defines the
+ * maximum difference tolerated for the server to accept the ticket.
+ * This is not used in TLS 1.2.
+ *
+ */
+#define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000
+
+/**
+ * \def MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH
+ *
+ * Size in bytes of a ticket nonce. This is not used in TLS 1.2.
+ *
+ * This must be less than 256.
+ */
+#define MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH 32
+
+/**
+ * \def MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS
+ *
+ * Default number of NewSessionTicket messages to be sent by a TLS 1.3 server
+ * after handshake completion. This is not used in TLS 1.2 and relevant only if
+ * the MBEDTLS_SSL_SESSION_TICKETS option is enabled.
+ *
+ */
+#define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS 1
+
+/* X509 options */
+//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA   8   /**< Maximum number of intermediate CAs in a verification chain. */
+//#define MBEDTLS_X509_MAX_FILE_PATH_LEN     512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */
+
+/**
+ * Uncomment the macro to let mbed TLS use your alternate implementation of
+ * mbedtls_platform_zeroize(). This replaces the default implementation in
+ * platform_util.c.
+ *
+ * mbedtls_platform_zeroize() is a widely used function across the library to
+ * zero a block of memory. The implementation is expected to be secure in the
+ * sense that it has been written to prevent the compiler from removing calls
+ * to mbedtls_platform_zeroize() as part of redundant code elimination
+ * optimizations. However, it is difficult to guarantee that calls to
+ * mbedtls_platform_zeroize() will not be optimized by the compiler as older
+ * versions of the C language standards do not provide a secure implementation
+ * of memset(). Therefore, MBEDTLS_PLATFORM_ZEROIZE_ALT enables users to
+ * configure their own implementation of mbedtls_platform_zeroize(), for
+ * example by using directives specific to their compiler, features from newer
+ * C standards (e.g using memset_s() in C11) or calling a secure memset() from
+ * their system (e.g explicit_bzero() in BSD).
+ */
+#define MBEDTLS_PLATFORM_ZEROIZE_ALT
+
+/**
+ * Uncomment the macro to let Mbed TLS use your alternate implementation of
+ * mbedtls_platform_gmtime_r(). This replaces the default implementation in
+ * platform_util.c.
+ *
+ * gmtime() is not a thread-safe function as defined in the C standard. The
+ * library will try to use safer implementations of this function, such as
+ * gmtime_r() when available. However, if Mbed TLS cannot identify the target
+ * system, the implementation of mbedtls_platform_gmtime_r() will default to
+ * using the standard gmtime(). In this case, calls from the library to
+ * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex
+ * if MBEDTLS_THREADING_C is enabled. We recommend that calls from outside the
+ * library are also guarded with this mutex to avoid race conditions. However,
+ * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will
+ * unconditionally use the implementation for mbedtls_platform_gmtime_r()
+ * supplied at compile time.
+ */
+//#define MBEDTLS_PLATFORM_GMTIME_R_ALT
+
+/**
+ * Enable the verified implementations of ECDH primitives from Project Everest
+ * (currently only Curve25519). This feature changes the layout of ECDH
+ * contexts and therefore is a compatibility break for applications that access
+ * fields of a mbedtls_ecdh_context structure directly. See also
+ * MBEDTLS_ECDH_LEGACY_CONTEXT in include/mbedtls/ecdh.h.
+ */
+//#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
+
+/** \} name SECTION: Module configuration options */
diff --git a/esp-mbedtls-sys/headers/esp32s3/config.h b/esp-mbedtls-sys/headers/esp32s3/config.h
new file mode 100644
index 0000000..1f366db
--- /dev/null
+++ b/esp-mbedtls-sys/headers/esp32s3/config.h
@@ -0,0 +1,3920 @@
+/**
+ * \file mbedtls_config.h
+ *
+ * \brief Configuration options (set of defines)
+ *
+ *  This set of compile-time options may be used to enable
+ *  or disable features selectively, and reduce the global
+ *  memory footprint.
+ */
+/*
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+ * This is an optional version symbol that enables compatibility handling of
+ * config files.
+ *
+ * It is equal to the #MBEDTLS_VERSION_NUMBER of the Mbed TLS version that
+ * introduced the config format we want to be compatible with.
+ */
+//#define MBEDTLS_CONFIG_VERSION 0x03000000
+
+/**
+ * \name SECTION: System support
+ *
+ * This section sets system specific settings.
+ * \{
+ */
+
+/**
+ * \def MBEDTLS_HAVE_ASM
+ *
+ * The compiler has support for asm().
+ *
+ * Requires support for asm() in compiler.
+ *
+ * Used in:
+ *      library/aesni.h
+ *      library/aria.c
+ *      library/bn_mul.h
+ *      library/constant_time.c
+ *      library/padlock.h
+ *
+ * Required by:
+ *      MBEDTLS_AESCE_C
+ *      MBEDTLS_AESNI_C (on some platforms)
+ *      MBEDTLS_PADLOCK_C
+ *
+ * Comment to disable the use of assembly code.
+ */
+#define MBEDTLS_HAVE_ASM
+
+/**
+ * \def MBEDTLS_NO_UDBL_DIVISION
+ *
+ * The platform lacks support for double-width integer division (64-bit
+ * division on a 32-bit platform, 128-bit division on a 64-bit platform).
+ *
+ * Used in:
+ *      include/mbedtls/bignum.h
+ *      library/bignum.c
+ *
+ * The bignum code uses double-width division to speed up some operations.
+ * Double-width division is often implemented in software that needs to
+ * be linked with the program. The presence of a double-width integer
+ * type is usually detected automatically through preprocessor macros,
+ * but the automatic detection cannot know whether the code needs to
+ * and can be linked with an implementation of division for that type.
+ * By default division is assumed to be usable if the type is present.
+ * Uncomment this option to prevent the use of double-width division.
+ *
+ * Note that division for the native integer type is always required.
+ * Furthermore, a 64-bit type is always required even on a 32-bit
+ * platform, but it need not support multiplication or division. In some
+ * cases it is also desirable to disable some double-width operations. For
+ * example, if double-width division is implemented in software, disabling
+ * it can reduce code size in some embedded targets.
+ */
+//#define MBEDTLS_NO_UDBL_DIVISION
+
+/**
+ * \def MBEDTLS_NO_64BIT_MULTIPLICATION
+ *
+ * The platform lacks support for 32x32 -> 64-bit multiplication.
+ *
+ * Used in:
+ *      library/poly1305.c
+ *
+ * Some parts of the library may use multiplication of two unsigned 32-bit
+ * operands with a 64-bit result in order to speed up computations. On some
+ * platforms, this is not available in hardware and has to be implemented in
+ * software, usually in a library provided by the toolchain.
+ *
+ * Sometimes it is not desirable to have to link to that library. This option
+ * removes the dependency of that library on platforms that lack a hardware
+ * 64-bit multiplier by embedding a software implementation in Mbed TLS.
+ *
+ * Note that depending on the compiler, this may decrease performance compared
+ * to using the library function provided by the toolchain.
+ */
+//#define MBEDTLS_NO_64BIT_MULTIPLICATION
+
+/**
+ * \def MBEDTLS_HAVE_SSE2
+ *
+ * CPU supports SSE2 instruction set.
+ *
+ * Uncomment if the CPU supports SSE2 (IA-32 specific).
+ */
+//#define MBEDTLS_HAVE_SSE2
+
+/**
+ * \def MBEDTLS_HAVE_TIME
+ *
+ * System has time.h and time().
+ * The time does not need to be correct, only time differences are used,
+ * by contrast with MBEDTLS_HAVE_TIME_DATE
+ *
+ * Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT,
+ * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and
+ * MBEDTLS_PLATFORM_STD_TIME.
+ *
+ * Comment if your system does not support time functions.
+ *
+ * \note If MBEDTLS_TIMING_C is set - to enable the semi-portable timing
+ *       interface - timing.c will include time.h on suitable platforms
+ *       regardless of the setting of MBEDTLS_HAVE_TIME, unless
+ *       MBEDTLS_TIMING_ALT is used. See timing.c for more information.
+ */
+//#define MBEDTLS_HAVE_TIME
+
+/**
+ * \def MBEDTLS_HAVE_TIME_DATE
+ *
+ * System has time.h, time(), and an implementation for
+ * mbedtls_platform_gmtime_r() (see below).
+ * The time needs to be correct (not necessarily very accurate, but at least
+ * the date should be correct). This is used to verify the validity period of
+ * X.509 certificates.
+ *
+ * Comment if your system does not have a correct clock.
+ *
+ * \note mbedtls_platform_gmtime_r() is an abstraction in platform_util.h that
+ * behaves similarly to the gmtime_r() function from the C standard. Refer to
+ * the documentation for mbedtls_platform_gmtime_r() for more information.
+ *
+ * \note It is possible to configure an implementation for
+ * mbedtls_platform_gmtime_r() at compile-time by using the macro
+ * MBEDTLS_PLATFORM_GMTIME_R_ALT.
+ */
+//#define MBEDTLS_HAVE_TIME_DATE
+
+/**
+ * \def MBEDTLS_PLATFORM_MEMORY
+ *
+ * Enable the memory allocation layer.
+ *
+ * By default mbed TLS uses the system-provided calloc() and free().
+ * This allows different allocators (self-implemented or provided) to be
+ * provided to the platform abstraction layer.
+ *
+ * Enabling MBEDTLS_PLATFORM_MEMORY without the
+ * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide
+ * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and
+ * free() function pointer at runtime.
+ *
+ * Enabling MBEDTLS_PLATFORM_MEMORY and specifying
+ * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the
+ * alternate function at compile time.
+ *
+ * Requires: MBEDTLS_PLATFORM_C
+ *
+ * Enable this layer to allow use of alternative memory allocators.
+ */
+//#define MBEDTLS_PLATFORM_MEMORY
+
+/**
+ * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
+ *
+ * Do not assign standard functions in the platform layer (e.g. calloc() to
+ * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF)
+ *
+ * This makes sure there are no linking errors on platforms that do not support
+ * these functions. You will HAVE to provide alternatives, either at runtime
+ * via the platform_set_xxx() functions or at compile time by setting
+ * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a
+ * MBEDTLS_PLATFORM_XXX_MACRO.
+ *
+ * Requires: MBEDTLS_PLATFORM_C
+ *
+ * Uncomment to prevent default assignment of standard functions in the
+ * platform layer.
+ */
+//#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
+
+/**
+ * \def MBEDTLS_PLATFORM_EXIT_ALT
+ *
+ * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the
+ * function in the platform abstraction layer.
+ *
+ * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will
+ * provide a function "mbedtls_platform_set_printf()" that allows you to set an
+ * alternative printf function pointer.
+ *
+ * All these define require MBEDTLS_PLATFORM_C to be defined!
+ *
+ * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows;
+ * it will be enabled automatically by check_config.h
+ *
+ * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as
+ * MBEDTLS_PLATFORM_XXX_MACRO!
+ *
+ * Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME
+ *
+ * Uncomment a macro to enable alternate implementation of specific base
+ * platform function
+ */
+//#define MBEDTLS_PLATFORM_SETBUF_ALT
+//#define MBEDTLS_PLATFORM_EXIT_ALT
+//#define MBEDTLS_PLATFORM_TIME_ALT
+//#define MBEDTLS_PLATFORM_FPRINTF_ALT
+//#define MBEDTLS_PLATFORM_PRINTF_ALT
+//#define MBEDTLS_PLATFORM_SNPRINTF_ALT
+//#define MBEDTLS_PLATFORM_VSNPRINTF_ALT
+//#define MBEDTLS_PLATFORM_NV_SEED_ALT
+//#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT
+
+/**
+ * \def MBEDTLS_DEPRECATED_WARNING
+ *
+ * Mark deprecated functions and features so that they generate a warning if
+ * used. Functionality deprecated in one version will usually be removed in the
+ * next version. You can enable this to help you prepare the transition to a
+ * new major version by making sure your code is not using this functionality.
+ *
+ * This only works with GCC and Clang. With other compilers, you may want to
+ * use MBEDTLS_DEPRECATED_REMOVED
+ *
+ * Uncomment to get warnings on using deprecated functions and features.
+ */
+//#define MBEDTLS_DEPRECATED_WARNING
+
+/**
+ * \def MBEDTLS_DEPRECATED_REMOVED
+ *
+ * Remove deprecated functions and features so that they generate an error if
+ * used. Functionality deprecated in one version will usually be removed in the
+ * next version. You can enable this to help you prepare the transition to a
+ * new major version by making sure your code is not using this functionality.
+ *
+ * Uncomment to get errors on using deprecated functions and features.
+ */
+//#define MBEDTLS_DEPRECATED_REMOVED
+
+/** \} name SECTION: System support */
+
+/**
+ * \name SECTION: mbed TLS feature support
+ *
+ * This section sets support for features that are or are not needed
+ * within the modules that are enabled.
+ * \{
+ */
+
+/**
+ * \def MBEDTLS_TIMING_ALT
+ *
+ * Uncomment to provide your own alternate implementation for
+ * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay()
+ *
+ * Only works if you have MBEDTLS_TIMING_C enabled.
+ *
+ * You will need to provide a header "timing_alt.h" and an implementation at
+ * compile time.
+ */
+//#define MBEDTLS_TIMING_ALT
+
+/**
+ * \def MBEDTLS_AES_ALT
+ *
+ * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your
+ * alternate core implementation of a symmetric crypto, an arithmetic or hash
+ * module (e.g. platform specific assembly optimized implementations). Keep
+ * in mind that the function prototypes should remain the same.
+ *
+ * This replaces the whole module. If you only want to replace one of the
+ * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags.
+ *
+ * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer
+ * provide the "struct mbedtls_aes_context" definition and omit the base
+ * function declarations and implementations. "aes_alt.h" will be included from
+ * "aes.h" to include the new function definitions.
+ *
+ * Uncomment a macro to enable alternate implementation of the corresponding
+ * module.
+ *
+ * \warning   MD5, DES and SHA-1 are considered weak and their
+ *            use constitutes a security risk. If possible, we recommend
+ *            avoiding dependencies on them, and considering stronger message
+ *            digests and ciphers instead.
+ *
+ */
+//#define MBEDTLS_AES_ALT
+//#define MBEDTLS_ARIA_ALT
+//#define MBEDTLS_CAMELLIA_ALT
+//#define MBEDTLS_CCM_ALT
+//#define MBEDTLS_CHACHA20_ALT
+//#define MBEDTLS_CHACHAPOLY_ALT
+//#define MBEDTLS_CMAC_ALT
+//#define MBEDTLS_DES_ALT
+//#define MBEDTLS_DHM_ALT
+//#define MBEDTLS_ECJPAKE_ALT
+//#define MBEDTLS_GCM_ALT
+//#define MBEDTLS_NIST_KW_ALT
+//#define MBEDTLS_MD5_ALT
+//#define MBEDTLS_POLY1305_ALT
+//#define MBEDTLS_RIPEMD160_ALT
+//#define MBEDTLS_RSA_ALT
+//#define MBEDTLS_SHA1_ALT
+//#define MBEDTLS_SHA256_ALT
+//#define MBEDTLS_SHA512_ALT
+
+/*
+ * When replacing the elliptic curve module, please consider, that it is
+ * implemented with two .c files:
+ *      - ecp.c
+ *      - ecp_curves.c
+ * You can replace them very much like all the other MBEDTLS__MODULE_NAME__ALT
+ * macros as described above. The only difference is that you have to make sure
+ * that you provide functionality for both .c files.
+ */
+//#define MBEDTLS_ECP_ALT
+
+/**
+ * \def MBEDTLS_SHA256_PROCESS_ALT
+ *
+ * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you
+ * alternate core implementation of symmetric crypto or hash function. Keep in
+ * mind that function prototypes should remain the same.
+ *
+ * This replaces only one function. The header file from mbed TLS is still
+ * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags.
+ *
+ * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will
+ * no longer provide the mbedtls_sha1_process() function, but it will still provide
+ * the other function (using your mbedtls_sha1_process() function) and the definition
+ * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible
+ * with this definition.
+ *
+ * \note If you use the AES_xxx_ALT macros, then it is recommended to also set
+ *       MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES
+ *       tables.
+ *
+ * Uncomment a macro to enable alternate implementation of the corresponding
+ * function.
+ *
+ * \warning   MD5, DES and SHA-1 are considered weak and their use
+ *            constitutes a security risk. If possible, we recommend avoiding
+ *            dependencies on them, and considering stronger message digests
+ *            and ciphers instead.
+ *
+ * \warning   If both MBEDTLS_ECDSA_SIGN_ALT and MBEDTLS_ECDSA_DETERMINISTIC are
+ *            enabled, then the deterministic ECDH signature functions pass the
+ *            the static HMAC-DRBG as RNG to mbedtls_ecdsa_sign(). Therefore
+ *            alternative implementations should use the RNG only for generating
+ *            the ephemeral key and nothing else. If this is not possible, then
+ *            MBEDTLS_ECDSA_DETERMINISTIC should be disabled and an alternative
+ *            implementation should be provided for mbedtls_ecdsa_sign_det_ext().
+ *
+ */
+//#define MBEDTLS_MD5_PROCESS_ALT
+//#define MBEDTLS_RIPEMD160_PROCESS_ALT
+//#define MBEDTLS_SHA1_PROCESS_ALT
+//#define MBEDTLS_SHA256_PROCESS_ALT
+//#define MBEDTLS_SHA512_PROCESS_ALT
+//#define MBEDTLS_DES_SETKEY_ALT
+//#define MBEDTLS_DES_CRYPT_ECB_ALT
+//#define MBEDTLS_DES3_CRYPT_ECB_ALT
+//#define MBEDTLS_AES_SETKEY_ENC_ALT
+//#define MBEDTLS_AES_SETKEY_DEC_ALT
+//#define MBEDTLS_AES_ENCRYPT_ALT
+//#define MBEDTLS_AES_DECRYPT_ALT
+//#define MBEDTLS_ECDH_GEN_PUBLIC_ALT
+//#define MBEDTLS_ECDH_COMPUTE_SHARED_ALT
+//#define MBEDTLS_ECDSA_VERIFY_ALT
+//#define MBEDTLS_ECDSA_SIGN_ALT
+//#define MBEDTLS_ECDSA_GENKEY_ALT
+
+/**
+ * \def MBEDTLS_ECP_INTERNAL_ALT
+ *
+ * Expose a part of the internal interface of the Elliptic Curve Point module.
+ *
+ * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use your
+ * alternative core implementation of elliptic curve arithmetic. Keep in mind
+ * that function prototypes should remain the same.
+ *
+ * This partially replaces one function. The header file from mbed TLS is still
+ * used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation
+ * is still present and it is used for group structures not supported by the
+ * alternative.
+ *
+ * The original implementation can in addition be removed by setting the
+ * MBEDTLS_ECP_NO_FALLBACK option, in which case any function for which the
+ * corresponding MBEDTLS_ECP__FUNCTION_NAME__ALT macro is defined will not be
+ * able to fallback to curves not supported by the alternative implementation.
+ *
+ * Any of these options become available by defining MBEDTLS_ECP_INTERNAL_ALT
+ * and implementing the following functions:
+ *      unsigned char mbedtls_internal_ecp_grp_capable(
+ *          const mbedtls_ecp_group *grp )
+ *      int  mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp )
+ *      void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp )
+ * The mbedtls_internal_ecp_grp_capable function should return 1 if the
+ * replacement functions implement arithmetic for the given group and 0
+ * otherwise.
+ * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_free are
+ * called before and after each point operation and provide an opportunity to
+ * implement optimized set up and tear down instructions.
+ *
+ * Example: In case you set MBEDTLS_ECP_INTERNAL_ALT and
+ * MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac()
+ * function, but will use your mbedtls_internal_ecp_double_jac() if the group
+ * for the operation is supported by your implementation (i.e. your
+ * mbedtls_internal_ecp_grp_capable() function returns 1 for this group). If the
+ * group is not supported by your implementation, then the original mbed TLS
+ * implementation of ecp_double_jac() is used instead, unless this fallback
+ * behaviour is disabled by setting MBEDTLS_ECP_NO_FALLBACK (in which case
+ * ecp_double_jac() will return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE).
+ *
+ * The function prototypes and the definition of mbedtls_ecp_group and
+ * mbedtls_ecp_point will not change based on MBEDTLS_ECP_INTERNAL_ALT, so your
+ * implementation of mbedtls_internal_ecp__function_name__ must be compatible
+ * with their definitions.
+ *
+ * Uncomment a macro to enable alternate implementation of the corresponding
+ * function.
+ */
+/* Required for all the functions in this section */
+//#define MBEDTLS_ECP_INTERNAL_ALT
+/* Turn off software fallback for curves not supported in hardware */
+//#define MBEDTLS_ECP_NO_FALLBACK
+/* Support for Weierstrass curves with Jacobi representation */
+//#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT
+//#define MBEDTLS_ECP_ADD_MIXED_ALT
+//#define MBEDTLS_ECP_DOUBLE_JAC_ALT
+//#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT
+//#define MBEDTLS_ECP_NORMALIZE_JAC_ALT
+/* Support for curves with Montgomery arithmetic */
+//#define MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT
+//#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT
+//#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT
+
+/**
+ * \def MBEDTLS_ENTROPY_HARDWARE_ALT
+ *
+ * Uncomment this macro to let mbed TLS use your own implementation of a
+ * hardware entropy collector.
+ *
+ * Your function must be called \c mbedtls_hardware_poll(), have the same
+ * prototype as declared in library/entropy_poll.h, and accept NULL as first
+ * argument.
+ *
+ * Uncomment to use your own hardware entropy collector.
+ */
+//#define MBEDTLS_ENTROPY_HARDWARE_ALT
+
+/**
+ * \def MBEDTLS_AES_ROM_TABLES
+ *
+ * Use precomputed AES tables stored in ROM.
+ *
+ * Uncomment this macro to use precomputed AES tables stored in ROM.
+ * Comment this macro to generate AES tables in RAM at runtime.
+ *
+ * Tradeoff: Using precomputed ROM tables reduces RAM usage by ~8kb
+ * (or ~2kb if \c MBEDTLS_AES_FEWER_TABLES is used) and reduces the
+ * initialization time before the first AES operation can be performed.
+ * It comes at the cost of additional ~8kb ROM use (resp. ~2kb if \c
+ * MBEDTLS_AES_FEWER_TABLES below is used), and potentially degraded
+ * performance if ROM access is slower than RAM access.
+ *
+ * This option is independent of \c MBEDTLS_AES_FEWER_TABLES.
+ *
+ */
+#define MBEDTLS_AES_ROM_TABLES
+
+/**
+ * \def MBEDTLS_AES_FEWER_TABLES
+ *
+ * Use less ROM/RAM for AES tables.
+ *
+ * Uncommenting this macro omits 75% of the AES tables from
+ * ROM / RAM (depending on the value of \c MBEDTLS_AES_ROM_TABLES)
+ * by computing their values on the fly during operations
+ * (the tables are entry-wise rotations of one another).
+ *
+ * Tradeoff: Uncommenting this reduces the RAM / ROM footprint
+ * by ~6kb but at the cost of more arithmetic operations during
+ * runtime. Specifically, one has to compare 4 accesses within
+ * different tables to 4 accesses with additional arithmetic
+ * operations within the same table. The performance gain/loss
+ * depends on the system and memory details.
+ *
+ * This option is independent of \c MBEDTLS_AES_ROM_TABLES.
+ *
+ */
+//#define MBEDTLS_AES_FEWER_TABLES
+
+/**
+ * \def MBEDTLS_CAMELLIA_SMALL_MEMORY
+ *
+ * Use less ROM for the Camellia implementation (saves about 768 bytes).
+ *
+ * Uncomment this macro to use less memory for Camellia.
+ */
+//#define MBEDTLS_CAMELLIA_SMALL_MEMORY
+
+/**
+ * \def MBEDTLS_CHECK_RETURN_WARNING
+ *
+ * If this macro is defined, emit a compile-time warning if application code
+ * calls a function without checking its return value, but the return value
+ * should generally be checked in portable applications.
+ *
+ * This is only supported on platforms where #MBEDTLS_CHECK_RETURN is
+ * implemented. Otherwise this option has no effect.
+ *
+ * Uncomment to get warnings on using fallible functions without checking
+ * their return value.
+ *
+ * \note  This feature is a work in progress.
+ *        Warnings will be added to more functions in the future.
+ *
+ * \note  A few functions are considered critical, and ignoring the return
+ *        value of these functions will trigger a warning even if this
+ *        macro is not defined. To completely disable return value check
+ *        warnings, define #MBEDTLS_CHECK_RETURN with an empty expansion.
+ */
+//#define MBEDTLS_CHECK_RETURN_WARNING
+
+/**
+ * \def MBEDTLS_CIPHER_MODE_CBC
+ *
+ * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
+ */
+#define MBEDTLS_CIPHER_MODE_CBC
+
+/**
+ * \def MBEDTLS_CIPHER_MODE_CFB
+ *
+ * Enable Cipher Feedback mode (CFB) for symmetric ciphers.
+ */
+#define MBEDTLS_CIPHER_MODE_CFB
+
+/**
+ * \def MBEDTLS_CIPHER_MODE_CTR
+ *
+ * Enable Counter Block Cipher mode (CTR) for symmetric ciphers.
+ */
+#define MBEDTLS_CIPHER_MODE_CTR
+
+/**
+ * \def MBEDTLS_CIPHER_MODE_OFB
+ *
+ * Enable Output Feedback mode (OFB) for symmetric ciphers.
+ */
+#define MBEDTLS_CIPHER_MODE_OFB
+
+/**
+ * \def MBEDTLS_CIPHER_MODE_XTS
+ *
+ * Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES.
+ */
+#define MBEDTLS_CIPHER_MODE_XTS
+
+/**
+ * \def MBEDTLS_CIPHER_NULL_CIPHER
+ *
+ * Enable NULL cipher.
+ * Warning: Only do so when you know what you are doing. This allows for
+ * encryption or channels without any security!
+ *
+ * To enable the following ciphersuites:
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA
+ *      MBEDTLS_TLS_RSA_WITH_NULL_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_NULL_SHA
+ *      MBEDTLS_TLS_RSA_WITH_NULL_MD5
+ *      MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA
+ *      MBEDTLS_TLS_PSK_WITH_NULL_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_NULL_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_NULL_SHA
+ *
+ * Uncomment this macro to enable the NULL cipher and ciphersuites
+ */
+//#define MBEDTLS_CIPHER_NULL_CIPHER
+
+/**
+ * \def MBEDTLS_CIPHER_PADDING_PKCS7
+ *
+ * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for
+ * specific padding modes in the cipher layer with cipher modes that support
+ * padding (e.g. CBC)
+ *
+ * If you disable all padding modes, only full blocks can be used with CBC.
+ *
+ * Enable padding modes in the cipher layer.
+ */
+#define MBEDTLS_CIPHER_PADDING_PKCS7
+#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
+#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
+#define MBEDTLS_CIPHER_PADDING_ZEROS
+
+/** \def MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ *
+ * Uncomment this macro to use a 128-bit key in the CTR_DRBG module.
+ * By default, CTR_DRBG uses a 256-bit key.
+ */
+//#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+
+/**
+ * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED
+ *
+ * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve
+ * module.  By default all supported curves are enabled.
+ *
+ * Comment macros to disable the curve and functions for it
+ */
+/* Short Weierstrass curves (supporting ECP, ECDH, ECDSA) */
+#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
+#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
+#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
+#define MBEDTLS_ECP_DP_BP256R1_ENABLED
+#define MBEDTLS_ECP_DP_BP384R1_ENABLED
+#define MBEDTLS_ECP_DP_BP512R1_ENABLED
+/* Montgomery curves (supporting ECP) */
+#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
+#define MBEDTLS_ECP_DP_CURVE448_ENABLED
+
+/**
+ * \def MBEDTLS_ECP_NIST_OPTIM
+ *
+ * Enable specific 'modulo p' routines for each NIST prime.
+ * Depending on the prime and architecture, makes operations 4 to 8 times
+ * faster on the corresponding curve.
+ *
+ * Comment this macro to disable NIST curves optimisation.
+ */
+#define MBEDTLS_ECP_NIST_OPTIM
+
+/**
+ * \def MBEDTLS_ECP_RESTARTABLE
+ *
+ * Enable "non-blocking" ECC operations that can return early and be resumed.
+ *
+ * This allows various functions to pause by returning
+ * #MBEDTLS_ERR_ECP_IN_PROGRESS (or, for functions in the SSL module,
+ * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) and then be called later again in
+ * order to further progress and eventually complete their operation. This is
+ * controlled through mbedtls_ecp_set_max_ops() which limits the maximum
+ * number of ECC operations a function may perform before pausing; see
+ * mbedtls_ecp_set_max_ops() for more information.
+ *
+ * This is useful in non-threaded environments if you want to avoid blocking
+ * for too long on ECC (and, hence, X.509 or SSL/TLS) operations.
+ *
+ * This option:
+ * - Adds xxx_restartable() variants of existing operations in the
+ *   following modules, with corresponding restart context types:
+ *   - ECP (for Short Weierstrass curves only): scalar multiplication (mul),
+ *     linear combination (muladd);
+ *   - ECDSA: signature generation & verification;
+ *   - PK: signature generation & verification;
+ *   - X509: certificate chain verification.
+ * - Adds mbedtls_ecdh_enable_restart() in the ECDH module.
+ * - Changes the behaviour of TLS 1.2 clients (not servers) when using the
+ *   ECDHE-ECDSA key exchange (not other key exchanges) to make all ECC
+ *   computations restartable:
+ *   - ECDH operations from the key exchange, only for Short Weierstrass
+ *     curves, only when MBEDTLS_USE_PSA_CRYPTO is not enabled.
+ *   - verification of the server's key exchange signature;
+ *   - verification of the server's certificate chain;
+ *   - generation of the client's signature if client authentication is used,
+ *     with an ECC key/certificate.
+ *
+ * \note  In the cases above, the usual SSL/TLS functions, such as
+ *        mbedtls_ssl_handshake(), can now return
+ *        MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS.
+ *
+ * \note  When this option and MBEDTLS_USE_PSA_CRYPTO are both enabled,
+ *        restartable operations in PK, X.509 and TLS (see above) are not
+ *        using PSA. On the other hand, ECDH computations in TLS are using
+ *        PSA, and are not restartable. These are temporary limitations that
+ *        should be lifted in the future.
+ *
+ * \note  This option only works with the default software implementation of
+ *        elliptic curve functionality. It is incompatible with
+ *        MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT.
+ *
+ * Requires: MBEDTLS_ECP_C
+ *
+ * Uncomment this macro to enable restartable ECC computations.
+ */
+//#define MBEDTLS_ECP_RESTARTABLE
+
+/**
+ * \def MBEDTLS_ECDSA_DETERMINISTIC
+ *
+ * Enable deterministic ECDSA (RFC 6979).
+ * Standard ECDSA is "fragile" in the sense that lack of entropy when signing
+ * may result in a compromise of the long-term signing key. This is avoided by
+ * the deterministic variant.
+ *
+ * Requires: MBEDTLS_HMAC_DRBG_C, MBEDTLS_ECDSA_C
+ *
+ * Comment this macro to disable deterministic ECDSA.
+ */
+#define MBEDTLS_ECDSA_DETERMINISTIC
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+ *
+ * Enable the PSK based ciphersuite modes in SSL / TLS.
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ */
+#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+ *
+ * Enable the DHE-PSK based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_DHM_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *
+ * \warning    Using DHE constitutes a security risk as it
+ *             is not possible to validate custom DH parameters.
+ *             If possible, it is recommended users should consider
+ *             preferring other methods of key exchange.
+ *             See dhm.h for more details.
+ *
+ */
+#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+ *
+ * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+ *
+ * Enable the RSA-PSK based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ *           MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ */
+#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+ *
+ * Enable the RSA-only based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ *           MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
+ */
+#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+ *
+ * Enable the DHE-RSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ *           MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
+ *
+ * \warning    Using DHE constitutes a security risk as it
+ *             is not possible to validate custom DH parameters.
+ *             If possible, it is recommended users should consider
+ *             preferring other methods of key exchange.
+ *             See dhm.h for more details.
+ *
+ */
+#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+ *
+ * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ *           MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+ *
+ * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C,
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+ *
+ * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+ *
+ * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS.
+ *
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_X509_CRT_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ */
+#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+
+/**
+ * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+ *
+ * Enable the ECJPAKE based ciphersuite modes in SSL / TLS.
+ *
+ * \warning This is currently experimental. EC J-PAKE support is based on the
+ * Thread v1.0.0 specification; incompatible changes to the specification
+ * might still happen. For this reason, this is disabled by default.
+ *
+ * Requires: MBEDTLS_ECJPAKE_C
+ *           SHA-256 (via MD if present, or via PSA, see MBEDTLS_ECJPAKE_C)
+ *           MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
+ */
+//#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+
+/**
+ * \def MBEDTLS_PK_PARSE_EC_EXTENDED
+ *
+ * Enhance support for reading EC keys using variants of SEC1 not allowed by
+ * RFC 5915 and RFC 5480.
+ *
+ * Currently this means parsing the SpecifiedECDomain choice of EC
+ * parameters (only known groups are supported, not arbitrary domains, to
+ * avoid validation issues).
+ *
+ * Disable if you only need to support RFC 5915 + 5480 key formats.
+ */
+#define MBEDTLS_PK_PARSE_EC_EXTENDED
+
+/**
+ * \def MBEDTLS_ERROR_STRERROR_DUMMY
+ *
+ * Enable a dummy error function to make use of mbedtls_strerror() in
+ * third party libraries easier when MBEDTLS_ERROR_C is disabled
+ * (no effect when MBEDTLS_ERROR_C is enabled).
+ *
+ * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're
+ * not using mbedtls_strerror() or error_strerror() in your application.
+ *
+ * Disable if you run into name conflicts and want to really remove the
+ * mbedtls_strerror()
+ */
+#define MBEDTLS_ERROR_STRERROR_DUMMY
+
+/**
+ * \def MBEDTLS_GENPRIME
+ *
+ * Enable the prime-number generation code.
+ *
+ * Requires: MBEDTLS_BIGNUM_C
+ */
+//#define MBEDTLS_GENPRIME
+
+/**
+ * \def MBEDTLS_FS_IO
+ *
+ * Enable functions that use the filesystem.
+ */
+//#define MBEDTLS_FS_IO
+
+/**
+ * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+ *
+ * Do not add default entropy sources in mbedtls_entropy_init().
+ *
+ * This is useful to have more control over the added entropy sources in an
+ * application.
+ *
+ * Uncomment this macro to prevent loading of default entropy functions.
+ */
+//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+
+/**
+ * \def MBEDTLS_NO_PLATFORM_ENTROPY
+ *
+ * Do not use built-in platform entropy functions.
+ * This is useful if your platform does not support
+ * standards like the /dev/urandom or Windows CryptoAPI.
+ *
+ * Uncomment this macro to disable the built-in platform entropy functions.
+ */
+#define MBEDTLS_NO_PLATFORM_ENTROPY
+
+/**
+ * \def MBEDTLS_ENTROPY_FORCE_SHA256
+ *
+ * Force the entropy accumulator to use a SHA-256 accumulator instead of the
+ * default SHA-512 based one (if both are available).
+ *
+ * Requires: MBEDTLS_SHA256_C
+ *
+ * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option
+ * if you have performance concerns.
+ *
+ * This option is only useful if both MBEDTLS_SHA256_C and
+ * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used.
+ */
+//#define MBEDTLS_ENTROPY_FORCE_SHA256
+
+/**
+ * \def MBEDTLS_ENTROPY_NV_SEED
+ *
+ * Enable the non-volatile (NV) seed file-based entropy source.
+ * (Also enables the NV seed read/write functions in the platform layer)
+ *
+ * This is crucial (if not required) on systems that do not have a
+ * cryptographic entropy source (in hardware or kernel) available.
+ *
+ * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C
+ *
+ * \note The read/write functions that are used by the entropy source are
+ *       determined in the platform layer, and can be modified at runtime and/or
+ *       compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used.
+ *
+ * \note If you use the default implementation functions that read a seedfile
+ *       with regular fopen(), please make sure you make a seedfile with the
+ *       proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at
+ *       least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from
+ *       and written to or you will get an entropy source error! The default
+ *       implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE
+ *       bytes from the file.
+ *
+ * \note The entropy collector will write to the seed file before entropy is
+ *       given to an external source, to update it.
+ */
+//#define MBEDTLS_ENTROPY_NV_SEED
+
+/* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
+ *
+ * Enable key identifiers that encode a key owner identifier.
+ *
+ * The owner of a key is identified by a value of type ::mbedtls_key_owner_id_t
+ * which is currently hard-coded to be int32_t.
+ *
+ * Note that this option is meant for internal use only and may be removed
+ * without notice.
+ */
+//#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
+
+/**
+ * \def MBEDTLS_MEMORY_DEBUG
+ *
+ * Enable debugging of buffer allocator memory issues. Automatically prints
+ * (to stderr) all (fatal) messages on memory allocation issues. Enables
+ * function for 'debug output' of allocated memory.
+ *
+ * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
+ *
+ * Uncomment this macro to let the buffer allocator print out error messages.
+ */
+//#define MBEDTLS_MEMORY_DEBUG
+
+/**
+ * \def MBEDTLS_MEMORY_BACKTRACE
+ *
+ * Include backtrace information with each allocated block.
+ *
+ * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
+ *           GLIBC-compatible backtrace() and backtrace_symbols() support
+ *
+ * Uncomment this macro to include backtrace information
+ */
+//#define MBEDTLS_MEMORY_BACKTRACE
+
+/**
+ * \def MBEDTLS_PK_RSA_ALT_SUPPORT
+ *
+ * Support external private RSA keys (eg from a HSM) in the PK layer.
+ *
+ * Comment this macro to disable support for external private RSA keys.
+ */
+#define MBEDTLS_PK_RSA_ALT_SUPPORT
+
+/**
+ * \def MBEDTLS_PKCS1_V15
+ *
+ * Enable support for PKCS#1 v1.5 encoding.
+ *
+ * Requires: MBEDTLS_RSA_C
+ *
+ * This enables support for PKCS#1 v1.5 operations.
+ */
+#define MBEDTLS_PKCS1_V15
+
+/**
+ * \def MBEDTLS_PKCS1_V21
+ *
+ * Enable support for PKCS#1 v2.1 encoding.
+ *
+ * Requires: MBEDTLS_RSA_C and (MBEDTLS_MD_C or MBEDTLS_PSA_CRYPTO_C).
+ *
+ * \warning If building without MBEDTLS_MD_C, you must call psa_crypto_init()
+ * before doing any PKCS#1 v2.1 operation.
+ *
+ * \warning When building with MBEDTLS_MD_C, all hashes used with this
+ * need to be available as built-ins (that is, for SHA-256, MBEDTLS_SHA256_C,
+ * etc.) as opposed to just PSA drivers. So far, PSA drivers are only used by
+ * this module in builds where MBEDTLS_MD_C is disabled.
+ *
+ * This enables support for RSAES-OAEP and RSASSA-PSS operations.
+ */
+#define MBEDTLS_PKCS1_V21
+
+/** \def MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
+ *
+ * Enable support for platform built-in keys. If you enable this feature,
+ * you must implement the function mbedtls_psa_platform_get_builtin_key().
+ * See the documentation of that function for more information.
+ *
+ * Built-in keys are typically derived from a hardware unique key or
+ * stored in a secure element.
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_C.
+ *
+ * \warning This interface is experimental and may change or be removed
+ * without notice.
+ */
+//#define MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
+
+/** \def MBEDTLS_PSA_CRYPTO_CLIENT
+ *
+ * Enable support for PSA crypto client.
+ *
+ * \note This option allows to include the code necessary for a PSA
+ *       crypto client when the PSA crypto implementation is not included in
+ *       the library (MBEDTLS_PSA_CRYPTO_C disabled). The code included is the
+ *       code to set and get PSA key attributes.
+ *       The development of PSA drivers partially relying on the library to
+ *       fulfill the hardware gaps is another possible usage of this option.
+ *
+ * \warning This interface is experimental and may change or be removed
+ * without notice.
+ */
+//#define MBEDTLS_PSA_CRYPTO_CLIENT
+
+/** \def MBEDTLS_PSA_CRYPTO_DRIVERS
+ *
+ * Enable support for the experimental PSA crypto driver interface.
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_C
+ *
+ * \warning This interface is experimental. We intend to maintain backward
+ *          compatibility with application code that relies on drivers,
+ *          but the driver interfaces may change without notice.
+ */
+//#define MBEDTLS_PSA_CRYPTO_DRIVERS
+
+/** \def MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
+ *
+ * Make the PSA Crypto module use an external random generator provided
+ * by a driver, instead of Mbed TLS's entropy and DRBG modules.
+ *
+ * \note This random generator must deliver random numbers with cryptographic
+ *       quality and high performance. It must supply unpredictable numbers
+ *       with a uniform distribution. The implementation of this function
+ *       is responsible for ensuring that the random generator is seeded
+ *       with sufficient entropy. If you have a hardware TRNG which is slow
+ *       or delivers non-uniform output, declare it as an entropy source
+ *       with mbedtls_entropy_add_source() instead of enabling this option.
+ *
+ * If you enable this option, you must configure the type
+ * ::mbedtls_psa_external_random_context_t in psa/crypto_platform.h
+ * and define a function called mbedtls_psa_external_get_random()
+ * with the following prototype:
+ * ```
+ * psa_status_t mbedtls_psa_external_get_random(
+ *     mbedtls_psa_external_random_context_t *context,
+ *     uint8_t *output, size_t output_size, size_t *output_length);
+ * );
+ * ```
+ * The \c context value is initialized to 0 before the first call.
+ * The function must fill the \c output buffer with \p output_size bytes
+ * of random data and set \c *output_length to \p output_size.
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_C
+ *
+ * \warning If you enable this option, code that uses the PSA cryptography
+ *          interface will not use any of the entropy sources set up for
+ *          the entropy module, nor the NV seed that MBEDTLS_ENTROPY_NV_SEED
+ *          enables.
+ *
+ * \note This option is experimental and may be removed without notice.
+ */
+#define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_SPM
+ *
+ * When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is built for SPM (Secure
+ * Partition Manager) integration which separates the code into two parts: a
+ * NSPE (Non-Secure Process Environment) and an SPE (Secure Process
+ * Environment).
+ *
+ * Module:  library/psa_crypto.c
+ * Requires: MBEDTLS_PSA_CRYPTO_C
+ *
+ */
+//#define MBEDTLS_PSA_CRYPTO_SPM
+
+/**
+ * \def MBEDTLS_PSA_INJECT_ENTROPY
+ *
+ * Enable support for entropy injection at first boot. This feature is
+ * required on systems that do not have a built-in entropy source (TRNG).
+ * This feature is currently not supported on systems that have a built-in
+ * entropy source.
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_STORAGE_C, MBEDTLS_ENTROPY_NV_SEED
+ *
+ */
+//#define MBEDTLS_PSA_INJECT_ENTROPY
+
+/**
+ * \def MBEDTLS_RSA_NO_CRT
+ *
+ * Do not use the Chinese Remainder Theorem
+ * for the RSA private operation.
+ *
+ * Uncomment this macro to disable the use of CRT in RSA.
+ *
+ */
+//#define MBEDTLS_RSA_NO_CRT
+
+/**
+ * \def MBEDTLS_SELF_TEST
+ *
+ * Enable the checkup functions (*_self_test).
+ */
+#define MBEDTLS_SELF_TEST
+
+/**
+ * \def MBEDTLS_SHA256_SMALLER
+ *
+ * Enable an implementation of SHA-256 that has lower ROM footprint but also
+ * lower performance.
+ *
+ * The default implementation is meant to be a reasonable compromise between
+ * performance and size. This version optimizes more aggressively for size at
+ * the expense of performance. Eg on Cortex-M4 it reduces the size of
+ * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about
+ * 30%.
+ *
+ * Uncomment to enable the smaller implementation of SHA256.
+ */
+//#define MBEDTLS_SHA256_SMALLER
+
+/**
+ * \def MBEDTLS_SHA512_SMALLER
+ *
+ * Enable an implementation of SHA-512 that has lower ROM footprint but also
+ * lower performance.
+ *
+ * Uncomment to enable the smaller implementation of SHA512.
+ */
+//#define MBEDTLS_SHA512_SMALLER
+
+/**
+ * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
+ *
+ * Enable sending of alert messages in case of encountered errors as per RFC.
+ * If you choose not to send the alert messages, mbed TLS can still communicate
+ * with other servers, only debugging of failures is harder.
+ *
+ * The advantage of not sending alert messages, is that no information is given
+ * about reasons for failures thus preventing adversaries of gaining intel.
+ *
+ * Enable sending of all alert messages
+ */
+#define MBEDTLS_SSL_ALL_ALERT_MESSAGES
+
+/**
+ * \def MBEDTLS_SSL_DTLS_CONNECTION_ID
+ *
+ * Enable support for the DTLS Connection ID (CID) extension,
+ * which allows to identify DTLS connections across changes
+ * in the underlying transport. The CID functionality is described
+ * in RFC 9146.
+ *
+ * Setting this option enables the SSL APIs `mbedtls_ssl_set_cid()`,
+ * mbedtls_ssl_get_own_cid()`, `mbedtls_ssl_get_peer_cid()` and
+ * `mbedtls_ssl_conf_cid()`. See the corresponding documentation for
+ * more information.
+ *
+ * The maximum lengths of outgoing and incoming CIDs can be configured
+ * through the options
+ * - MBEDTLS_SSL_CID_OUT_LEN_MAX
+ * - MBEDTLS_SSL_CID_IN_LEN_MAX.
+ *
+ * Requires: MBEDTLS_SSL_PROTO_DTLS
+ *
+ * Uncomment to enable the Connection ID extension.
+ */
+#define MBEDTLS_SSL_DTLS_CONNECTION_ID
+
+
+/**
+ * \def MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
+ *
+ * Defines whether RFC 9146 (default) or the legacy version
+ * (version draft-ietf-tls-dtls-connection-id-05,
+ * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05)
+ * is used.
+ *
+ * Set the value to 0 for the standard version, and
+ * 1 for the legacy draft version.
+ *
+ * \deprecated Support for the legacy version of the DTLS
+ *             Connection ID feature is deprecated. Please
+ *             switch to the standardized version defined
+ *             in RFC 9146 enabled by utilizing
+ *             MBEDTLS_SSL_DTLS_CONNECTION_ID without use
+ *             of MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT.
+ *
+ * Requires: MBEDTLS_SSL_DTLS_CONNECTION_ID
+ */
+#define MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 0
+
+/**
+ * \def MBEDTLS_SSL_ASYNC_PRIVATE
+ *
+ * Enable asynchronous external private key operations in SSL. This allows
+ * you to configure an SSL connection to call an external cryptographic
+ * module to perform private key operations instead of performing the
+ * operation inside the library.
+ *
+ * Requires: MBEDTLS_X509_CRT_PARSE_C
+ */
+//#define MBEDTLS_SSL_ASYNC_PRIVATE
+
+/**
+ * \def MBEDTLS_SSL_CONTEXT_SERIALIZATION
+ *
+ * Enable serialization of the TLS context structures, through use of the
+ * functions mbedtls_ssl_context_save() and mbedtls_ssl_context_load().
+ *
+ * This pair of functions allows one side of a connection to serialize the
+ * context associated with the connection, then free or re-use that context
+ * while the serialized state is persisted elsewhere, and finally deserialize
+ * that state to a live context for resuming read/write operations on the
+ * connection. From a protocol perspective, the state of the connection is
+ * unaffected, in particular this is entirely transparent to the peer.
+ *
+ * Note: this is distinct from TLS session resumption, which is part of the
+ * protocol and fully visible by the peer. TLS session resumption enables
+ * establishing new connections associated to a saved session with shorter,
+ * lighter handshakes, while context serialization is a local optimization in
+ * handling a single, potentially long-lived connection.
+ *
+ * Enabling these APIs makes some SSL structures larger, as 64 extra bytes are
+ * saved after the handshake to allow for more efficient serialization, so if
+ * you don't need this feature you'll save RAM by disabling it.
+ *
+ * Requires: MBEDTLS_GCM_C or MBEDTLS_CCM_C or MBEDTLS_CHACHAPOLY_C
+ *
+ * Comment to disable the context serialization APIs.
+ */
+#define MBEDTLS_SSL_CONTEXT_SERIALIZATION
+
+/**
+ * \def MBEDTLS_SSL_DEBUG_ALL
+ *
+ * Enable the debug messages in SSL module for all issues.
+ * Debug messages have been disabled in some places to prevent timing
+ * attacks due to (unbalanced) debugging function calls.
+ *
+ * If you need all error reporting you should enable this during debugging,
+ * but remove this for production servers that should log as well.
+ *
+ * Uncomment this macro to report all debug messages on errors introducing
+ * a timing side-channel.
+ *
+ */
+//#define MBEDTLS_SSL_DEBUG_ALL
+
+/** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ *
+ * Enable support for Encrypt-then-MAC, RFC 7366.
+ *
+ * This allows peers that both support it to use a more robust protection for
+ * ciphersuites using CBC, providing deep resistance against timing attacks
+ * on the padding or underlying cipher.
+ *
+ * This only affects CBC ciphersuites, and is useless if none is defined.
+ *
+ * Requires: MBEDTLS_SSL_PROTO_TLS1_2
+ *
+ * Comment this macro to disable support for Encrypt-then-MAC
+ */
+#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
+
+/** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET
+ *
+ * Enable support for RFC 7627: Session Hash and Extended Master Secret
+ * Extension.
+ *
+ * This was introduced as "the proper fix" to the Triple Handshake family of
+ * attacks, but it is recommended to always use it (even if you disable
+ * renegotiation), since it actually fixes a more fundamental issue in the
+ * original SSL/TLS design, and has implications beyond Triple Handshake.
+ *
+ * Requires: MBEDTLS_SSL_PROTO_TLS1_2
+ *
+ * Comment this macro to disable support for Extended Master Secret.
+ */
+#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
+
+/**
+ * \def MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
+ *
+ * This option controls the availability of the API mbedtls_ssl_get_peer_cert()
+ * giving access to the peer's certificate after completion of the handshake.
+ *
+ * Unless you need mbedtls_ssl_peer_cert() in your application, it is
+ * recommended to disable this option for reduced RAM usage.
+ *
+ * \note If this option is disabled, mbedtls_ssl_get_peer_cert() is still
+ *       defined, but always returns \c NULL.
+ *
+ * \note This option has no influence on the protection against the
+ *       triple handshake attack. Even if it is disabled, Mbed TLS will
+ *       still ensure that certificates do not change during renegotiation,
+ *       for example by keeping a hash of the peer's certificate.
+ *
+ * \note This option is required if MBEDTLS_SSL_PROTO_TLS1_3 is set.
+ *
+ * Comment this macro to disable storing the peer's certificate
+ * after the handshake.
+ */
+#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
+
+/**
+ * \def MBEDTLS_SSL_RENEGOTIATION
+ *
+ * Enable support for TLS renegotiation.
+ *
+ * The two main uses of renegotiation are (1) refresh keys on long-lived
+ * connections and (2) client authentication after the initial handshake.
+ * If you don't need renegotiation, it's probably better to disable it, since
+ * it has been associated with security issues in the past and is easy to
+ * misuse/misunderstand.
+ *
+ * Comment this to disable support for renegotiation.
+ *
+ * \note   Even if this option is disabled, both client and server are aware
+ *         of the Renegotiation Indication Extension (RFC 5746) used to
+ *         prevent the SSL renegotiation attack (see RFC 5746 Sect. 1).
+ *         (See \c mbedtls_ssl_conf_legacy_renegotiation for the
+ *          configuration of this extension).
+ *
+ */
+#define MBEDTLS_SSL_RENEGOTIATION
+
+/**
+ * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+ *
+ * Enable support for RFC 6066 max_fragment_length extension in SSL.
+ *
+ * Comment this macro to disable support for the max_fragment_length extension
+ */
+#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+
+/**
+ * \def MBEDTLS_SSL_RECORD_SIZE_LIMIT
+ *
+ * Enable support for RFC 8449 record_size_limit extension in SSL (TLS 1.3 only).
+ *
+ * \warning This extension is currently in development and must NOT be used except
+ *          for testing purposes.
+ *
+ * Requires: MBEDTLS_SSL_PROTO_TLS1_3
+ *
+ * Uncomment this macro to enable support for the record_size_limit extension
+ */
+//#define MBEDTLS_SSL_RECORD_SIZE_LIMIT
+
+/**
+ * \def MBEDTLS_SSL_PROTO_TLS1_2
+ *
+ * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled).
+ *
+ * Requires: Without MBEDTLS_USE_PSA_CRYPTO: MBEDTLS_MD_C and
+ *              (MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C)
+ *           With MBEDTLS_USE_PSA_CRYPTO:
+ *              PSA_WANT_ALG_SHA_1 or PSA_WANT_ALG_SHA_256 or
+ *              PSA_WANT_ALG_SHA_512
+ *
+ * \warning If building with MBEDTLS_USE_PSA_CRYPTO, you must call
+ * psa_crypto_init() before doing any TLS operations.
+ *
+ * Comment this macro to disable support for TLS 1.2 / DTLS 1.2
+ */
+#define MBEDTLS_SSL_PROTO_TLS1_2
+
+/**
+ * \def MBEDTLS_SSL_PROTO_TLS1_3
+ *
+ * Enable support for TLS 1.3.
+ *
+ * \note The support for TLS 1.3 is not comprehensive yet, in particular
+ *       pre-shared keys are not supported.
+ *       See docs/architecture/tls13-support.md for a description of the TLS
+ *       1.3 support that this option enables.
+ *
+ * Requires: MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
+ * Requires: MBEDTLS_PSA_CRYPTO_C
+ *
+ * \note TLS 1.3 uses PSA crypto for cryptographic operations that are
+ *       directly performed by TLS 1.3 code. As a consequence, you must
+ *       call psa_crypto_init() before the first TLS 1.3 handshake.
+ *
+ * \note Cryptographic operations performed indirectly via another module
+ *       (X.509, PK) or by code shared with TLS 1.2 (record protection,
+ *       running handshake hash) only use PSA crypto if
+ *       #MBEDTLS_USE_PSA_CRYPTO is enabled.
+ *
+ * Uncomment this macro to enable the support for TLS 1.3.
+ */
+#define MBEDTLS_SSL_PROTO_TLS1_3
+
+/**
+ * \def MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+ *
+ * Enable TLS 1.3 middlebox compatibility mode.
+ *
+ * As specified in Section D.4 of RFC 8446, TLS 1.3 offers a compatibility
+ * mode to make a TLS 1.3 connection more likely to pass through middle boxes
+ * expecting TLS 1.2 traffic.
+ *
+ * Turning on the compatibility mode comes at the cost of a few added bytes
+ * on the wire, but it doesn't affect compatibility with TLS 1.3 implementations
+ * that don't use it. Therefore, unless transmission bandwidth is critical and
+ * you know that middlebox compatibility issues won't occur, it is therefore
+ * recommended to set this option.
+ *
+ * Comment to disable compatibility mode for TLS 1.3. If
+ * MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any
+ * effect on the build.
+ *
+ */
+#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+
+/**
+ * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+ *
+ * Enable TLS 1.3 PSK key exchange mode.
+ *
+ * Comment to disable support for the PSK key exchange mode in TLS 1.3. If
+ * MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any
+ * effect on the build.
+ *
+ */
+#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+
+/**
+ * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+ *
+ * Enable TLS 1.3 ephemeral key exchange mode.
+ *
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C, MBEDTLS_ECDSA_C or
+ *           MBEDTLS_PKCS1_V21
+ *
+ * Comment to disable support for the ephemeral key exchange mode in TLS 1.3.
+ * If MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any
+ * effect on the build.
+ *
+ */
+#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+
+/**
+ * \def MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+ *
+ * Enable TLS 1.3 PSK ephemeral key exchange mode.
+ *
+ * Requires: MBEDTLS_ECDH_C
+ *
+ * Comment to disable support for the PSK ephemeral key exchange mode in
+ * TLS 1.3. If MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not
+ * have any effect on the build.
+ *
+ */
+#define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+
+/**
+ * \def MBEDTLS_SSL_EARLY_DATA
+ *
+ * Enable support for RFC 8446 TLS 1.3 early data.
+ *
+ * Requires: MBEDTLS_SSL_SESSION_TICKETS and either
+ *           MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED or
+ *           MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+ *
+ * Comment this to disable support for early data. If MBEDTLS_SSL_PROTO_TLS1_3
+ * is not enabled, this option does not have any effect on the build.
+ *
+ * This feature is experimental, not completed and thus not ready for
+ * production.
+ *
+ */
+//#define MBEDTLS_SSL_EARLY_DATA
+
+/**
+ * \def MBEDTLS_SSL_MAX_EARLY_DATA_SIZE
+ *
+ * The default maximum amount of 0-RTT data. See the documentation of
+ * \c mbedtls_ssl_tls13_conf_max_early_data_size() for more information.
+ *
+ * It must be positive and smaller than UINT32_MAX.
+ *
+ * If MBEDTLS_SSL_EARLY_DATA is not defined, this default value does not
+ * have any impact on the build.
+ *
+ * This feature is experimental, not completed and thus not ready for
+ * production.
+ *
+ */
+#define MBEDTLS_SSL_MAX_EARLY_DATA_SIZE        1024
+
+/**
+ * \def MBEDTLS_SSL_PROTO_DTLS
+ *
+ * Enable support for DTLS (all available versions).
+ *
+ * Enable this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2.
+ *
+ * Requires: MBEDTLS_SSL_PROTO_TLS1_2
+ *
+ * Comment this macro to disable support for DTLS
+ */
+#define MBEDTLS_SSL_PROTO_DTLS
+
+/**
+ * \def MBEDTLS_SSL_ALPN
+ *
+ * Enable support for RFC 7301 Application Layer Protocol Negotiation.
+ *
+ * Comment this macro to disable support for ALPN.
+ */
+#define MBEDTLS_SSL_ALPN
+
+/**
+ * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY
+ *
+ * Enable support for the anti-replay mechanism in DTLS.
+ *
+ * Requires: MBEDTLS_SSL_TLS_C
+ *           MBEDTLS_SSL_PROTO_DTLS
+ *
+ * \warning Disabling this is often a security risk!
+ * See mbedtls_ssl_conf_dtls_anti_replay() for details.
+ *
+ * Comment this to disable anti-replay in DTLS.
+ */
+#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
+
+/**
+ * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY
+ *
+ * Enable support for HelloVerifyRequest on DTLS servers.
+ *
+ * This feature is highly recommended to prevent DTLS servers being used as
+ * amplifiers in DoS attacks against other hosts. It should always be enabled
+ * unless you know for sure amplification cannot be a problem in the
+ * environment in which your server operates.
+ *
+ * \warning Disabling this can be a security risk! (see above)
+ *
+ * Requires: MBEDTLS_SSL_PROTO_DTLS
+ *
+ * Comment this to disable support for HelloVerifyRequest.
+ */
+#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
+
+/**
+ * \def MBEDTLS_SSL_DTLS_SRTP
+ *
+ * Enable support for negotiation of DTLS-SRTP (RFC 5764)
+ * through the use_srtp extension.
+ *
+ * \note This feature provides the minimum functionality required
+ * to negotiate the use of DTLS-SRTP and to allow the derivation of
+ * the associated SRTP packet protection key material.
+ * In particular, the SRTP packet protection itself, as well as the
+ * demultiplexing of RTP and DTLS packets at the datagram layer
+ * (see Section 5 of RFC 5764), are not handled by this feature.
+ * Instead, after successful completion of a handshake negotiating
+ * the use of DTLS-SRTP, the extended key exporter API
+ * mbedtls_ssl_conf_export_keys_cb() should be used to implement
+ * the key exporter described in Section 4.2 of RFC 5764 and RFC 5705
+ * (this is implemented in the SSL example programs).
+ * The resulting key should then be passed to an SRTP stack.
+ *
+ * Setting this option enables the runtime API
+ * mbedtls_ssl_conf_dtls_srtp_protection_profiles()
+ * through which the supported DTLS-SRTP protection
+ * profiles can be configured. You must call this API at
+ * runtime if you wish to negotiate the use of DTLS-SRTP.
+ *
+ * Requires: MBEDTLS_SSL_PROTO_DTLS
+ *
+ * Uncomment this to enable support for use_srtp extension.
+ */
+//#define MBEDTLS_SSL_DTLS_SRTP
+
+/**
+ * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
+ *
+ * Enable server-side support for clients that reconnect from the same port.
+ *
+ * Some clients unexpectedly close the connection and try to reconnect using the
+ * same source port. This needs special support from the server to handle the
+ * new connection securely, as described in section 4.2.8 of RFC 6347. This
+ * flag enables that support.
+ *
+ * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY
+ *
+ * Comment this to disable support for clients reusing the source port.
+ */
+#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
+
+/**
+ * \def MBEDTLS_SSL_SESSION_TICKETS
+ *
+ * Enable support for RFC 5077 session tickets in SSL.
+ * Client-side, provides full support for session tickets (maintenance of a
+ * session store remains the responsibility of the application, though).
+ * Server-side, you also need to provide callbacks for writing and parsing
+ * tickets, including authenticated encryption and key management. Example
+ * callbacks are provided by MBEDTLS_SSL_TICKET_C.
+ *
+ * Comment this macro to disable support for SSL session tickets
+ */
+#define MBEDTLS_SSL_SESSION_TICKETS
+
+/**
+ * \def MBEDTLS_SSL_SERVER_NAME_INDICATION
+ *
+ * Enable support for RFC 6066 server name indication (SNI) in SSL.
+ *
+ * Requires: MBEDTLS_X509_CRT_PARSE_C
+ *
+ * Comment this macro to disable support for server name indication in SSL
+ */
+#define MBEDTLS_SSL_SERVER_NAME_INDICATION
+
+/**
+ * \def MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
+ *
+ * When this option is enabled, the SSL buffer will be resized automatically
+ * based on the negotiated maximum fragment length in each direction.
+ *
+ * Requires: MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+ */
+//#define MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
+
+/**
+ * \def MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
+ *
+ * Enable testing of the constant-flow nature of some sensitive functions with
+ * clang's MemorySanitizer. This causes some existing tests to also test
+ * this non-functional property of the code under test.
+ *
+ * This setting requires compiling with clang -fsanitize=memory. The test
+ * suites can then be run normally.
+ *
+ * \warning This macro is only used for extended testing; it is not considered
+ * part of the library's API, so it may change or disappear at any time.
+ *
+ * Uncomment to enable testing of the constant-flow nature of selected code.
+ */
+//#define MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
+
+/**
+ * \def MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
+ *
+ * Enable testing of the constant-flow nature of some sensitive functions with
+ * valgrind's memcheck tool. This causes some existing tests to also test
+ * this non-functional property of the code under test.
+ *
+ * This setting requires valgrind headers for building, and is only useful for
+ * testing if the tests suites are run with valgrind's memcheck. This can be
+ * done for an individual test suite with 'valgrind ./test_suite_xxx', or when
+ * using CMake, this can be done for all test suites with 'make memcheck'.
+ *
+ * \warning This macro is only used for extended testing; it is not considered
+ * part of the library's API, so it may change or disappear at any time.
+ *
+ * Uncomment to enable testing of the constant-flow nature of selected code.
+ */
+//#define MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
+
+/**
+ * \def MBEDTLS_TEST_HOOKS
+ *
+ * Enable features for invasive testing such as introspection functions and
+ * hooks for fault injection. This enables additional unit tests.
+ *
+ * Merely enabling this feature should not change the behavior of the product.
+ * It only adds new code, and new branching points where the default behavior
+ * is the same as when this feature is disabled.
+ * However, this feature increases the attack surface: there is an added
+ * risk of vulnerabilities, and more gadgets that can make exploits easier.
+ * Therefore this feature must never be enabled in production.
+ *
+ * See `docs/architecture/testing/mbed-crypto-invasive-testing.md` for more
+ * information.
+ *
+ * Uncomment to enable invasive tests.
+ */
+//#define MBEDTLS_TEST_HOOKS
+
+/**
+ * \def MBEDTLS_THREADING_ALT
+ *
+ * Provide your own alternate threading implementation.
+ *
+ * Requires: MBEDTLS_THREADING_C
+ *
+ * Uncomment this to allow your own alternate threading implementation.
+ */
+//#define MBEDTLS_THREADING_ALT
+
+/**
+ * \def MBEDTLS_THREADING_PTHREAD
+ *
+ * Enable the pthread wrapper layer for the threading layer.
+ *
+ * Requires: MBEDTLS_THREADING_C
+ *
+ * Uncomment this to enable pthread mutexes.
+ */
+//#define MBEDTLS_THREADING_PTHREAD
+
+/**
+ * \def MBEDTLS_USE_PSA_CRYPTO
+ *
+ * Make the X.509 and TLS library use PSA for cryptographic operations, and
+ * enable new APIs for using keys handled by PSA Crypto.
+ *
+ * \note Development of this option is currently in progress, and parts of Mbed
+ * TLS's X.509 and TLS modules are not ported to PSA yet. However, these parts
+ * will still continue to work as usual, so enabling this option should not
+ * break backwards compatibility.
+ *
+ * \note See docs/use-psa-crypto.md for a complete description of what this
+ * option currently does, and of parts that are not affected by it so far.
+ *
+ * \warning If you enable this option, you need to call `psa_crypto_init()`
+ * before calling any function from the SSL/TLS, X.509 or PK modules.
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_C.
+ *
+ * Uncomment this to enable internal use of PSA Crypto and new associated APIs.
+ */
+//#define MBEDTLS_USE_PSA_CRYPTO
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_CONFIG
+ *
+ * This setting allows support for cryptographic mechanisms through the PSA
+ * API to be configured separately from support through the mbedtls API.
+ *
+ * When this option is disabled, the PSA API exposes the cryptographic
+ * mechanisms that can be implemented on top of the `mbedtls_xxx` API
+ * configured with `MBEDTLS_XXX` symbols.
+ *
+ * When this option is enabled, the PSA API exposes the cryptographic
+ * mechanisms requested by the `PSA_WANT_XXX` symbols defined in
+ * include/psa/crypto_config.h. The corresponding `MBEDTLS_XXX` settings are
+ * automatically enabled if required (i.e. if no PSA driver provides the
+ * mechanism). You may still freely enable additional `MBEDTLS_XXX` symbols
+ * in mbedtls_config.h.
+ *
+ * If the symbol #MBEDTLS_PSA_CRYPTO_CONFIG_FILE is defined, it specifies
+ * an alternative header to include instead of include/psa/crypto_config.h.
+ *
+ * This feature is still experimental and is not ready for production since
+ * it is not completed.
+ */
+//#define MBEDTLS_PSA_CRYPTO_CONFIG
+
+/**
+ * \def MBEDTLS_VERSION_FEATURES
+ *
+ * Allow run-time checking of compile-time enabled features. Thus allowing users
+ * to check at run-time if the library is for instance compiled with threading
+ * support via mbedtls_version_check_feature().
+ *
+ * Requires: MBEDTLS_VERSION_C
+ *
+ * Comment this to disable run-time checking and save ROM space
+ */
+#define MBEDTLS_VERSION_FEATURES
+
+/**
+ * \def MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+ *
+ * If set, this enables the X.509 API `mbedtls_x509_crt_verify_with_ca_cb()`
+ * and the SSL API `mbedtls_ssl_conf_ca_cb()` which allow users to configure
+ * the set of trusted certificates through a callback instead of a linked
+ * list.
+ *
+ * This is useful for example in environments where a large number of trusted
+ * certificates is present and storing them in a linked list isn't efficient
+ * enough, or when the set of trusted certificates changes frequently.
+ *
+ * See the documentation of `mbedtls_x509_crt_verify_with_ca_cb()` and
+ * `mbedtls_ssl_conf_ca_cb()` for more information.
+ *
+ * Requires: MBEDTLS_X509_CRT_PARSE_C
+ *
+ * Uncomment to enable trusted certificate callbacks.
+ */
+//#define MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
+
+/**
+ * \def MBEDTLS_X509_REMOVE_INFO
+ *
+ * Disable mbedtls_x509_*_info() and related APIs.
+ *
+ * Uncomment to omit mbedtls_x509_*_info(), as well as mbedtls_debug_print_crt()
+ * and other functions/constants only used by these functions, thus reducing
+ * the code footprint by several KB.
+ */
+//#define MBEDTLS_X509_REMOVE_INFO
+
+/**
+ * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT
+ *
+ * Enable parsing and verification of X.509 certificates, CRLs and CSRS
+ * signed with RSASSA-PSS (aka PKCS#1 v2.1).
+ *
+ * Comment this macro to disallow using RSASSA-PSS in certificates.
+ */
+#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
+/** \} name SECTION: mbed TLS feature support */
+
+/**
+ * \name SECTION: mbed TLS modules
+ *
+ * This section enables or disables entire modules in mbed TLS
+ * \{
+ */
+
+/**
+ * \def MBEDTLS_AESNI_C
+ *
+ * Enable AES-NI support on x86-64 or x86-32.
+ *
+ * \note AESNI is only supported with certain compilers and target options:
+ * - Visual Studio 2013: supported.
+ * - GCC, x86-64, target not explicitly supporting AESNI:
+ *   requires MBEDTLS_HAVE_ASM.
+ * - GCC, x86-32, target not explicitly supporting AESNI:
+ *   not supported.
+ * - GCC, x86-64 or x86-32, target supporting AESNI: supported.
+ *   For this assembly-less implementation, you must currently compile
+ *   `library/aesni.c` and `library/aes.c` with machine options to enable
+ *   SSE2 and AESNI instructions: `gcc -msse2 -maes -mpclmul` or
+ *   `clang -maes -mpclmul`.
+ * - Non-x86 targets: this option is silently ignored.
+ * - Other compilers: this option is silently ignored.
+ *
+ * \note
+ * Above, "GCC" includes compatible compilers such as Clang.
+ * The limitations on target support are likely to be relaxed in the future.
+ *
+ * Module:  library/aesni.c
+ * Caller:  library/aes.c
+ *
+ * Requires: MBEDTLS_HAVE_ASM (on some platforms, see note)
+ *
+ * This modules adds support for the AES-NI instructions on x86.
+ */
+//#define MBEDTLS_AESNI_C
+
+/**
+ * \def MBEDTLS_AESCE_C
+ *
+ * Enable AES cryptographic extension support on 64-bit Arm.
+ *
+ * Module:  library/aesce.c
+ * Caller:  library/aes.c
+ *
+ * Requires: MBEDTLS_HAVE_ASM, MBEDTLS_AES_C
+ *
+ * \warning Runtime detection only works on Linux. For non-Linux operating
+ *          system, Armv8-A Cryptographic Extensions must be supported by
+ *          the CPU when this option is enabled.
+ *
+ * This module adds support for the AES Armv8-A Cryptographic Extensions on Aarch64 systems.
+ */
+//#define MBEDTLS_AESCE_C
+
+/**
+ * \def MBEDTLS_AES_C
+ *
+ * Enable the AES block cipher.
+ *
+ * Module:  library/aes.c
+ * Caller:  library/cipher.c
+ *          library/pem.c
+ *          library/ctr_drbg.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
+ *
+ * PEM_PARSE uses AES for decrypting encrypted keys.
+ */
+#define MBEDTLS_AES_C
+
+/**
+ * \def MBEDTLS_ASN1_PARSE_C
+ *
+ * Enable the generic ASN1 parser.
+ *
+ * Module:  library/asn1.c
+ * Caller:  library/x509.c
+ *          library/dhm.c
+ *          library/pkcs12.c
+ *          library/pkcs5.c
+ *          library/pkparse.c
+ */
+#define MBEDTLS_ASN1_PARSE_C
+
+/**
+ * \def MBEDTLS_ASN1_WRITE_C
+ *
+ * Enable the generic ASN1 writer.
+ *
+ * Module:  library/asn1write.c
+ * Caller:  library/ecdsa.c
+ *          library/pkwrite.c
+ *          library/x509_create.c
+ *          library/x509write_crt.c
+ *          library/x509write_csr.c
+ */
+#define MBEDTLS_ASN1_WRITE_C
+
+/**
+ * \def MBEDTLS_BASE64_C
+ *
+ * Enable the Base64 module.
+ *
+ * Module:  library/base64.c
+ * Caller:  library/pem.c
+ *
+ * This module is required for PEM support (required by X.509).
+ */
+#define MBEDTLS_BASE64_C
+
+/**
+ * \def MBEDTLS_BIGNUM_C
+ *
+ * Enable the multi-precision integer library.
+ *
+ * Module:  library/bignum.c
+ *          library/bignum_core.c
+ *          library/bignum_mod.c
+ *          library/bignum_mod_raw.c
+ * Caller:  library/dhm.c
+ *          library/ecp.c
+ *          library/ecdsa.c
+ *          library/rsa.c
+ *          library/rsa_alt_helpers.c
+ *          library/ssl_tls.c
+ *
+ * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support.
+ */
+#define MBEDTLS_BIGNUM_C
+
+/**
+ * \def MBEDTLS_CAMELLIA_C
+ *
+ * Enable the Camellia block cipher.
+ *
+ * Module:  library/camellia.c
+ * Caller:  library/cipher.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ */
+#define MBEDTLS_CAMELLIA_C
+
+/**
+ * \def MBEDTLS_ARIA_C
+ *
+ * Enable the ARIA block cipher.
+ *
+ * Module:  library/aria.c
+ * Caller:  library/cipher.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *
+ *      MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384
+ */
+#define MBEDTLS_ARIA_C
+
+/**
+ * \def MBEDTLS_CCM_C
+ *
+ * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher.
+ *
+ * Module:  library/ccm.c
+ *
+ * Requires: MBEDTLS_CIPHER_C, MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or
+ *                             MBEDTLS_ARIA_C
+ *
+ * This module enables the AES-CCM ciphersuites, if other requisites are
+ * enabled as well.
+ */
+#define MBEDTLS_CCM_C
+
+/**
+ * \def MBEDTLS_CHACHA20_C
+ *
+ * Enable the ChaCha20 stream cipher.
+ *
+ * Module:  library/chacha20.c
+ */
+#define MBEDTLS_CHACHA20_C
+
+/**
+ * \def MBEDTLS_CHACHAPOLY_C
+ *
+ * Enable the ChaCha20-Poly1305 AEAD algorithm.
+ *
+ * Module:  library/chachapoly.c
+ *
+ * This module requires: MBEDTLS_CHACHA20_C, MBEDTLS_POLY1305_C
+ */
+#define MBEDTLS_CHACHAPOLY_C
+
+/**
+ * \def MBEDTLS_CIPHER_C
+ *
+ * Enable the generic cipher layer.
+ *
+ * Module:  library/cipher.c
+ * Caller:  library/ccm.c
+ *          library/cmac.c
+ *          library/gcm.c
+ *          library/nist_kw.c
+ *          library/pkcs12.c
+ *          library/pkcs5.c
+ *          library/psa_crypto_aead.c
+ *          library/psa_crypto_mac.c
+ *          library/ssl_ciphersuites.c
+ *          library/ssl_msg.c
+ *          library/ssl_ticket.c (unless MBEDTLS_USE_PSA_CRYPTO is enabled)
+ *
+ * Uncomment to enable generic cipher wrappers.
+ */
+#define MBEDTLS_CIPHER_C
+
+/**
+ * \def MBEDTLS_CMAC_C
+ *
+ * Enable the CMAC (Cipher-based Message Authentication Code) mode for block
+ * ciphers.
+ *
+ * \note When #MBEDTLS_CMAC_ALT is active, meaning that the underlying
+ *       implementation of the CMAC algorithm is provided by an alternate
+ *       implementation, that alternate implementation may opt to not support
+ *       AES-192 or 3DES as underlying block ciphers for the CMAC operation.
+ *
+ * Module:  library/cmac.c
+ *
+ * Requires: MBEDTLS_CIPHER_C, MBEDTLS_AES_C or MBEDTLS_DES_C
+ *
+ */
+#define MBEDTLS_CMAC_C
+
+/**
+ * \def MBEDTLS_CTR_DRBG_C
+ *
+ * Enable the CTR_DRBG AES-based random generator.
+ * The CTR_DRBG generator uses AES-256 by default.
+ * To use AES-128 instead, enable \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY above.
+ *
+ * \note To achieve a 256-bit security strength with CTR_DRBG,
+ *       you must use AES-256 *and* use sufficient entropy.
+ *       See ctr_drbg.h for more details.
+ *
+ * Module:  library/ctr_drbg.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_AES_C
+ *
+ * This module provides the CTR_DRBG AES random number generator.
+ */
+#define MBEDTLS_CTR_DRBG_C
+
+/**
+ * \def MBEDTLS_DEBUG_C
+ *
+ * Enable the debug functions.
+ *
+ * Module:  library/debug.c
+ * Caller:  library/ssl_msg.c
+ *          library/ssl_tls.c
+ *          library/ssl_tls12_*.c
+ *          library/ssl_tls13_*.c
+ *
+ * This module provides debugging functions.
+ */
+//#define MBEDTLS_DEBUG_C
+
+/**
+ * \def MBEDTLS_DES_C
+ *
+ * Enable the DES block cipher.
+ *
+ * Module:  library/des.c
+ * Caller:  library/pem.c
+ *          library/cipher.c
+ *
+ * PEM_PARSE uses DES/3DES for decrypting encrypted keys.
+ *
+ * \warning   DES/3DES are considered weak ciphers and their use constitutes a
+ *            security risk. We recommend considering stronger ciphers instead.
+ */
+#define MBEDTLS_DES_C
+
+/**
+ * \def MBEDTLS_DHM_C
+ *
+ * Enable the Diffie-Hellman-Merkle module.
+ *
+ * Module:  library/dhm.c
+ * Caller:  library/ssl_tls.c
+ *          library/ssl*_client.c
+ *          library/ssl*_server.c
+ *
+ * This module is used by the following key exchanges:
+ *      DHE-RSA, DHE-PSK
+ *
+ * \warning    Using DHE constitutes a security risk as it
+ *             is not possible to validate custom DH parameters.
+ *             If possible, it is recommended users should consider
+ *             preferring other methods of key exchange.
+ *             See dhm.h for more details.
+ *
+ */
+#define MBEDTLS_DHM_C
+
+/**
+ * \def MBEDTLS_ECDH_C
+ *
+ * Enable the elliptic curve Diffie-Hellman library.
+ *
+ * Module:  library/ecdh.c
+ * Caller:  library/psa_crypto.c
+ *          library/ssl_tls.c
+ *          library/ssl*_client.c
+ *          library/ssl*_server.c
+ *
+ * This module is used by the following key exchanges:
+ *      ECDHE-ECDSA, ECDHE-RSA, DHE-PSK
+ *
+ * Requires: MBEDTLS_ECP_C
+ */
+#define MBEDTLS_ECDH_C
+
+/**
+ * \def MBEDTLS_ECDSA_C
+ *
+ * Enable the elliptic curve DSA library.
+ *
+ * Module:  library/ecdsa.c
+ * Caller:
+ *
+ * This module is used by the following key exchanges:
+ *      ECDHE-ECDSA
+ *
+ * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C,
+ *           and at least one MBEDTLS_ECP_DP_XXX_ENABLED for a
+ *           short Weierstrass curve.
+ */
+#define MBEDTLS_ECDSA_C
+
+/**
+ * \def MBEDTLS_ECJPAKE_C
+ *
+ * Enable the elliptic curve J-PAKE library.
+ *
+ * \note EC J-PAKE support is based on the Thread v1.0.0 specification.
+ *       It has not been reviewed for compliance with newer standards such as
+ *       Thread v1.1 or RFC 8236.
+ *
+ * Module:  library/ecjpake.c
+ * Caller:
+ *
+ * This module is used by the following key exchanges:
+ *      ECJPAKE
+ *
+ * Requires: MBEDTLS_ECP_C and either MBEDTLS_MD_C or MBEDTLS_PSA_CRYPTO_C
+ *
+ * \warning If building without MBEDTLS_MD_C, you must call psa_crypto_init()
+ * before doing any EC J-PAKE operations.
+ *
+ * \warning When building with MBEDTLS_MD_C, all hashes used with this
+ * need to be available as built-ins (that is, for SHA-256, MBEDTLS_SHA256_C,
+ * etc.) as opposed to just PSA drivers. So far, PSA drivers are only used by
+ * this module in builds where MBEDTLS_MD_C is disabled.
+ */
+#define MBEDTLS_ECJPAKE_C
+
+/**
+ * \def MBEDTLS_ECP_C
+ *
+ * Enable the elliptic curve over GF(p) library.
+ *
+ * Module:  library/ecp.c
+ * Caller:  library/ecdh.c
+ *          library/ecdsa.c
+ *          library/ecjpake.c
+ *
+ * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED
+ */
+#define MBEDTLS_ECP_C
+
+/**
+ * \def MBEDTLS_ENTROPY_C
+ *
+ * Enable the platform-specific entropy code.
+ *
+ * Module:  library/entropy.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C
+ *
+ * This module provides a generic entropy pool
+ */
+#define MBEDTLS_ENTROPY_C
+
+/**
+ * \def MBEDTLS_ERROR_C
+ *
+ * Enable error code to error string conversion.
+ *
+ * Module:  library/error.c
+ * Caller:
+ *
+ * This module enables mbedtls_strerror().
+ */
+#define MBEDTLS_ERROR_C
+
+/**
+ * \def MBEDTLS_GCM_C
+ *
+ * Enable the Galois/Counter Mode (GCM).
+ *
+ * Module:  library/gcm.c
+ *
+ * Requires: MBEDTLS_CIPHER_C, MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or
+ *                             MBEDTLS_ARIA_C
+ *
+ * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
+ * requisites are enabled as well.
+ */
+#define MBEDTLS_GCM_C
+
+/**
+ * \def MBEDTLS_HKDF_C
+ *
+ * Enable the HKDF algorithm (RFC 5869).
+ *
+ * Module:  library/hkdf.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_MD_C
+ *
+ * This module adds support for the Hashed Message Authentication Code
+ * (HMAC)-based key derivation function (HKDF).
+ */
+#define MBEDTLS_HKDF_C
+
+/**
+ * \def MBEDTLS_HMAC_DRBG_C
+ *
+ * Enable the HMAC_DRBG random generator.
+ *
+ * Module:  library/hmac_drbg.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_MD_C
+ *
+ * Uncomment to enable the HMAC_DRBG random number generator.
+ */
+#define MBEDTLS_HMAC_DRBG_C
+
+/**
+ * \def MBEDTLS_LMS_C
+ *
+ * Enable the LMS stateful-hash asymmetric signature algorithm.
+ *
+ * Module:  library/lms.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_C
+ *
+ * Uncomment to enable the LMS verification algorithm and public key operations.
+ */
+#define MBEDTLS_LMS_C
+
+/**
+ * \def MBEDTLS_LMS_PRIVATE
+ *
+ * Enable LMS private-key operations and signing code. Functions enabled by this
+ * option are experimental, and should not be used in production.
+ *
+ * Requires: MBEDTLS_LMS_C
+ *
+ * Uncomment to enable the LMS signature algorithm and private key operations.
+ */
+//#define MBEDTLS_LMS_PRIVATE
+
+/**
+ * \def MBEDTLS_NIST_KW_C
+ *
+ * Enable the Key Wrapping mode for 128-bit block ciphers,
+ * as defined in NIST SP 800-38F. Only KW and KWP modes
+ * are supported. At the moment, only AES is approved by NIST.
+ *
+ * Module:  library/nist_kw.c
+ *
+ * Requires: MBEDTLS_AES_C and MBEDTLS_CIPHER_C
+ */
+#define MBEDTLS_NIST_KW_C
+
+/**
+ * \def MBEDTLS_MD_C
+ *
+ * Enable the generic layer for message digest (hashing) and HMAC.
+ *
+ * Requires: one of: MBEDTLS_MD5_C, MBEDTLS_RIPEMD160_C, MBEDTLS_SHA1_C,
+ *                   MBEDTLS_SHA224_C, MBEDTLS_SHA256_C, MBEDTLS_SHA384_C,
+ *                   MBEDTLS_SHA512_C.
+ * Module:  library/md.c
+ * Caller:  library/constant_time.c
+ *          library/ecdsa.c
+ *          library/ecjpake.c
+ *          library/hkdf.c
+ *          library/hmac_drbg.c
+ *          library/pk.c
+ *          library/pkcs5.c
+ *          library/pkcs12.c
+ *          library/psa_crypto_ecp.c
+ *          library/psa_crypto_rsa.c
+ *          library/rsa.c
+ *          library/ssl_cookie.c
+ *          library/ssl_msg.c
+ *          library/ssl_tls.c
+ *          library/x509.c
+ *          library/x509_crt.c
+ *          library/x509write_crt.c
+ *          library/x509write_csr.c
+ *
+ * Uncomment to enable generic message digest wrappers.
+ */
+#define MBEDTLS_MD_C
+
+/**
+ * \def MBEDTLS_MD5_C
+ *
+ * Enable the MD5 hash algorithm.
+ *
+ * Module:  library/md5.c
+ * Caller:  library/md.c
+ *          library/pem.c
+ *          library/ssl_tls.c
+ *
+ * This module is required for TLS 1.2 depending on the handshake parameters.
+ * Further, it is used for checking MD5-signed certificates, and for PBKDF1
+ * when decrypting PEM-encoded encrypted keys.
+ *
+ * \warning   MD5 is considered a weak message digest and its use constitutes a
+ *            security risk. If possible, we recommend avoiding dependencies on
+ *            it, and considering stronger message digests instead.
+ *
+ */
+#define MBEDTLS_MD5_C
+
+/**
+ * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C
+ *
+ * Enable the buffer allocator implementation that makes use of a (stack)
+ * based buffer to 'allocate' dynamic memory. (replaces calloc() and free()
+ * calls)
+ *
+ * Module:  library/memory_buffer_alloc.c
+ *
+ * Requires: MBEDTLS_PLATFORM_C
+ *           MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS)
+ *
+ * Enable this module to enable the buffer memory allocator.
+ */
+//#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
+
+/**
+ * \def MBEDTLS_NET_C
+ *
+ * Enable the TCP and UDP over IPv6/IPv4 networking routines.
+ *
+ * \note This module only works on POSIX/Unix (including Linux, BSD and OS X)
+ * and Windows. For other platforms, you'll want to disable it, and write your
+ * own networking callbacks to be passed to \c mbedtls_ssl_set_bio().
+ *
+ * \note See also our Knowledge Base article about porting to a new
+ * environment:
+ * https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
+ *
+ * Module:  library/net_sockets.c
+ *
+ * This module provides networking routines.
+ */
+//#define MBEDTLS_NET_C
+
+/**
+ * \def MBEDTLS_OID_C
+ *
+ * Enable the OID database.
+ *
+ * Module:  library/oid.c
+ * Caller:  library/asn1write.c
+ *          library/pkcs5.c
+ *          library/pkparse.c
+ *          library/pkwrite.c
+ *          library/rsa.c
+ *          library/x509.c
+ *          library/x509_create.c
+ *          library/x509_crl.c
+ *          library/x509_crt.c
+ *          library/x509_csr.c
+ *          library/x509write_crt.c
+ *          library/x509write_csr.c
+ *
+ * This modules translates between OIDs and internal values.
+ */
+#define MBEDTLS_OID_C
+
+/**
+ * \def MBEDTLS_PADLOCK_C
+ *
+ * Enable VIA Padlock support on x86.
+ *
+ * Module:  library/padlock.c
+ * Caller:  library/aes.c
+ *
+ * Requires: MBEDTLS_HAVE_ASM
+ *
+ * This modules adds support for the VIA PadLock on x86.
+ */
+#define MBEDTLS_PADLOCK_C
+
+/**
+ * \def MBEDTLS_PEM_PARSE_C
+ *
+ * Enable PEM decoding / parsing.
+ *
+ * Module:  library/pem.c
+ * Caller:  library/dhm.c
+ *          library/pkparse.c
+ *          library/x509_crl.c
+ *          library/x509_crt.c
+ *          library/x509_csr.c
+ *
+ * Requires: MBEDTLS_BASE64_C
+ *
+ * This modules adds support for decoding / parsing PEM files.
+ */
+#define MBEDTLS_PEM_PARSE_C
+
+/**
+ * \def MBEDTLS_PEM_WRITE_C
+ *
+ * Enable PEM encoding / writing.
+ *
+ * Module:  library/pem.c
+ * Caller:  library/pkwrite.c
+ *          library/x509write_crt.c
+ *          library/x509write_csr.c
+ *
+ * Requires: MBEDTLS_BASE64_C
+ *
+ * This modules adds support for encoding / writing PEM files.
+ */
+#define MBEDTLS_PEM_WRITE_C
+
+/**
+ * \def MBEDTLS_PK_C
+ *
+ * Enable the generic public (asymmetric) key layer.
+ *
+ * Module:  library/pk.c
+ * Caller:  library/psa_crypto_rsa.c
+ *          library/ssl_tls.c
+ *          library/ssl*_client.c
+ *          library/ssl*_server.c
+ *          library/x509.c
+ *
+ * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C or MBEDTLS_ECP_C
+ *
+ * Uncomment to enable generic public key wrappers.
+ */
+#define MBEDTLS_PK_C
+
+/**
+ * \def MBEDTLS_PK_PARSE_C
+ *
+ * Enable the generic public (asymmetric) key parser.
+ *
+ * Module:  library/pkparse.c
+ * Caller:  library/x509_crt.c
+ *          library/x509_csr.c
+ *
+ * Requires: MBEDTLS_PK_C
+ *
+ * Uncomment to enable generic public key parse functions.
+ */
+#define MBEDTLS_PK_PARSE_C
+
+/**
+ * \def MBEDTLS_PK_WRITE_C
+ *
+ * Enable the generic public (asymmetric) key writer.
+ *
+ * Module:  library/pkwrite.c
+ * Caller:  library/x509write.c
+ *
+ * Requires: MBEDTLS_PK_C
+ *
+ * Uncomment to enable generic public key write functions.
+ */
+#define MBEDTLS_PK_WRITE_C
+
+/**
+ * \def MBEDTLS_PKCS5_C
+ *
+ * Enable PKCS#5 functions.
+ *
+ * Module:  library/pkcs5.c
+ *
+ * Requires: MBEDTLS_CIPHER_C and either MBEDTLS_MD_C or MBEDTLS_PSA_CRYPTO_C.
+ *
+ * \warning If building without MBEDTLS_MD_C, you must call psa_crypto_init()
+ * before doing any PKCS5 operation.
+ *
+ * \warning When building with MBEDTLS_MD_C, all hashes used with this
+ * need to be available as built-ins (that is, for SHA-256, MBEDTLS_SHA256_C,
+ * etc.) as opposed to just PSA drivers. So far, PSA drivers are only used by
+ * this module in builds where MBEDTLS_MD_C is disabled.
+ *
+ * This module adds support for the PKCS#5 functions.
+ */
+#define MBEDTLS_PKCS5_C
+
+/**
+ * \def MBEDTLS_PKCS7_C
+ *
+ * Enable PKCS #7 core for using PKCS #7-formatted signatures.
+ * RFC Link - https://tools.ietf.org/html/rfc2315
+ *
+ * Module:  library/pkcs7.c
+ *
+ * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C,
+ *           MBEDTLS_X509_CRT_PARSE_C MBEDTLS_X509_CRL_PARSE_C,
+ *           MBEDTLS_BIGNUM_C, MBEDTLS_MD_C
+ *
+ * This module is required for the PKCS #7 parsing modules.
+ */
+#define MBEDTLS_PKCS7_C
+
+/**
+ * \def MBEDTLS_PKCS12_C
+ *
+ * Enable PKCS#12 PBE functions.
+ * Adds algorithms for parsing PKCS#8 encrypted private keys
+ *
+ * Module:  library/pkcs12.c
+ * Caller:  library/pkparse.c
+ *
+ * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C and either
+ * MBEDTLS_MD_C or MBEDTLS_PSA_CRYPTO_C.
+ *
+ * \warning If building without MBEDTLS_MD_C, you must call psa_crypto_init()
+ * before doing any PKCS12 operation.
+ *
+ * \warning When building with MBEDTLS_MD_C, all hashes used with this
+ * need to be available as built-ins (that is, for SHA-256, MBEDTLS_SHA256_C,
+ * etc.) as opposed to just PSA drivers. So far, PSA drivers are only used by
+ * this module in builds where MBEDTLS_MD_C is disabled.
+ *
+ * This module enables PKCS#12 functions.
+ */
+#define MBEDTLS_PKCS12_C
+
+/**
+ * \def MBEDTLS_PLATFORM_C
+ *
+ * Enable the platform abstraction layer that allows you to re-assign
+ * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit().
+ *
+ * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT
+ * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned
+ * above to be specified at runtime or compile time respectively.
+ *
+ * \note This abstraction layer must be enabled on Windows (including MSYS2)
+ * as other modules rely on it for a fixed snprintf implementation.
+ *
+ * Module:  library/platform.c
+ * Caller:  Most other .c files
+ *
+ * This module enables abstraction of common (libc) functions.
+ */
+#define MBEDTLS_PLATFORM_C
+
+/**
+ * \def MBEDTLS_POLY1305_C
+ *
+ * Enable the Poly1305 MAC algorithm.
+ *
+ * Module:  library/poly1305.c
+ * Caller:  library/chachapoly.c
+ */
+#define MBEDTLS_POLY1305_C
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_C
+ *
+ * Enable the Platform Security Architecture cryptography API.
+ *
+ * Module:  library/psa_crypto.c
+ *
+ * Requires: MBEDTLS_CIPHER_C,
+ *           either MBEDTLS_CTR_DRBG_C and MBEDTLS_ENTROPY_C,
+ *           or MBEDTLS_HMAC_DRBG_C and MBEDTLS_ENTROPY_C,
+ *           or MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG.
+ *
+ */
+#define MBEDTLS_PSA_CRYPTO_C
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_SE_C
+ *
+ * Enable dynamic secure element support in the Platform Security Architecture
+ * cryptography API.
+ *
+ * \deprecated This feature is deprecated. Please switch to the driver
+ *             interface enabled by #MBEDTLS_PSA_CRYPTO_DRIVERS.
+ *
+ * Module:  library/psa_crypto_se.c
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_PSA_CRYPTO_STORAGE_C
+ *
+ */
+//#define MBEDTLS_PSA_CRYPTO_SE_C
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_STORAGE_C
+ *
+ * Enable the Platform Security Architecture persistent key storage.
+ *
+ * Module:  library/psa_crypto_storage.c
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_C,
+ *           either MBEDTLS_PSA_ITS_FILE_C or a native implementation of
+ *           the PSA ITS interface
+ */
+//#define MBEDTLS_PSA_CRYPTO_STORAGE_C
+
+/**
+ * \def MBEDTLS_PSA_ITS_FILE_C
+ *
+ * Enable the emulation of the Platform Security Architecture
+ * Internal Trusted Storage (PSA ITS) over files.
+ *
+ * Module:  library/psa_its_file.c
+ *
+ * Requires: MBEDTLS_FS_IO
+ */
+//#define MBEDTLS_PSA_ITS_FILE_C
+
+/**
+ * \def MBEDTLS_RIPEMD160_C
+ *
+ * Enable the RIPEMD-160 hash algorithm.
+ *
+ * Module:  library/ripemd160.c
+ * Caller:  library/md.c
+ *
+ */
+#define MBEDTLS_RIPEMD160_C
+
+/**
+ * \def MBEDTLS_RSA_C
+ *
+ * Enable the RSA public-key cryptosystem.
+ *
+ * Module:  library/rsa.c
+ *          library/rsa_alt_helpers.c
+ * Caller:  library/pk.c
+ *          library/psa_crypto.c
+ *          library/ssl_tls.c
+ *          library/ssl*_client.c
+ *          library/ssl*_server.c
+ *
+ * This module is used by the following key exchanges:
+ *      RSA, DHE-RSA, ECDHE-RSA, RSA-PSK
+ *
+ * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C
+ */
+#define MBEDTLS_RSA_C
+
+/**
+ * \def MBEDTLS_SHA1_C
+ *
+ * Enable the SHA1 cryptographic hash algorithm.
+ *
+ * Module:  library/sha1.c
+ * Caller:  library/md.c
+ *          library/psa_crypto_hash.c
+ *
+ * This module is required for TLS 1.2 depending on the handshake parameters,
+ * and for SHA1-signed certificates.
+ *
+ * \warning   SHA-1 is considered a weak message digest and its use constitutes
+ *            a security risk. If possible, we recommend avoiding dependencies
+ *            on it, and considering stronger message digests instead.
+ *
+ */
+#define MBEDTLS_SHA1_C
+
+/**
+ * \def MBEDTLS_SHA224_C
+ *
+ * Enable the SHA-224 cryptographic hash algorithm.
+ *
+ * Module:  library/sha256.c
+ * Caller:  library/md.c
+ *          library/ssl_cookie.c
+ *
+ * This module adds support for SHA-224.
+ */
+#define MBEDTLS_SHA224_C
+
+/**
+ * \def MBEDTLS_SHA256_C
+ *
+ * Enable the SHA-256 cryptographic hash algorithm.
+ *
+ * Module:  library/sha256.c
+ * Caller:  library/entropy.c
+ *          library/md.c
+ *          library/ssl_tls.c
+ *          library/ssl*_client.c
+ *          library/ssl*_server.c
+ *
+ * This module adds support for SHA-256.
+ * This module is required for the SSL/TLS 1.2 PRF function.
+ */
+#define MBEDTLS_SHA256_C
+
+/**
+ * \def MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
+ *
+ * Enable acceleration of the SHA-256 and SHA-224 cryptographic hash algorithms
+ * with the ARMv8 cryptographic extensions if they are available at runtime.
+ * If not, the library will fall back to the C implementation.
+ *
+ * \note If MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT is defined when building
+ * for a non-Aarch64 build it will be silently ignored.
+ *
+ * \warning MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT cannot be defined at the
+ * same time as MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY.
+ *
+ * Requires: MBEDTLS_SHA256_C.
+ *
+ * Module:  library/sha256.c
+ *
+ * Uncomment to have the library check for the A64 SHA-256 crypto extensions
+ * and use them if available.
+ */
+//#define MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
+
+/**
+ * \def MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
+ *
+ * Enable acceleration of the SHA-256 and SHA-224 cryptographic hash algorithms
+ * with the ARMv8 cryptographic extensions, which must be available at runtime
+ * or else an illegal instruction fault will occur.
+ *
+ * \note This allows builds with a smaller code size than with
+ * MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
+ *
+ * \warning MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY cannot be defined at the same
+ * time as MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT.
+ *
+ * Requires: MBEDTLS_SHA256_C.
+ *
+ * Module:  library/sha256.c
+ *
+ * Uncomment to have the library use the A64 SHA-256 crypto extensions
+ * unconditionally.
+ */
+//#define MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
+
+/**
+ * \def MBEDTLS_SHA384_C
+ *
+ * Enable the SHA-384 cryptographic hash algorithm.
+ *
+ * Module:  library/sha512.c
+ * Caller:  library/md.c
+ *          library/psa_crypto_hash.c
+ *          library/ssl_tls.c
+ *          library/ssl*_client.c
+ *          library/ssl*_server.c
+ *
+ * Comment to disable SHA-384
+ */
+#define MBEDTLS_SHA384_C
+
+/**
+ * \def MBEDTLS_SHA512_C
+ *
+ * Enable SHA-512 cryptographic hash algorithms.
+ *
+ * Module:  library/sha512.c
+ * Caller:  library/entropy.c
+ *          library/md.c
+ *          library/ssl_tls.c
+ *          library/ssl_cookie.c
+ *
+ * This module adds support for SHA-512.
+ */
+#define MBEDTLS_SHA512_C
+
+/**
+ * \def MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
+ *
+ * Enable acceleration of the SHA-512 and SHA-384 cryptographic hash algorithms
+ * with the ARMv8 cryptographic extensions if they are available at runtime.
+ * If not, the library will fall back to the C implementation.
+ *
+ * \note If MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT is defined when building
+ * for a non-Aarch64 build it will be silently ignored.
+ *
+ * \note The code uses the SHA-512 Neon intrinsics, so requires GCC >= 8 or
+ * Clang >= 7.
+ *
+ * \warning MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT cannot be defined at the
+ * same time as MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY.
+ *
+ * Requires: MBEDTLS_SHA512_C.
+ *
+ * Module:  library/sha512.c
+ *
+ * Uncomment to have the library check for the A64 SHA-512 crypto extensions
+ * and use them if available.
+ */
+//#define MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
+
+/**
+ * \def MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY
+ *
+ * Enable acceleration of the SHA-512 and SHA-384 cryptographic hash algorithms
+ * with the ARMv8 cryptographic extensions, which must be available at runtime
+ * or else an illegal instruction fault will occur.
+ *
+ * \note This allows builds with a smaller code size than with
+ * MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
+ *
+ * \note The code uses the SHA-512 Neon intrinsics, so requires GCC >= 8 or
+ * Clang >= 7.
+ *
+ * \warning MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY cannot be defined at the same
+ * time as MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT.
+ *
+ * Requires: MBEDTLS_SHA512_C.
+ *
+ * Module:  library/sha512.c
+ *
+ * Uncomment to have the library use the A64 SHA-512 crypto extensions
+ * unconditionally.
+ */
+//#define MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY
+
+/**
+ * \def MBEDTLS_SSL_CACHE_C
+ *
+ * Enable simple SSL cache implementation.
+ *
+ * Module:  library/ssl_cache.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_SSL_CACHE_C
+ */
+#define MBEDTLS_SSL_CACHE_C
+
+/**
+ * \def MBEDTLS_SSL_COOKIE_C
+ *
+ * Enable basic implementation of DTLS cookies for hello verification.
+ *
+ * Module:  library/ssl_cookie.c
+ * Caller:
+ */
+#define MBEDTLS_SSL_COOKIE_C
+
+/**
+ * \def MBEDTLS_SSL_TICKET_C
+ *
+ * Enable an implementation of TLS server-side callbacks for session tickets.
+ *
+ * Module:  library/ssl_ticket.c
+ * Caller:
+ *
+ * Requires: (MBEDTLS_CIPHER_C || MBEDTLS_USE_PSA_CRYPTO) &&
+ *           (MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C)
+ */
+#define MBEDTLS_SSL_TICKET_C
+
+/**
+ * \def MBEDTLS_SSL_CLI_C
+ *
+ * Enable the SSL/TLS client code.
+ *
+ * Module:  library/ssl*_client.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_SSL_TLS_C
+ *
+ * This module is required for SSL/TLS client support.
+ */
+#define MBEDTLS_SSL_CLI_C
+
+/**
+ * \def MBEDTLS_SSL_SRV_C
+ *
+ * Enable the SSL/TLS server code.
+ *
+ * Module:  library/ssl*_server.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_SSL_TLS_C
+ *
+ * This module is required for SSL/TLS server support.
+ */
+#define MBEDTLS_SSL_SRV_C
+
+/**
+ * \def MBEDTLS_SSL_TLS_C
+ *
+ * Enable the generic SSL/TLS code.
+ *
+ * Module:  library/ssl_tls.c
+ * Caller:  library/ssl*_client.c
+ *          library/ssl*_server.c
+ *
+ * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C
+ *           and at least one of the MBEDTLS_SSL_PROTO_XXX defines
+ *
+ * This module is required for SSL/TLS.
+ */
+#define MBEDTLS_SSL_TLS_C
+
+/**
+ * \def MBEDTLS_THREADING_C
+ *
+ * Enable the threading abstraction layer.
+ * By default mbed TLS assumes it is used in a non-threaded environment or that
+ * contexts are not shared between threads. If you do intend to use contexts
+ * between threads, you will need to enable this layer to prevent race
+ * conditions. See also our Knowledge Base article about threading:
+ * https://mbed-tls.readthedocs.io/en/latest/kb/development/thread-safety-and-multi-threading
+ *
+ * Module:  library/threading.c
+ *
+ * This allows different threading implementations (self-implemented or
+ * provided).
+ *
+ * You will have to enable either MBEDTLS_THREADING_ALT or
+ * MBEDTLS_THREADING_PTHREAD.
+ *
+ * Enable this layer to allow use of mutexes within mbed TLS
+ */
+//#define MBEDTLS_THREADING_C
+
+/**
+ * \def MBEDTLS_TIMING_C
+ *
+ * Enable the semi-portable timing interface.
+ *
+ * \note The provided implementation only works on POSIX/Unix (including Linux,
+ * BSD and OS X) and Windows. On other platforms, you can either disable that
+ * module and provide your own implementations of the callbacks needed by
+ * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide
+ * your own implementation of the whole module by setting
+ * \c MBEDTLS_TIMING_ALT in the current file.
+ *
+ * \note The timing module will include time.h on suitable platforms
+ *       regardless of the setting of MBEDTLS_HAVE_TIME, unless
+ *       MBEDTLS_TIMING_ALT is used. See timing.c for more information.
+ *
+ * \note See also our Knowledge Base article about porting to a new
+ * environment:
+ * https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
+ *
+ * Module:  library/timing.c
+ */
+//#define MBEDTLS_TIMING_C
+
+/**
+ * \def MBEDTLS_VERSION_C
+ *
+ * Enable run-time version information.
+ *
+ * Module:  library/version.c
+ *
+ * This module provides run-time version information.
+ */
+#define MBEDTLS_VERSION_C
+
+/**
+ * \def MBEDTLS_X509_USE_C
+ *
+ * Enable X.509 core for using certificates.
+ *
+ * Module:  library/x509.c
+ * Caller:  library/x509_crl.c
+ *          library/x509_crt.c
+ *          library/x509_csr.c
+ *
+ * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C,
+ *           (MBEDTLS_MD_C or MBEDTLS_USE_PSA_CRYPTO)
+ *
+ * \warning If building with MBEDTLS_USE_PSA_CRYPTO, you must call
+ * psa_crypto_init() before doing any X.509 operation.
+ *
+ * This module is required for the X.509 parsing modules.
+ */
+#define MBEDTLS_X509_USE_C
+
+/**
+ * \def MBEDTLS_X509_CRT_PARSE_C
+ *
+ * Enable X.509 certificate parsing.
+ *
+ * Module:  library/x509_crt.c
+ * Caller:  library/ssl_tls.c
+ *          library/ssl*_client.c
+ *          library/ssl*_server.c
+ *
+ * Requires: MBEDTLS_X509_USE_C
+ *
+ * This module is required for X.509 certificate parsing.
+ */
+#define MBEDTLS_X509_CRT_PARSE_C
+
+/**
+ * \def MBEDTLS_X509_CRL_PARSE_C
+ *
+ * Enable X.509 CRL parsing.
+ *
+ * Module:  library/x509_crl.c
+ * Caller:  library/x509_crt.c
+ *
+ * Requires: MBEDTLS_X509_USE_C
+ *
+ * This module is required for X.509 CRL parsing.
+ */
+#define MBEDTLS_X509_CRL_PARSE_C
+
+/**
+ * \def MBEDTLS_X509_CSR_PARSE_C
+ *
+ * Enable X.509 Certificate Signing Request (CSR) parsing.
+ *
+ * Module:  library/x509_csr.c
+ * Caller:  library/x509_crt_write.c
+ *
+ * Requires: MBEDTLS_X509_USE_C
+ *
+ * This module is used for reading X.509 certificate request.
+ */
+#define MBEDTLS_X509_CSR_PARSE_C
+
+/**
+ * \def MBEDTLS_X509_CREATE_C
+ *
+ * Enable X.509 core for creating certificates.
+ *
+ * Module:  library/x509_create.c
+ *
+ * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C,
+ *           (MBEDTLS_MD_C or MBEDTLS_USE_PSA_CRYPTO)
+ *
+ * \warning If building with MBEDTLS_USE_PSA_CRYPTO, you must call
+ * psa_crypto_init() before doing any X.509 create operation.
+ *
+ * This module is the basis for creating X.509 certificates and CSRs.
+ */
+#define MBEDTLS_X509_CREATE_C
+
+/**
+ * \def MBEDTLS_X509_CRT_WRITE_C
+ *
+ * Enable creating X.509 certificates.
+ *
+ * Module:  library/x509_crt_write.c
+ *
+ * Requires: MBEDTLS_X509_CREATE_C
+ *
+ * This module is required for X.509 certificate creation.
+ */
+#define MBEDTLS_X509_CRT_WRITE_C
+
+/**
+ * \def MBEDTLS_X509_CSR_WRITE_C
+ *
+ * Enable creating X.509 Certificate Signing Requests (CSR).
+ *
+ * Module:  library/x509_csr_write.c
+ *
+ * Requires: MBEDTLS_X509_CREATE_C
+ *
+ * This module is required for X.509 certificate request writing.
+ */
+#define MBEDTLS_X509_CSR_WRITE_C
+
+/** \} name SECTION: mbed TLS modules */
+
+/**
+ * \name SECTION: General configuration options
+ *
+ * This section contains Mbed TLS build settings that are not associated
+ * with a particular module.
+ *
+ * \{
+ */
+
+/**
+ * \def MBEDTLS_CONFIG_FILE
+ *
+ * If defined, this is a header which will be included instead of
+ * `"mbedtls/mbedtls_config.h"`.
+ * This header file specifies the compile-time configuration of Mbed TLS.
+ * Unlike other configuration options, this one must be defined on the
+ * compiler command line: a definition in `mbedtls_config.h` would have
+ * no effect.
+ *
+ * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
+ * non-standard feature of the C language, so this feature is only available
+ * with compilers that perform macro expansion on an <tt>\#include</tt> line.
+ *
+ * The value of this symbol is typically a path in double quotes, either
+ * absolute or relative to a directory on the include search path.
+ */
+//#define MBEDTLS_CONFIG_FILE "mbedtls/mbedtls_config.h"
+
+/**
+ * \def MBEDTLS_USER_CONFIG_FILE
+ *
+ * If defined, this is a header which will be included after
+ * `"mbedtls/mbedtls_config.h"` or #MBEDTLS_CONFIG_FILE.
+ * This allows you to modify the default configuration, including the ability
+ * to undefine options that are enabled by default.
+ *
+ * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
+ * non-standard feature of the C language, so this feature is only available
+ * with compilers that perform macro expansion on an <tt>\#include</tt> line.
+ *
+ * The value of this symbol is typically a path in double quotes, either
+ * absolute or relative to a directory on the include search path.
+ */
+//#define MBEDTLS_USER_CONFIG_FILE "/dev/null"
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_CONFIG_FILE
+ *
+ * If defined, this is a header which will be included instead of
+ * `"psa/crypto_config.h"`.
+ * This header file specifies which cryptographic mechanisms are available
+ * through the PSA API when #MBEDTLS_PSA_CRYPTO_CONFIG is enabled, and
+ * is not used when #MBEDTLS_PSA_CRYPTO_CONFIG is disabled.
+ *
+ * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
+ * non-standard feature of the C language, so this feature is only available
+ * with compilers that perform macro expansion on an <tt>\#include</tt> line.
+ *
+ * The value of this symbol is typically a path in double quotes, either
+ * absolute or relative to a directory on the include search path.
+ */
+//#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "psa/crypto_config.h"
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE
+ *
+ * If defined, this is a header which will be included after
+ * `"psa/crypto_config.h"` or #MBEDTLS_PSA_CRYPTO_CONFIG_FILE.
+ * This allows you to modify the default configuration, including the ability
+ * to undefine options that are enabled by default.
+ *
+ * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
+ * non-standard feature of the C language, so this feature is only available
+ * with compilers that perform macro expansion on an <tt>\#include</tt> line.
+ *
+ * The value of this symbol is typically a path in double quotes, either
+ * absolute or relative to a directory on the include search path.
+ */
+//#define MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE "/dev/null"
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_PLATFORM_FILE
+ *
+ * If defined, this is a header which will be included instead of
+ * `"psa/crypto_platform.h"`. This file should declare the same identifiers
+ * as the one in Mbed TLS, but with definitions adapted to the platform on
+ * which the library code will run.
+ *
+ * \note The required content of this header can vary from one version of
+ *       Mbed TLS to the next. Integrators who provide an alternative file
+ *       should review the changes in the original file whenever they
+ *       upgrade Mbed TLS.
+ *
+ * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
+ * non-standard feature of the C language, so this feature is only available
+ * with compilers that perform macro expansion on an <tt>\#include</tt> line.
+ *
+ * The value of this symbol is typically a path in double quotes, either
+ * absolute or relative to a directory on the include search path.
+ */
+//#define MBEDTLS_PSA_CRYPTO_PLATFORM_FILE "psa/crypto_platform_alt.h"
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_STRUCT_FILE
+ *
+ * If defined, this is a header which will be included instead of
+ * `"psa/crypto_struct.h"`. This file should declare the same identifiers
+ * as the one in Mbed TLS, but with definitions adapted to the environment
+ * in which the library code will run. The typical use for this feature
+ * is to provide alternative type definitions on the client side in
+ * client-server integrations of PSA crypto, where operation structures
+ * contain handles instead of cryptographic data.
+ *
+ * \note The required content of this header can vary from one version of
+ *       Mbed TLS to the next. Integrators who provide an alternative file
+ *       should review the changes in the original file whenever they
+ *       upgrade Mbed TLS.
+ *
+ * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
+ * non-standard feature of the C language, so this feature is only available
+ * with compilers that perform macro expansion on an <tt>\#include</tt> line.
+ *
+ * The value of this symbol is typically a path in double quotes, either
+ * absolute or relative to a directory on the include search path.
+ */
+//#define MBEDTLS_PSA_CRYPTO_STRUCT_FILE "psa/crypto_struct_alt.h"
+
+/** \} name SECTION: General configuration options */
+
+/**
+ * \name SECTION: Module configuration options
+ *
+ * This section allows for the setting of module specific sizes and
+ * configuration options. The default values are already present in the
+ * relevant header files and should suffice for the regular use cases.
+ *
+ * Our advice is to enable options and change their values here
+ * only if you have a good reason and know the consequences.
+ * \{
+ */
+/* The Doxygen documentation here is used when a user comments out a
+ * setting and runs doxygen themselves. On the other hand, when we typeset
+ * the full documentation including disabled settings, the documentation
+ * in specific modules' header files is used if present. When editing this
+ * file, make sure that each option is documented in exactly one place,
+ * plus optionally a same-line Doxygen comment here if there is a Doxygen
+ * comment in the specific module. */
+
+/* MPI / BIGNUM options */
+//#define MBEDTLS_MPI_WINDOW_SIZE            2 /**< Maximum window size used. */
+//#define MBEDTLS_MPI_MAX_SIZE            1024 /**< Maximum number of bytes for usable MPIs. */
+
+/* CTR_DRBG options */
+//#define MBEDTLS_CTR_DRBG_ENTROPY_LEN               48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
+//#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL        10000 /**< Interval before reseed is performed by default */
+//#define MBEDTLS_CTR_DRBG_MAX_INPUT                256 /**< Maximum number of additional input bytes */
+//#define MBEDTLS_CTR_DRBG_MAX_REQUEST             1024 /**< Maximum number of requested bytes per call */
+//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT           384 /**< Maximum size of (re)seed buffer */
+
+/* HMAC_DRBG options */
+//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL   10000 /**< Interval before reseed is performed by default */
+//#define MBEDTLS_HMAC_DRBG_MAX_INPUT           256 /**< Maximum number of additional input bytes */
+//#define MBEDTLS_HMAC_DRBG_MAX_REQUEST        1024 /**< Maximum number of requested bytes per call */
+//#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT      384 /**< Maximum size of (re)seed buffer */
+
+/* ECP options */
+//#define MBEDTLS_ECP_WINDOW_SIZE            4 /**< Maximum window size used */
+//#define MBEDTLS_ECP_FIXED_POINT_OPTIM      1 /**< Enable fixed-point speed-up */
+
+/* Entropy options */
+//#define MBEDTLS_ENTROPY_MAX_SOURCES                20 /**< Maximum number of sources supported */
+//#define MBEDTLS_ENTROPY_MAX_GATHER                128 /**< Maximum amount requested from entropy sources */
+//#define MBEDTLS_ENTROPY_MIN_HARDWARE               32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */
+
+/* Memory buffer allocator options */
+//#define MBEDTLS_MEMORY_ALIGN_MULTIPLE      4 /**< Align on multiples of this value */
+
+/* Platform options */
+//#define MBEDTLS_PLATFORM_STD_MEM_HDR   <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
+//#define MBEDTLS_PLATFORM_STD_CALLOC        calloc /**< Default allocator to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_FREE            free /**< Default free to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_SETBUF      setbuf /**< Default setbuf to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_EXIT            exit /**< Default exit to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_TIME            time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
+//#define MBEDTLS_PLATFORM_STD_FPRINTF      fprintf /**< Default fprintf to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_PRINTF        printf /**< Default printf to use, can be undefined */
+/* Note: your snprintf must correctly zero-terminate the buffer! */
+//#define MBEDTLS_PLATFORM_STD_SNPRINTF    snprintf /**< Default snprintf to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS       0 /**< Default exit value to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE       1 /**< Default exit value to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_NV_SEED_READ   mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE  mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE  "seedfile" /**< Seed file to read/write with default implementation */
+
+/* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */
+/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */
+//#define MBEDTLS_PLATFORM_CALLOC_MACRO        calloc /**< Default allocator macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_FREE_MACRO            free /**< Default free macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_EXIT_MACRO            exit /**< Default exit macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_SETBUF_MACRO      setbuf /**< Default setbuf macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_TIME_MACRO            time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
+//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO       time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
+//#define MBEDTLS_PLATFORM_FPRINTF_MACRO      fprintf /**< Default fprintf macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_PRINTF_MACRO        printf /**< Default printf macro to use, can be undefined */
+/* Note: your snprintf must correctly zero-terminate the buffer! */
+//#define MBEDTLS_PLATFORM_SNPRINTF_MACRO    snprintf /**< Default snprintf macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_VSNPRINTF_MACRO    vsnprintf /**< Default vsnprintf macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO   mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
+//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO  mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
+
+/** \def MBEDTLS_CHECK_RETURN
+ *
+ * This macro is used at the beginning of the declaration of a function
+ * to indicate that its return value should be checked. It should
+ * instruct the compiler to emit a warning or an error if the function
+ * is called without checking its return value.
+ *
+ * There is a default implementation for popular compilers in platform_util.h.
+ * You can override the default implementation by defining your own here.
+ *
+ * If the implementation here is empty, this will effectively disable the
+ * checking of functions' return values.
+ */
+//#define MBEDTLS_CHECK_RETURN __attribute__((__warn_unused_result__))
+
+/** \def MBEDTLS_IGNORE_RETURN
+ *
+ * This macro requires one argument, which should be a C function call.
+ * If that function call would cause a #MBEDTLS_CHECK_RETURN warning, this
+ * warning is suppressed.
+ */
+//#define MBEDTLS_IGNORE_RETURN( result ) ((void) !(result))
+
+/* PSA options */
+/**
+ * Use HMAC_DRBG with the specified hash algorithm for HMAC_DRBG for the
+ * PSA crypto subsystem.
+ *
+ * If this option is unset:
+ * - If CTR_DRBG is available, the PSA subsystem uses it rather than HMAC_DRBG.
+ * - Otherwise, the PSA subsystem uses HMAC_DRBG with either
+ *   #MBEDTLS_MD_SHA512 or #MBEDTLS_MD_SHA256 based on availability and
+ *   on unspecified heuristics.
+ */
+//#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256
+
+/** \def MBEDTLS_PSA_KEY_SLOT_COUNT
+ * Restrict the PSA library to supporting a maximum amount of simultaneously
+ * loaded keys. A loaded key is a key stored by the PSA Crypto core as a
+ * volatile key, or a persistent key which is loaded temporarily by the
+ * library as part of a crypto operation in flight.
+ *
+ * If this option is unset, the library will fall back to a default value of
+ * 32 keys.
+ */
+//#define MBEDTLS_PSA_KEY_SLOT_COUNT 32
+
+/* SSL Cache options */
+//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT       86400 /**< 1 day  */
+//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES      50 /**< Maximum entries in cache */
+
+/* SSL options */
+
+/** \def MBEDTLS_SSL_IN_CONTENT_LEN
+ *
+ * Maximum length (in bytes) of incoming plaintext fragments.
+ *
+ * This determines the size of the incoming TLS I/O buffer in such a way
+ * that it is capable of holding the specified amount of plaintext data,
+ * regardless of the protection mechanism used.
+ *
+ * \note When using a value less than the default of 16KB on the client, it is
+ *       recommended to use the Maximum Fragment Length (MFL) extension to
+ *       inform the server about this limitation. On the server, there
+ *       is no supported, standardized way of informing the client about
+ *       restriction on the maximum size of incoming messages, and unless
+ *       the limitation has been communicated by other means, it is recommended
+ *       to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN
+ *       while keeping the default value of 16KB for the incoming buffer.
+ *
+ * Uncomment to set the maximum plaintext size of the incoming I/O buffer.
+ */
+//#define MBEDTLS_SSL_IN_CONTENT_LEN              16384
+
+/** \def MBEDTLS_SSL_CID_IN_LEN_MAX
+ *
+ * The maximum length of CIDs used for incoming DTLS messages.
+ *
+ */
+//#define MBEDTLS_SSL_CID_IN_LEN_MAX 32
+
+/** \def MBEDTLS_SSL_CID_OUT_LEN_MAX
+ *
+ * The maximum length of CIDs used for outgoing DTLS messages.
+ *
+ */
+//#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32
+
+/** \def MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY
+ *
+ * This option controls the use of record plaintext padding
+ * in TLS 1.3 and when using the Connection ID extension in DTLS 1.2.
+ *
+ * The padding will always be chosen so that the length of the
+ * padded plaintext is a multiple of the value of this option.
+ *
+ * Note: A value of \c 1 means that no padding will be used
+ *       for outgoing records.
+ *
+ * Note: On systems lacking division instructions,
+ *       a power of two should be preferred.
+ */
+//#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16
+
+/** \def MBEDTLS_SSL_OUT_CONTENT_LEN
+ *
+ * Maximum length (in bytes) of outgoing plaintext fragments.
+ *
+ * This determines the size of the outgoing TLS I/O buffer in such a way
+ * that it is capable of holding the specified amount of plaintext data,
+ * regardless of the protection mechanism used.
+ *
+ * It is possible to save RAM by setting a smaller outward buffer, while keeping
+ * the default inward 16384 byte buffer to conform to the TLS specification.
+ *
+ * The minimum required outward buffer size is determined by the handshake
+ * protocol's usage. Handshaking will fail if the outward buffer is too small.
+ * The specific size requirement depends on the configured ciphers and any
+ * certificate data which is sent during the handshake.
+ *
+ * Uncomment to set the maximum plaintext size of the outgoing I/O buffer.
+ */
+//#define MBEDTLS_SSL_OUT_CONTENT_LEN             16384
+
+/** \def MBEDTLS_SSL_DTLS_MAX_BUFFERING
+ *
+ * Maximum number of heap-allocated bytes for the purpose of
+ * DTLS handshake message reassembly and future message buffering.
+ *
+ * This should be at least 9/8 * MBEDTLS_SSL_IN_CONTENT_LEN
+ * to account for a reassembled handshake message of maximum size,
+ * together with its reassembly bitmap.
+ *
+ * A value of 2 * MBEDTLS_SSL_IN_CONTENT_LEN (32768 by default)
+ * should be sufficient for all practical situations as it allows
+ * to reassembly a large handshake message (such as a certificate)
+ * while buffering multiple smaller handshake messages.
+ *
+ */
+//#define MBEDTLS_SSL_DTLS_MAX_BUFFERING             32768
+
+//#define MBEDTLS_PSK_MAX_LEN               32 /**< Max size of TLS pre-shared keys, in bytes (default 256 or 384 bits) */
+//#define MBEDTLS_SSL_COOKIE_TIMEOUT        60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
+
+/**
+ * Complete list of ciphersuites to use, in order of preference.
+ *
+ * \warning No dependency checking is done on that field! This option can only
+ * be used to restrict the set of available ciphersuites. It is your
+ * responsibility to make sure the needed modules are active.
+ *
+ * Use this to save a few hundred bytes of ROM (default ordering of all
+ * available ciphersuites) and a few to a few hundred bytes of RAM.
+ *
+ * The value below is only an example, not the default.
+ */
+//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+
+/**
+ * \def MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE
+ *
+ * Maximum time difference in milliseconds tolerated between the age of a
+ * ticket from the server and client point of view.
+ * From the client point of view, the age of a ticket is the time difference
+ * between the time when the client proposes to the server to use the ticket
+ * (time of writing of the Pre-Shared Key Extension including the ticket) and
+ * the time the client received the ticket from the server.
+ * From the server point of view, the age of a ticket is the time difference
+ * between the time when the server receives a proposition from the client
+ * to use the ticket and the time when the ticket was created by the server.
+ * The server age is expected to be always greater than the client one and
+ * MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE defines the
+ * maximum difference tolerated for the server to accept the ticket.
+ * This is not used in TLS 1.2.
+ *
+ */
+#define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000
+
+/**
+ * \def MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH
+ *
+ * Size in bytes of a ticket nonce. This is not used in TLS 1.2.
+ *
+ * This must be less than 256.
+ */
+#define MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH 32
+
+/**
+ * \def MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS
+ *
+ * Default number of NewSessionTicket messages to be sent by a TLS 1.3 server
+ * after handshake completion. This is not used in TLS 1.2 and relevant only if
+ * the MBEDTLS_SSL_SESSION_TICKETS option is enabled.
+ *
+ */
+#define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS 1
+
+/* X509 options */
+//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA   8   /**< Maximum number of intermediate CAs in a verification chain. */
+//#define MBEDTLS_X509_MAX_FILE_PATH_LEN     512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */
+
+/**
+ * Uncomment the macro to let mbed TLS use your alternate implementation of
+ * mbedtls_platform_zeroize(). This replaces the default implementation in
+ * platform_util.c.
+ *
+ * mbedtls_platform_zeroize() is a widely used function across the library to
+ * zero a block of memory. The implementation is expected to be secure in the
+ * sense that it has been written to prevent the compiler from removing calls
+ * to mbedtls_platform_zeroize() as part of redundant code elimination
+ * optimizations. However, it is difficult to guarantee that calls to
+ * mbedtls_platform_zeroize() will not be optimized by the compiler as older
+ * versions of the C language standards do not provide a secure implementation
+ * of memset(). Therefore, MBEDTLS_PLATFORM_ZEROIZE_ALT enables users to
+ * configure their own implementation of mbedtls_platform_zeroize(), for
+ * example by using directives specific to their compiler, features from newer
+ * C standards (e.g using memset_s() in C11) or calling a secure memset() from
+ * their system (e.g explicit_bzero() in BSD).
+ */
+#define MBEDTLS_PLATFORM_ZEROIZE_ALT
+
+/**
+ * Uncomment the macro to let Mbed TLS use your alternate implementation of
+ * mbedtls_platform_gmtime_r(). This replaces the default implementation in
+ * platform_util.c.
+ *
+ * gmtime() is not a thread-safe function as defined in the C standard. The
+ * library will try to use safer implementations of this function, such as
+ * gmtime_r() when available. However, if Mbed TLS cannot identify the target
+ * system, the implementation of mbedtls_platform_gmtime_r() will default to
+ * using the standard gmtime(). In this case, calls from the library to
+ * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex
+ * if MBEDTLS_THREADING_C is enabled. We recommend that calls from outside the
+ * library are also guarded with this mutex to avoid race conditions. However,
+ * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will
+ * unconditionally use the implementation for mbedtls_platform_gmtime_r()
+ * supplied at compile time.
+ */
+//#define MBEDTLS_PLATFORM_GMTIME_R_ALT
+
+/**
+ * Enable the verified implementations of ECDH primitives from Project Everest
+ * (currently only Curve25519). This feature changes the layout of ECDH
+ * contexts and therefore is a compatibility break for applications that access
+ * fields of a mbedtls_ecdh_context structure directly. See also
+ * MBEDTLS_ECDH_LEGACY_CONTEXT in include/mbedtls/ecdh.h.
+ */
+//#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
+
+/** \} name SECTION: Module configuration options */
diff --git a/esp-mbedtls-sys/src/bindings.rs b/esp-mbedtls-sys/src/bindings.rs
deleted file mode 100644
index 6fbb936..0000000
--- a/esp-mbedtls-sys/src/bindings.rs
+++ /dev/null
@@ -1,22616 +0,0 @@
-/* automatically generated by rust-bindgen 0.59.2 */
-
-#![allow(
-    non_camel_case_types,
-    non_snake_case,
-    non_upper_case_globals,
-    dead_code
-)]
-
-#[repr(C)]
-#[derive(Copy, Clone, Debug, Default, Eq, Hash, Ord, PartialEq, PartialOrd)]
-pub struct __BindgenBitfieldUnit<Storage> {
-    storage: Storage,
-}
-impl<Storage> __BindgenBitfieldUnit<Storage> {
-    #[inline]
-    pub const fn new(storage: Storage) -> Self {
-        Self { storage }
-    }
-}
-impl<Storage> __BindgenBitfieldUnit<Storage>
-where
-    Storage: AsRef<[u8]> + AsMut<[u8]>,
-{
-    #[inline]
-    pub fn get_bit(&self, index: usize) -> bool {
-        debug_assert!(index / 8 < self.storage.as_ref().len());
-        let byte_index = index / 8;
-        let byte = self.storage.as_ref()[byte_index];
-        let bit_index = if cfg!(target_endian = "big") {
-            7 - (index % 8)
-        } else {
-            index % 8
-        };
-        let mask = 1 << bit_index;
-        byte & mask == mask
-    }
-    #[inline]
-    pub fn set_bit(&mut self, index: usize, val: bool) {
-        debug_assert!(index / 8 < self.storage.as_ref().len());
-        let byte_index = index / 8;
-        let byte = &mut self.storage.as_mut()[byte_index];
-        let bit_index = if cfg!(target_endian = "big") {
-            7 - (index % 8)
-        } else {
-            index % 8
-        };
-        let mask = 1 << bit_index;
-        if val {
-            *byte |= mask;
-        } else {
-            *byte &= !mask;
-        }
-    }
-    #[inline]
-    pub fn get(&self, bit_offset: usize, bit_width: u8) -> u64 {
-        debug_assert!(bit_width <= 64);
-        debug_assert!(bit_offset / 8 < self.storage.as_ref().len());
-        debug_assert!((bit_offset + (bit_width as usize)) / 8 <= self.storage.as_ref().len());
-        let mut val = 0;
-        for i in 0..(bit_width as usize) {
-            if self.get_bit(i + bit_offset) {
-                let index = if cfg!(target_endian = "big") {
-                    bit_width as usize - 1 - i
-                } else {
-                    i
-                };
-                val |= 1 << index;
-            }
-        }
-        val
-    }
-    #[inline]
-    pub fn set(&mut self, bit_offset: usize, bit_width: u8, val: u64) {
-        debug_assert!(bit_width <= 64);
-        debug_assert!(bit_offset / 8 < self.storage.as_ref().len());
-        debug_assert!((bit_offset + (bit_width as usize)) / 8 <= self.storage.as_ref().len());
-        for i in 0..(bit_width as usize) {
-            let mask = 1 << i;
-            let val_bit_is_set = val & mask == mask;
-            let index = if cfg!(target_endian = "big") {
-                bit_width as usize - 1 - i
-            } else {
-                i
-            };
-            self.set_bit(index + bit_offset, val_bit_is_set);
-        }
-    }
-}
-pub const MBEDTLS_CONFIG_FILE: &[u8; 9usize] = b"config.h\0";
-pub const MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT: u32 = 0;
-pub const MBEDTLS_SSL_MAX_EARLY_DATA_SIZE: u32 = 1024;
-pub const MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE: u32 = 6000;
-pub const MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH: u32 = 32;
-pub const MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS: u32 = 1;
-pub const MBEDTLS_VERSION_MAJOR: u32 = 3;
-pub const MBEDTLS_VERSION_MINOR: u32 = 4;
-pub const MBEDTLS_VERSION_PATCH: u32 = 0;
-pub const MBEDTLS_VERSION_NUMBER: u32 = 50593792;
-pub const MBEDTLS_VERSION_STRING: &[u8; 6usize] = b"3.4.0\0";
-pub const MBEDTLS_VERSION_STRING_FULL: &[u8; 15usize] = b"mbed TLS 3.4.0\0";
-pub const MBEDTLS_PSA_BUILTIN_ALG_CCM: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG: u32 = 1;
-pub const PSA_WANT_ALG_CCM: u32 = 1;
-pub const PSA_WANT_ALG_CCM_STAR_NO_TAG: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_ALG_CMAC: u32 = 1;
-pub const PSA_WANT_ALG_CMAC: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_ALG_ECDH: u32 = 1;
-pub const PSA_WANT_ALG_ECDH: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_ALG_ECDSA: u32 = 1;
-pub const PSA_WANT_ALG_ECDSA: u32 = 1;
-pub const PSA_WANT_ALG_ECDSA_ANY: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA: u32 = 1;
-pub const PSA_WANT_ALG_DETERMINISTIC_ECDSA: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR: u32 = 1;
-pub const PSA_WANT_KEY_TYPE_ECC_KEY_PAIR: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY: u32 = 1;
-pub const PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_ALG_GCM: u32 = 1;
-pub const PSA_WANT_ALG_GCM: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_ALG_HMAC: u32 = 1;
-pub const PSA_WANT_ALG_HMAC: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_ALG_HKDF: u32 = 1;
-pub const PSA_WANT_ALG_HKDF: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT: u32 = 1;
-pub const PSA_WANT_ALG_HKDF_EXTRACT: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND: u32 = 1;
-pub const PSA_WANT_ALG_HKDF_EXPAND: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF: u32 = 1;
-pub const PSA_WANT_ALG_TLS12_PRF: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS: u32 = 1;
-pub const PSA_WANT_ALG_TLS12_PSK_TO_MS: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_ALG_MD5: u32 = 1;
-pub const PSA_WANT_ALG_MD5: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_PAKE: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_ALG_JPAKE: u32 = 1;
-pub const PSA_WANT_ALG_JPAKE: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160: u32 = 1;
-pub const PSA_WANT_ALG_RIPEMD160: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT: u32 = 1;
-pub const PSA_WANT_ALG_RSA_PKCS1V15_CRYPT: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN: u32 = 1;
-pub const PSA_WANT_ALG_RSA_PKCS1V15_SIGN: u32 = 1;
-pub const PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP: u32 = 1;
-pub const PSA_WANT_ALG_RSA_OAEP: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS: u32 = 1;
-pub const PSA_WANT_ALG_RSA_PSS: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR: u32 = 1;
-pub const PSA_WANT_KEY_TYPE_RSA_KEY_PAIR: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY: u32 = 1;
-pub const PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_ALG_SHA_1: u32 = 1;
-pub const PSA_WANT_ALG_SHA_1: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_ALG_SHA_224: u32 = 1;
-pub const PSA_WANT_ALG_SHA_224: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_ALG_SHA_256: u32 = 1;
-pub const PSA_WANT_ALG_SHA_256: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_ALG_SHA_384: u32 = 1;
-pub const PSA_WANT_ALG_SHA_384: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_ALG_SHA_512: u32 = 1;
-pub const PSA_WANT_ALG_SHA_512: u32 = 1;
-pub const PSA_WANT_KEY_TYPE_AES: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES: u32 = 1;
-pub const PSA_WANT_KEY_TYPE_ARIA: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA: u32 = 1;
-pub const PSA_WANT_KEY_TYPE_CAMELLIA: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA: u32 = 1;
-pub const PSA_WANT_KEY_TYPE_DES: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS: u32 = 1;
-pub const PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS: u32 = 1;
-pub const PSA_WANT_KEY_TYPE_CHACHA20: u32 = 1;
-pub const PSA_WANT_ALG_STREAM_CIPHER: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER: u32 = 1;
-pub const PSA_WANT_ALG_CHACHA20_POLY1305: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING: u32 = 1;
-pub const PSA_WANT_ALG_CBC_NO_PADDING: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7: u32 = 1;
-pub const PSA_WANT_ALG_CBC_PKCS7: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING: u32 = 1;
-pub const PSA_WANT_ALG_ECB_NO_PADDING: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_ALG_CFB: u32 = 1;
-pub const PSA_WANT_ALG_CFB: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_ALG_CTR: u32 = 1;
-pub const PSA_WANT_ALG_CTR: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_ALG_OFB: u32 = 1;
-pub const PSA_WANT_ALG_OFB: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256: u32 = 1;
-pub const PSA_HAVE_FULL_ECDSA: u32 = 1;
-pub const PSA_HAVE_FULL_JPAKE: u32 = 1;
-pub const PSA_WANT_KEY_TYPE_DERIVE: u32 = 1;
-pub const PSA_WANT_KEY_TYPE_PASSWORD: u32 = 1;
-pub const PSA_WANT_KEY_TYPE_PASSWORD_HASH: u32 = 1;
-pub const PSA_WANT_KEY_TYPE_RAW_DATA: u32 = 1;
-pub const _LIBC_LIMITS_H_: u32 = 1;
-pub const __NEWLIB_H__: u32 = 1;
-pub const _NEWLIB_VERSION_H__: u32 = 1;
-pub const _NEWLIB_VERSION: &[u8; 6usize] = b"3.3.0\0";
-pub const __NEWLIB__: u32 = 3;
-pub const __NEWLIB_MINOR__: u32 = 3;
-pub const __NEWLIB_PATCHLEVEL__: u32 = 0;
-pub const _WANT_IO_C99_FORMATS: u32 = 1;
-pub const _WANT_IO_LONG_LONG: u32 = 1;
-pub const _WANT_IO_POS_ARGS: u32 = 1;
-pub const _WANT_REENT_SMALL: u32 = 1;
-pub const _REENT_CHECK_VERIFY: u32 = 1;
-pub const _MB_LEN_MAX: u32 = 1;
-pub const _ICONV_ENABLED: u32 = 1;
-pub const HAVE_INITFINI_ARRAY: u32 = 1;
-pub const _ATEXIT_DYNAMIC_ALLOC: u32 = 1;
-pub const _HAVE_LONG_DOUBLE: u32 = 1;
-pub const _HAVE_CC_INHIBIT_LOOP_TO_LIBCALL: u32 = 1;
-pub const _FVWRITE_IN_STREAMIO: u32 = 1;
-pub const _FSEEK_OPTIMIZATION: u32 = 1;
-pub const _UNBUF_STREAM_OPT: u32 = 1;
-pub const _RETARGETABLE_LOCKING: u32 = 1;
-pub const _WANT_USE_LONG_TIME_T: u32 = 1;
-pub const _DEFAULT_SOURCE: u32 = 1;
-pub const _POSIX_SOURCE: u32 = 1;
-pub const _POSIX_C_SOURCE: u32 = 200809;
-pub const _ATFILE_SOURCE: u32 = 1;
-pub const __ATFILE_VISIBLE: u32 = 1;
-pub const __BSD_VISIBLE: u32 = 1;
-pub const __GNU_VISIBLE: u32 = 0;
-pub const __ISO_C_VISIBLE: u32 = 2011;
-pub const __LARGEFILE_VISIBLE: u32 = 0;
-pub const __MISC_VISIBLE: u32 = 1;
-pub const __POSIX_VISIBLE: u32 = 200809;
-pub const __SVID_VISIBLE: u32 = 1;
-pub const __XSI_VISIBLE: u32 = 0;
-pub const __SSP_FORTIFY_LEVEL: u32 = 0;
-pub const _POSIX_THREADS: u32 = 1;
-pub const _POSIX_TIMEOUTS: u32 = 1;
-pub const _POSIX_TIMERS: u32 = 1;
-pub const _POSIX_MONOTONIC_CLOCK: u32 = 200112;
-pub const _POSIX_CLOCK_SELECTION: u32 = 200112;
-pub const _UNIX98_THREAD_MUTEX_ATTRIBUTES: u32 = 1;
-pub const __have_longlong64: u32 = 1;
-pub const __have_long32: u32 = 1;
-pub const ___int8_t_defined: u32 = 1;
-pub const ___int16_t_defined: u32 = 1;
-pub const ___int32_t_defined: u32 = 1;
-pub const ___int64_t_defined: u32 = 1;
-pub const ___int_least8_t_defined: u32 = 1;
-pub const ___int_least16_t_defined: u32 = 1;
-pub const ___int_least32_t_defined: u32 = 1;
-pub const ___int_least64_t_defined: u32 = 1;
-pub const __GNUCLIKE_ASM: u32 = 3;
-pub const __GNUCLIKE___TYPEOF: u32 = 1;
-pub const __GNUCLIKE___OFFSETOF: u32 = 1;
-pub const __GNUCLIKE___SECTION: u32 = 1;
-pub const __GNUCLIKE_CTOR_SECTION_HANDLING: u32 = 1;
-pub const __GNUCLIKE_BUILTIN_CONSTANT_P: u32 = 1;
-pub const __GNUCLIKE_BUILTIN_VARARGS: u32 = 1;
-pub const __GNUCLIKE_BUILTIN_STDARG: u32 = 1;
-pub const __GNUCLIKE_BUILTIN_VAALIST: u32 = 1;
-pub const __GNUC_VA_LIST_COMPATIBILITY: u32 = 1;
-pub const __GNUCLIKE_BUILTIN_NEXT_ARG: u32 = 1;
-pub const __GNUCLIKE_BUILTIN_MEMCPY: u32 = 1;
-pub const __CC_SUPPORTS_INLINE: u32 = 1;
-pub const __CC_SUPPORTS___INLINE: u32 = 1;
-pub const __CC_SUPPORTS___INLINE__: u32 = 1;
-pub const __CC_SUPPORTS___FUNC__: u32 = 1;
-pub const __CC_SUPPORTS_WARNING: u32 = 1;
-pub const __CC_SUPPORTS_VARADIC_XXX: u32 = 1;
-pub const __CC_SUPPORTS_DYNAMIC_ARRAY_INIT: u32 = 1;
-pub const ARG_MAX: u32 = 4096;
-pub const CHILD_MAX: u32 = 40;
-pub const LINK_MAX: u32 = 32767;
-pub const MAX_CANON: u32 = 255;
-pub const MAX_INPUT: u32 = 255;
-pub const NAME_MAX: u32 = 255;
-pub const NGROUPS_MAX: u32 = 16;
-pub const OPEN_MAX: u32 = 64;
-pub const PATH_MAX: u32 = 1024;
-pub const PIPE_BUF: u32 = 512;
-pub const IOV_MAX: u32 = 1024;
-pub const BC_BASE_MAX: u32 = 99;
-pub const BC_DIM_MAX: u32 = 2048;
-pub const BC_SCALE_MAX: u32 = 99;
-pub const BC_STRING_MAX: u32 = 1000;
-pub const COLL_WEIGHTS_MAX: u32 = 0;
-pub const EXPR_NEST_MAX: u32 = 32;
-pub const LINE_MAX: u32 = 2048;
-pub const RE_DUP_MAX: u32 = 255;
-pub const MB_LEN_MAX: u32 = 1;
-pub const NL_ARGMAX: u32 = 32;
-pub const CHAR_MIN: u32 = 0;
-pub const _POSIX2_RE_DUP_MAX: u32 = 255;
-pub const __int20: u32 = 2;
-pub const __int20__: u32 = 2;
-pub const __INT8: &[u8; 3usize] = b"hh\0";
-pub const __INT16: &[u8; 2usize] = b"h\0";
-pub const __INT64: &[u8; 3usize] = b"ll\0";
-pub const __FAST8: &[u8; 3usize] = b"hh\0";
-pub const __FAST16: &[u8; 2usize] = b"h\0";
-pub const __FAST64: &[u8; 3usize] = b"ll\0";
-pub const __LEAST8: &[u8; 3usize] = b"hh\0";
-pub const __LEAST16: &[u8; 2usize] = b"h\0";
-pub const __LEAST64: &[u8; 3usize] = b"ll\0";
-pub const __int8_t_defined: u32 = 1;
-pub const __int16_t_defined: u32 = 1;
-pub const __int32_t_defined: u32 = 1;
-pub const __int64_t_defined: u32 = 1;
-pub const __int_least8_t_defined: u32 = 1;
-pub const __int_least16_t_defined: u32 = 1;
-pub const __int_least32_t_defined: u32 = 1;
-pub const __int_least64_t_defined: u32 = 1;
-pub const __int_fast8_t_defined: u32 = 1;
-pub const __int_fast16_t_defined: u32 = 1;
-pub const __int_fast32_t_defined: u32 = 1;
-pub const __int_fast64_t_defined: u32 = 1;
-pub const WINT_MIN: u32 = 0;
-pub const MBEDTLS_ERR_MPI_FILE_IO_ERROR: i32 = -2;
-pub const MBEDTLS_ERR_MPI_BAD_INPUT_DATA: i32 = -4;
-pub const MBEDTLS_ERR_MPI_INVALID_CHARACTER: i32 = -6;
-pub const MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL: i32 = -8;
-pub const MBEDTLS_ERR_MPI_NEGATIVE_VALUE: i32 = -10;
-pub const MBEDTLS_ERR_MPI_DIVISION_BY_ZERO: i32 = -12;
-pub const MBEDTLS_ERR_MPI_NOT_ACCEPTABLE: i32 = -14;
-pub const MBEDTLS_ERR_MPI_ALLOC_FAILED: i32 = -16;
-pub const MBEDTLS_MPI_MAX_LIMBS: u32 = 10000;
-pub const MBEDTLS_MPI_WINDOW_SIZE: u32 = 2;
-pub const MBEDTLS_MPI_MAX_SIZE: u32 = 1024;
-pub const MBEDTLS_MPI_MAX_BITS: u32 = 8192;
-pub const MBEDTLS_MPI_MAX_BITS_SCALE100: u32 = 819200;
-pub const MBEDTLS_LN_2_DIV_LN_10_SCALE100: u32 = 332;
-pub const MBEDTLS_MPI_RW_BUFFER_SIZE: u32 = 2484;
-pub const MBEDTLS_ERR_ECP_BAD_INPUT_DATA: i32 = -20352;
-pub const MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL: i32 = -20224;
-pub const MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE: i32 = -20096;
-pub const MBEDTLS_ERR_ECP_VERIFY_FAILED: i32 = -19968;
-pub const MBEDTLS_ERR_ECP_ALLOC_FAILED: i32 = -19840;
-pub const MBEDTLS_ERR_ECP_RANDOM_FAILED: i32 = -19712;
-pub const MBEDTLS_ERR_ECP_INVALID_KEY: i32 = -19584;
-pub const MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH: i32 = -19456;
-pub const MBEDTLS_ERR_ECP_IN_PROGRESS: i32 = -19200;
-pub const MBEDTLS_ECP_DP_MAX: u32 = 14;
-pub const MBEDTLS_ECP_WINDOW_SIZE: u32 = 4;
-pub const MBEDTLS_ECP_FIXED_POINT_OPTIM: u32 = 1;
-pub const MBEDTLS_ECP_MAX_BITS: u32 = 521;
-pub const MBEDTLS_ECP_MAX_BYTES: u32 = 66;
-pub const MBEDTLS_ECP_MAX_PT_LEN: u32 = 133;
-pub const MBEDTLS_ECP_PF_UNCOMPRESSED: u32 = 0;
-pub const MBEDTLS_ECP_PF_COMPRESSED: u32 = 1;
-pub const MBEDTLS_ECP_TLS_NAMED_CURVE: u32 = 3;
-pub const MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE: i32 = -20608;
-pub const MBEDTLS_ERR_MD_BAD_INPUT_DATA: i32 = -20736;
-pub const MBEDTLS_ERR_MD_ALLOC_FAILED: i32 = -20864;
-pub const MBEDTLS_ERR_MD_FILE_IO_ERROR: i32 = -20992;
-pub const MBEDTLS_MD_MAX_SIZE: u32 = 64;
-pub const MBEDTLS_MD_MAX_BLOCK_SIZE: u32 = 128;
-pub const MBEDTLS_ERR_RSA_BAD_INPUT_DATA: i32 = -16512;
-pub const MBEDTLS_ERR_RSA_INVALID_PADDING: i32 = -16640;
-pub const MBEDTLS_ERR_RSA_KEY_GEN_FAILED: i32 = -16768;
-pub const MBEDTLS_ERR_RSA_KEY_CHECK_FAILED: i32 = -16896;
-pub const MBEDTLS_ERR_RSA_PUBLIC_FAILED: i32 = -17024;
-pub const MBEDTLS_ERR_RSA_PRIVATE_FAILED: i32 = -17152;
-pub const MBEDTLS_ERR_RSA_VERIFY_FAILED: i32 = -17280;
-pub const MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE: i32 = -17408;
-pub const MBEDTLS_ERR_RSA_RNG_FAILED: i32 = -17536;
-pub const MBEDTLS_RSA_PKCS_V15: u32 = 0;
-pub const MBEDTLS_RSA_PKCS_V21: u32 = 1;
-pub const MBEDTLS_RSA_SIGN: u32 = 1;
-pub const MBEDTLS_RSA_CRYPT: u32 = 2;
-pub const MBEDTLS_RSA_SALT_LEN_ANY: i32 = -1;
-pub const MBEDTLS_ERR_PK_ALLOC_FAILED: i32 = -16256;
-pub const MBEDTLS_ERR_PK_TYPE_MISMATCH: i32 = -16128;
-pub const MBEDTLS_ERR_PK_BAD_INPUT_DATA: i32 = -16000;
-pub const MBEDTLS_ERR_PK_FILE_IO_ERROR: i32 = -15872;
-pub const MBEDTLS_ERR_PK_KEY_INVALID_VERSION: i32 = -15744;
-pub const MBEDTLS_ERR_PK_KEY_INVALID_FORMAT: i32 = -15616;
-pub const MBEDTLS_ERR_PK_UNKNOWN_PK_ALG: i32 = -15488;
-pub const MBEDTLS_ERR_PK_PASSWORD_REQUIRED: i32 = -15360;
-pub const MBEDTLS_ERR_PK_PASSWORD_MISMATCH: i32 = -15232;
-pub const MBEDTLS_ERR_PK_INVALID_PUBKEY: i32 = -15104;
-pub const MBEDTLS_ERR_PK_INVALID_ALG: i32 = -14976;
-pub const MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE: i32 = -14848;
-pub const MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE: i32 = -14720;
-pub const MBEDTLS_ERR_PK_SIG_LEN_MISMATCH: i32 = -14592;
-pub const MBEDTLS_ERR_PK_BUFFER_TOO_SMALL: i32 = -14464;
-pub const MBEDTLS_PK_SIGNATURE_MAX_SIZE: u32 = 0;
-pub const MBEDTLS_PK_DEBUG_MAX_ITEMS: u32 = 3;
-pub const MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE: i32 = -24704;
-pub const MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA: i32 = -24832;
-pub const MBEDTLS_ERR_CIPHER_ALLOC_FAILED: i32 = -24960;
-pub const MBEDTLS_ERR_CIPHER_INVALID_PADDING: i32 = -25088;
-pub const MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED: i32 = -25216;
-pub const MBEDTLS_ERR_CIPHER_AUTH_FAILED: i32 = -25344;
-pub const MBEDTLS_ERR_CIPHER_INVALID_CONTEXT: i32 = -25472;
-pub const MBEDTLS_CIPHER_VARIABLE_IV_LEN: u32 = 1;
-pub const MBEDTLS_CIPHER_VARIABLE_KEY_LEN: u32 = 2;
-pub const MBEDTLS_MAX_IV_LENGTH: u32 = 16;
-pub const MBEDTLS_MAX_BLOCK_LENGTH: u32 = 16;
-pub const MBEDTLS_MAX_KEY_LENGTH: u32 = 64;
-pub const MBEDTLS_TLS_RSA_WITH_NULL_MD5: u32 = 1;
-pub const MBEDTLS_TLS_RSA_WITH_NULL_SHA: u32 = 2;
-pub const MBEDTLS_TLS_PSK_WITH_NULL_SHA: u32 = 44;
-pub const MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA: u32 = 45;
-pub const MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA: u32 = 46;
-pub const MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA: u32 = 47;
-pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA: u32 = 51;
-pub const MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA: u32 = 53;
-pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA: u32 = 57;
-pub const MBEDTLS_TLS_RSA_WITH_NULL_SHA256: u32 = 59;
-pub const MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256: u32 = 60;
-pub const MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256: u32 = 61;
-pub const MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: u32 = 65;
-pub const MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: u32 = 69;
-pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: u32 = 103;
-pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: u32 = 107;
-pub const MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: u32 = 132;
-pub const MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: u32 = 136;
-pub const MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA: u32 = 140;
-pub const MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA: u32 = 141;
-pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA: u32 = 144;
-pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA: u32 = 145;
-pub const MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA: u32 = 148;
-pub const MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA: u32 = 149;
-pub const MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256: u32 = 156;
-pub const MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384: u32 = 157;
-pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: u32 = 158;
-pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: u32 = 159;
-pub const MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256: u32 = 168;
-pub const MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384: u32 = 169;
-pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256: u32 = 170;
-pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384: u32 = 171;
-pub const MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256: u32 = 172;
-pub const MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384: u32 = 173;
-pub const MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256: u32 = 174;
-pub const MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384: u32 = 175;
-pub const MBEDTLS_TLS_PSK_WITH_NULL_SHA256: u32 = 176;
-pub const MBEDTLS_TLS_PSK_WITH_NULL_SHA384: u32 = 177;
-pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256: u32 = 178;
-pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384: u32 = 179;
-pub const MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256: u32 = 180;
-pub const MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384: u32 = 181;
-pub const MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256: u32 = 182;
-pub const MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384: u32 = 183;
-pub const MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256: u32 = 184;
-pub const MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384: u32 = 185;
-pub const MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256: u32 = 186;
-pub const MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256: u32 = 190;
-pub const MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256: u32 = 192;
-pub const MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256: u32 = 196;
-pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA: u32 = 49153;
-pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: u32 = 49156;
-pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: u32 = 49157;
-pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA: u32 = 49158;
-pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: u32 = 49161;
-pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: u32 = 49162;
-pub const MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA: u32 = 49163;
-pub const MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: u32 = 49166;
-pub const MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: u32 = 49167;
-pub const MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA: u32 = 49168;
-pub const MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: u32 = 49171;
-pub const MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: u32 = 49172;
-pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: u32 = 49187;
-pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: u32 = 49188;
-pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256: u32 = 49189;
-pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384: u32 = 49190;
-pub const MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: u32 = 49191;
-pub const MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: u32 = 49192;
-pub const MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256: u32 = 49193;
-pub const MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384: u32 = 49194;
-pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: u32 = 49195;
-pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: u32 = 49196;
-pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256: u32 = 49197;
-pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384: u32 = 49198;
-pub const MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: u32 = 49199;
-pub const MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: u32 = 49200;
-pub const MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256: u32 = 49201;
-pub const MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384: u32 = 49202;
-pub const MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA: u32 = 49205;
-pub const MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA: u32 = 49206;
-pub const MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256: u32 = 49207;
-pub const MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384: u32 = 49208;
-pub const MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA: u32 = 49209;
-pub const MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256: u32 = 49210;
-pub const MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384: u32 = 49211;
-pub const MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256: u32 = 49212;
-pub const MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384: u32 = 49213;
-pub const MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256: u32 = 49220;
-pub const MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384: u32 = 49221;
-pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256: u32 = 49224;
-pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384: u32 = 49225;
-pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256: u32 = 49226;
-pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384: u32 = 49227;
-pub const MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256: u32 = 49228;
-pub const MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384: u32 = 49229;
-pub const MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256: u32 = 49230;
-pub const MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384: u32 = 49231;
-pub const MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256: u32 = 49232;
-pub const MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384: u32 = 49233;
-pub const MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256: u32 = 49234;
-pub const MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384: u32 = 49235;
-pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256: u32 = 49244;
-pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384: u32 = 49245;
-pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256: u32 = 49246;
-pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384: u32 = 49247;
-pub const MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256: u32 = 49248;
-pub const MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384: u32 = 49249;
-pub const MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256: u32 = 49250;
-pub const MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384: u32 = 49251;
-pub const MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256: u32 = 49252;
-pub const MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384: u32 = 49253;
-pub const MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256: u32 = 49254;
-pub const MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384: u32 = 49255;
-pub const MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256: u32 = 49256;
-pub const MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384: u32 = 49257;
-pub const MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256: u32 = 49258;
-pub const MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384: u32 = 49259;
-pub const MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256: u32 = 49260;
-pub const MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384: u32 = 49261;
-pub const MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256: u32 = 49262;
-pub const MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384: u32 = 49263;
-pub const MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256: u32 = 49264;
-pub const MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384: u32 = 49265;
-pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256: u32 = 49266;
-pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384: u32 = 49267;
-pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256: u32 = 49268;
-pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384: u32 = 49269;
-pub const MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256: u32 = 49270;
-pub const MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384: u32 = 49271;
-pub const MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256: u32 = 49272;
-pub const MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384: u32 = 49273;
-pub const MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256: u32 = 49274;
-pub const MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384: u32 = 49275;
-pub const MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256: u32 = 49276;
-pub const MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384: u32 = 49277;
-pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256: u32 = 49286;
-pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384: u32 = 49287;
-pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256: u32 = 49288;
-pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384: u32 = 49289;
-pub const MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256: u32 = 49290;
-pub const MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384: u32 = 49291;
-pub const MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256: u32 = 49292;
-pub const MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384: u32 = 49293;
-pub const MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256: u32 = 49294;
-pub const MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384: u32 = 49295;
-pub const MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256: u32 = 49296;
-pub const MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384: u32 = 49297;
-pub const MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256: u32 = 49298;
-pub const MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384: u32 = 49299;
-pub const MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256: u32 = 49300;
-pub const MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384: u32 = 49301;
-pub const MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256: u32 = 49302;
-pub const MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384: u32 = 49303;
-pub const MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256: u32 = 49304;
-pub const MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384: u32 = 49305;
-pub const MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256: u32 = 49306;
-pub const MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384: u32 = 49307;
-pub const MBEDTLS_TLS_RSA_WITH_AES_128_CCM: u32 = 49308;
-pub const MBEDTLS_TLS_RSA_WITH_AES_256_CCM: u32 = 49309;
-pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM: u32 = 49310;
-pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM: u32 = 49311;
-pub const MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8: u32 = 49312;
-pub const MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8: u32 = 49313;
-pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8: u32 = 49314;
-pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8: u32 = 49315;
-pub const MBEDTLS_TLS_PSK_WITH_AES_128_CCM: u32 = 49316;
-pub const MBEDTLS_TLS_PSK_WITH_AES_256_CCM: u32 = 49317;
-pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM: u32 = 49318;
-pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM: u32 = 49319;
-pub const MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8: u32 = 49320;
-pub const MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8: u32 = 49321;
-pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8: u32 = 49322;
-pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8: u32 = 49323;
-pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM: u32 = 49324;
-pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM: u32 = 49325;
-pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8: u32 = 49326;
-pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8: u32 = 49327;
-pub const MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8: u32 = 49407;
-pub const MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: u32 = 52392;
-pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: u32 = 52393;
-pub const MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256: u32 = 52394;
-pub const MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256: u32 = 52395;
-pub const MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256: u32 = 52396;
-pub const MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256: u32 = 52397;
-pub const MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256: u32 = 52398;
-pub const MBEDTLS_TLS1_3_AES_128_GCM_SHA256: u32 = 4865;
-pub const MBEDTLS_TLS1_3_AES_256_GCM_SHA384: u32 = 4866;
-pub const MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256: u32 = 4867;
-pub const MBEDTLS_TLS1_3_AES_128_CCM_SHA256: u32 = 4868;
-pub const MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256: u32 = 4869;
-pub const MBEDTLS_CIPHERSUITE_WEAK: u32 = 1;
-pub const MBEDTLS_CIPHERSUITE_SHORT_TAG: u32 = 2;
-pub const MBEDTLS_CIPHERSUITE_NODTLS: u32 = 4;
-pub const PSA_CRYPTO_API_VERSION_MAJOR: u32 = 1;
-pub const PSA_CRYPTO_API_VERSION_MINOR: u32 = 0;
-pub const PSA_MAC_TRUNCATION_OFFSET: u32 = 16;
-pub const PSA_AEAD_TAG_LENGTH_OFFSET: u32 = 16;
-pub const PSA_HASH_MAX_SIZE: u32 = 64;
-pub const PSA_HMAC_MAX_HASH_BLOCK_SIZE: u32 = 128;
-pub const PSA_MAC_MAX_SIZE: u32 = 64;
-pub const PSA_AEAD_TAG_MAX_SIZE: u32 = 16;
-pub const PSA_VENDOR_RSA_MAX_KEY_BITS: u32 = 4096;
-pub const PSA_VENDOR_ECC_MAX_CURVE_BITS: u32 = 521;
-pub const PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE: u32 = 128;
-pub const PSA_TLS12_ECJPAKE_TO_PMS_INPUT_SIZE: u32 = 65;
-pub const PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE: u32 = 32;
-pub const PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE: u32 = 16;
-pub const PSA_AEAD_NONCE_MAX_SIZE: u32 = 13;
-pub const PSA_AEAD_FINISH_OUTPUT_MAX_SIZE: u32 = 16;
-pub const PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE: u32 = 16;
-pub const PSA_CIPHER_IV_MAX_SIZE: u32 = 16;
-pub const PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE: u32 = 16;
-pub const MBEDTLS_AES_BLOCK_SIZE: u32 = 16;
-pub const MBEDTLS_DES3_BLOCK_SIZE: u32 = 8;
-pub const MBEDTLS_CIPHER_BLKSIZE_MAX: u32 = 16;
-pub const MBEDTLS_GCM_ENCRYPT: u32 = 1;
-pub const MBEDTLS_GCM_DECRYPT: u32 = 0;
-pub const MBEDTLS_ERR_GCM_AUTH_FAILED: i32 = -18;
-pub const MBEDTLS_ERR_GCM_BAD_INPUT: i32 = -20;
-pub const MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL: i32 = -22;
-pub const MBEDTLS_CCM_DECRYPT: u32 = 0;
-pub const MBEDTLS_CCM_ENCRYPT: u32 = 1;
-pub const MBEDTLS_CCM_STAR_DECRYPT: u32 = 2;
-pub const MBEDTLS_CCM_STAR_ENCRYPT: u32 = 3;
-pub const MBEDTLS_ERR_CCM_BAD_INPUT: i32 = -13;
-pub const MBEDTLS_ERR_CCM_AUTH_FAILED: i32 = -15;
-pub const MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA: i32 = -87;
-pub const MBEDTLS_ERR_CHACHAPOLY_BAD_STATE: i32 = -84;
-pub const MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED: i32 = -86;
-pub const MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA: i32 = -81;
-pub const MBEDTLS_ERR_SHA1_BAD_INPUT_DATA: i32 = -115;
-pub const MBEDTLS_ERR_SHA256_BAD_INPUT_DATA: i32 = -116;
-pub const MBEDTLS_ERR_SHA512_BAD_INPUT_DATA: i32 = -117;
-pub const MBEDTLS_PSA_BUILTIN_CIPHER: u32 = 1;
-pub const MBEDTLS_PSA_BUILTIN_AEAD: u32 = 1;
-pub const MBEDTLS_PSA_JPAKE_BUFFER_SIZE: u32 = 336;
-pub const PSA_MAX_KEY_BITS: u32 = 65528;
-pub const MBEDTLS_PSA_KA_MASK_DUAL_USE: u32 = 0;
-pub const PSA_CRYPTO_ITS_RANDOM_SEED_UID: u32 = 4294967122;
-pub const MBEDTLS_PSA_KEY_SLOT_COUNT: u32 = 32;
-pub const PSA_PAKE_OPERATION_STAGE_SETUP: u32 = 0;
-pub const PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS: u32 = 1;
-pub const PSA_PAKE_OPERATION_STAGE_COMPUTATION: u32 = 2;
-pub const PSA_PAKE_OUTPUT_MAX_SIZE: u32 = 65;
-pub const PSA_PAKE_INPUT_MAX_SIZE: u32 = 65;
-pub const MBEDTLS_ERR_ASN1_OUT_OF_DATA: i32 = -96;
-pub const MBEDTLS_ERR_ASN1_UNEXPECTED_TAG: i32 = -98;
-pub const MBEDTLS_ERR_ASN1_INVALID_LENGTH: i32 = -100;
-pub const MBEDTLS_ERR_ASN1_LENGTH_MISMATCH: i32 = -102;
-pub const MBEDTLS_ERR_ASN1_INVALID_DATA: i32 = -104;
-pub const MBEDTLS_ERR_ASN1_ALLOC_FAILED: i32 = -106;
-pub const MBEDTLS_ERR_ASN1_BUF_TOO_SMALL: i32 = -108;
-pub const MBEDTLS_ASN1_BOOLEAN: u32 = 1;
-pub const MBEDTLS_ASN1_INTEGER: u32 = 2;
-pub const MBEDTLS_ASN1_BIT_STRING: u32 = 3;
-pub const MBEDTLS_ASN1_OCTET_STRING: u32 = 4;
-pub const MBEDTLS_ASN1_NULL: u32 = 5;
-pub const MBEDTLS_ASN1_OID: u32 = 6;
-pub const MBEDTLS_ASN1_ENUMERATED: u32 = 10;
-pub const MBEDTLS_ASN1_UTF8_STRING: u32 = 12;
-pub const MBEDTLS_ASN1_SEQUENCE: u32 = 16;
-pub const MBEDTLS_ASN1_SET: u32 = 17;
-pub const MBEDTLS_ASN1_PRINTABLE_STRING: u32 = 19;
-pub const MBEDTLS_ASN1_T61_STRING: u32 = 20;
-pub const MBEDTLS_ASN1_IA5_STRING: u32 = 22;
-pub const MBEDTLS_ASN1_UTC_TIME: u32 = 23;
-pub const MBEDTLS_ASN1_GENERALIZED_TIME: u32 = 24;
-pub const MBEDTLS_ASN1_UNIVERSAL_STRING: u32 = 28;
-pub const MBEDTLS_ASN1_BMP_STRING: u32 = 30;
-pub const MBEDTLS_ASN1_PRIMITIVE: u32 = 0;
-pub const MBEDTLS_ASN1_CONSTRUCTED: u32 = 32;
-pub const MBEDTLS_ASN1_CONTEXT_SPECIFIC: u32 = 128;
-pub const MBEDTLS_ASN1_TAG_CLASS_MASK: u32 = 192;
-pub const MBEDTLS_ASN1_TAG_PC_MASK: u32 = 32;
-pub const MBEDTLS_ASN1_TAG_VALUE_MASK: u32 = 31;
-pub const MBEDTLS_X509_MAX_INTERMEDIATE_CA: u32 = 8;
-pub const MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE: i32 = -8320;
-pub const MBEDTLS_ERR_X509_UNKNOWN_OID: i32 = -8448;
-pub const MBEDTLS_ERR_X509_INVALID_FORMAT: i32 = -8576;
-pub const MBEDTLS_ERR_X509_INVALID_VERSION: i32 = -8704;
-pub const MBEDTLS_ERR_X509_INVALID_SERIAL: i32 = -8832;
-pub const MBEDTLS_ERR_X509_INVALID_ALG: i32 = -8960;
-pub const MBEDTLS_ERR_X509_INVALID_NAME: i32 = -9088;
-pub const MBEDTLS_ERR_X509_INVALID_DATE: i32 = -9216;
-pub const MBEDTLS_ERR_X509_INVALID_SIGNATURE: i32 = -9344;
-pub const MBEDTLS_ERR_X509_INVALID_EXTENSIONS: i32 = -9472;
-pub const MBEDTLS_ERR_X509_UNKNOWN_VERSION: i32 = -9600;
-pub const MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG: i32 = -9728;
-pub const MBEDTLS_ERR_X509_SIG_MISMATCH: i32 = -9856;
-pub const MBEDTLS_ERR_X509_CERT_VERIFY_FAILED: i32 = -9984;
-pub const MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT: i32 = -10112;
-pub const MBEDTLS_ERR_X509_BAD_INPUT_DATA: i32 = -10240;
-pub const MBEDTLS_ERR_X509_ALLOC_FAILED: i32 = -10368;
-pub const MBEDTLS_ERR_X509_FILE_IO_ERROR: i32 = -10496;
-pub const MBEDTLS_ERR_X509_BUFFER_TOO_SMALL: i32 = -10624;
-pub const MBEDTLS_ERR_X509_FATAL_ERROR: i32 = -12288;
-pub const MBEDTLS_X509_BADCERT_EXPIRED: u32 = 1;
-pub const MBEDTLS_X509_BADCERT_REVOKED: u32 = 2;
-pub const MBEDTLS_X509_BADCERT_CN_MISMATCH: u32 = 4;
-pub const MBEDTLS_X509_BADCERT_NOT_TRUSTED: u32 = 8;
-pub const MBEDTLS_X509_BADCRL_NOT_TRUSTED: u32 = 16;
-pub const MBEDTLS_X509_BADCRL_EXPIRED: u32 = 32;
-pub const MBEDTLS_X509_BADCERT_MISSING: u32 = 64;
-pub const MBEDTLS_X509_BADCERT_SKIP_VERIFY: u32 = 128;
-pub const MBEDTLS_X509_BADCERT_OTHER: u32 = 256;
-pub const MBEDTLS_X509_BADCERT_FUTURE: u32 = 512;
-pub const MBEDTLS_X509_BADCRL_FUTURE: u32 = 1024;
-pub const MBEDTLS_X509_BADCERT_KEY_USAGE: u32 = 2048;
-pub const MBEDTLS_X509_BADCERT_EXT_KEY_USAGE: u32 = 4096;
-pub const MBEDTLS_X509_BADCERT_NS_CERT_TYPE: u32 = 8192;
-pub const MBEDTLS_X509_BADCERT_BAD_MD: u32 = 16384;
-pub const MBEDTLS_X509_BADCERT_BAD_PK: u32 = 32768;
-pub const MBEDTLS_X509_BADCERT_BAD_KEY: u32 = 65536;
-pub const MBEDTLS_X509_BADCRL_BAD_MD: u32 = 131072;
-pub const MBEDTLS_X509_BADCRL_BAD_PK: u32 = 262144;
-pub const MBEDTLS_X509_BADCRL_BAD_KEY: u32 = 524288;
-pub const MBEDTLS_X509_SAN_OTHER_NAME: u32 = 0;
-pub const MBEDTLS_X509_SAN_RFC822_NAME: u32 = 1;
-pub const MBEDTLS_X509_SAN_DNS_NAME: u32 = 2;
-pub const MBEDTLS_X509_SAN_X400_ADDRESS_NAME: u32 = 3;
-pub const MBEDTLS_X509_SAN_DIRECTORY_NAME: u32 = 4;
-pub const MBEDTLS_X509_SAN_EDI_PARTY_NAME: u32 = 5;
-pub const MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER: u32 = 6;
-pub const MBEDTLS_X509_SAN_IP_ADDRESS: u32 = 7;
-pub const MBEDTLS_X509_SAN_REGISTERED_ID: u32 = 8;
-pub const MBEDTLS_X509_KU_DIGITAL_SIGNATURE: u32 = 128;
-pub const MBEDTLS_X509_KU_NON_REPUDIATION: u32 = 64;
-pub const MBEDTLS_X509_KU_KEY_ENCIPHERMENT: u32 = 32;
-pub const MBEDTLS_X509_KU_DATA_ENCIPHERMENT: u32 = 16;
-pub const MBEDTLS_X509_KU_KEY_AGREEMENT: u32 = 8;
-pub const MBEDTLS_X509_KU_KEY_CERT_SIGN: u32 = 4;
-pub const MBEDTLS_X509_KU_CRL_SIGN: u32 = 2;
-pub const MBEDTLS_X509_KU_ENCIPHER_ONLY: u32 = 1;
-pub const MBEDTLS_X509_KU_DECIPHER_ONLY: u32 = 32768;
-pub const MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT: u32 = 128;
-pub const MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER: u32 = 64;
-pub const MBEDTLS_X509_NS_CERT_TYPE_EMAIL: u32 = 32;
-pub const MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING: u32 = 16;
-pub const MBEDTLS_X509_NS_CERT_TYPE_RESERVED: u32 = 8;
-pub const MBEDTLS_X509_NS_CERT_TYPE_SSL_CA: u32 = 4;
-pub const MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA: u32 = 2;
-pub const MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA: u32 = 1;
-pub const MBEDTLS_X509_FORMAT_DER: u32 = 1;
-pub const MBEDTLS_X509_FORMAT_PEM: u32 = 2;
-pub const MBEDTLS_X509_MAX_DN_NAME_SIZE: u32 = 256;
-pub const MBEDTLS_X509_CRT_VERSION_1: u32 = 0;
-pub const MBEDTLS_X509_CRT_VERSION_2: u32 = 1;
-pub const MBEDTLS_X509_CRT_VERSION_3: u32 = 2;
-pub const MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN: u32 = 20;
-pub const MBEDTLS_X509_RFC5280_UTC_TIME_LEN: u32 = 15;
-pub const MBEDTLS_X509_MAX_FILE_PATH_LEN: u32 = 512;
-pub const MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE: u32 = 10;
-pub const MBEDTLS_ERR_DHM_BAD_INPUT_DATA: i32 = -12416;
-pub const MBEDTLS_ERR_DHM_READ_PARAMS_FAILED: i32 = -12544;
-pub const MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED: i32 = -12672;
-pub const MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED: i32 = -12800;
-pub const MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED: i32 = -12928;
-pub const MBEDTLS_ERR_DHM_CALC_SECRET_FAILED: i32 = -13056;
-pub const MBEDTLS_ERR_DHM_INVALID_FORMAT: i32 = -13184;
-pub const MBEDTLS_ERR_DHM_ALLOC_FAILED: i32 = -13312;
-pub const MBEDTLS_ERR_DHM_FILE_IO_ERROR: i32 = -13440;
-pub const MBEDTLS_ERR_DHM_SET_GROUP_FAILED: i32 = -13696;
-pub const MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS: i32 = -28672;
-pub const MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE: i32 = -28800;
-pub const MBEDTLS_ERR_SSL_BAD_INPUT_DATA: i32 = -28928;
-pub const MBEDTLS_ERR_SSL_INVALID_MAC: i32 = -29056;
-pub const MBEDTLS_ERR_SSL_INVALID_RECORD: i32 = -29184;
-pub const MBEDTLS_ERR_SSL_CONN_EOF: i32 = -29312;
-pub const MBEDTLS_ERR_SSL_DECODE_ERROR: i32 = -29440;
-pub const MBEDTLS_ERR_SSL_NO_RNG: i32 = -29696;
-pub const MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE: i32 = -29824;
-pub const MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION: i32 = -29952;
-pub const MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL: i32 = -30080;
-pub const MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED: i32 = -30208;
-pub const MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED: i32 = -30336;
-pub const MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE: i32 = -30464;
-pub const MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE: i32 = -30592;
-pub const MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME: i32 = -30720;
-pub const MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY: i32 = -30848;
-pub const MBEDTLS_ERR_SSL_BAD_CERTIFICATE: i32 = -31232;
-pub const MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET: i32 = -31488;
-pub const MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA: i32 = -31616;
-pub const MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA: i32 = -31744;
-pub const MBEDTLS_ERR_SSL_ALLOC_FAILED: i32 = -32512;
-pub const MBEDTLS_ERR_SSL_HW_ACCEL_FAILED: i32 = -32640;
-pub const MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH: i32 = -28544;
-pub const MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION: i32 = -28288;
-pub const MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE: i32 = -28160;
-pub const MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED: i32 = -28032;
-pub const MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH: i32 = -27904;
-pub const MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY: i32 = -27776;
-pub const MBEDTLS_ERR_SSL_INTERNAL_ERROR: i32 = -27648;
-pub const MBEDTLS_ERR_SSL_COUNTER_WRAPPING: i32 = -27520;
-pub const MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO: i32 = -27392;
-pub const MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED: i32 = -27264;
-pub const MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL: i32 = -27136;
-pub const MBEDTLS_ERR_SSL_WANT_READ: i32 = -26880;
-pub const MBEDTLS_ERR_SSL_WANT_WRITE: i32 = -26752;
-pub const MBEDTLS_ERR_SSL_TIMEOUT: i32 = -26624;
-pub const MBEDTLS_ERR_SSL_CLIENT_RECONNECT: i32 = -26496;
-pub const MBEDTLS_ERR_SSL_UNEXPECTED_RECORD: i32 = -26368;
-pub const MBEDTLS_ERR_SSL_NON_FATAL: i32 = -26240;
-pub const MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER: i32 = -26112;
-pub const MBEDTLS_ERR_SSL_CONTINUE_PROCESSING: i32 = -25984;
-pub const MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS: i32 = -25856;
-pub const MBEDTLS_ERR_SSL_EARLY_MESSAGE: i32 = -25728;
-pub const MBEDTLS_ERR_SSL_UNEXPECTED_CID: i32 = -24576;
-pub const MBEDTLS_ERR_SSL_VERSION_MISMATCH: i32 = -24320;
-pub const MBEDTLS_ERR_SSL_BAD_CONFIG: i32 = -24192;
-pub const MBEDTLS_SSL_TLS1_3_PSK_MODE_PURE: u32 = 0;
-pub const MBEDTLS_SSL_TLS1_3_PSK_MODE_ECDHE: u32 = 1;
-pub const MBEDTLS_SSL_IANA_TLS_GROUP_NONE: u32 = 0;
-pub const MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1: u32 = 18;
-pub const MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1: u32 = 19;
-pub const MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1: u32 = 20;
-pub const MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1: u32 = 21;
-pub const MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1: u32 = 22;
-pub const MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1: u32 = 23;
-pub const MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1: u32 = 24;
-pub const MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1: u32 = 25;
-pub const MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1: u32 = 26;
-pub const MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1: u32 = 27;
-pub const MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1: u32 = 28;
-pub const MBEDTLS_SSL_IANA_TLS_GROUP_X25519: u32 = 29;
-pub const MBEDTLS_SSL_IANA_TLS_GROUP_X448: u32 = 30;
-pub const MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048: u32 = 256;
-pub const MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072: u32 = 257;
-pub const MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096: u32 = 258;
-pub const MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144: u32 = 259;
-pub const MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192: u32 = 260;
-pub const MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK: u32 = 1;
-pub const MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL: u32 = 2;
-pub const MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL: u32 = 4;
-pub const MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL: u32 = 7;
-pub const MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL: u32 = 5;
-pub const MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL: u32 = 6;
-pub const MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE: u32 = 0;
-pub const MBEDTLS_SSL_MAJOR_VERSION_3: u32 = 3;
-pub const MBEDTLS_SSL_MINOR_VERSION_3: u32 = 3;
-pub const MBEDTLS_SSL_MINOR_VERSION_4: u32 = 4;
-pub const MBEDTLS_SSL_TRANSPORT_STREAM: u32 = 0;
-pub const MBEDTLS_SSL_TRANSPORT_DATAGRAM: u32 = 1;
-pub const MBEDTLS_SSL_MAX_HOST_NAME_LEN: u32 = 255;
-pub const MBEDTLS_SSL_MAX_ALPN_NAME_LEN: u32 = 255;
-pub const MBEDTLS_SSL_MAX_ALPN_LIST_LEN: u32 = 65535;
-pub const MBEDTLS_SSL_MAX_FRAG_LEN_NONE: u32 = 0;
-pub const MBEDTLS_SSL_MAX_FRAG_LEN_512: u32 = 1;
-pub const MBEDTLS_SSL_MAX_FRAG_LEN_1024: u32 = 2;
-pub const MBEDTLS_SSL_MAX_FRAG_LEN_2048: u32 = 3;
-pub const MBEDTLS_SSL_MAX_FRAG_LEN_4096: u32 = 4;
-pub const MBEDTLS_SSL_MAX_FRAG_LEN_INVALID: u32 = 5;
-pub const MBEDTLS_SSL_IS_CLIENT: u32 = 0;
-pub const MBEDTLS_SSL_IS_SERVER: u32 = 1;
-pub const MBEDTLS_SSL_EXTENDED_MS_DISABLED: u32 = 0;
-pub const MBEDTLS_SSL_EXTENDED_MS_ENABLED: u32 = 1;
-pub const MBEDTLS_SSL_CID_DISABLED: u32 = 0;
-pub const MBEDTLS_SSL_CID_ENABLED: u32 = 1;
-pub const MBEDTLS_SSL_ETM_DISABLED: u32 = 0;
-pub const MBEDTLS_SSL_ETM_ENABLED: u32 = 1;
-pub const MBEDTLS_SSL_COMPRESS_NULL: u32 = 0;
-pub const MBEDTLS_SSL_VERIFY_NONE: u32 = 0;
-pub const MBEDTLS_SSL_VERIFY_OPTIONAL: u32 = 1;
-pub const MBEDTLS_SSL_VERIFY_REQUIRED: u32 = 2;
-pub const MBEDTLS_SSL_VERIFY_UNSET: u32 = 3;
-pub const MBEDTLS_SSL_LEGACY_RENEGOTIATION: u32 = 0;
-pub const MBEDTLS_SSL_SECURE_RENEGOTIATION: u32 = 1;
-pub const MBEDTLS_SSL_RENEGOTIATION_DISABLED: u32 = 0;
-pub const MBEDTLS_SSL_RENEGOTIATION_ENABLED: u32 = 1;
-pub const MBEDTLS_SSL_ANTI_REPLAY_DISABLED: u32 = 0;
-pub const MBEDTLS_SSL_ANTI_REPLAY_ENABLED: u32 = 1;
-pub const MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED: i32 = -1;
-pub const MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT: u32 = 16;
-pub const MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION: u32 = 0;
-pub const MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION: u32 = 1;
-pub const MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE: u32 = 2;
-pub const MBEDTLS_SSL_TRUNC_HMAC_DISABLED: u32 = 0;
-pub const MBEDTLS_SSL_TRUNC_HMAC_ENABLED: u32 = 1;
-pub const MBEDTLS_SSL_TRUNCATED_HMAC_LEN: u32 = 10;
-pub const MBEDTLS_SSL_SESSION_TICKETS_DISABLED: u32 = 0;
-pub const MBEDTLS_SSL_SESSION_TICKETS_ENABLED: u32 = 1;
-pub const MBEDTLS_SSL_PRESET_DEFAULT: u32 = 0;
-pub const MBEDTLS_SSL_PRESET_SUITEB: u32 = 2;
-pub const MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED: u32 = 1;
-pub const MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED: u32 = 0;
-pub const MBEDTLS_SSL_EARLY_DATA_DISABLED: u32 = 0;
-pub const MBEDTLS_SSL_EARLY_DATA_ENABLED: u32 = 1;
-pub const MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED: u32 = 0;
-pub const MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED: u32 = 1;
-pub const MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT: u32 = 1;
-pub const MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER: u32 = 0;
-pub const MBEDTLS_SSL_TLS1_3_TICKET_RESUMPTION_KEY_LEN: u32 = 48;
-pub const MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN: u32 = 1000;
-pub const MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX: u32 = 60000;
-pub const MBEDTLS_SSL_IN_CONTENT_LEN: u32 = 16384;
-pub const MBEDTLS_SSL_OUT_CONTENT_LEN: u32 = 16384;
-pub const MBEDTLS_SSL_DTLS_MAX_BUFFERING: u32 = 32768;
-pub const MBEDTLS_SSL_CID_IN_LEN_MAX: u32 = 32;
-pub const MBEDTLS_SSL_CID_OUT_LEN_MAX: u32 = 32;
-pub const MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY: u32 = 16;
-pub const MBEDTLS_SSL_VERIFY_DATA_MAX_LEN: u32 = 12;
-pub const MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO: u32 = 255;
-pub const MBEDTLS_SSL_HASH_NONE: u32 = 0;
-pub const MBEDTLS_SSL_HASH_MD5: u32 = 1;
-pub const MBEDTLS_SSL_HASH_SHA1: u32 = 2;
-pub const MBEDTLS_SSL_HASH_SHA224: u32 = 3;
-pub const MBEDTLS_SSL_HASH_SHA256: u32 = 4;
-pub const MBEDTLS_SSL_HASH_SHA384: u32 = 5;
-pub const MBEDTLS_SSL_HASH_SHA512: u32 = 6;
-pub const MBEDTLS_SSL_SIG_ANON: u32 = 0;
-pub const MBEDTLS_SSL_SIG_RSA: u32 = 1;
-pub const MBEDTLS_SSL_SIG_ECDSA: u32 = 3;
-pub const MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256: u32 = 1025;
-pub const MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384: u32 = 1281;
-pub const MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512: u32 = 1537;
-pub const MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256: u32 = 1027;
-pub const MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384: u32 = 1283;
-pub const MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512: u32 = 1539;
-pub const MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: u32 = 2052;
-pub const MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: u32 = 2053;
-pub const MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: u32 = 2054;
-pub const MBEDTLS_TLS1_3_SIG_ED25519: u32 = 2055;
-pub const MBEDTLS_TLS1_3_SIG_ED448: u32 = 2056;
-pub const MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA256: u32 = 2057;
-pub const MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA384: u32 = 2058;
-pub const MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA512: u32 = 2059;
-pub const MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA1: u32 = 513;
-pub const MBEDTLS_TLS1_3_SIG_ECDSA_SHA1: u32 = 515;
-pub const MBEDTLS_TLS1_3_SIG_NONE: u32 = 0;
-pub const MBEDTLS_SSL_CERT_TYPE_RSA_SIGN: u32 = 1;
-pub const MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN: u32 = 64;
-pub const MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC: u32 = 20;
-pub const MBEDTLS_SSL_MSG_ALERT: u32 = 21;
-pub const MBEDTLS_SSL_MSG_HANDSHAKE: u32 = 22;
-pub const MBEDTLS_SSL_MSG_APPLICATION_DATA: u32 = 23;
-pub const MBEDTLS_SSL_MSG_CID: u32 = 25;
-pub const MBEDTLS_SSL_ALERT_LEVEL_WARNING: u32 = 1;
-pub const MBEDTLS_SSL_ALERT_LEVEL_FATAL: u32 = 2;
-pub const MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY: u32 = 0;
-pub const MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE: u32 = 10;
-pub const MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC: u32 = 20;
-pub const MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED: u32 = 21;
-pub const MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW: u32 = 22;
-pub const MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE: u32 = 30;
-pub const MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE: u32 = 40;
-pub const MBEDTLS_SSL_ALERT_MSG_NO_CERT: u32 = 41;
-pub const MBEDTLS_SSL_ALERT_MSG_BAD_CERT: u32 = 42;
-pub const MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT: u32 = 43;
-pub const MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED: u32 = 44;
-pub const MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED: u32 = 45;
-pub const MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN: u32 = 46;
-pub const MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER: u32 = 47;
-pub const MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA: u32 = 48;
-pub const MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED: u32 = 49;
-pub const MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR: u32 = 50;
-pub const MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR: u32 = 51;
-pub const MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION: u32 = 60;
-pub const MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION: u32 = 70;
-pub const MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY: u32 = 71;
-pub const MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR: u32 = 80;
-pub const MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK: u32 = 86;
-pub const MBEDTLS_SSL_ALERT_MSG_USER_CANCELED: u32 = 90;
-pub const MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION: u32 = 100;
-pub const MBEDTLS_SSL_ALERT_MSG_MISSING_EXTENSION: u32 = 109;
-pub const MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT: u32 = 110;
-pub const MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME: u32 = 112;
-pub const MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY: u32 = 115;
-pub const MBEDTLS_SSL_ALERT_MSG_CERT_REQUIRED: u32 = 116;
-pub const MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL: u32 = 120;
-pub const MBEDTLS_SSL_HS_HELLO_REQUEST: u32 = 0;
-pub const MBEDTLS_SSL_HS_CLIENT_HELLO: u32 = 1;
-pub const MBEDTLS_SSL_HS_SERVER_HELLO: u32 = 2;
-pub const MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST: u32 = 3;
-pub const MBEDTLS_SSL_HS_NEW_SESSION_TICKET: u32 = 4;
-pub const MBEDTLS_SSL_HS_END_OF_EARLY_DATA: u32 = 5;
-pub const MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS: u32 = 8;
-pub const MBEDTLS_SSL_HS_CERTIFICATE: u32 = 11;
-pub const MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE: u32 = 12;
-pub const MBEDTLS_SSL_HS_CERTIFICATE_REQUEST: u32 = 13;
-pub const MBEDTLS_SSL_HS_SERVER_HELLO_DONE: u32 = 14;
-pub const MBEDTLS_SSL_HS_CERTIFICATE_VERIFY: u32 = 15;
-pub const MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE: u32 = 16;
-pub const MBEDTLS_SSL_HS_FINISHED: u32 = 20;
-pub const MBEDTLS_SSL_HS_MESSAGE_HASH: u32 = 254;
-pub const MBEDTLS_TLS_EXT_SERVERNAME: u32 = 0;
-pub const MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME: u32 = 0;
-pub const MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH: u32 = 1;
-pub const MBEDTLS_TLS_EXT_TRUNCATED_HMAC: u32 = 4;
-pub const MBEDTLS_TLS_EXT_STATUS_REQUEST: u32 = 5;
-pub const MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES: u32 = 10;
-pub const MBEDTLS_TLS_EXT_SUPPORTED_GROUPS: u32 = 10;
-pub const MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS: u32 = 11;
-pub const MBEDTLS_TLS_EXT_SIG_ALG: u32 = 13;
-pub const MBEDTLS_TLS_EXT_USE_SRTP: u32 = 14;
-pub const MBEDTLS_TLS_EXT_HEARTBEAT: u32 = 15;
-pub const MBEDTLS_TLS_EXT_ALPN: u32 = 16;
-pub const MBEDTLS_TLS_EXT_SCT: u32 = 18;
-pub const MBEDTLS_TLS_EXT_CLI_CERT_TYPE: u32 = 19;
-pub const MBEDTLS_TLS_EXT_SERV_CERT_TYPE: u32 = 20;
-pub const MBEDTLS_TLS_EXT_PADDING: u32 = 21;
-pub const MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC: u32 = 22;
-pub const MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET: u32 = 23;
-pub const MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT: u32 = 28;
-pub const MBEDTLS_TLS_EXT_SESSION_TICKET: u32 = 35;
-pub const MBEDTLS_TLS_EXT_PRE_SHARED_KEY: u32 = 41;
-pub const MBEDTLS_TLS_EXT_EARLY_DATA: u32 = 42;
-pub const MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS: u32 = 43;
-pub const MBEDTLS_TLS_EXT_COOKIE: u32 = 44;
-pub const MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES: u32 = 45;
-pub const MBEDTLS_TLS_EXT_CERT_AUTH: u32 = 47;
-pub const MBEDTLS_TLS_EXT_OID_FILTERS: u32 = 48;
-pub const MBEDTLS_TLS_EXT_POST_HANDSHAKE_AUTH: u32 = 49;
-pub const MBEDTLS_TLS_EXT_SIG_ALG_CERT: u32 = 50;
-pub const MBEDTLS_TLS_EXT_KEY_SHARE: u32 = 51;
-pub const MBEDTLS_TLS_EXT_CID: u32 = 54;
-pub const MBEDTLS_TLS_EXT_ECJPAKE_KKPP: u32 = 256;
-pub const MBEDTLS_TLS_EXT_RENEGOTIATION_INFO: u32 = 65281;
-pub const MBEDTLS_PSK_MAX_LEN: u32 = 48;
-pub const MBEDTLS_TLS1_3_MD_MAX_SIZE: u32 = 64;
-pub const MBEDTLS_SSL_SEQUENCE_NUMBER_LEN: u32 = 8;
-pub const MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION: u32 = 1;
-pub const MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION: u32 = 4;
-pub const MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA: u32 = 8;
-pub const MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK: u32 = 13;
-pub const MBEDTLS_SSL_UNEXPECTED_CID_IGNORE: u32 = 0;
-pub const MBEDTLS_SSL_UNEXPECTED_CID_FAIL: u32 = 1;
-pub const MBEDTLS_ERR_ENTROPY_SOURCE_FAILED: i32 = -60;
-pub const MBEDTLS_ERR_ENTROPY_MAX_SOURCES: i32 = -62;
-pub const MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED: i32 = -64;
-pub const MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE: i32 = -61;
-pub const MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR: i32 = -63;
-pub const MBEDTLS_ENTROPY_MAX_SOURCES: u32 = 20;
-pub const MBEDTLS_ENTROPY_MAX_GATHER: u32 = 128;
-pub const MBEDTLS_ENTROPY_BLOCK_SIZE: u32 = 64;
-pub const MBEDTLS_ENTROPY_MAX_SEED_SIZE: u32 = 1024;
-pub const MBEDTLS_ENTROPY_SOURCE_MANUAL: u32 = 20;
-pub const MBEDTLS_ENTROPY_SOURCE_STRONG: u32 = 1;
-pub const MBEDTLS_ENTROPY_SOURCE_WEAK: u32 = 0;
-pub const MBEDTLS_PRINTF_SIZET: &[u8; 3usize] = b"zu\0";
-pub const MBEDTLS_PRINTF_LONGLONG: &[u8; 4usize] = b"lld\0";
-pub const MBEDTLS_AES_ENCRYPT: u32 = 1;
-pub const MBEDTLS_AES_DECRYPT: u32 = 0;
-pub const MBEDTLS_ERR_AES_INVALID_KEY_LENGTH: i32 = -32;
-pub const MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH: i32 = -34;
-pub const MBEDTLS_ERR_AES_BAD_INPUT_DATA: i32 = -33;
-pub const MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED: i32 = -52;
-pub const MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG: i32 = -54;
-pub const MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG: i32 = -56;
-pub const MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR: i32 = -58;
-pub const MBEDTLS_CTR_DRBG_BLOCKSIZE: u32 = 16;
-pub const MBEDTLS_CTR_DRBG_KEYSIZE: u32 = 32;
-pub const MBEDTLS_CTR_DRBG_KEYBITS: u32 = 256;
-pub const MBEDTLS_CTR_DRBG_SEEDLEN: u32 = 48;
-pub const MBEDTLS_CTR_DRBG_ENTROPY_LEN: u32 = 48;
-pub const MBEDTLS_CTR_DRBG_RESEED_INTERVAL: u32 = 10000;
-pub const MBEDTLS_CTR_DRBG_MAX_INPUT: u32 = 256;
-pub const MBEDTLS_CTR_DRBG_MAX_REQUEST: u32 = 1024;
-pub const MBEDTLS_CTR_DRBG_MAX_SEED_INPUT: u32 = 384;
-pub const MBEDTLS_CTR_DRBG_PR_OFF: u32 = 0;
-pub const MBEDTLS_CTR_DRBG_PR_ON: u32 = 1;
-pub const MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN: u32 = 0;
-pub type __int8_t = crate::c_types::c_schar;
-pub type __uint8_t = crate::c_types::c_uchar;
-pub type __int16_t = crate::c_types::c_short;
-pub type __uint16_t = crate::c_types::c_ushort;
-pub type __int32_t = crate::c_types::c_int;
-pub type __uint32_t = crate::c_types::c_uint;
-pub type __int64_t = crate::c_types::c_longlong;
-pub type __uint64_t = crate::c_types::c_ulonglong;
-pub type __int_least8_t = crate::c_types::c_schar;
-pub type __uint_least8_t = crate::c_types::c_uchar;
-pub type __int_least16_t = crate::c_types::c_short;
-pub type __uint_least16_t = crate::c_types::c_ushort;
-pub type __int_least32_t = crate::c_types::c_int;
-pub type __uint_least32_t = crate::c_types::c_uint;
-pub type __int_least64_t = crate::c_types::c_longlong;
-pub type __uint_least64_t = crate::c_types::c_ulonglong;
-pub type __intmax_t = crate::c_types::c_longlong;
-pub type __uintmax_t = crate::c_types::c_ulonglong;
-pub type __intptr_t = crate::c_types::c_int;
-pub type __uintptr_t = crate::c_types::c_uint;
-pub type size_t = crate::c_types::c_uint;
-pub type wchar_t = crate::c_types::c_int;
-#[repr(C)]
-#[repr(align(16))]
-#[derive(Copy, Clone)]
-pub struct max_align_t {
-    pub __clang_max_align_nonce1: crate::c_types::c_longlong,
-    pub __bindgen_padding_0: u64,
-    pub __clang_max_align_nonce2: u128,
-}
-pub type intmax_t = __intmax_t;
-pub type uintmax_t = __uintmax_t;
-pub type int_least8_t = __int_least8_t;
-pub type uint_least8_t = __uint_least8_t;
-pub type int_least16_t = __int_least16_t;
-pub type uint_least16_t = __uint_least16_t;
-pub type int_least32_t = __int_least32_t;
-pub type uint_least32_t = __uint_least32_t;
-pub type int_least64_t = __int_least64_t;
-pub type uint_least64_t = __uint_least64_t;
-pub type int_fast8_t = crate::c_types::c_schar;
-pub type uint_fast8_t = crate::c_types::c_uchar;
-pub type int_fast16_t = crate::c_types::c_short;
-pub type uint_fast16_t = crate::c_types::c_ushort;
-pub type int_fast32_t = crate::c_types::c_int;
-pub type uint_fast32_t = crate::c_types::c_uint;
-pub type int_fast64_t = crate::c_types::c_longlong;
-pub type uint_fast64_t = crate::c_types::c_ulonglong;
-pub type mbedtls_iso_c_forbids_empty_translation_units = crate::c_types::c_int;
-extern "C" {
-    #[doc = " \\brief       Securely zeroize a buffer"]
-    #[doc = ""]
-    #[doc = "              The function is meant to wipe the data contained in a buffer so"]
-    #[doc = "              that it can no longer be recovered even if the program memory"]
-    #[doc = "              is later compromised. Call this function on sensitive data"]
-    #[doc = "              stored on the stack before returning from a function, and on"]
-    #[doc = "              sensitive data stored on the heap before freeing the heap"]
-    #[doc = "              object."]
-    #[doc = ""]
-    #[doc = "              It is extremely difficult to guarantee that calls to"]
-    #[doc = "              mbedtls_platform_zeroize() are not removed by aggressive"]
-    #[doc = "              compiler optimizations in a portable way. For this reason, Mbed"]
-    #[doc = "              TLS provides the configuration option"]
-    #[doc = "              MBEDTLS_PLATFORM_ZEROIZE_ALT, which allows users to configure"]
-    #[doc = "              mbedtls_platform_zeroize() to use a suitable implementation for"]
-    #[doc = "              their platform and needs"]
-    #[doc = ""]
-    #[doc = " \\param buf   Buffer to be zeroized"]
-    #[doc = " \\param len   Length of the buffer in bytes"]
-    #[doc = ""]
-    pub fn mbedtls_platform_zeroize(buf: *mut crate::c_types::c_void, len: size_t);
-}
-pub type mbedtls_mpi_sint = i32;
-pub type mbedtls_mpi_uint = u32;
-pub type mbedtls_t_udbl = u64;
-#[doc = " \\brief          MPI structure"]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_mpi {
-    pub private_s: crate::c_types::c_int,
-    pub private_n: size_t,
-    pub private_p: *mut mbedtls_mpi_uint,
-}
-extern "C" {
-    #[doc = " \\brief           Initialize an MPI context."]
-    #[doc = ""]
-    #[doc = "                  This makes the MPI ready to be set or freed,"]
-    #[doc = "                  but does not define a value for the MPI."]
-    #[doc = ""]
-    #[doc = " \\param X         The MPI context to initialize. This must not be \\c NULL."]
-    pub fn mbedtls_mpi_init(X: *mut mbedtls_mpi);
-}
-extern "C" {
-    #[doc = " \\brief          This function frees the components of an MPI context."]
-    #[doc = ""]
-    #[doc = " \\param X        The MPI context to be cleared. This may be \\c NULL,"]
-    #[doc = "                 in which case this function is a no-op. If it is"]
-    #[doc = "                 not \\c NULL, it must point to an initialized MPI."]
-    pub fn mbedtls_mpi_free(X: *mut mbedtls_mpi);
-}
-extern "C" {
-    #[doc = " \\brief          Enlarge an MPI to the specified number of limbs."]
-    #[doc = ""]
-    #[doc = " \\note           This function does nothing if the MPI is"]
-    #[doc = "                 already large enough."]
-    #[doc = ""]
-    #[doc = " \\param X        The MPI to grow. It must be initialized."]
-    #[doc = " \\param nblimbs  The target number of limbs."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed."]
-    #[doc = " \\return         Another negative error code on other kinds of failure."]
-    pub fn mbedtls_mpi_grow(X: *mut mbedtls_mpi, nblimbs: size_t) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function resizes an MPI downwards, keeping at least the"]
-    #[doc = "                 specified number of limbs."]
-    #[doc = ""]
-    #[doc = "                 If \\c X is smaller than \\c nblimbs, it is resized up"]
-    #[doc = "                 instead."]
-    #[doc = ""]
-    #[doc = " \\param X        The MPI to shrink. This must point to an initialized MPI."]
-    #[doc = " \\param nblimbs  The minimum number of limbs to keep."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed"]
-    #[doc = "                 (this can only happen when resizing up)."]
-    #[doc = " \\return         Another negative error code on other kinds of failure."]
-    pub fn mbedtls_mpi_shrink(X: *mut mbedtls_mpi, nblimbs: size_t) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Make a copy of an MPI."]
-    #[doc = ""]
-    #[doc = " \\param X        The destination MPI. This must point to an initialized MPI."]
-    #[doc = " \\param Y        The source MPI. This must point to an initialized MPI."]
-    #[doc = ""]
-    #[doc = " \\note           The limb-buffer in the destination MPI is enlarged"]
-    #[doc = "                 if necessary to hold the value in the source MPI."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed."]
-    #[doc = " \\return         Another negative error code on other kinds of failure."]
-    pub fn mbedtls_mpi_copy(X: *mut mbedtls_mpi, Y: *const mbedtls_mpi) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Swap the contents of two MPIs."]
-    #[doc = ""]
-    #[doc = " \\param X        The first MPI. It must be initialized."]
-    #[doc = " \\param Y        The second MPI. It must be initialized."]
-    pub fn mbedtls_mpi_swap(X: *mut mbedtls_mpi, Y: *mut mbedtls_mpi);
-}
-extern "C" {
-    #[doc = " \\brief          Perform a safe conditional copy of MPI which doesn't"]
-    #[doc = "                 reveal whether the condition was true or not."]
-    #[doc = ""]
-    #[doc = " \\param X        The MPI to conditionally assign to. This must point"]
-    #[doc = "                 to an initialized MPI."]
-    #[doc = " \\param Y        The MPI to be assigned from. This must point to an"]
-    #[doc = "                 initialized MPI."]
-    #[doc = " \\param assign   The condition deciding whether to perform the"]
-    #[doc = "                 assignment or not. Must be either 0 or 1:"]
-    #[doc = "                 * \\c 1: Perform the assignment `X = Y`."]
-    #[doc = "                 * \\c 0: Keep the original value of \\p X."]
-    #[doc = ""]
-    #[doc = " \\note           This function is equivalent to"]
-    #[doc = "                      `if( assign ) mbedtls_mpi_copy( X, Y );`"]
-    #[doc = "                 except that it avoids leaking any information about whether"]
-    #[doc = "                 the assignment was done or not (the above code may leak"]
-    #[doc = "                 information through branch prediction and/or memory access"]
-    #[doc = "                 patterns analysis)."]
-    #[doc = ""]
-    #[doc = " \\warning        If \\p assign is neither 0 nor 1, the result of this function"]
-    #[doc = "                 is indeterminate, and the resulting value in \\p X might be"]
-    #[doc = "                 neither its original value nor the value in \\p Y."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed."]
-    #[doc = " \\return         Another negative error code on other kinds of failure."]
-    pub fn mbedtls_mpi_safe_cond_assign(
-        X: *mut mbedtls_mpi,
-        Y: *const mbedtls_mpi,
-        assign: crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Perform a safe conditional swap which doesn't"]
-    #[doc = "                 reveal whether the condition was true or not."]
-    #[doc = ""]
-    #[doc = " \\param X        The first MPI. This must be initialized."]
-    #[doc = " \\param Y        The second MPI. This must be initialized."]
-    #[doc = " \\param swap     The condition deciding whether to perform"]
-    #[doc = "                 the swap or not. Must be either 0 or 1:"]
-    #[doc = "                 * \\c 1: Swap the values of \\p X and \\p Y."]
-    #[doc = "                 * \\c 0: Keep the original values of \\p X and \\p Y."]
-    #[doc = ""]
-    #[doc = " \\note           This function is equivalent to"]
-    #[doc = "                      if( swap ) mbedtls_mpi_swap( X, Y );"]
-    #[doc = "                 except that it avoids leaking any information about whether"]
-    #[doc = "                 the swap was done or not (the above code may leak"]
-    #[doc = "                 information through branch prediction and/or memory access"]
-    #[doc = "                 patterns analysis)."]
-    #[doc = ""]
-    #[doc = " \\warning        If \\p swap is neither 0 nor 1, the result of this function"]
-    #[doc = "                 is indeterminate, and both \\p X and \\p Y might end up with"]
-    #[doc = "                 values different to either of the original ones."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed."]
-    #[doc = " \\return         Another negative error code on other kinds of failure."]
-    #[doc = ""]
-    pub fn mbedtls_mpi_safe_cond_swap(
-        X: *mut mbedtls_mpi,
-        Y: *mut mbedtls_mpi,
-        swap: crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Store integer value in MPI."]
-    #[doc = ""]
-    #[doc = " \\param X        The MPI to set. This must be initialized."]
-    #[doc = " \\param z        The value to use."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed."]
-    #[doc = " \\return         Another negative error code on other kinds of failure."]
-    pub fn mbedtls_mpi_lset(X: *mut mbedtls_mpi, z: mbedtls_mpi_sint) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Get a specific bit from an MPI."]
-    #[doc = ""]
-    #[doc = " \\param X        The MPI to query. This must be initialized."]
-    #[doc = " \\param pos      Zero-based index of the bit to query."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 or \\c 1 on success, depending on whether bit \\c pos"]
-    #[doc = "                 of \\c X is unset or set."]
-    #[doc = " \\return         A negative error code on failure."]
-    pub fn mbedtls_mpi_get_bit(X: *const mbedtls_mpi, pos: size_t) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Modify a specific bit in an MPI."]
-    #[doc = ""]
-    #[doc = " \\note           This function will grow the target MPI if necessary to set a"]
-    #[doc = "                 bit to \\c 1 in a not yet existing limb. It will not grow if"]
-    #[doc = "                 the bit should be set to \\c 0."]
-    #[doc = ""]
-    #[doc = " \\param X        The MPI to modify. This must be initialized."]
-    #[doc = " \\param pos      Zero-based index of the bit to modify."]
-    #[doc = " \\param val      The desired value of bit \\c pos: \\c 0 or \\c 1."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed."]
-    #[doc = " \\return         Another negative error code on other kinds of failure."]
-    pub fn mbedtls_mpi_set_bit(
-        X: *mut mbedtls_mpi,
-        pos: size_t,
-        val: crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Return the number of bits of value \\c 0 before the"]
-    #[doc = "                 least significant bit of value \\c 1."]
-    #[doc = ""]
-    #[doc = " \\note           This is the same as the zero-based index of"]
-    #[doc = "                 the least significant bit of value \\c 1."]
-    #[doc = ""]
-    #[doc = " \\param X        The MPI to query."]
-    #[doc = ""]
-    #[doc = " \\return         The number of bits of value \\c 0 before the least significant"]
-    #[doc = "                 bit of value \\c 1 in \\p X."]
-    pub fn mbedtls_mpi_lsb(X: *const mbedtls_mpi) -> size_t;
-}
-extern "C" {
-    #[doc = " \\brief          Return the number of bits up to and including the most"]
-    #[doc = "                 significant bit of value \\c 1."]
-    #[doc = ""]
-    #[doc = " * \\note         This is same as the one-based index of the most"]
-    #[doc = "                 significant bit of value \\c 1."]
-    #[doc = ""]
-    #[doc = " \\param X        The MPI to query. This must point to an initialized MPI."]
-    #[doc = ""]
-    #[doc = " \\return         The number of bits up to and including the most"]
-    #[doc = "                 significant bit of value \\c 1."]
-    pub fn mbedtls_mpi_bitlen(X: *const mbedtls_mpi) -> size_t;
-}
-extern "C" {
-    #[doc = " \\brief          Return the total size of an MPI value in bytes."]
-    #[doc = ""]
-    #[doc = " \\param X        The MPI to use. This must point to an initialized MPI."]
-    #[doc = ""]
-    #[doc = " \\note           The value returned by this function may be less than"]
-    #[doc = "                 the number of bytes used to store \\p X internally."]
-    #[doc = "                 This happens if and only if there are trailing bytes"]
-    #[doc = "                 of value zero."]
-    #[doc = ""]
-    #[doc = " \\return         The least number of bytes capable of storing"]
-    #[doc = "                 the absolute value of \\p X."]
-    pub fn mbedtls_mpi_size(X: *const mbedtls_mpi) -> size_t;
-}
-extern "C" {
-    #[doc = " \\brief          Import an MPI from an ASCII string."]
-    #[doc = ""]
-    #[doc = " \\param X        The destination MPI. This must point to an initialized MPI."]
-    #[doc = " \\param radix    The numeric base of the input string."]
-    #[doc = " \\param s        Null-terminated string buffer."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful."]
-    #[doc = " \\return         A negative error code on failure."]
-    pub fn mbedtls_mpi_read_string(
-        X: *mut mbedtls_mpi,
-        radix: crate::c_types::c_int,
-        s: *const crate::c_types::c_char,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Export an MPI to an ASCII string."]
-    #[doc = ""]
-    #[doc = " \\param X        The source MPI. This must point to an initialized MPI."]
-    #[doc = " \\param radix    The numeric base of the output string."]
-    #[doc = " \\param buf      The buffer to write the string to. This must be writable"]
-    #[doc = "                 buffer of length \\p buflen Bytes."]
-    #[doc = " \\param buflen   The available size in Bytes of \\p buf."]
-    #[doc = " \\param olen     The address at which to store the length of the string"]
-    #[doc = "                 written, including the  final \\c NULL byte. This must"]
-    #[doc = "                 not be \\c NULL."]
-    #[doc = ""]
-    #[doc = " \\note           You can call this function with `buflen == 0` to obtain the"]
-    #[doc = "                 minimum required buffer size in `*olen`."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if the target buffer \\p buf"]
-    #[doc = "                 is too small to hold the value of \\p X in the desired base."]
-    #[doc = "                 In this case, `*olen` is nonetheless updated to contain the"]
-    #[doc = "                 size of \\p buf required for a successful call."]
-    #[doc = " \\return         Another negative error code on different kinds of failure."]
-    pub fn mbedtls_mpi_write_string(
-        X: *const mbedtls_mpi,
-        radix: crate::c_types::c_int,
-        buf: *mut crate::c_types::c_char,
-        buflen: size_t,
-        olen: *mut size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Import an MPI from unsigned big endian binary data."]
-    #[doc = ""]
-    #[doc = " \\param X        The destination MPI. This must point to an initialized MPI."]
-    #[doc = " \\param buf      The input buffer. This must be a readable buffer of length"]
-    #[doc = "                 \\p buflen Bytes."]
-    #[doc = " \\param buflen   The length of the input buffer \\p p in Bytes."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed."]
-    #[doc = " \\return         Another negative error code on different kinds of failure."]
-    pub fn mbedtls_mpi_read_binary(
-        X: *mut mbedtls_mpi,
-        buf: *const crate::c_types::c_uchar,
-        buflen: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Import X from unsigned binary data, little endian"]
-    #[doc = ""]
-    #[doc = " \\param X        The destination MPI. This must point to an initialized MPI."]
-    #[doc = " \\param buf      The input buffer. This must be a readable buffer of length"]
-    #[doc = "                 \\p buflen Bytes."]
-    #[doc = " \\param buflen   The length of the input buffer \\p p in Bytes."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed."]
-    #[doc = " \\return         Another negative error code on different kinds of failure."]
-    pub fn mbedtls_mpi_read_binary_le(
-        X: *mut mbedtls_mpi,
-        buf: *const crate::c_types::c_uchar,
-        buflen: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Export X into unsigned binary data, big endian."]
-    #[doc = "                 Always fills the whole buffer, which will start with zeros"]
-    #[doc = "                 if the number is smaller."]
-    #[doc = ""]
-    #[doc = " \\param X        The source MPI. This must point to an initialized MPI."]
-    #[doc = " \\param buf      The output buffer. This must be a writable buffer of length"]
-    #[doc = "                 \\p buflen Bytes."]
-    #[doc = " \\param buflen   The size of the output buffer \\p buf in Bytes."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \\p buf isn't"]
-    #[doc = "                 large enough to hold the value of \\p X."]
-    #[doc = " \\return         Another negative error code on different kinds of failure."]
-    pub fn mbedtls_mpi_write_binary(
-        X: *const mbedtls_mpi,
-        buf: *mut crate::c_types::c_uchar,
-        buflen: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Export X into unsigned binary data, little endian."]
-    #[doc = "                 Always fills the whole buffer, which will end with zeros"]
-    #[doc = "                 if the number is smaller."]
-    #[doc = ""]
-    #[doc = " \\param X        The source MPI. This must point to an initialized MPI."]
-    #[doc = " \\param buf      The output buffer. This must be a writable buffer of length"]
-    #[doc = "                 \\p buflen Bytes."]
-    #[doc = " \\param buflen   The size of the output buffer \\p buf in Bytes."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \\p buf isn't"]
-    #[doc = "                 large enough to hold the value of \\p X."]
-    #[doc = " \\return         Another negative error code on different kinds of failure."]
-    pub fn mbedtls_mpi_write_binary_le(
-        X: *const mbedtls_mpi,
-        buf: *mut crate::c_types::c_uchar,
-        buflen: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Perform a left-shift on an MPI: X <<= count"]
-    #[doc = ""]
-    #[doc = " \\param X        The MPI to shift. This must point to an initialized MPI."]
-    #[doc = " \\param count    The number of bits to shift by."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed."]
-    #[doc = " \\return         Another negative error code on different kinds of failure."]
-    pub fn mbedtls_mpi_shift_l(X: *mut mbedtls_mpi, count: size_t) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Perform a right-shift on an MPI: X >>= count"]
-    #[doc = ""]
-    #[doc = " \\param X        The MPI to shift. This must point to an initialized MPI."]
-    #[doc = " \\param count    The number of bits to shift by."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed."]
-    #[doc = " \\return         Another negative error code on different kinds of failure."]
-    pub fn mbedtls_mpi_shift_r(X: *mut mbedtls_mpi, count: size_t) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Compare the absolute values of two MPIs."]
-    #[doc = ""]
-    #[doc = " \\param X        The left-hand MPI. This must point to an initialized MPI."]
-    #[doc = " \\param Y        The right-hand MPI. This must point to an initialized MPI."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 1 if `|X|` is greater than `|Y|`."]
-    #[doc = " \\return         \\c -1 if `|X|` is lesser than `|Y|`."]
-    #[doc = " \\return         \\c 0 if `|X|` is equal to `|Y|`."]
-    pub fn mbedtls_mpi_cmp_abs(
-        X: *const mbedtls_mpi,
-        Y: *const mbedtls_mpi,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Compare two MPIs."]
-    #[doc = ""]
-    #[doc = " \\param X        The left-hand MPI. This must point to an initialized MPI."]
-    #[doc = " \\param Y        The right-hand MPI. This must point to an initialized MPI."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 1 if \\p X is greater than \\p Y."]
-    #[doc = " \\return         \\c -1 if \\p X is lesser than \\p Y."]
-    #[doc = " \\return         \\c 0 if \\p X is equal to \\p Y."]
-    pub fn mbedtls_mpi_cmp_mpi(
-        X: *const mbedtls_mpi,
-        Y: *const mbedtls_mpi,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Check if an MPI is less than the other in constant time."]
-    #[doc = ""]
-    #[doc = " \\param X        The left-hand MPI. This must point to an initialized MPI"]
-    #[doc = "                 with the same allocated length as Y."]
-    #[doc = " \\param Y        The right-hand MPI. This must point to an initialized MPI"]
-    #[doc = "                 with the same allocated length as X."]
-    #[doc = " \\param ret      The result of the comparison:"]
-    #[doc = "                 \\c 1 if \\p X is less than \\p Y."]
-    #[doc = "                 \\c 0 if \\p X is greater than or equal to \\p Y."]
-    #[doc = ""]
-    #[doc = " \\return         0 on success."]
-    #[doc = " \\return         MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the allocated length of"]
-    #[doc = "                 the two input MPIs is not the same."]
-    pub fn mbedtls_mpi_lt_mpi_ct(
-        X: *const mbedtls_mpi,
-        Y: *const mbedtls_mpi,
-        ret: *mut crate::c_types::c_uint,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Compare an MPI with an integer."]
-    #[doc = ""]
-    #[doc = " \\param X        The left-hand MPI. This must point to an initialized MPI."]
-    #[doc = " \\param z        The integer value to compare \\p X to."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 1 if \\p X is greater than \\p z."]
-    #[doc = " \\return         \\c -1 if \\p X is lesser than \\p z."]
-    #[doc = " \\return         \\c 0 if \\p X is equal to \\p z."]
-    pub fn mbedtls_mpi_cmp_int(X: *const mbedtls_mpi, z: mbedtls_mpi_sint)
-        -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Perform an unsigned addition of MPIs: X = |A| + |B|"]
-    #[doc = ""]
-    #[doc = " \\param X        The destination MPI. This must point to an initialized MPI."]
-    #[doc = " \\param A        The first summand. This must point to an initialized MPI."]
-    #[doc = " \\param B        The second summand. This must point to an initialized MPI."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed."]
-    #[doc = " \\return         Another negative error code on different kinds of failure."]
-    pub fn mbedtls_mpi_add_abs(
-        X: *mut mbedtls_mpi,
-        A: *const mbedtls_mpi,
-        B: *const mbedtls_mpi,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Perform an unsigned subtraction of MPIs: X = |A| - |B|"]
-    #[doc = ""]
-    #[doc = " \\param X        The destination MPI. This must point to an initialized MPI."]
-    #[doc = " \\param A        The minuend. This must point to an initialized MPI."]
-    #[doc = " \\param B        The subtrahend. This must point to an initialized MPI."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \\p B is greater than \\p A."]
-    #[doc = " \\return         Another negative error code on different kinds of failure."]
-    #[doc = ""]
-    pub fn mbedtls_mpi_sub_abs(
-        X: *mut mbedtls_mpi,
-        A: *const mbedtls_mpi,
-        B: *const mbedtls_mpi,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Perform a signed addition of MPIs: X = A + B"]
-    #[doc = ""]
-    #[doc = " \\param X        The destination MPI. This must point to an initialized MPI."]
-    #[doc = " \\param A        The first summand. This must point to an initialized MPI."]
-    #[doc = " \\param B        The second summand. This must point to an initialized MPI."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed."]
-    #[doc = " \\return         Another negative error code on different kinds of failure."]
-    pub fn mbedtls_mpi_add_mpi(
-        X: *mut mbedtls_mpi,
-        A: *const mbedtls_mpi,
-        B: *const mbedtls_mpi,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Perform a signed subtraction of MPIs: X = A - B"]
-    #[doc = ""]
-    #[doc = " \\param X        The destination MPI. This must point to an initialized MPI."]
-    #[doc = " \\param A        The minuend. This must point to an initialized MPI."]
-    #[doc = " \\param B        The subtrahend. This must point to an initialized MPI."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed."]
-    #[doc = " \\return         Another negative error code on different kinds of failure."]
-    pub fn mbedtls_mpi_sub_mpi(
-        X: *mut mbedtls_mpi,
-        A: *const mbedtls_mpi,
-        B: *const mbedtls_mpi,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Perform a signed addition of an MPI and an integer: X = A + b"]
-    #[doc = ""]
-    #[doc = " \\param X        The destination MPI. This must point to an initialized MPI."]
-    #[doc = " \\param A        The first summand. This must point to an initialized MPI."]
-    #[doc = " \\param b        The second summand."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed."]
-    #[doc = " \\return         Another negative error code on different kinds of failure."]
-    pub fn mbedtls_mpi_add_int(
-        X: *mut mbedtls_mpi,
-        A: *const mbedtls_mpi,
-        b: mbedtls_mpi_sint,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Perform a signed subtraction of an MPI and an integer:"]
-    #[doc = "                 X = A - b"]
-    #[doc = ""]
-    #[doc = " \\param X        The destination MPI. This must point to an initialized MPI."]
-    #[doc = " \\param A        The minuend. This must point to an initialized MPI."]
-    #[doc = " \\param b        The subtrahend."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed."]
-    #[doc = " \\return         Another negative error code on different kinds of failure."]
-    pub fn mbedtls_mpi_sub_int(
-        X: *mut mbedtls_mpi,
-        A: *const mbedtls_mpi,
-        b: mbedtls_mpi_sint,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Perform a multiplication of two MPIs: X = A * B"]
-    #[doc = ""]
-    #[doc = " \\param X        The destination MPI. This must point to an initialized MPI."]
-    #[doc = " \\param A        The first factor. This must point to an initialized MPI."]
-    #[doc = " \\param B        The second factor. This must point to an initialized MPI."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed."]
-    #[doc = " \\return         Another negative error code on different kinds of failure."]
-    #[doc = ""]
-    pub fn mbedtls_mpi_mul_mpi(
-        X: *mut mbedtls_mpi,
-        A: *const mbedtls_mpi,
-        B: *const mbedtls_mpi,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Perform a multiplication of an MPI with an unsigned integer:"]
-    #[doc = "                 X = A * b"]
-    #[doc = ""]
-    #[doc = " \\param X        The destination MPI. This must point to an initialized MPI."]
-    #[doc = " \\param A        The first factor. This must point to an initialized MPI."]
-    #[doc = " \\param b        The second factor."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed."]
-    #[doc = " \\return         Another negative error code on different kinds of failure."]
-    #[doc = ""]
-    pub fn mbedtls_mpi_mul_int(
-        X: *mut mbedtls_mpi,
-        A: *const mbedtls_mpi,
-        b: mbedtls_mpi_uint,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Perform a division with remainder of two MPIs:"]
-    #[doc = "                 A = Q * B + R"]
-    #[doc = ""]
-    #[doc = " \\param Q        The destination MPI for the quotient."]
-    #[doc = "                 This may be \\c NULL if the value of the"]
-    #[doc = "                 quotient is not needed. This must not alias A or B."]
-    #[doc = " \\param R        The destination MPI for the remainder value."]
-    #[doc = "                 This may be \\c NULL if the value of the"]
-    #[doc = "                 remainder is not needed. This must not alias A or B."]
-    #[doc = " \\param A        The dividend. This must point to an initialized MPI."]
-    #[doc = " \\param B        The divisor. This must point to an initialized MPI."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \\p B equals zero."]
-    #[doc = " \\return         Another negative error code on different kinds of failure."]
-    pub fn mbedtls_mpi_div_mpi(
-        Q: *mut mbedtls_mpi,
-        R: *mut mbedtls_mpi,
-        A: *const mbedtls_mpi,
-        B: *const mbedtls_mpi,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Perform a division with remainder of an MPI by an integer:"]
-    #[doc = "                 A = Q * b + R"]
-    #[doc = ""]
-    #[doc = " \\param Q        The destination MPI for the quotient."]
-    #[doc = "                 This may be \\c NULL if the value of the"]
-    #[doc = "                 quotient is not needed.  This must not alias A."]
-    #[doc = " \\param R        The destination MPI for the remainder value."]
-    #[doc = "                 This may be \\c NULL if the value of the"]
-    #[doc = "                 remainder is not needed.  This must not alias A."]
-    #[doc = " \\param A        The dividend. This must point to an initialized MPi."]
-    #[doc = " \\param b        The divisor."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \\p b equals zero."]
-    #[doc = " \\return         Another negative error code on different kinds of failure."]
-    pub fn mbedtls_mpi_div_int(
-        Q: *mut mbedtls_mpi,
-        R: *mut mbedtls_mpi,
-        A: *const mbedtls_mpi,
-        b: mbedtls_mpi_sint,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Perform a modular reduction. R = A mod B"]
-    #[doc = ""]
-    #[doc = " \\param R        The destination MPI for the residue value."]
-    #[doc = "                 This must point to an initialized MPI."]
-    #[doc = " \\param A        The MPI to compute the residue of."]
-    #[doc = "                 This must point to an initialized MPI."]
-    #[doc = " \\param B        The base of the modular reduction."]
-    #[doc = "                 This must point to an initialized MPI."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \\p B equals zero."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \\p B is negative."]
-    #[doc = " \\return         Another negative error code on different kinds of failure."]
-    #[doc = ""]
-    pub fn mbedtls_mpi_mod_mpi(
-        R: *mut mbedtls_mpi,
-        A: *const mbedtls_mpi,
-        B: *const mbedtls_mpi,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Perform a modular reduction with respect to an integer."]
-    #[doc = "                 r = A mod b"]
-    #[doc = ""]
-    #[doc = " \\param r        The address at which to store the residue."]
-    #[doc = "                 This must not be \\c NULL."]
-    #[doc = " \\param A        The MPI to compute the residue of."]
-    #[doc = "                 This must point to an initialized MPi."]
-    #[doc = " \\param b        The integer base of the modular reduction."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \\p b equals zero."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \\p b is negative."]
-    #[doc = " \\return         Another negative error code on different kinds of failure."]
-    pub fn mbedtls_mpi_mod_int(
-        r: *mut mbedtls_mpi_uint,
-        A: *const mbedtls_mpi,
-        b: mbedtls_mpi_sint,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Perform a sliding-window exponentiation: X = A^E mod N"]
-    #[doc = ""]
-    #[doc = " \\param X        The destination MPI. This must point to an initialized MPI."]
-    #[doc = "                 This must not alias E or N."]
-    #[doc = " \\param A        The base of the exponentiation."]
-    #[doc = "                 This must point to an initialized MPI."]
-    #[doc = " \\param E        The exponent MPI. This must point to an initialized MPI."]
-    #[doc = " \\param N        The base for the modular reduction. This must point to an"]
-    #[doc = "                 initialized MPI."]
-    #[doc = " \\param prec_RR  A helper MPI depending solely on \\p N which can be used to"]
-    #[doc = "                 speed-up multiple modular exponentiations for the same value"]
-    #[doc = "                 of \\p N. This may be \\c NULL. If it is not \\c NULL, it must"]
-    #[doc = "                 point to an initialized MPI. If it hasn't been used after"]
-    #[doc = "                 the call to mbedtls_mpi_init(), this function will compute"]
-    #[doc = "                 the helper value and store it in \\p prec_RR for reuse on"]
-    #[doc = "                 subsequent calls to this function. Otherwise, the function"]
-    #[doc = "                 will assume that \\p prec_RR holds the helper value set by a"]
-    #[doc = "                 previous call to mbedtls_mpi_exp_mod(), and reuse it."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \\c N is negative or"]
-    #[doc = "                 even, or if \\c E is negative."]
-    #[doc = " \\return         Another negative error code on different kinds of failures."]
-    #[doc = ""]
-    pub fn mbedtls_mpi_exp_mod(
-        X: *mut mbedtls_mpi,
-        A: *const mbedtls_mpi,
-        E: *const mbedtls_mpi,
-        N: *const mbedtls_mpi,
-        prec_RR: *mut mbedtls_mpi,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Fill an MPI with a number of random bytes."]
-    #[doc = ""]
-    #[doc = " \\param X        The destination MPI. This must point to an initialized MPI."]
-    #[doc = " \\param size     The number of random bytes to generate."]
-    #[doc = " \\param f_rng    The RNG function to use. This must not be \\c NULL."]
-    #[doc = " \\param p_rng    The RNG parameter to be passed to \\p f_rng. This may be"]
-    #[doc = "                 \\c NULL if \\p f_rng doesn't need a context argument."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed."]
-    #[doc = " \\return         Another negative error code on failure."]
-    #[doc = ""]
-    #[doc = " \\note           The bytes obtained from the RNG are interpreted"]
-    #[doc = "                 as a big-endian representation of an MPI; this can"]
-    #[doc = "                 be relevant in applications like deterministic ECDSA."]
-    pub fn mbedtls_mpi_fill_random(
-        X: *mut mbedtls_mpi,
-        size: size_t,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " Generate a random number uniformly in a range."]
-    #[doc = ""]
-    #[doc = " This function generates a random number between \\p min inclusive and"]
-    #[doc = " \\p N exclusive."]
-    #[doc = ""]
-    #[doc = " The procedure complies with RFC 6979 §3.3 (deterministic ECDSA)"]
-    #[doc = " when the RNG is a suitably parametrized instance of HMAC_DRBG"]
-    #[doc = " and \\p min is \\c 1."]
-    #[doc = ""]
-    #[doc = " \\note           There are `N - min` possible outputs. The lower bound"]
-    #[doc = "                 \\p min can be reached, but the upper bound \\p N cannot."]
-    #[doc = ""]
-    #[doc = " \\param X        The destination MPI. This must point to an initialized MPI."]
-    #[doc = " \\param min      The minimum value to return."]
-    #[doc = "                 It must be nonnegative."]
-    #[doc = " \\param N        The upper bound of the range, exclusive."]
-    #[doc = "                 In other words, this is one plus the maximum value to return."]
-    #[doc = "                 \\p N must be strictly larger than \\p min."]
-    #[doc = " \\param f_rng    The RNG function to use. This must not be \\c NULL."]
-    #[doc = " \\param p_rng    The RNG parameter to be passed to \\p f_rng."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \\p min or \\p N is invalid"]
-    #[doc = "                 or if they are incompatible."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if the implementation was"]
-    #[doc = "                 unable to find a suitable value within a limited number"]
-    #[doc = "                 of attempts. This has a negligible probability if \\p N"]
-    #[doc = "                 is significantly larger than \\p min, which is the case"]
-    #[doc = "                 for all usual cryptographic applications."]
-    #[doc = " \\return         Another negative error code on failure."]
-    pub fn mbedtls_mpi_random(
-        X: *mut mbedtls_mpi,
-        min: mbedtls_mpi_sint,
-        N: *const mbedtls_mpi,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Compute the greatest common divisor: G = gcd(A, B)"]
-    #[doc = ""]
-    #[doc = " \\param G        The destination MPI. This must point to an initialized MPI."]
-    #[doc = " \\param A        The first operand. This must point to an initialized MPI."]
-    #[doc = " \\param B        The second operand. This must point to an initialized MPI."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed."]
-    #[doc = " \\return         Another negative error code on different kinds of failure."]
-    pub fn mbedtls_mpi_gcd(
-        G: *mut mbedtls_mpi,
-        A: *const mbedtls_mpi,
-        B: *const mbedtls_mpi,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Compute the modular inverse: X = A^-1 mod N"]
-    #[doc = ""]
-    #[doc = " \\param X        The destination MPI. This must point to an initialized MPI."]
-    #[doc = " \\param A        The MPI to calculate the modular inverse of. This must point"]
-    #[doc = "                 to an initialized MPI."]
-    #[doc = " \\param N        The base of the modular inversion. This must point to an"]
-    #[doc = "                 initialized MPI."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \\p N is less than"]
-    #[doc = "                 or equal to one."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \\p has no modular inverse"]
-    #[doc = "                 with respect to \\p N."]
-    pub fn mbedtls_mpi_inv_mod(
-        X: *mut mbedtls_mpi,
-        A: *const mbedtls_mpi,
-        N: *const mbedtls_mpi,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Miller-Rabin primality test."]
-    #[doc = ""]
-    #[doc = " \\warning        If \\p X is potentially generated by an adversary, for example"]
-    #[doc = "                 when validating cryptographic parameters that you didn't"]
-    #[doc = "                 generate yourself and that are supposed to be prime, then"]
-    #[doc = "                 \\p rounds should be at least the half of the security"]
-    #[doc = "                 strength of the cryptographic algorithm. On the other hand,"]
-    #[doc = "                 if \\p X is chosen uniformly or non-adversarially (as is the"]
-    #[doc = "                 case when mbedtls_mpi_gen_prime calls this function), then"]
-    #[doc = "                 \\p rounds can be much lower."]
-    #[doc = ""]
-    #[doc = " \\param X        The MPI to check for primality."]
-    #[doc = "                 This must point to an initialized MPI."]
-    #[doc = " \\param rounds   The number of bases to perform the Miller-Rabin primality"]
-    #[doc = "                 test for. The probability of returning 0 on a composite is"]
-    #[doc = "                 at most 2<sup>-2*\\p rounds</sup>."]
-    #[doc = " \\param f_rng    The RNG function to use. This must not be \\c NULL."]
-    #[doc = " \\param p_rng    The RNG parameter to be passed to \\p f_rng."]
-    #[doc = "                 This may be \\c NULL if \\p f_rng doesn't use"]
-    #[doc = "                 a context parameter."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful, i.e. \\p X is probably prime."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \\p X is not prime."]
-    #[doc = " \\return         Another negative error code on other kinds of failure."]
-    pub fn mbedtls_mpi_is_prime_ext(
-        X: *const mbedtls_mpi,
-        rounds: crate::c_types::c_int,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-    ) -> crate::c_types::c_int;
-}
-#[doc = "< (X-1)/2 is prime too"]
-pub const mbedtls_mpi_gen_prime_flag_t_MBEDTLS_MPI_GEN_PRIME_FLAG_DH: mbedtls_mpi_gen_prime_flag_t =
-    1;
-#[doc = "< lower error rate from 2<sup>-80</sup> to 2<sup>-128</sup>"]
-pub const mbedtls_mpi_gen_prime_flag_t_MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR:
-    mbedtls_mpi_gen_prime_flag_t = 2;
-#[doc = " \\brief Flags for mbedtls_mpi_gen_prime()"]
-#[doc = ""]
-#[doc = " Each of these flags is a constraint on the result X returned by"]
-#[doc = " mbedtls_mpi_gen_prime()."]
-pub type mbedtls_mpi_gen_prime_flag_t = crate::c_types::c_uint;
-extern "C" {
-    #[doc = " \\brief          Generate a prime number."]
-    #[doc = ""]
-    #[doc = " \\param X        The destination MPI to store the generated prime in."]
-    #[doc = "                 This must point to an initialized MPi."]
-    #[doc = " \\param nbits    The required size of the destination MPI in bits."]
-    #[doc = "                 This must be between \\c 3 and #MBEDTLS_MPI_MAX_BITS."]
-    #[doc = " \\param flags    A mask of flags of type #mbedtls_mpi_gen_prime_flag_t."]
-    #[doc = " \\param f_rng    The RNG function to use. This must not be \\c NULL."]
-    #[doc = " \\param p_rng    The RNG parameter to be passed to \\p f_rng."]
-    #[doc = "                 This may be \\c NULL if \\p f_rng doesn't use"]
-    #[doc = "                 a context parameter."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful, in which case \\p X holds a"]
-    #[doc = "                 probably prime number."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if `nbits` is not between"]
-    #[doc = "                 \\c 3 and #MBEDTLS_MPI_MAX_BITS."]
-    pub fn mbedtls_mpi_gen_prime(
-        X: *mut mbedtls_mpi,
-        nbits: size_t,
-        flags: crate::c_types::c_int,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Checkup routine"]
-    #[doc = ""]
-    #[doc = " \\return         0 if successful, or 1 if the test failed"]
-    pub fn mbedtls_mpi_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
-}
-#[doc = "< Curve not defined."]
-pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_NONE: mbedtls_ecp_group_id = 0;
-#[doc = "< Domain parameters for the 192-bit curve defined by FIPS 186-4 and SEC1."]
-pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_SECP192R1: mbedtls_ecp_group_id = 1;
-#[doc = "< Domain parameters for the 224-bit curve defined by FIPS 186-4 and SEC1."]
-pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_SECP224R1: mbedtls_ecp_group_id = 2;
-#[doc = "< Domain parameters for the 256-bit curve defined by FIPS 186-4 and SEC1."]
-pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_SECP256R1: mbedtls_ecp_group_id = 3;
-#[doc = "< Domain parameters for the 384-bit curve defined by FIPS 186-4 and SEC1."]
-pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_SECP384R1: mbedtls_ecp_group_id = 4;
-#[doc = "< Domain parameters for the 521-bit curve defined by FIPS 186-4 and SEC1."]
-pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_SECP521R1: mbedtls_ecp_group_id = 5;
-#[doc = "< Domain parameters for 256-bit Brainpool curve."]
-pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_BP256R1: mbedtls_ecp_group_id = 6;
-#[doc = "< Domain parameters for 384-bit Brainpool curve."]
-pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_BP384R1: mbedtls_ecp_group_id = 7;
-#[doc = "< Domain parameters for 512-bit Brainpool curve."]
-pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_BP512R1: mbedtls_ecp_group_id = 8;
-#[doc = "< Domain parameters for Curve25519."]
-pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_CURVE25519: mbedtls_ecp_group_id = 9;
-#[doc = "< Domain parameters for 192-bit \"Koblitz\" curve."]
-pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_SECP192K1: mbedtls_ecp_group_id = 10;
-#[doc = "< Domain parameters for 224-bit \"Koblitz\" curve."]
-pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_SECP224K1: mbedtls_ecp_group_id = 11;
-#[doc = "< Domain parameters for 256-bit \"Koblitz\" curve."]
-pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_SECP256K1: mbedtls_ecp_group_id = 12;
-#[doc = "< Domain parameters for Curve448."]
-pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_CURVE448: mbedtls_ecp_group_id = 13;
-#[doc = " Domain-parameter identifiers: curve, subgroup, and generator."]
-#[doc = ""]
-#[doc = " \\note Only curves over prime fields are supported."]
-#[doc = ""]
-#[doc = " \\warning This library does not support validation of arbitrary domain"]
-#[doc = " parameters. Therefore, only standardized domain parameters from trusted"]
-#[doc = " sources should be used. See mbedtls_ecp_group_load()."]
-pub type mbedtls_ecp_group_id = crate::c_types::c_uint;
-pub const mbedtls_ecp_curve_type_MBEDTLS_ECP_TYPE_NONE: mbedtls_ecp_curve_type = 0;
-pub const mbedtls_ecp_curve_type_MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS: mbedtls_ecp_curve_type = 1;
-pub const mbedtls_ecp_curve_type_MBEDTLS_ECP_TYPE_MONTGOMERY: mbedtls_ecp_curve_type = 2;
-pub type mbedtls_ecp_curve_type = crate::c_types::c_uint;
-pub const mbedtls_ecp_modulus_type_MBEDTLS_ECP_MOD_NONE: mbedtls_ecp_modulus_type = 0;
-pub const mbedtls_ecp_modulus_type_MBEDTLS_ECP_MOD_COORDINATE: mbedtls_ecp_modulus_type = 1;
-pub const mbedtls_ecp_modulus_type_MBEDTLS_ECP_MOD_SCALAR: mbedtls_ecp_modulus_type = 2;
-pub type mbedtls_ecp_modulus_type = crate::c_types::c_uint;
-#[doc = " Curve information, for use by other modules."]
-#[doc = ""]
-#[doc = " The fields of this structure are part of the public API and can be"]
-#[doc = " accessed directly by applications. Future versions of the library may"]
-#[doc = " add extra fields or reorder existing fields."]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_ecp_curve_info {
-    #[doc = "< An internal identifier."]
-    pub grp_id: mbedtls_ecp_group_id,
-    #[doc = "< The TLS NamedCurve identifier."]
-    pub tls_id: u16,
-    #[doc = "< The curve size in bits."]
-    pub bit_size: u16,
-    #[doc = "< A human-friendly name."]
-    pub name: *const crate::c_types::c_char,
-}
-#[doc = " \\brief           The ECP point structure, in Jacobian coordinates."]
-#[doc = ""]
-#[doc = " \\note            All functions expect and return points satisfying"]
-#[doc = "                  the following condition: <code>Z == 0</code> or"]
-#[doc = "                  <code>Z == 1</code>. Other values of \\p Z are"]
-#[doc = "                  used only by internal functions."]
-#[doc = "                  The point is zero, or \"at infinity\", if <code>Z == 0</code>."]
-#[doc = "                  Otherwise, \\p X and \\p Y are its standard (affine)"]
-#[doc = "                  coordinates."]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_ecp_point {
-    pub private_X: mbedtls_mpi,
-    pub private_Y: mbedtls_mpi,
-    pub private_Z: mbedtls_mpi,
-}
-#[doc = " \\brief           The ECP group structure."]
-#[doc = ""]
-#[doc = " We consider two types of curve equations:"]
-#[doc = " <ul><li>Short Weierstrass: <code>y^2 = x^3 + A x + B mod P</code>"]
-#[doc = " (SEC1 + RFC-4492)</li>"]
-#[doc = " <li>Montgomery: <code>y^2 = x^3 + A x^2 + x mod P</code> (Curve25519,"]
-#[doc = " Curve448)</li></ul>"]
-#[doc = " In both cases, the generator (\\p G) for a prime-order subgroup is fixed."]
-#[doc = ""]
-#[doc = " For Short Weierstrass, this subgroup is the whole curve, and its"]
-#[doc = " cardinality is denoted by \\p N. Our code requires that \\p N is an"]
-#[doc = " odd prime as mbedtls_ecp_mul() requires an odd number, and"]
-#[doc = " mbedtls_ecdsa_sign() requires that it is prime for blinding purposes."]
-#[doc = ""]
-#[doc = " For Montgomery curves, we do not store \\p A, but <code>(A + 2) / 4</code>,"]
-#[doc = " which is the quantity used in the formulas. Additionally, \\p nbits is"]
-#[doc = " not the size of \\p N but the required size for private keys."]
-#[doc = ""]
-#[doc = " If \\p modp is NULL, reduction modulo \\p P is done using a generic algorithm."]
-#[doc = " Otherwise, \\p modp must point to a function that takes an \\p mbedtls_mpi in the"]
-#[doc = " range of <code>0..2^(2*pbits)-1</code>, and transforms it in-place to an integer"]
-#[doc = " which is congruent mod \\p P to the given MPI, and is close enough to \\p pbits"]
-#[doc = " in size, so that it may be efficiently brought in the 0..P-1 range by a few"]
-#[doc = " additions or subtractions. Therefore, it is only an approximative modular"]
-#[doc = " reduction. It must return 0 on success and non-zero on failure."]
-#[doc = ""]
-#[doc = " \\note        Alternative implementations of the ECP module must obey the"]
-#[doc = "              following constraints."]
-#[doc = "              * Group IDs must be distinct: if two group structures have"]
-#[doc = "                the same ID, then they must be identical."]
-#[doc = "              * The fields \\c id, \\c P, \\c A, \\c B, \\c G, \\c N,"]
-#[doc = "                \\c pbits and \\c nbits must have the same type and semantics"]
-#[doc = "                as in the built-in implementation."]
-#[doc = "                They must be available for reading, but direct modification"]
-#[doc = "                of these fields does not need to be supported."]
-#[doc = "                They do not need to be at the same offset in the structure."]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_ecp_group {
-    #[doc = "< An internal group identifier."]
-    pub id: mbedtls_ecp_group_id,
-    #[doc = "< The prime modulus of the base field."]
-    pub P: mbedtls_mpi,
-    #[doc = "< For Short Weierstrass: \\p A in the equation. For"]
-    #[doc = "Montgomery curves: <code>(A + 2) / 4</code>."]
-    pub A: mbedtls_mpi,
-    #[doc = "< For Short Weierstrass: \\p B in the equation."]
-    #[doc = "For Montgomery curves: unused."]
-    pub B: mbedtls_mpi,
-    #[doc = "< The generator of the subgroup used."]
-    pub G: mbedtls_ecp_point,
-    #[doc = "< The order of \\p G."]
-    pub N: mbedtls_mpi,
-    #[doc = "< The number of bits in \\p P."]
-    pub pbits: size_t,
-    #[doc = "< For Short Weierstrass: The number of bits in \\p P."]
-    #[doc = "For Montgomery curves: the number of bits in the"]
-    #[doc = "private keys."]
-    pub nbits: size_t,
-    pub private_h: crate::c_types::c_uint,
-    pub private_modp: ::core::option::Option<
-        unsafe extern "C" fn(arg1: *mut mbedtls_mpi) -> crate::c_types::c_int,
-    >,
-    pub private_t_pre: ::core::option::Option<
-        unsafe extern "C" fn(
-            arg1: *mut mbedtls_ecp_point,
-            arg2: *mut crate::c_types::c_void,
-        ) -> crate::c_types::c_int,
-    >,
-    pub private_t_post: ::core::option::Option<
-        unsafe extern "C" fn(
-            arg1: *mut mbedtls_ecp_point,
-            arg2: *mut crate::c_types::c_void,
-        ) -> crate::c_types::c_int,
-    >,
-    pub private_t_data: *mut crate::c_types::c_void,
-    pub private_T: *mut mbedtls_ecp_point,
-    pub private_T_size: size_t,
-}
-pub type mbedtls_ecp_restart_ctx = crate::c_types::c_void;
-#[doc = " \\brief    The ECP key-pair structure."]
-#[doc = ""]
-#[doc = " A generic key-pair that may be used for ECDSA and fixed ECDH, for example."]
-#[doc = ""]
-#[doc = " \\note    Members are deliberately in the same order as in the"]
-#[doc = "          ::mbedtls_ecdsa_context structure."]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_ecp_keypair {
-    pub private_grp: mbedtls_ecp_group,
-    pub private_d: mbedtls_mpi,
-    pub private_Q: mbedtls_ecp_point,
-}
-extern "C" {
-    pub fn mbedtls_ecp_get_type(grp: *const mbedtls_ecp_group) -> mbedtls_ecp_curve_type;
-}
-extern "C" {
-    #[doc = " \\brief           This function retrieves the information defined in"]
-    #[doc = "                  mbedtls_ecp_curve_info() for all supported curves."]
-    #[doc = ""]
-    #[doc = " \\note            This function returns information about all curves"]
-    #[doc = "                  supported by the library. Some curves may not be"]
-    #[doc = "                  supported for all algorithms. Call mbedtls_ecdh_can_do()"]
-    #[doc = "                  or mbedtls_ecdsa_can_do() to check if a curve is"]
-    #[doc = "                  supported for ECDH or ECDSA."]
-    #[doc = ""]
-    #[doc = " \\return          A statically allocated array. The last entry is 0."]
-    pub fn mbedtls_ecp_curve_list() -> *const mbedtls_ecp_curve_info;
-}
-extern "C" {
-    #[doc = " \\brief           This function retrieves the list of internal group"]
-    #[doc = "                  identifiers of all supported curves in the order of"]
-    #[doc = "                  preference."]
-    #[doc = ""]
-    #[doc = " \\note            This function returns information about all curves"]
-    #[doc = "                  supported by the library. Some curves may not be"]
-    #[doc = "                  supported for all algorithms. Call mbedtls_ecdh_can_do()"]
-    #[doc = "                  or mbedtls_ecdsa_can_do() to check if a curve is"]
-    #[doc = "                  supported for ECDH or ECDSA."]
-    #[doc = ""]
-    #[doc = " \\return          A statically allocated array,"]
-    #[doc = "                  terminated with MBEDTLS_ECP_DP_NONE."]
-    pub fn mbedtls_ecp_grp_id_list() -> *const mbedtls_ecp_group_id;
-}
-extern "C" {
-    #[doc = " \\brief           This function retrieves curve information from an internal"]
-    #[doc = "                  group identifier."]
-    #[doc = ""]
-    #[doc = " \\param grp_id    An \\c MBEDTLS_ECP_DP_XXX value."]
-    #[doc = ""]
-    #[doc = " \\return          The associated curve information on success."]
-    #[doc = " \\return          NULL on failure."]
-    pub fn mbedtls_ecp_curve_info_from_grp_id(
-        grp_id: mbedtls_ecp_group_id,
-    ) -> *const mbedtls_ecp_curve_info;
-}
-extern "C" {
-    #[doc = " \\brief           This function retrieves curve information from a TLS"]
-    #[doc = "                  NamedCurve value."]
-    #[doc = ""]
-    #[doc = " \\param tls_id    An \\c MBEDTLS_ECP_DP_XXX value."]
-    #[doc = ""]
-    #[doc = " \\return          The associated curve information on success."]
-    #[doc = " \\return          NULL on failure."]
-    pub fn mbedtls_ecp_curve_info_from_tls_id(tls_id: u16) -> *const mbedtls_ecp_curve_info;
-}
-extern "C" {
-    #[doc = " \\brief           This function retrieves curve information from a"]
-    #[doc = "                  human-readable name."]
-    #[doc = ""]
-    #[doc = " \\param name      The human-readable name."]
-    #[doc = ""]
-    #[doc = " \\return          The associated curve information on success."]
-    #[doc = " \\return          NULL on failure."]
-    pub fn mbedtls_ecp_curve_info_from_name(
-        name: *const crate::c_types::c_char,
-    ) -> *const mbedtls_ecp_curve_info;
-}
-extern "C" {
-    #[doc = " \\brief           This function initializes a point as zero."]
-    #[doc = ""]
-    #[doc = " \\param pt        The point to initialize."]
-    pub fn mbedtls_ecp_point_init(pt: *mut mbedtls_ecp_point);
-}
-extern "C" {
-    #[doc = " \\brief           This function initializes an ECP group context"]
-    #[doc = "                  without loading any domain parameters."]
-    #[doc = ""]
-    #[doc = " \\note            After this function is called, domain parameters"]
-    #[doc = "                  for various ECP groups can be loaded through the"]
-    #[doc = "                  mbedtls_ecp_group_load() or mbedtls_ecp_tls_read_group()"]
-    #[doc = "                  functions."]
-    pub fn mbedtls_ecp_group_init(grp: *mut mbedtls_ecp_group);
-}
-extern "C" {
-    #[doc = " \\brief           This function initializes a key pair as an invalid one."]
-    #[doc = ""]
-    #[doc = " \\param key       The key pair to initialize."]
-    pub fn mbedtls_ecp_keypair_init(key: *mut mbedtls_ecp_keypair);
-}
-extern "C" {
-    #[doc = " \\brief           This function frees the components of a point."]
-    #[doc = ""]
-    #[doc = " \\param pt        The point to free."]
-    pub fn mbedtls_ecp_point_free(pt: *mut mbedtls_ecp_point);
-}
-extern "C" {
-    #[doc = " \\brief           This function frees the components of an ECP group."]
-    #[doc = ""]
-    #[doc = " \\param grp       The group to free. This may be \\c NULL, in which"]
-    #[doc = "                  case this function returns immediately. If it is not"]
-    #[doc = "                  \\c NULL, it must point to an initialized ECP group."]
-    pub fn mbedtls_ecp_group_free(grp: *mut mbedtls_ecp_group);
-}
-extern "C" {
-    #[doc = " \\brief           This function frees the components of a key pair."]
-    #[doc = ""]
-    #[doc = " \\param key       The key pair to free. This may be \\c NULL, in which"]
-    #[doc = "                  case this function returns immediately. If it is not"]
-    #[doc = "                  \\c NULL, it must point to an initialized ECP key pair."]
-    pub fn mbedtls_ecp_keypair_free(key: *mut mbedtls_ecp_keypair);
-}
-extern "C" {
-    #[doc = " \\brief           This function copies the contents of point \\p Q into"]
-    #[doc = "                  point \\p P."]
-    #[doc = ""]
-    #[doc = " \\param P         The destination point. This must be initialized."]
-    #[doc = " \\param Q         The source point. This must be initialized."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure."]
-    #[doc = " \\return          Another negative error code for other kinds of failure."]
-    pub fn mbedtls_ecp_copy(
-        P: *mut mbedtls_ecp_point,
-        Q: *const mbedtls_ecp_point,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function copies the contents of group \\p src into"]
-    #[doc = "                  group \\p dst."]
-    #[doc = ""]
-    #[doc = " \\param dst       The destination group. This must be initialized."]
-    #[doc = " \\param src       The source group. This must be initialized."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure."]
-    #[doc = " \\return          Another negative error code on other kinds of failure."]
-    pub fn mbedtls_ecp_group_copy(
-        dst: *mut mbedtls_ecp_group,
-        src: *const mbedtls_ecp_group,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function sets a point to the point at infinity."]
-    #[doc = ""]
-    #[doc = " \\param pt        The point to set. This must be initialized."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure."]
-    #[doc = " \\return          Another negative error code on other kinds of failure."]
-    pub fn mbedtls_ecp_set_zero(pt: *mut mbedtls_ecp_point) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function checks if a point is the point at infinity."]
-    #[doc = ""]
-    #[doc = " \\param pt        The point to test. This must be initialized."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 1 if the point is zero."]
-    #[doc = " \\return          \\c 0 if the point is non-zero."]
-    #[doc = " \\return          A negative error code on failure."]
-    pub fn mbedtls_ecp_is_zero(pt: *mut mbedtls_ecp_point) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function compares two points."]
-    #[doc = ""]
-    #[doc = " \\note            This assumes that the points are normalized. Otherwise,"]
-    #[doc = "                  they may compare as \"not equal\" even if they are."]
-    #[doc = ""]
-    #[doc = " \\param P         The first point to compare. This must be initialized."]
-    #[doc = " \\param Q         The second point to compare. This must be initialized."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 if the points are equal."]
-    #[doc = " \\return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the points are not equal."]
-    pub fn mbedtls_ecp_point_cmp(
-        P: *const mbedtls_ecp_point,
-        Q: *const mbedtls_ecp_point,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function imports a non-zero point from two ASCII"]
-    #[doc = "                  strings."]
-    #[doc = ""]
-    #[doc = " \\param P         The destination point. This must be initialized."]
-    #[doc = " \\param radix     The numeric base of the input."]
-    #[doc = " \\param x         The first affine coordinate, as a null-terminated string."]
-    #[doc = " \\param y         The second affine coordinate, as a null-terminated string."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          An \\c MBEDTLS_ERR_MPI_XXX error code on failure."]
-    pub fn mbedtls_ecp_point_read_string(
-        P: *mut mbedtls_ecp_point,
-        radix: crate::c_types::c_int,
-        x: *const crate::c_types::c_char,
-        y: *const crate::c_types::c_char,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function exports a point into unsigned binary data."]
-    #[doc = ""]
-    #[doc = " \\param grp       The group to which the point should belong."]
-    #[doc = "                  This must be initialized and have group parameters"]
-    #[doc = "                  set, for example through mbedtls_ecp_group_load()."]
-    #[doc = " \\param P         The point to export. This must be initialized."]
-    #[doc = " \\param format    The point format. This must be either"]
-    #[doc = "                  #MBEDTLS_ECP_PF_COMPRESSED or #MBEDTLS_ECP_PF_UNCOMPRESSED."]
-    #[doc = "                  (For groups without these formats, this parameter is"]
-    #[doc = "                  ignored. But it still has to be either of the above"]
-    #[doc = "                  values.)"]
-    #[doc = " \\param olen      The address at which to store the length of"]
-    #[doc = "                  the output in Bytes. This must not be \\c NULL."]
-    #[doc = " \\param buf       The output buffer. This must be a writable buffer"]
-    #[doc = "                  of length \\p buflen Bytes."]
-    #[doc = " \\param buflen    The length of the output buffer \\p buf in Bytes."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the output buffer"]
-    #[doc = "                  is too small to hold the point."]
-    #[doc = " \\return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the point format"]
-    #[doc = "                  or the export for the given group is not implemented."]
-    #[doc = " \\return          Another negative error code on other kinds of failure."]
-    pub fn mbedtls_ecp_point_write_binary(
-        grp: *const mbedtls_ecp_group,
-        P: *const mbedtls_ecp_point,
-        format: crate::c_types::c_int,
-        olen: *mut size_t,
-        buf: *mut crate::c_types::c_uchar,
-        buflen: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function imports a point from unsigned binary data."]
-    #[doc = ""]
-    #[doc = " \\note            This function does not check that the point actually"]
-    #[doc = "                  belongs to the given group, see mbedtls_ecp_check_pubkey()"]
-    #[doc = "                  for that."]
-    #[doc = ""]
-    #[doc = " \\note            For compressed points, see #MBEDTLS_ECP_PF_COMPRESSED for"]
-    #[doc = "                  limitations."]
-    #[doc = ""]
-    #[doc = " \\param grp       The group to which the point should belong."]
-    #[doc = "                  This must be initialized and have group parameters"]
-    #[doc = "                  set, for example through mbedtls_ecp_group_load()."]
-    #[doc = " \\param P         The destination context to import the point to."]
-    #[doc = "                  This must be initialized."]
-    #[doc = " \\param buf       The input buffer. This must be a readable buffer"]
-    #[doc = "                  of length \\p ilen Bytes."]
-    #[doc = " \\param ilen      The length of the input buffer \\p buf in Bytes."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the input is invalid."]
-    #[doc = " \\return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure."]
-    #[doc = " \\return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the import for the"]
-    #[doc = "                  given group is not implemented."]
-    pub fn mbedtls_ecp_point_read_binary(
-        grp: *const mbedtls_ecp_group,
-        P: *mut mbedtls_ecp_point,
-        buf: *const crate::c_types::c_uchar,
-        ilen: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function imports a point from a TLS ECPoint record."]
-    #[doc = ""]
-    #[doc = " \\note            On function return, \\p *buf is updated to point immediately"]
-    #[doc = "                  after the ECPoint record."]
-    #[doc = ""]
-    #[doc = " \\param grp       The ECP group to use."]
-    #[doc = "                  This must be initialized and have group parameters"]
-    #[doc = "                  set, for example through mbedtls_ecp_group_load()."]
-    #[doc = " \\param pt        The destination point."]
-    #[doc = " \\param buf       The address of the pointer to the start of the input buffer."]
-    #[doc = " \\param len       The length of the buffer."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          An \\c MBEDTLS_ERR_MPI_XXX error code on initialization"]
-    #[doc = "                  failure."]
-    #[doc = " \\return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid."]
-    pub fn mbedtls_ecp_tls_read_point(
-        grp: *const mbedtls_ecp_group,
-        pt: *mut mbedtls_ecp_point,
-        buf: *mut *const crate::c_types::c_uchar,
-        len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function exports a point as a TLS ECPoint record"]
-    #[doc = "                  defined in RFC 4492, Section 5.4."]
-    #[doc = ""]
-    #[doc = " \\param grp       The ECP group to use."]
-    #[doc = "                  This must be initialized and have group parameters"]
-    #[doc = "                  set, for example through mbedtls_ecp_group_load()."]
-    #[doc = " \\param pt        The point to be exported. This must be initialized."]
-    #[doc = " \\param format    The point format to use. This must be either"]
-    #[doc = "                  #MBEDTLS_ECP_PF_COMPRESSED or #MBEDTLS_ECP_PF_UNCOMPRESSED."]
-    #[doc = " \\param olen      The address at which to store the length in Bytes"]
-    #[doc = "                  of the data written."]
-    #[doc = " \\param buf       The target buffer. This must be a writable buffer of"]
-    #[doc = "                  length \\p blen Bytes."]
-    #[doc = " \\param blen      The length of the target buffer \\p buf in Bytes."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the input is invalid."]
-    #[doc = " \\return          #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the target buffer"]
-    #[doc = "                  is too small to hold the exported point."]
-    #[doc = " \\return          Another negative error code on other kinds of failure."]
-    pub fn mbedtls_ecp_tls_write_point(
-        grp: *const mbedtls_ecp_group,
-        pt: *const mbedtls_ecp_point,
-        format: crate::c_types::c_int,
-        olen: *mut size_t,
-        buf: *mut crate::c_types::c_uchar,
-        blen: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function sets up an ECP group context"]
-    #[doc = "                  from a standardized set of domain parameters."]
-    #[doc = ""]
-    #[doc = " \\note            The index should be a value of the NamedCurve enum,"]
-    #[doc = "                  as defined in <em>RFC-4492: Elliptic Curve Cryptography"]
-    #[doc = "                  (ECC) Cipher Suites for Transport Layer Security (TLS)</em>,"]
-    #[doc = "                  usually in the form of an \\c MBEDTLS_ECP_DP_XXX macro."]
-    #[doc = ""]
-    #[doc = " \\param grp       The group context to setup. This must be initialized."]
-    #[doc = " \\param id        The identifier of the domain parameter set to load."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if \\p id doesn't"]
-    #[doc = "                  correspond to a known group."]
-    #[doc = " \\return          Another negative error code on other kinds of failure."]
-    pub fn mbedtls_ecp_group_load(
-        grp: *mut mbedtls_ecp_group,
-        id: mbedtls_ecp_group_id,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function sets up an ECP group context from a TLS"]
-    #[doc = "                  ECParameters record as defined in RFC 4492, Section 5.4."]
-    #[doc = ""]
-    #[doc = " \\note            The read pointer \\p buf is updated to point right after"]
-    #[doc = "                  the ECParameters record on exit."]
-    #[doc = ""]
-    #[doc = " \\param grp       The group context to setup. This must be initialized."]
-    #[doc = " \\param buf       The address of the pointer to the start of the input buffer."]
-    #[doc = " \\param len       The length of the input buffer \\c *buf in Bytes."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid."]
-    #[doc = " \\return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the group is not"]
-    #[doc = "                  recognized."]
-    #[doc = " \\return          Another negative error code on other kinds of failure."]
-    pub fn mbedtls_ecp_tls_read_group(
-        grp: *mut mbedtls_ecp_group,
-        buf: *mut *const crate::c_types::c_uchar,
-        len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function extracts an elliptic curve group ID from a"]
-    #[doc = "                  TLS ECParameters record as defined in RFC 4492, Section 5.4."]
-    #[doc = ""]
-    #[doc = " \\note            The read pointer \\p buf is updated to point right after"]
-    #[doc = "                  the ECParameters record on exit."]
-    #[doc = ""]
-    #[doc = " \\param grp       The address at which to store the group id."]
-    #[doc = "                  This must not be \\c NULL."]
-    #[doc = " \\param buf       The address of the pointer to the start of the input buffer."]
-    #[doc = " \\param len       The length of the input buffer \\c *buf in Bytes."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid."]
-    #[doc = " \\return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the group is not"]
-    #[doc = "                  recognized."]
-    #[doc = " \\return          Another negative error code on other kinds of failure."]
-    pub fn mbedtls_ecp_tls_read_group_id(
-        grp: *mut mbedtls_ecp_group_id,
-        buf: *mut *const crate::c_types::c_uchar,
-        len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function exports an elliptic curve as a TLS"]
-    #[doc = "                  ECParameters record as defined in RFC 4492, Section 5.4."]
-    #[doc = ""]
-    #[doc = " \\param grp       The ECP group to be exported."]
-    #[doc = "                  This must be initialized and have group parameters"]
-    #[doc = "                  set, for example through mbedtls_ecp_group_load()."]
-    #[doc = " \\param olen      The address at which to store the number of Bytes written."]
-    #[doc = "                  This must not be \\c NULL."]
-    #[doc = " \\param buf       The buffer to write to. This must be a writable buffer"]
-    #[doc = "                  of length \\p blen Bytes."]
-    #[doc = " \\param blen      The length of the output buffer \\p buf in Bytes."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the output"]
-    #[doc = "                  buffer is too small to hold the exported group."]
-    #[doc = " \\return          Another negative error code on other kinds of failure."]
-    pub fn mbedtls_ecp_tls_write_group(
-        grp: *const mbedtls_ecp_group,
-        olen: *mut size_t,
-        buf: *mut crate::c_types::c_uchar,
-        blen: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function performs a scalar multiplication of a point"]
-    #[doc = "                  by an integer: \\p R = \\p m * \\p P."]
-    #[doc = ""]
-    #[doc = "                  It is not thread-safe to use same group in multiple threads."]
-    #[doc = ""]
-    #[doc = " \\note            To prevent timing attacks, this function"]
-    #[doc = "                  executes the exact same sequence of base-field"]
-    #[doc = "                  operations for any valid \\p m. It avoids any if-branch or"]
-    #[doc = "                  array index depending on the value of \\p m. It also uses"]
-    #[doc = "                  \\p f_rng to randomize some intermediate results."]
-    #[doc = ""]
-    #[doc = " \\param grp       The ECP group to use."]
-    #[doc = "                  This must be initialized and have group parameters"]
-    #[doc = "                  set, for example through mbedtls_ecp_group_load()."]
-    #[doc = " \\param R         The point in which to store the result of the calculation."]
-    #[doc = "                  This must be initialized."]
-    #[doc = " \\param m         The integer by which to multiply. This must be initialized."]
-    #[doc = " \\param P         The point to multiply. This must be initialized."]
-    #[doc = " \\param f_rng     The RNG function. This must not be \\c NULL."]
-    #[doc = " \\param p_rng     The RNG context to be passed to \\p f_rng. This may be \\c"]
-    #[doc = "                  NULL if \\p f_rng doesn't need a context."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          #MBEDTLS_ERR_ECP_INVALID_KEY if \\p m is not a valid private"]
-    #[doc = "                  key, or \\p P is not a valid public key."]
-    #[doc = " \\return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure."]
-    #[doc = " \\return          Another negative error code on other kinds of failure."]
-    pub fn mbedtls_ecp_mul(
-        grp: *mut mbedtls_ecp_group,
-        R: *mut mbedtls_ecp_point,
-        m: *const mbedtls_mpi,
-        P: *const mbedtls_ecp_point,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function performs multiplication of a point by"]
-    #[doc = "                  an integer: \\p R = \\p m * \\p P in a restartable way."]
-    #[doc = ""]
-    #[doc = " \\see             mbedtls_ecp_mul()"]
-    #[doc = ""]
-    #[doc = " \\note            This function does the same as \\c mbedtls_ecp_mul(), but"]
-    #[doc = "                  it can return early and restart according to the limit set"]
-    #[doc = "                  with \\c mbedtls_ecp_set_max_ops() to reduce blocking."]
-    #[doc = ""]
-    #[doc = " \\param grp       The ECP group to use."]
-    #[doc = "                  This must be initialized and have group parameters"]
-    #[doc = "                  set, for example through mbedtls_ecp_group_load()."]
-    #[doc = " \\param R         The point in which to store the result of the calculation."]
-    #[doc = "                  This must be initialized."]
-    #[doc = " \\param m         The integer by which to multiply. This must be initialized."]
-    #[doc = " \\param P         The point to multiply. This must be initialized."]
-    #[doc = " \\param f_rng     The RNG function. This must not be \\c NULL."]
-    #[doc = " \\param p_rng     The RNG context to be passed to \\p f_rng. This may be \\c"]
-    #[doc = "                  NULL if \\p f_rng doesn't need a context."]
-    #[doc = " \\param rs_ctx    The restart context (NULL disables restart)."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          #MBEDTLS_ERR_ECP_INVALID_KEY if \\p m is not a valid private"]
-    #[doc = "                  key, or \\p P is not a valid public key."]
-    #[doc = " \\return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure."]
-    #[doc = " \\return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of"]
-    #[doc = "                  operations was reached: see \\c mbedtls_ecp_set_max_ops()."]
-    #[doc = " \\return          Another negative error code on other kinds of failure."]
-    pub fn mbedtls_ecp_mul_restartable(
-        grp: *mut mbedtls_ecp_group,
-        R: *mut mbedtls_ecp_point,
-        m: *const mbedtls_mpi,
-        P: *const mbedtls_ecp_point,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-        rs_ctx: *mut mbedtls_ecp_restart_ctx,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function performs multiplication and addition of two"]
-    #[doc = "                  points by integers: \\p R = \\p m * \\p P + \\p n * \\p Q"]
-    #[doc = ""]
-    #[doc = "                  It is not thread-safe to use same group in multiple threads."]
-    #[doc = ""]
-    #[doc = " \\note            In contrast to mbedtls_ecp_mul(), this function does not"]
-    #[doc = "                  guarantee a constant execution flow and timing."]
-    #[doc = ""]
-    #[doc = " \\note            This function is only defined for short Weierstrass curves."]
-    #[doc = "                  It may not be included in builds without any short"]
-    #[doc = "                  Weierstrass curve."]
-    #[doc = ""]
-    #[doc = " \\param grp       The ECP group to use."]
-    #[doc = "                  This must be initialized and have group parameters"]
-    #[doc = "                  set, for example through mbedtls_ecp_group_load()."]
-    #[doc = " \\param R         The point in which to store the result of the calculation."]
-    #[doc = "                  This must be initialized."]
-    #[doc = " \\param m         The integer by which to multiply \\p P."]
-    #[doc = "                  This must be initialized."]
-    #[doc = " \\param P         The point to multiply by \\p m. This must be initialized."]
-    #[doc = " \\param n         The integer by which to multiply \\p Q."]
-    #[doc = "                  This must be initialized."]
-    #[doc = " \\param Q         The point to be multiplied by \\p n."]
-    #[doc = "                  This must be initialized."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          #MBEDTLS_ERR_ECP_INVALID_KEY if \\p m or \\p n are not"]
-    #[doc = "                  valid private keys, or \\p P or \\p Q are not valid public"]
-    #[doc = "                  keys."]
-    #[doc = " \\return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure."]
-    #[doc = " \\return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if \\p grp does not"]
-    #[doc = "                  designate a short Weierstrass curve."]
-    #[doc = " \\return          Another negative error code on other kinds of failure."]
-    pub fn mbedtls_ecp_muladd(
-        grp: *mut mbedtls_ecp_group,
-        R: *mut mbedtls_ecp_point,
-        m: *const mbedtls_mpi,
-        P: *const mbedtls_ecp_point,
-        n: *const mbedtls_mpi,
-        Q: *const mbedtls_ecp_point,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function performs multiplication and addition of two"]
-    #[doc = "                  points by integers: \\p R = \\p m * \\p P + \\p n * \\p Q in a"]
-    #[doc = "                  restartable way."]
-    #[doc = ""]
-    #[doc = " \\see             \\c mbedtls_ecp_muladd()"]
-    #[doc = ""]
-    #[doc = " \\note            This function works the same as \\c mbedtls_ecp_muladd(),"]
-    #[doc = "                  but it can return early and restart according to the limit"]
-    #[doc = "                  set with \\c mbedtls_ecp_set_max_ops() to reduce blocking."]
-    #[doc = ""]
-    #[doc = " \\note            This function is only defined for short Weierstrass curves."]
-    #[doc = "                  It may not be included in builds without any short"]
-    #[doc = "                  Weierstrass curve."]
-    #[doc = ""]
-    #[doc = " \\param grp       The ECP group to use."]
-    #[doc = "                  This must be initialized and have group parameters"]
-    #[doc = "                  set, for example through mbedtls_ecp_group_load()."]
-    #[doc = " \\param R         The point in which to store the result of the calculation."]
-    #[doc = "                  This must be initialized."]
-    #[doc = " \\param m         The integer by which to multiply \\p P."]
-    #[doc = "                  This must be initialized."]
-    #[doc = " \\param P         The point to multiply by \\p m. This must be initialized."]
-    #[doc = " \\param n         The integer by which to multiply \\p Q."]
-    #[doc = "                  This must be initialized."]
-    #[doc = " \\param Q         The point to be multiplied by \\p n."]
-    #[doc = "                  This must be initialized."]
-    #[doc = " \\param rs_ctx    The restart context (NULL disables restart)."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          #MBEDTLS_ERR_ECP_INVALID_KEY if \\p m or \\p n are not"]
-    #[doc = "                  valid private keys, or \\p P or \\p Q are not valid public"]
-    #[doc = "                  keys."]
-    #[doc = " \\return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure."]
-    #[doc = " \\return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if \\p grp does not"]
-    #[doc = "                  designate a short Weierstrass curve."]
-    #[doc = " \\return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of"]
-    #[doc = "                  operations was reached: see \\c mbedtls_ecp_set_max_ops()."]
-    #[doc = " \\return          Another negative error code on other kinds of failure."]
-    pub fn mbedtls_ecp_muladd_restartable(
-        grp: *mut mbedtls_ecp_group,
-        R: *mut mbedtls_ecp_point,
-        m: *const mbedtls_mpi,
-        P: *const mbedtls_ecp_point,
-        n: *const mbedtls_mpi,
-        Q: *const mbedtls_ecp_point,
-        rs_ctx: *mut mbedtls_ecp_restart_ctx,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function checks that a point is a valid public key"]
-    #[doc = "                  on this curve."]
-    #[doc = ""]
-    #[doc = "                  It only checks that the point is non-zero, has"]
-    #[doc = "                  valid coordinates and lies on the curve. It does not verify"]
-    #[doc = "                  that it is indeed a multiple of \\p G. This additional"]
-    #[doc = "                  check is computationally more expensive, is not required"]
-    #[doc = "                  by standards, and should not be necessary if the group"]
-    #[doc = "                  used has a small cofactor. In particular, it is useless for"]
-    #[doc = "                  the NIST groups which all have a cofactor of 1."]
-    #[doc = ""]
-    #[doc = " \\note            This function uses bare components rather than an"]
-    #[doc = "                  ::mbedtls_ecp_keypair structure, to ease use with other"]
-    #[doc = "                  structures, such as ::mbedtls_ecdh_context or"]
-    #[doc = "                  ::mbedtls_ecdsa_context."]
-    #[doc = ""]
-    #[doc = " \\param grp       The ECP group the point should belong to."]
-    #[doc = "                  This must be initialized and have group parameters"]
-    #[doc = "                  set, for example through mbedtls_ecp_group_load()."]
-    #[doc = " \\param pt        The point to check. This must be initialized."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 if the point is a valid public key."]
-    #[doc = " \\return          #MBEDTLS_ERR_ECP_INVALID_KEY if the point is not"]
-    #[doc = "                  a valid public key for the given curve."]
-    #[doc = " \\return          Another negative error code on other kinds of failure."]
-    pub fn mbedtls_ecp_check_pubkey(
-        grp: *const mbedtls_ecp_group,
-        pt: *const mbedtls_ecp_point,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function checks that an \\p mbedtls_mpi is a"]
-    #[doc = "                  valid private key for this curve."]
-    #[doc = ""]
-    #[doc = " \\note            This function uses bare components rather than an"]
-    #[doc = "                  ::mbedtls_ecp_keypair structure to ease use with other"]
-    #[doc = "                  structures, such as ::mbedtls_ecdh_context or"]
-    #[doc = "                  ::mbedtls_ecdsa_context."]
-    #[doc = ""]
-    #[doc = " \\param grp       The ECP group the private key should belong to."]
-    #[doc = "                  This must be initialized and have group parameters"]
-    #[doc = "                  set, for example through mbedtls_ecp_group_load()."]
-    #[doc = " \\param d         The integer to check. This must be initialized."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 if the point is a valid private key."]
-    #[doc = " \\return          #MBEDTLS_ERR_ECP_INVALID_KEY if the point is not a valid"]
-    #[doc = "                  private key for the given curve."]
-    #[doc = " \\return          Another negative error code on other kinds of failure."]
-    pub fn mbedtls_ecp_check_privkey(
-        grp: *const mbedtls_ecp_group,
-        d: *const mbedtls_mpi,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function generates a private key."]
-    #[doc = ""]
-    #[doc = " \\param grp       The ECP group to generate a private key for."]
-    #[doc = "                  This must be initialized and have group parameters"]
-    #[doc = "                  set, for example through mbedtls_ecp_group_load()."]
-    #[doc = " \\param d         The destination MPI (secret part). This must be initialized."]
-    #[doc = " \\param f_rng     The RNG function. This must not be \\c NULL."]
-    #[doc = " \\param p_rng     The RNG parameter to be passed to \\p f_rng. This may be"]
-    #[doc = "                  \\c NULL if \\p f_rng doesn't need a context argument."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          An \\c MBEDTLS_ERR_ECP_XXX or \\c MBEDTLS_MPI_XXX error code"]
-    #[doc = "                  on failure."]
-    pub fn mbedtls_ecp_gen_privkey(
-        grp: *const mbedtls_ecp_group,
-        d: *mut mbedtls_mpi,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function generates a keypair with a configurable base"]
-    #[doc = "                  point."]
-    #[doc = ""]
-    #[doc = " \\note            This function uses bare components rather than an"]
-    #[doc = "                  ::mbedtls_ecp_keypair structure to ease use with other"]
-    #[doc = "                  structures, such as ::mbedtls_ecdh_context or"]
-    #[doc = "                  ::mbedtls_ecdsa_context."]
-    #[doc = ""]
-    #[doc = " \\param grp       The ECP group to generate a key pair for."]
-    #[doc = "                  This must be initialized and have group parameters"]
-    #[doc = "                  set, for example through mbedtls_ecp_group_load()."]
-    #[doc = " \\param G         The base point to use. This must be initialized"]
-    #[doc = "                  and belong to \\p grp. It replaces the default base"]
-    #[doc = "                  point \\c grp->G used by mbedtls_ecp_gen_keypair()."]
-    #[doc = " \\param d         The destination MPI (secret part)."]
-    #[doc = "                  This must be initialized."]
-    #[doc = " \\param Q         The destination point (public part)."]
-    #[doc = "                  This must be initialized."]
-    #[doc = " \\param f_rng     The RNG function. This must not be \\c NULL."]
-    #[doc = " \\param p_rng     The RNG context to be passed to \\p f_rng. This may"]
-    #[doc = "                  be \\c NULL if \\p f_rng doesn't need a context argument."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          An \\c MBEDTLS_ERR_ECP_XXX or \\c MBEDTLS_MPI_XXX error code"]
-    #[doc = "                  on failure."]
-    pub fn mbedtls_ecp_gen_keypair_base(
-        grp: *mut mbedtls_ecp_group,
-        G: *const mbedtls_ecp_point,
-        d: *mut mbedtls_mpi,
-        Q: *mut mbedtls_ecp_point,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function generates an ECP keypair."]
-    #[doc = ""]
-    #[doc = " \\note            This function uses bare components rather than an"]
-    #[doc = "                  ::mbedtls_ecp_keypair structure to ease use with other"]
-    #[doc = "                  structures, such as ::mbedtls_ecdh_context or"]
-    #[doc = "                  ::mbedtls_ecdsa_context."]
-    #[doc = ""]
-    #[doc = " \\param grp       The ECP group to generate a key pair for."]
-    #[doc = "                  This must be initialized and have group parameters"]
-    #[doc = "                  set, for example through mbedtls_ecp_group_load()."]
-    #[doc = " \\param d         The destination MPI (secret part)."]
-    #[doc = "                  This must be initialized."]
-    #[doc = " \\param Q         The destination point (public part)."]
-    #[doc = "                  This must be initialized."]
-    #[doc = " \\param f_rng     The RNG function. This must not be \\c NULL."]
-    #[doc = " \\param p_rng     The RNG context to be passed to \\p f_rng. This may"]
-    #[doc = "                  be \\c NULL if \\p f_rng doesn't need a context argument."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          An \\c MBEDTLS_ERR_ECP_XXX or \\c MBEDTLS_MPI_XXX error code"]
-    #[doc = "                  on failure."]
-    pub fn mbedtls_ecp_gen_keypair(
-        grp: *mut mbedtls_ecp_group,
-        d: *mut mbedtls_mpi,
-        Q: *mut mbedtls_ecp_point,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function generates an ECP key."]
-    #[doc = ""]
-    #[doc = " \\param grp_id    The ECP group identifier."]
-    #[doc = " \\param key       The destination key. This must be initialized."]
-    #[doc = " \\param f_rng     The RNG function to use. This must not be \\c NULL."]
-    #[doc = " \\param p_rng     The RNG context to be passed to \\p f_rng. This may"]
-    #[doc = "                  be \\c NULL if \\p f_rng doesn't need a context argument."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          An \\c MBEDTLS_ERR_ECP_XXX or \\c MBEDTLS_MPI_XXX error code"]
-    #[doc = "                  on failure."]
-    pub fn mbedtls_ecp_gen_key(
-        grp_id: mbedtls_ecp_group_id,
-        key: *mut mbedtls_ecp_keypair,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function reads an elliptic curve private key."]
-    #[doc = ""]
-    #[doc = " \\param grp_id    The ECP group identifier."]
-    #[doc = " \\param key       The destination key."]
-    #[doc = " \\param buf       The buffer containing the binary representation of the"]
-    #[doc = "                  key. (Big endian integer for Weierstrass curves, byte"]
-    #[doc = "                  string for Montgomery curves.)"]
-    #[doc = " \\param buflen    The length of the buffer in bytes."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          #MBEDTLS_ERR_ECP_INVALID_KEY error if the key is"]
-    #[doc = "                  invalid."]
-    #[doc = " \\return          #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed."]
-    #[doc = " \\return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the operation for"]
-    #[doc = "                  the group is not implemented."]
-    #[doc = " \\return          Another negative error code on different kinds of failure."]
-    pub fn mbedtls_ecp_read_key(
-        grp_id: mbedtls_ecp_group_id,
-        key: *mut mbedtls_ecp_keypair,
-        buf: *const crate::c_types::c_uchar,
-        buflen: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function exports an elliptic curve private key."]
-    #[doc = ""]
-    #[doc = " \\param key       The private key."]
-    #[doc = " \\param buf       The output buffer for containing the binary representation"]
-    #[doc = "                  of the key. (Big endian integer for Weierstrass curves, byte"]
-    #[doc = "                  string for Montgomery curves.)"]
-    #[doc = " \\param buflen    The total length of the buffer in bytes."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the \\p key"]
-    #[doc = "representation is larger than the available space in \\p buf."]
-    #[doc = " \\return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the operation for"]
-    #[doc = "                  the group is not implemented."]
-    #[doc = " \\return          Another negative error code on different kinds of failure."]
-    pub fn mbedtls_ecp_write_key(
-        key: *mut mbedtls_ecp_keypair,
-        buf: *mut crate::c_types::c_uchar,
-        buflen: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function checks that the keypair objects"]
-    #[doc = "                  \\p pub and \\p prv have the same group and the"]
-    #[doc = "                  same public point, and that the private key in"]
-    #[doc = "                  \\p prv is consistent with the public key."]
-    #[doc = ""]
-    #[doc = " \\param pub       The keypair structure holding the public key. This"]
-    #[doc = "                  must be initialized. If it contains a private key, that"]
-    #[doc = "                  part is ignored."]
-    #[doc = " \\param prv       The keypair structure holding the full keypair."]
-    #[doc = "                  This must be initialized."]
-    #[doc = " \\param f_rng     The RNG function. This must not be \\c NULL."]
-    #[doc = " \\param p_rng     The RNG context to be passed to \\p f_rng. This may be \\c"]
-    #[doc = "                  NULL if \\p f_rng doesn't need a context."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success, meaning that the keys are valid and match."]
-    #[doc = " \\return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the keys are invalid or do not match."]
-    #[doc = " \\return          An \\c MBEDTLS_ERR_ECP_XXX or an \\c MBEDTLS_ERR_MPI_XXX"]
-    #[doc = "                  error code on calculation failure."]
-    pub fn mbedtls_ecp_check_pub_priv(
-        pub_: *const mbedtls_ecp_keypair,
-        prv: *const mbedtls_ecp_keypair,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function exports generic key-pair parameters."]
-    #[doc = ""]
-    #[doc = " \\param key       The key pair to export from."]
-    #[doc = " \\param grp       Slot for exported ECP group."]
-    #[doc = "                  It must point to an initialized ECP group."]
-    #[doc = " \\param d         Slot for the exported secret value."]
-    #[doc = "                  It must point to an initialized mpi."]
-    #[doc = " \\param Q         Slot for the exported public value."]
-    #[doc = "                  It must point to an initialized ECP point."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success,"]
-    #[doc = " \\return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure."]
-    #[doc = " \\return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if key id doesn't"]
-    #[doc = "                  correspond to a known group."]
-    #[doc = " \\return          Another negative error code on other kinds of failure."]
-    pub fn mbedtls_ecp_export(
-        key: *const mbedtls_ecp_keypair,
-        grp: *mut mbedtls_ecp_group,
-        d: *mut mbedtls_mpi,
-        Q: *mut mbedtls_ecp_point,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          The ECP checkup routine."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         \\c 1 on failure."]
-    pub fn mbedtls_ecp_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
-}
-#[doc = "< None."]
-pub const mbedtls_md_type_t_MBEDTLS_MD_NONE: mbedtls_md_type_t = 0;
-#[doc = "< The MD5 message digest."]
-pub const mbedtls_md_type_t_MBEDTLS_MD_MD5: mbedtls_md_type_t = 1;
-#[doc = "< The SHA-1 message digest."]
-pub const mbedtls_md_type_t_MBEDTLS_MD_SHA1: mbedtls_md_type_t = 2;
-#[doc = "< The SHA-224 message digest."]
-pub const mbedtls_md_type_t_MBEDTLS_MD_SHA224: mbedtls_md_type_t = 3;
-#[doc = "< The SHA-256 message digest."]
-pub const mbedtls_md_type_t_MBEDTLS_MD_SHA256: mbedtls_md_type_t = 4;
-#[doc = "< The SHA-384 message digest."]
-pub const mbedtls_md_type_t_MBEDTLS_MD_SHA384: mbedtls_md_type_t = 5;
-#[doc = "< The SHA-512 message digest."]
-pub const mbedtls_md_type_t_MBEDTLS_MD_SHA512: mbedtls_md_type_t = 6;
-#[doc = "< The RIPEMD-160 message digest."]
-pub const mbedtls_md_type_t_MBEDTLS_MD_RIPEMD160: mbedtls_md_type_t = 7;
-#[doc = " \\brief     Supported message digests."]
-#[doc = ""]
-#[doc = " \\warning   MD5 and SHA-1 are considered weak message digests and"]
-#[doc = "            their use constitutes a security risk. We recommend considering"]
-#[doc = "            stronger message digests instead."]
-#[doc = ""]
-pub type mbedtls_md_type_t = crate::c_types::c_uint;
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_md_info_t {
-    _unused: [u8; 0],
-}
-pub const mbedtls_md_engine_t_MBEDTLS_MD_ENGINE_LEGACY: mbedtls_md_engine_t = 0;
-pub const mbedtls_md_engine_t_MBEDTLS_MD_ENGINE_PSA: mbedtls_md_engine_t = 1;
-#[doc = " Used internally to indicate whether a context uses legacy or PSA."]
-#[doc = ""]
-#[doc = " Internal use only."]
-pub type mbedtls_md_engine_t = crate::c_types::c_uint;
-#[doc = " The generic message-digest context."]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_md_context_t {
-    pub private_md_info: *const mbedtls_md_info_t,
-    pub private_md_ctx: *mut crate::c_types::c_void,
-    pub private_hmac_ctx: *mut crate::c_types::c_void,
-}
-extern "C" {
-    #[doc = " \\brief           This function returns the message-digest information"]
-    #[doc = "                  associated with the given digest type."]
-    #[doc = ""]
-    #[doc = " \\param md_type   The type of digest to search for."]
-    #[doc = ""]
-    #[doc = " \\return          The message-digest information associated with \\p md_type."]
-    #[doc = " \\return          NULL if the associated message-digest information is not found."]
-    pub fn mbedtls_md_info_from_type(md_type: mbedtls_md_type_t) -> *const mbedtls_md_info_t;
-}
-extern "C" {
-    #[doc = " \\brief           This function initializes a message-digest context without"]
-    #[doc = "                  binding it to a particular message-digest algorithm."]
-    #[doc = ""]
-    #[doc = "                  This function should always be called first. It prepares the"]
-    #[doc = "                  context for mbedtls_md_setup() for binding it to a"]
-    #[doc = "                  message-digest algorithm."]
-    pub fn mbedtls_md_init(ctx: *mut mbedtls_md_context_t);
-}
-extern "C" {
-    #[doc = " \\brief           This function clears the internal structure of \\p ctx and"]
-    #[doc = "                  frees any embedded internal structure, but does not free"]
-    #[doc = "                  \\p ctx itself."]
-    #[doc = ""]
-    #[doc = "                  If you have called mbedtls_md_setup() on \\p ctx, you must"]
-    #[doc = "                  call mbedtls_md_free() when you are no longer using the"]
-    #[doc = "                  context."]
-    #[doc = "                  Calling this function if you have previously"]
-    #[doc = "                  called mbedtls_md_init() and nothing else is optional."]
-    #[doc = "                  You must not call this function if you have not called"]
-    #[doc = "                  mbedtls_md_init()."]
-    pub fn mbedtls_md_free(ctx: *mut mbedtls_md_context_t);
-}
-extern "C" {
-    #[doc = " \\brief           This function selects the message digest algorithm to use,"]
-    #[doc = "                  and allocates internal structures."]
-    #[doc = ""]
-    #[doc = "                  It should be called after mbedtls_md_init() or"]
-    #[doc = "                  mbedtls_md_free(). Makes it necessary to call"]
-    #[doc = "                  mbedtls_md_free() later."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The context to set up."]
-    #[doc = " \\param md_info   The information structure of the message-digest algorithm"]
-    #[doc = "                  to use."]
-    #[doc = " \\param hmac      Defines if HMAC is used. 0: HMAC is not used (saves some memory),"]
-    #[doc = "                  or non-zero: HMAC is used with this context."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification"]
-    #[doc = "                  failure."]
-    #[doc = " \\return          #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure."]
-    pub fn mbedtls_md_setup(
-        ctx: *mut mbedtls_md_context_t,
-        md_info: *const mbedtls_md_info_t,
-        hmac: crate::c_types::c_int,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function clones the state of a message-digest"]
-    #[doc = "                  context."]
-    #[doc = ""]
-    #[doc = " \\note            You must call mbedtls_md_setup() on \\c dst before calling"]
-    #[doc = "                  this function."]
-    #[doc = ""]
-    #[doc = " \\note            The two contexts must have the same type,"]
-    #[doc = "                  for example, both are SHA-256."]
-    #[doc = ""]
-    #[doc = " \\warning         This function clones the message-digest state, not the"]
-    #[doc = "                  HMAC state."]
-    #[doc = ""]
-    #[doc = " \\param dst       The destination context."]
-    #[doc = " \\param src       The context to be cloned."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification failure."]
-    #[doc = " \\return          #MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE if both contexts are"]
-    #[doc = "                  not using the same engine. This can be avoided by moving"]
-    #[doc = "                  the call to psa_crypto_init() before the first call to"]
-    #[doc = "                  mbedtls_md_setup()."]
-    pub fn mbedtls_md_clone(
-        dst: *mut mbedtls_md_context_t,
-        src: *const mbedtls_md_context_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function extracts the message-digest size from the"]
-    #[doc = "                  message-digest information structure."]
-    #[doc = ""]
-    #[doc = " \\param md_info   The information structure of the message-digest algorithm"]
-    #[doc = "                  to use."]
-    #[doc = ""]
-    #[doc = " \\return          The size of the message-digest output in Bytes."]
-    pub fn mbedtls_md_get_size(md_info: *const mbedtls_md_info_t) -> crate::c_types::c_uchar;
-}
-extern "C" {
-    #[doc = " \\brief           This function extracts the message-digest type from the"]
-    #[doc = "                  message-digest information structure."]
-    #[doc = ""]
-    #[doc = " \\param md_info   The information structure of the message-digest algorithm"]
-    #[doc = "                  to use."]
-    #[doc = ""]
-    #[doc = " \\return          The type of the message digest."]
-    pub fn mbedtls_md_get_type(md_info: *const mbedtls_md_info_t) -> mbedtls_md_type_t;
-}
-extern "C" {
-    #[doc = " \\brief           This function starts a message-digest computation."]
-    #[doc = ""]
-    #[doc = "                  You must call this function after setting up the context"]
-    #[doc = "                  with mbedtls_md_setup(), and before passing data with"]
-    #[doc = "                  mbedtls_md_update()."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The generic message-digest context."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification"]
-    #[doc = "                  failure."]
-    pub fn mbedtls_md_starts(ctx: *mut mbedtls_md_context_t) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function feeds an input buffer into an ongoing"]
-    #[doc = "                  message-digest computation."]
-    #[doc = ""]
-    #[doc = "                  You must call mbedtls_md_starts() before calling this"]
-    #[doc = "                  function. You may call this function multiple times."]
-    #[doc = "                  Afterwards, call mbedtls_md_finish()."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The generic message-digest context."]
-    #[doc = " \\param input     The buffer holding the input data."]
-    #[doc = " \\param ilen      The length of the input data."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification"]
-    #[doc = "                  failure."]
-    pub fn mbedtls_md_update(
-        ctx: *mut mbedtls_md_context_t,
-        input: *const crate::c_types::c_uchar,
-        ilen: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function finishes the digest operation,"]
-    #[doc = "                  and writes the result to the output buffer."]
-    #[doc = ""]
-    #[doc = "                  Call this function after a call to mbedtls_md_starts(),"]
-    #[doc = "                  followed by any number of calls to mbedtls_md_update()."]
-    #[doc = "                  Afterwards, you may either clear the context with"]
-    #[doc = "                  mbedtls_md_free(), or call mbedtls_md_starts() to reuse"]
-    #[doc = "                  the context for another digest operation with the same"]
-    #[doc = "                  algorithm."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The generic message-digest context."]
-    #[doc = " \\param output    The buffer for the generic message-digest checksum result."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification"]
-    #[doc = "                  failure."]
-    pub fn mbedtls_md_finish(
-        ctx: *mut mbedtls_md_context_t,
-        output: *mut crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function calculates the message-digest of a buffer,"]
-    #[doc = "                 with respect to a configurable message-digest algorithm"]
-    #[doc = "                 in a single call."]
-    #[doc = ""]
-    #[doc = "                 The result is calculated as"]
-    #[doc = "                 Output = message_digest(input buffer)."]
-    #[doc = ""]
-    #[doc = " \\param md_info  The information structure of the message-digest algorithm"]
-    #[doc = "                 to use."]
-    #[doc = " \\param input    The buffer holding the data."]
-    #[doc = " \\param ilen     The length of the input data."]
-    #[doc = " \\param output   The generic message-digest checksum result."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification"]
-    #[doc = "                 failure."]
-    pub fn mbedtls_md(
-        md_info: *const mbedtls_md_info_t,
-        input: *const crate::c_types::c_uchar,
-        ilen: size_t,
-        output: *mut crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function returns the list of digests supported by the"]
-    #[doc = "                  generic digest module."]
-    #[doc = ""]
-    #[doc = " \\note            The list starts with the strongest available hashes."]
-    #[doc = ""]
-    #[doc = " \\return          A statically allocated array of digests. Each element"]
-    #[doc = "                  in the returned list is an integer belonging to the"]
-    #[doc = "                  message-digest enumeration #mbedtls_md_type_t."]
-    #[doc = "                  The last entry is 0."]
-    pub fn mbedtls_md_list() -> *const crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function returns the message-digest information"]
-    #[doc = "                  associated with the given digest name."]
-    #[doc = ""]
-    #[doc = " \\param md_name   The name of the digest to search for."]
-    #[doc = ""]
-    #[doc = " \\return          The message-digest information associated with \\p md_name."]
-    #[doc = " \\return          NULL if the associated message-digest information is not found."]
-    pub fn mbedtls_md_info_from_string(
-        md_name: *const crate::c_types::c_char,
-    ) -> *const mbedtls_md_info_t;
-}
-extern "C" {
-    #[doc = " \\brief           This function extracts the message-digest name from the"]
-    #[doc = "                  message-digest information structure."]
-    #[doc = ""]
-    #[doc = " \\param md_info   The information structure of the message-digest algorithm"]
-    #[doc = "                  to use."]
-    #[doc = ""]
-    #[doc = " \\return          The name of the message digest."]
-    pub fn mbedtls_md_get_name(md_info: *const mbedtls_md_info_t) -> *const crate::c_types::c_char;
-}
-extern "C" {
-    #[doc = " \\brief           This function returns the message-digest information"]
-    #[doc = "                  from the given context."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The context from which to extract the information."]
-    #[doc = "                  This must be initialized (or \\c NULL)."]
-    #[doc = ""]
-    #[doc = " \\return          The message-digest information associated with \\p ctx."]
-    #[doc = " \\return          \\c NULL if \\p ctx is \\c NULL."]
-    pub fn mbedtls_md_info_from_ctx(ctx: *const mbedtls_md_context_t) -> *const mbedtls_md_info_t;
-}
-extern "C" {
-    #[doc = " \\brief           This function sets the HMAC key and prepares to"]
-    #[doc = "                  authenticate a new message."]
-    #[doc = ""]
-    #[doc = "                  Call this function after mbedtls_md_setup(), to use"]
-    #[doc = "                  the MD context for an HMAC calculation, then call"]
-    #[doc = "                  mbedtls_md_hmac_update() to provide the input data, and"]
-    #[doc = "                  mbedtls_md_hmac_finish() to get the HMAC value."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The message digest context containing an embedded HMAC"]
-    #[doc = "                  context."]
-    #[doc = " \\param key       The HMAC secret key."]
-    #[doc = " \\param keylen    The length of the HMAC key in Bytes."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification"]
-    #[doc = "                  failure."]
-    pub fn mbedtls_md_hmac_starts(
-        ctx: *mut mbedtls_md_context_t,
-        key: *const crate::c_types::c_uchar,
-        keylen: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function feeds an input buffer into an ongoing HMAC"]
-    #[doc = "                  computation."]
-    #[doc = ""]
-    #[doc = "                  Call mbedtls_md_hmac_starts() or mbedtls_md_hmac_reset()"]
-    #[doc = "                  before calling this function."]
-    #[doc = "                  You may call this function multiple times to pass the"]
-    #[doc = "                  input piecewise."]
-    #[doc = "                  Afterwards, call mbedtls_md_hmac_finish()."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The message digest context containing an embedded HMAC"]
-    #[doc = "                  context."]
-    #[doc = " \\param input     The buffer holding the input data."]
-    #[doc = " \\param ilen      The length of the input data."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification"]
-    #[doc = "                  failure."]
-    pub fn mbedtls_md_hmac_update(
-        ctx: *mut mbedtls_md_context_t,
-        input: *const crate::c_types::c_uchar,
-        ilen: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function finishes the HMAC operation, and writes"]
-    #[doc = "                  the result to the output buffer."]
-    #[doc = ""]
-    #[doc = "                  Call this function after mbedtls_md_hmac_starts() and"]
-    #[doc = "                  mbedtls_md_hmac_update() to get the HMAC value. Afterwards"]
-    #[doc = "                  you may either call mbedtls_md_free() to clear the context,"]
-    #[doc = "                  or call mbedtls_md_hmac_reset() to reuse the context with"]
-    #[doc = "                  the same HMAC key."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The message digest context containing an embedded HMAC"]
-    #[doc = "                  context."]
-    #[doc = " \\param output    The generic HMAC checksum result."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification"]
-    #[doc = "                  failure."]
-    pub fn mbedtls_md_hmac_finish(
-        ctx: *mut mbedtls_md_context_t,
-        output: *mut crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function prepares to authenticate a new message with"]
-    #[doc = "                  the same key as the previous HMAC operation."]
-    #[doc = ""]
-    #[doc = "                  You may call this function after mbedtls_md_hmac_finish()."]
-    #[doc = "                  Afterwards call mbedtls_md_hmac_update() to pass the new"]
-    #[doc = "                  input."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The message digest context containing an embedded HMAC"]
-    #[doc = "                  context."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification"]
-    #[doc = "                  failure."]
-    pub fn mbedtls_md_hmac_reset(ctx: *mut mbedtls_md_context_t) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function calculates the full generic HMAC"]
-    #[doc = "                 on the input buffer with the provided key."]
-    #[doc = ""]
-    #[doc = "                 The function allocates the context, performs the"]
-    #[doc = "                 calculation, and frees the context."]
-    #[doc = ""]
-    #[doc = "                 The HMAC result is calculated as"]
-    #[doc = "                 output = generic HMAC(hmac key, input buffer)."]
-    #[doc = ""]
-    #[doc = " \\param md_info  The information structure of the message-digest algorithm"]
-    #[doc = "                 to use."]
-    #[doc = " \\param key      The HMAC secret key."]
-    #[doc = " \\param keylen   The length of the HMAC secret key in Bytes."]
-    #[doc = " \\param input    The buffer holding the input data."]
-    #[doc = " \\param ilen     The length of the input data."]
-    #[doc = " \\param output   The generic HMAC result."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification"]
-    #[doc = "                 failure."]
-    pub fn mbedtls_md_hmac(
-        md_info: *const mbedtls_md_info_t,
-        key: *const crate::c_types::c_uchar,
-        keylen: size_t,
-        input: *const crate::c_types::c_uchar,
-        ilen: size_t,
-        output: *mut crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-#[doc = " \\brief   The RSA context structure."]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_rsa_context {
-    pub private_ver: crate::c_types::c_int,
-    pub private_len: size_t,
-    pub private_N: mbedtls_mpi,
-    pub private_E: mbedtls_mpi,
-    pub private_D: mbedtls_mpi,
-    pub private_P: mbedtls_mpi,
-    pub private_Q: mbedtls_mpi,
-    pub private_DP: mbedtls_mpi,
-    pub private_DQ: mbedtls_mpi,
-    pub private_QP: mbedtls_mpi,
-    pub private_RN: mbedtls_mpi,
-    pub private_RP: mbedtls_mpi,
-    pub private_RQ: mbedtls_mpi,
-    pub private_Vi: mbedtls_mpi,
-    pub private_Vf: mbedtls_mpi,
-    pub private_padding: crate::c_types::c_int,
-    pub private_hash_id: crate::c_types::c_int,
-}
-extern "C" {
-    #[doc = " \\brief          This function initializes an RSA context."]
-    #[doc = ""]
-    #[doc = " \\note           This function initializes the padding and the hash"]
-    #[doc = "                 identifier to respectively #MBEDTLS_RSA_PKCS_V15 and"]
-    #[doc = "                 #MBEDTLS_MD_NONE. See mbedtls_rsa_set_padding() for more"]
-    #[doc = "                 information about those parameters."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The RSA context to initialize. This must not be \\c NULL."]
-    pub fn mbedtls_rsa_init(ctx: *mut mbedtls_rsa_context);
-}
-extern "C" {
-    #[doc = " \\brief          This function sets padding for an already initialized RSA"]
-    #[doc = "                 context."]
-    #[doc = ""]
-    #[doc = " \\note           Set padding to #MBEDTLS_RSA_PKCS_V21 for the RSAES-OAEP"]
-    #[doc = "                 encryption scheme and the RSASSA-PSS signature scheme."]
-    #[doc = ""]
-    #[doc = " \\note           The \\p hash_id parameter is ignored when using"]
-    #[doc = "                 #MBEDTLS_RSA_PKCS_V15 padding."]
-    #[doc = ""]
-    #[doc = " \\note           The choice of padding mode is strictly enforced for private"]
-    #[doc = "                 key operations, since there might be security concerns in"]
-    #[doc = "                 mixing padding modes. For public key operations it is"]
-    #[doc = "                 a default value, which can be overridden by calling specific"]
-    #[doc = "                 \\c mbedtls_rsa_rsaes_xxx or \\c mbedtls_rsa_rsassa_xxx"]
-    #[doc = "                 functions."]
-    #[doc = ""]
-    #[doc = " \\note           The hash selected in \\p hash_id is always used for OEAP"]
-    #[doc = "                 encryption. For PSS signatures, it is always used for"]
-    #[doc = "                 making signatures, but can be overridden for verifying them."]
-    #[doc = "                 If set to #MBEDTLS_MD_NONE, it is always overridden."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The initialized RSA context to be configured."]
-    #[doc = " \\param padding  The padding mode to use. This must be either"]
-    #[doc = "                 #MBEDTLS_RSA_PKCS_V15 or #MBEDTLS_RSA_PKCS_V21."]
-    #[doc = " \\param hash_id  The hash identifier for PSS or OAEP, if \\p padding is"]
-    #[doc = "                 #MBEDTLS_RSA_PKCS_V21. #MBEDTLS_MD_NONE is accepted by this"]
-    #[doc = "                 function but may be not suitable for some operations."]
-    #[doc = "                 Ignored if \\p padding is #MBEDTLS_RSA_PKCS_V15."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         #MBEDTLS_ERR_RSA_INVALID_PADDING failure:"]
-    #[doc = "                 \\p padding or \\p hash_id is invalid."]
-    pub fn mbedtls_rsa_set_padding(
-        ctx: *mut mbedtls_rsa_context,
-        padding: crate::c_types::c_int,
-        hash_id: mbedtls_md_type_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function retrieves padding mode of initialized"]
-    #[doc = "                 RSA context."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The initialized RSA context."]
-    #[doc = ""]
-    #[doc = " \\return         RSA padding mode."]
-    #[doc = ""]
-    pub fn mbedtls_rsa_get_padding_mode(ctx: *const mbedtls_rsa_context) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function retrieves hash identifier of mbedtls_md_type_t"]
-    #[doc = "                 type."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The initialized RSA context."]
-    #[doc = ""]
-    #[doc = " \\return         Hash identifier of mbedtls_md_type_t type."]
-    #[doc = ""]
-    pub fn mbedtls_rsa_get_md_alg(ctx: *const mbedtls_rsa_context) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function imports a set of core parameters into an"]
-    #[doc = "                 RSA context."]
-    #[doc = ""]
-    #[doc = " \\note           This function can be called multiple times for successive"]
-    #[doc = "                 imports, if the parameters are not simultaneously present."]
-    #[doc = ""]
-    #[doc = "                 Any sequence of calls to this function should be followed"]
-    #[doc = "                 by a call to mbedtls_rsa_complete(), which checks and"]
-    #[doc = "                 completes the provided information to a ready-for-use"]
-    #[doc = "                 public or private RSA key."]
-    #[doc = ""]
-    #[doc = " \\note           See mbedtls_rsa_complete() for more information on which"]
-    #[doc = "                 parameters are necessary to set up a private or public"]
-    #[doc = "                 RSA key."]
-    #[doc = ""]
-    #[doc = " \\note           The imported parameters are copied and need not be preserved"]
-    #[doc = "                 for the lifetime of the RSA context being set up."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The initialized RSA context to store the parameters in."]
-    #[doc = " \\param N        The RSA modulus. This may be \\c NULL."]
-    #[doc = " \\param P        The first prime factor of \\p N. This may be \\c NULL."]
-    #[doc = " \\param Q        The second prime factor of \\p N. This may be \\c NULL."]
-    #[doc = " \\param D        The private exponent. This may be \\c NULL."]
-    #[doc = " \\param E        The public exponent. This may be \\c NULL."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         A non-zero error code on failure."]
-    pub fn mbedtls_rsa_import(
-        ctx: *mut mbedtls_rsa_context,
-        N: *const mbedtls_mpi,
-        P: *const mbedtls_mpi,
-        Q: *const mbedtls_mpi,
-        D: *const mbedtls_mpi,
-        E: *const mbedtls_mpi,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function imports core RSA parameters, in raw big-endian"]
-    #[doc = "                 binary format, into an RSA context."]
-    #[doc = ""]
-    #[doc = " \\note           This function can be called multiple times for successive"]
-    #[doc = "                 imports, if the parameters are not simultaneously present."]
-    #[doc = ""]
-    #[doc = "                 Any sequence of calls to this function should be followed"]
-    #[doc = "                 by a call to mbedtls_rsa_complete(), which checks and"]
-    #[doc = "                 completes the provided information to a ready-for-use"]
-    #[doc = "                 public or private RSA key."]
-    #[doc = ""]
-    #[doc = " \\note           See mbedtls_rsa_complete() for more information on which"]
-    #[doc = "                 parameters are necessary to set up a private or public"]
-    #[doc = "                 RSA key."]
-    #[doc = ""]
-    #[doc = " \\note           The imported parameters are copied and need not be preserved"]
-    #[doc = "                 for the lifetime of the RSA context being set up."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The initialized RSA context to store the parameters in."]
-    #[doc = " \\param N        The RSA modulus. This may be \\c NULL."]
-    #[doc = " \\param N_len    The Byte length of \\p N; it is ignored if \\p N == NULL."]
-    #[doc = " \\param P        The first prime factor of \\p N. This may be \\c NULL."]
-    #[doc = " \\param P_len    The Byte length of \\p P; it is ignored if \\p P == NULL."]
-    #[doc = " \\param Q        The second prime factor of \\p N. This may be \\c NULL."]
-    #[doc = " \\param Q_len    The Byte length of \\p Q; it is ignored if \\p Q == NULL."]
-    #[doc = " \\param D        The private exponent. This may be \\c NULL."]
-    #[doc = " \\param D_len    The Byte length of \\p D; it is ignored if \\p D == NULL."]
-    #[doc = " \\param E        The public exponent. This may be \\c NULL."]
-    #[doc = " \\param E_len    The Byte length of \\p E; it is ignored if \\p E == NULL."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         A non-zero error code on failure."]
-    pub fn mbedtls_rsa_import_raw(
-        ctx: *mut mbedtls_rsa_context,
-        N: *const crate::c_types::c_uchar,
-        N_len: size_t,
-        P: *const crate::c_types::c_uchar,
-        P_len: size_t,
-        Q: *const crate::c_types::c_uchar,
-        Q_len: size_t,
-        D: *const crate::c_types::c_uchar,
-        D_len: size_t,
-        E: *const crate::c_types::c_uchar,
-        E_len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function completes an RSA context from"]
-    #[doc = "                 a set of imported core parameters."]
-    #[doc = ""]
-    #[doc = "                 To setup an RSA public key, precisely \\p N and \\p E"]
-    #[doc = "                 must have been imported."]
-    #[doc = ""]
-    #[doc = "                 To setup an RSA private key, sufficient information must"]
-    #[doc = "                 be present for the other parameters to be derivable."]
-    #[doc = ""]
-    #[doc = "                 The default implementation supports the following:"]
-    #[doc = "                 <ul><li>Derive \\p P, \\p Q from \\p N, \\p D, \\p E.</li>"]
-    #[doc = "                 <li>Derive \\p N, \\p D from \\p P, \\p Q, \\p E.</li></ul>"]
-    #[doc = "                 Alternative implementations need not support these."]
-    #[doc = ""]
-    #[doc = "                 If this function runs successfully, it guarantees that"]
-    #[doc = "                 the RSA context can be used for RSA operations without"]
-    #[doc = "                 the risk of failure or crash."]
-    #[doc = ""]
-    #[doc = " \\warning        This function need not perform consistency checks"]
-    #[doc = "                 for the imported parameters. In particular, parameters that"]
-    #[doc = "                 are not needed by the implementation might be silently"]
-    #[doc = "                 discarded and left unchecked. To check the consistency"]
-    #[doc = "                 of the key material, see mbedtls_rsa_check_privkey()."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The initialized RSA context holding imported parameters."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         #MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the attempted derivations"]
-    #[doc = "                 failed."]
-    #[doc = ""]
-    pub fn mbedtls_rsa_complete(ctx: *mut mbedtls_rsa_context) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function exports the core parameters of an RSA key."]
-    #[doc = ""]
-    #[doc = "                 If this function runs successfully, the non-NULL buffers"]
-    #[doc = "                 pointed to by \\p N, \\p P, \\p Q, \\p D, and \\p E are fully"]
-    #[doc = "                 written, with additional unused space filled leading by"]
-    #[doc = "                 zero Bytes."]
-    #[doc = ""]
-    #[doc = "                 Possible reasons for returning"]
-    #[doc = "                 #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED:<ul>"]
-    #[doc = "                 <li>An alternative RSA implementation is in use, which"]
-    #[doc = "                 stores the key externally, and either cannot or should"]
-    #[doc = "                 not export it into RAM.</li>"]
-    #[doc = "                 <li>A SW or HW implementation might not support a certain"]
-    #[doc = "                 deduction. For example, \\p P, \\p Q from \\p N, \\p D,"]
-    #[doc = "                 and \\p E if the former are not part of the"]
-    #[doc = "                 implementation.</li></ul>"]
-    #[doc = ""]
-    #[doc = "                 If the function fails due to an unsupported operation,"]
-    #[doc = "                 the RSA context stays intact and remains usable."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The initialized RSA context."]
-    #[doc = " \\param N        The MPI to hold the RSA modulus."]
-    #[doc = "                 This may be \\c NULL if this field need not be exported."]
-    #[doc = " \\param P        The MPI to hold the first prime factor of \\p N."]
-    #[doc = "                 This may be \\c NULL if this field need not be exported."]
-    #[doc = " \\param Q        The MPI to hold the second prime factor of \\p N."]
-    #[doc = "                 This may be \\c NULL if this field need not be exported."]
-    #[doc = " \\param D        The MPI to hold the private exponent."]
-    #[doc = "                 This may be \\c NULL if this field need not be exported."]
-    #[doc = " \\param E        The MPI to hold the public exponent."]
-    #[doc = "                 This may be \\c NULL if this field need not be exported."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED if exporting the"]
-    #[doc = "                 requested parameters cannot be done due to missing"]
-    #[doc = "                 functionality or because of security policies."]
-    #[doc = " \\return         A non-zero return code on any other failure."]
-    #[doc = ""]
-    pub fn mbedtls_rsa_export(
-        ctx: *const mbedtls_rsa_context,
-        N: *mut mbedtls_mpi,
-        P: *mut mbedtls_mpi,
-        Q: *mut mbedtls_mpi,
-        D: *mut mbedtls_mpi,
-        E: *mut mbedtls_mpi,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function exports core parameters of an RSA key"]
-    #[doc = "                 in raw big-endian binary format."]
-    #[doc = ""]
-    #[doc = "                 If this function runs successfully, the non-NULL buffers"]
-    #[doc = "                 pointed to by \\p N, \\p P, \\p Q, \\p D, and \\p E are fully"]
-    #[doc = "                 written, with additional unused space filled leading by"]
-    #[doc = "                 zero Bytes."]
-    #[doc = ""]
-    #[doc = "                 Possible reasons for returning"]
-    #[doc = "                 #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED:<ul>"]
-    #[doc = "                 <li>An alternative RSA implementation is in use, which"]
-    #[doc = "                 stores the key externally, and either cannot or should"]
-    #[doc = "                 not export it into RAM.</li>"]
-    #[doc = "                 <li>A SW or HW implementation might not support a certain"]
-    #[doc = "                 deduction. For example, \\p P, \\p Q from \\p N, \\p D,"]
-    #[doc = "                 and \\p E if the former are not part of the"]
-    #[doc = "                 implementation.</li></ul>"]
-    #[doc = "                 If the function fails due to an unsupported operation,"]
-    #[doc = "                 the RSA context stays intact and remains usable."]
-    #[doc = ""]
-    #[doc = " \\note           The length parameters are ignored if the corresponding"]
-    #[doc = "                 buffer pointers are NULL."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The initialized RSA context."]
-    #[doc = " \\param N        The Byte array to store the RSA modulus,"]
-    #[doc = "                 or \\c NULL if this field need not be exported."]
-    #[doc = " \\param N_len    The size of the buffer for the modulus."]
-    #[doc = " \\param P        The Byte array to hold the first prime factor of \\p N,"]
-    #[doc = "                 or \\c NULL if this field need not be exported."]
-    #[doc = " \\param P_len    The size of the buffer for the first prime factor."]
-    #[doc = " \\param Q        The Byte array to hold the second prime factor of \\p N,"]
-    #[doc = "                 or \\c NULL if this field need not be exported."]
-    #[doc = " \\param Q_len    The size of the buffer for the second prime factor."]
-    #[doc = " \\param D        The Byte array to hold the private exponent,"]
-    #[doc = "                 or \\c NULL if this field need not be exported."]
-    #[doc = " \\param D_len    The size of the buffer for the private exponent."]
-    #[doc = " \\param E        The Byte array to hold the public exponent,"]
-    #[doc = "                 or \\c NULL if this field need not be exported."]
-    #[doc = " \\param E_len    The size of the buffer for the public exponent."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED if exporting the"]
-    #[doc = "                 requested parameters cannot be done due to missing"]
-    #[doc = "                 functionality or because of security policies."]
-    #[doc = " \\return         A non-zero return code on any other failure."]
-    pub fn mbedtls_rsa_export_raw(
-        ctx: *const mbedtls_rsa_context,
-        N: *mut crate::c_types::c_uchar,
-        N_len: size_t,
-        P: *mut crate::c_types::c_uchar,
-        P_len: size_t,
-        Q: *mut crate::c_types::c_uchar,
-        Q_len: size_t,
-        D: *mut crate::c_types::c_uchar,
-        D_len: size_t,
-        E: *mut crate::c_types::c_uchar,
-        E_len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function exports CRT parameters of a private RSA key."]
-    #[doc = ""]
-    #[doc = " \\note           Alternative RSA implementations not using CRT-parameters"]
-    #[doc = "                 internally can implement this function based on"]
-    #[doc = "                 mbedtls_rsa_deduce_opt()."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The initialized RSA context."]
-    #[doc = " \\param DP       The MPI to hold \\c D modulo `P-1`,"]
-    #[doc = "                 or \\c NULL if it need not be exported."]
-    #[doc = " \\param DQ       The MPI to hold \\c D modulo `Q-1`,"]
-    #[doc = "                 or \\c NULL if it need not be exported."]
-    #[doc = " \\param QP       The MPI to hold modular inverse of \\c Q modulo \\c P,"]
-    #[doc = "                 or \\c NULL if it need not be exported."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         A non-zero error code on failure."]
-    #[doc = ""]
-    pub fn mbedtls_rsa_export_crt(
-        ctx: *const mbedtls_rsa_context,
-        DP: *mut mbedtls_mpi,
-        DQ: *mut mbedtls_mpi,
-        QP: *mut mbedtls_mpi,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function retrieves the length of RSA modulus in Bytes."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The initialized RSA context."]
-    #[doc = ""]
-    #[doc = " \\return         The length of the RSA modulus in Bytes."]
-    #[doc = ""]
-    pub fn mbedtls_rsa_get_len(ctx: *const mbedtls_rsa_context) -> size_t;
-}
-extern "C" {
-    #[doc = " \\brief          This function generates an RSA keypair."]
-    #[doc = ""]
-    #[doc = " \\note           mbedtls_rsa_init() must be called before this function,"]
-    #[doc = "                 to set up the RSA context."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The initialized RSA context used to hold the key."]
-    #[doc = " \\param f_rng    The RNG function to be used for key generation."]
-    #[doc = "                 This is mandatory and must not be \\c NULL."]
-    #[doc = " \\param p_rng    The RNG context to be passed to \\p f_rng."]
-    #[doc = "                 This may be \\c NULL if \\p f_rng doesn't need a context."]
-    #[doc = " \\param nbits    The size of the public key in bits."]
-    #[doc = " \\param exponent The public exponent to use. For example, \\c 65537."]
-    #[doc = "                 This must be odd and greater than \\c 1."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         An \\c MBEDTLS_ERR_RSA_XXX error code on failure."]
-    pub fn mbedtls_rsa_gen_key(
-        ctx: *mut mbedtls_rsa_context,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-        nbits: crate::c_types::c_uint,
-        exponent: crate::c_types::c_int,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function checks if a context contains at least an RSA"]
-    #[doc = "                 public key."]
-    #[doc = ""]
-    #[doc = "                 If the function runs successfully, it is guaranteed that"]
-    #[doc = "                 enough information is present to perform an RSA public key"]
-    #[doc = "                 operation using mbedtls_rsa_public()."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The initialized RSA context to check."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         An \\c MBEDTLS_ERR_RSA_XXX error code on failure."]
-    #[doc = ""]
-    pub fn mbedtls_rsa_check_pubkey(ctx: *const mbedtls_rsa_context) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief      This function checks if a context contains an RSA private key"]
-    #[doc = "             and perform basic consistency checks."]
-    #[doc = ""]
-    #[doc = " \\note       The consistency checks performed by this function not only"]
-    #[doc = "             ensure that mbedtls_rsa_private() can be called successfully"]
-    #[doc = "             on the given context, but that the various parameters are"]
-    #[doc = "             mutually consistent with high probability, in the sense that"]
-    #[doc = "             mbedtls_rsa_public() and mbedtls_rsa_private() are inverses."]
-    #[doc = ""]
-    #[doc = " \\warning    This function should catch accidental misconfigurations"]
-    #[doc = "             like swapping of parameters, but it cannot establish full"]
-    #[doc = "             trust in neither the quality nor the consistency of the key"]
-    #[doc = "             material that was used to setup the given RSA context:"]
-    #[doc = "             <ul><li>Consistency: Imported parameters that are irrelevant"]
-    #[doc = "             for the implementation might be silently dropped. If dropped,"]
-    #[doc = "             the current function does not have access to them,"]
-    #[doc = "             and therefore cannot check them. See mbedtls_rsa_complete()."]
-    #[doc = "             If you want to check the consistency of the entire"]
-    #[doc = "             content of a PKCS1-encoded RSA private key, for example, you"]
-    #[doc = "             should use mbedtls_rsa_validate_params() before setting"]
-    #[doc = "             up the RSA context."]
-    #[doc = "             Additionally, if the implementation performs empirical checks,"]
-    #[doc = "             these checks substantiate but do not guarantee consistency.</li>"]
-    #[doc = "             <li>Quality: This function is not expected to perform"]
-    #[doc = "             extended quality assessments like checking that the prime"]
-    #[doc = "             factors are safe. Additionally, it is the responsibility of the"]
-    #[doc = "             user to ensure the trustworthiness of the source of his RSA"]
-    #[doc = "             parameters, which goes beyond what is effectively checkable"]
-    #[doc = "             by the library.</li></ul>"]
-    #[doc = ""]
-    #[doc = " \\param ctx  The initialized RSA context to check."]
-    #[doc = ""]
-    #[doc = " \\return     \\c 0 on success."]
-    #[doc = " \\return     An \\c MBEDTLS_ERR_RSA_XXX error code on failure."]
-    pub fn mbedtls_rsa_check_privkey(ctx: *const mbedtls_rsa_context) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function checks a public-private RSA key pair."]
-    #[doc = ""]
-    #[doc = "                 It checks each of the contexts, and makes sure they match."]
-    #[doc = ""]
-    #[doc = " \\param pub      The initialized RSA context holding the public key."]
-    #[doc = " \\param prv      The initialized RSA context holding the private key."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         An \\c MBEDTLS_ERR_RSA_XXX error code on failure."]
-    pub fn mbedtls_rsa_check_pub_priv(
-        pub_: *const mbedtls_rsa_context,
-        prv: *const mbedtls_rsa_context,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function performs an RSA public key operation."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The initialized RSA context to use."]
-    #[doc = " \\param input    The input buffer. This must be a readable buffer"]
-    #[doc = "                 of length \\c ctx->len Bytes. For example, \\c 256 Bytes"]
-    #[doc = "                 for an 2048-bit RSA modulus."]
-    #[doc = " \\param output   The output buffer. This must be a writable buffer"]
-    #[doc = "                 of length \\c ctx->len Bytes. For example, \\c 256 Bytes"]
-    #[doc = "                 for an 2048-bit RSA modulus."]
-    #[doc = ""]
-    #[doc = " \\note           This function does not handle message padding."]
-    #[doc = ""]
-    #[doc = " \\note           Make sure to set \\p input[0] = 0 or ensure that"]
-    #[doc = "                 input is smaller than \\p N."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         An \\c MBEDTLS_ERR_RSA_XXX error code on failure."]
-    pub fn mbedtls_rsa_public(
-        ctx: *mut mbedtls_rsa_context,
-        input: *const crate::c_types::c_uchar,
-        output: *mut crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function performs an RSA private key operation."]
-    #[doc = ""]
-    #[doc = " \\note           Blinding is used if and only if a PRNG is provided."]
-    #[doc = ""]
-    #[doc = " \\note           If blinding is used, both the base of exponentiation"]
-    #[doc = "                 and the exponent are blinded, providing protection"]
-    #[doc = "                 against some side-channel attacks."]
-    #[doc = ""]
-    #[doc = " \\warning        It is deprecated and a security risk to not provide"]
-    #[doc = "                 a PRNG here and thereby prevent the use of blinding."]
-    #[doc = "                 Future versions of the library may enforce the presence"]
-    #[doc = "                 of a PRNG."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The initialized RSA context to use."]
-    #[doc = " \\param f_rng    The RNG function, used for blinding. It is mandatory."]
-    #[doc = " \\param p_rng    The RNG context to pass to \\p f_rng. This may be \\c NULL"]
-    #[doc = "                 if \\p f_rng doesn't need a context."]
-    #[doc = " \\param input    The input buffer. This must be a readable buffer"]
-    #[doc = "                 of length \\c ctx->len Bytes. For example, \\c 256 Bytes"]
-    #[doc = "                 for an 2048-bit RSA modulus."]
-    #[doc = " \\param output   The output buffer. This must be a writable buffer"]
-    #[doc = "                 of length \\c ctx->len Bytes. For example, \\c 256 Bytes"]
-    #[doc = "                 for an 2048-bit RSA modulus."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         An \\c MBEDTLS_ERR_RSA_XXX error code on failure."]
-    #[doc = ""]
-    pub fn mbedtls_rsa_private(
-        ctx: *mut mbedtls_rsa_context,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-        input: *const crate::c_types::c_uchar,
-        output: *mut crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function adds the message padding, then performs an RSA"]
-    #[doc = "                 operation."]
-    #[doc = ""]
-    #[doc = "                 It is the generic wrapper for performing a PKCS#1 encryption"]
-    #[doc = "                 operation."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The initialized RSA context to use."]
-    #[doc = " \\param f_rng    The RNG to use. It is used for padding generation"]
-    #[doc = "                 and it is mandatory."]
-    #[doc = " \\param p_rng    The RNG context to be passed to \\p f_rng. May be"]
-    #[doc = "                 \\c NULL if \\p f_rng doesn't need a context argument."]
-    #[doc = " \\param ilen     The length of the plaintext in Bytes."]
-    #[doc = " \\param input    The input data to encrypt. This must be a readable"]
-    #[doc = "                 buffer of size \\p ilen Bytes. It may be \\c NULL if"]
-    #[doc = "                 `ilen == 0`."]
-    #[doc = " \\param output   The output buffer. This must be a writable buffer"]
-    #[doc = "                 of length \\c ctx->len Bytes. For example, \\c 256 Bytes"]
-    #[doc = "                 for an 2048-bit RSA modulus."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         An \\c MBEDTLS_ERR_RSA_XXX error code on failure."]
-    pub fn mbedtls_rsa_pkcs1_encrypt(
-        ctx: *mut mbedtls_rsa_context,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-        ilen: size_t,
-        input: *const crate::c_types::c_uchar,
-        output: *mut crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function performs a PKCS#1 v1.5 encryption operation"]
-    #[doc = "                 (RSAES-PKCS1-v1_5-ENCRYPT)."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The initialized RSA context to use."]
-    #[doc = " \\param f_rng    The RNG function to use. It is mandatory and used for"]
-    #[doc = "                 padding generation."]
-    #[doc = " \\param p_rng    The RNG context to be passed to \\p f_rng. This may"]
-    #[doc = "                 be \\c NULL if \\p f_rng doesn't need a context argument."]
-    #[doc = " \\param ilen     The length of the plaintext in Bytes."]
-    #[doc = " \\param input    The input data to encrypt. This must be a readable"]
-    #[doc = "                 buffer of size \\p ilen Bytes. It may be \\c NULL if"]
-    #[doc = "                 `ilen == 0`."]
-    #[doc = " \\param output   The output buffer. This must be a writable buffer"]
-    #[doc = "                 of length \\c ctx->len Bytes. For example, \\c 256 Bytes"]
-    #[doc = "                 for an 2048-bit RSA modulus."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         An \\c MBEDTLS_ERR_RSA_XXX error code on failure."]
-    pub fn mbedtls_rsa_rsaes_pkcs1_v15_encrypt(
-        ctx: *mut mbedtls_rsa_context,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-        ilen: size_t,
-        input: *const crate::c_types::c_uchar,
-        output: *mut crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief            This function performs a PKCS#1 v2.1 OAEP encryption"]
-    #[doc = "                   operation (RSAES-OAEP-ENCRYPT)."]
-    #[doc = ""]
-    #[doc = " \\note             The output buffer must be as large as the size"]
-    #[doc = "                   of ctx->N. For example, 128 Bytes if RSA-1024 is used."]
-    #[doc = ""]
-    #[doc = " \\param ctx        The initialized RSA context to use."]
-    #[doc = " \\param f_rng      The RNG function to use. This is needed for padding"]
-    #[doc = "                   generation and is mandatory."]
-    #[doc = " \\param p_rng      The RNG context to be passed to \\p f_rng. This may"]
-    #[doc = "                   be \\c NULL if \\p f_rng doesn't need a context argument."]
-    #[doc = " \\param label      The buffer holding the custom label to use."]
-    #[doc = "                   This must be a readable buffer of length \\p label_len"]
-    #[doc = "                   Bytes. It may be \\c NULL if \\p label_len is \\c 0."]
-    #[doc = " \\param label_len  The length of the label in Bytes."]
-    #[doc = " \\param ilen       The length of the plaintext buffer \\p input in Bytes."]
-    #[doc = " \\param input      The input data to encrypt. This must be a readable"]
-    #[doc = "                   buffer of size \\p ilen Bytes. It may be \\c NULL if"]
-    #[doc = "                   `ilen == 0`."]
-    #[doc = " \\param output     The output buffer. This must be a writable buffer"]
-    #[doc = "                   of length \\c ctx->len Bytes. For example, \\c 256 Bytes"]
-    #[doc = "                   for an 2048-bit RSA modulus."]
-    #[doc = ""]
-    #[doc = " \\return           \\c 0 on success."]
-    #[doc = " \\return           An \\c MBEDTLS_ERR_RSA_XXX error code on failure."]
-    pub fn mbedtls_rsa_rsaes_oaep_encrypt(
-        ctx: *mut mbedtls_rsa_context,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-        label: *const crate::c_types::c_uchar,
-        label_len: size_t,
-        ilen: size_t,
-        input: *const crate::c_types::c_uchar,
-        output: *mut crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function performs an RSA operation, then removes the"]
-    #[doc = "                 message padding."]
-    #[doc = ""]
-    #[doc = "                 It is the generic wrapper for performing a PKCS#1 decryption"]
-    #[doc = "                 operation."]
-    #[doc = ""]
-    #[doc = " \\note           The output buffer length \\c output_max_len should be"]
-    #[doc = "                 as large as the size \\p ctx->len of \\p ctx->N (for example,"]
-    #[doc = "                 128 Bytes if RSA-1024 is used) to be able to hold an"]
-    #[doc = "                 arbitrary decrypted message. If it is not large enough to"]
-    #[doc = "                 hold the decryption of the particular ciphertext provided,"]
-    #[doc = "                 the function returns \\c MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The initialized RSA context to use."]
-    #[doc = " \\param f_rng    The RNG function. This is used for blinding and is"]
-    #[doc = "                 mandatory; see mbedtls_rsa_private() for more."]
-    #[doc = " \\param p_rng    The RNG context to be passed to \\p f_rng. This may be"]
-    #[doc = "                 \\c NULL if \\p f_rng doesn't need a context."]
-    #[doc = " \\param olen     The address at which to store the length of"]
-    #[doc = "                 the plaintext. This must not be \\c NULL."]
-    #[doc = " \\param input    The ciphertext buffer. This must be a readable buffer"]
-    #[doc = "                 of length \\c ctx->len Bytes. For example, \\c 256 Bytes"]
-    #[doc = "                 for an 2048-bit RSA modulus."]
-    #[doc = " \\param output   The buffer used to hold the plaintext. This must"]
-    #[doc = "                 be a writable buffer of length \\p output_max_len Bytes."]
-    #[doc = " \\param output_max_len The length in Bytes of the output buffer \\p output."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         An \\c MBEDTLS_ERR_RSA_XXX error code on failure."]
-    pub fn mbedtls_rsa_pkcs1_decrypt(
-        ctx: *mut mbedtls_rsa_context,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-        olen: *mut size_t,
-        input: *const crate::c_types::c_uchar,
-        output: *mut crate::c_types::c_uchar,
-        output_max_len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function performs a PKCS#1 v1.5 decryption"]
-    #[doc = "                 operation (RSAES-PKCS1-v1_5-DECRYPT)."]
-    #[doc = ""]
-    #[doc = " \\note           The output buffer length \\c output_max_len should be"]
-    #[doc = "                 as large as the size \\p ctx->len of \\p ctx->N, for example,"]
-    #[doc = "                 128 Bytes if RSA-1024 is used, to be able to hold an"]
-    #[doc = "                 arbitrary decrypted message. If it is not large enough to"]
-    #[doc = "                 hold the decryption of the particular ciphertext provided,"]
-    #[doc = "                 the function returns #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The initialized RSA context to use."]
-    #[doc = " \\param f_rng    The RNG function. This is used for blinding and is"]
-    #[doc = "                 mandatory; see mbedtls_rsa_private() for more."]
-    #[doc = " \\param p_rng    The RNG context to be passed to \\p f_rng. This may be"]
-    #[doc = "                 \\c NULL if \\p f_rng doesn't need a context."]
-    #[doc = " \\param olen     The address at which to store the length of"]
-    #[doc = "                 the plaintext. This must not be \\c NULL."]
-    #[doc = " \\param input    The ciphertext buffer. This must be a readable buffer"]
-    #[doc = "                 of length \\c ctx->len Bytes. For example, \\c 256 Bytes"]
-    #[doc = "                 for an 2048-bit RSA modulus."]
-    #[doc = " \\param output   The buffer used to hold the plaintext. This must"]
-    #[doc = "                 be a writable buffer of length \\p output_max_len Bytes."]
-    #[doc = " \\param output_max_len The length in Bytes of the output buffer \\p output."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         An \\c MBEDTLS_ERR_RSA_XXX error code on failure."]
-    #[doc = ""]
-    pub fn mbedtls_rsa_rsaes_pkcs1_v15_decrypt(
-        ctx: *mut mbedtls_rsa_context,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-        olen: *mut size_t,
-        input: *const crate::c_types::c_uchar,
-        output: *mut crate::c_types::c_uchar,
-        output_max_len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief            This function performs a PKCS#1 v2.1 OAEP decryption"]
-    #[doc = "                   operation (RSAES-OAEP-DECRYPT)."]
-    #[doc = ""]
-    #[doc = " \\note             The output buffer length \\c output_max_len should be"]
-    #[doc = "                   as large as the size \\p ctx->len of \\p ctx->N, for"]
-    #[doc = "                   example, 128 Bytes if RSA-1024 is used, to be able to"]
-    #[doc = "                   hold an arbitrary decrypted message. If it is not"]
-    #[doc = "                   large enough to hold the decryption of the particular"]
-    #[doc = "                   ciphertext provided, the function returns"]
-    #[doc = "                   #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE."]
-    #[doc = ""]
-    #[doc = " \\param ctx        The initialized RSA context to use."]
-    #[doc = " \\param f_rng      The RNG function. This is used for blinding and is"]
-    #[doc = "                   mandatory."]
-    #[doc = " \\param p_rng      The RNG context to be passed to \\p f_rng. This may be"]
-    #[doc = "                   \\c NULL if \\p f_rng doesn't need a context."]
-    #[doc = " \\param label      The buffer holding the custom label to use."]
-    #[doc = "                   This must be a readable buffer of length \\p label_len"]
-    #[doc = "                   Bytes. It may be \\c NULL if \\p label_len is \\c 0."]
-    #[doc = " \\param label_len  The length of the label in Bytes."]
-    #[doc = " \\param olen       The address at which to store the length of"]
-    #[doc = "                   the plaintext. This must not be \\c NULL."]
-    #[doc = " \\param input      The ciphertext buffer. This must be a readable buffer"]
-    #[doc = "                   of length \\c ctx->len Bytes. For example, \\c 256 Bytes"]
-    #[doc = "                   for an 2048-bit RSA modulus."]
-    #[doc = " \\param output     The buffer used to hold the plaintext. This must"]
-    #[doc = "                   be a writable buffer of length \\p output_max_len Bytes."]
-    #[doc = " \\param output_max_len The length in Bytes of the output buffer \\p output."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         An \\c MBEDTLS_ERR_RSA_XXX error code on failure."]
-    pub fn mbedtls_rsa_rsaes_oaep_decrypt(
-        ctx: *mut mbedtls_rsa_context,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-        label: *const crate::c_types::c_uchar,
-        label_len: size_t,
-        olen: *mut size_t,
-        input: *const crate::c_types::c_uchar,
-        output: *mut crate::c_types::c_uchar,
-        output_max_len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function performs a private RSA operation to sign"]
-    #[doc = "                 a message digest using PKCS#1."]
-    #[doc = ""]
-    #[doc = "                 It is the generic wrapper for performing a PKCS#1"]
-    #[doc = "                 signature."]
-    #[doc = ""]
-    #[doc = " \\note           The \\p sig buffer must be as large as the size"]
-    #[doc = "                 of \\p ctx->N. For example, 128 Bytes if RSA-1024 is used."]
-    #[doc = ""]
-    #[doc = " \\note           For PKCS#1 v2.1 encoding, see comments on"]
-    #[doc = "                 mbedtls_rsa_rsassa_pss_sign() for details on"]
-    #[doc = "                 \\p md_alg and \\p hash_id."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The initialized RSA context to use."]
-    #[doc = " \\param f_rng    The RNG function to use. This is mandatory and"]
-    #[doc = "                 must not be \\c NULL."]
-    #[doc = " \\param p_rng    The RNG context to be passed to \\p f_rng. This may be \\c NULL"]
-    #[doc = "                 if \\p f_rng doesn't need a context argument."]
-    #[doc = " \\param md_alg   The message-digest algorithm used to hash the original data."]
-    #[doc = "                 Use #MBEDTLS_MD_NONE for signing raw data."]
-    #[doc = " \\param hashlen  The length of the message digest or raw data in Bytes."]
-    #[doc = "                 If \\p md_alg is not #MBEDTLS_MD_NONE, this must match the"]
-    #[doc = "                 output length of the corresponding hash algorithm."]
-    #[doc = " \\param hash     The buffer holding the message digest or raw data."]
-    #[doc = "                 This must be a readable buffer of at least \\p hashlen Bytes."]
-    #[doc = " \\param sig      The buffer to hold the signature. This must be a writable"]
-    #[doc = "                 buffer of length \\c ctx->len Bytes. For example, \\c 256 Bytes"]
-    #[doc = "                 for an 2048-bit RSA modulus. A buffer length of"]
-    #[doc = "                 #MBEDTLS_MPI_MAX_SIZE is always safe."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if the signing operation was successful."]
-    #[doc = " \\return         An \\c MBEDTLS_ERR_RSA_XXX error code on failure."]
-    pub fn mbedtls_rsa_pkcs1_sign(
-        ctx: *mut mbedtls_rsa_context,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-        md_alg: mbedtls_md_type_t,
-        hashlen: crate::c_types::c_uint,
-        hash: *const crate::c_types::c_uchar,
-        sig: *mut crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function performs a PKCS#1 v1.5 signature"]
-    #[doc = "                 operation (RSASSA-PKCS1-v1_5-SIGN)."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The initialized RSA context to use."]
-    #[doc = " \\param f_rng    The RNG function. This is used for blinding and is"]
-    #[doc = "                 mandatory; see mbedtls_rsa_private() for more."]
-    #[doc = " \\param p_rng    The RNG context to be passed to \\p f_rng. This may be \\c NULL"]
-    #[doc = "                 if \\p f_rng doesn't need a context argument."]
-    #[doc = " \\param md_alg   The message-digest algorithm used to hash the original data."]
-    #[doc = "                 Use #MBEDTLS_MD_NONE for signing raw data."]
-    #[doc = " \\param hashlen  The length of the message digest or raw data in Bytes."]
-    #[doc = "                 If \\p md_alg is not #MBEDTLS_MD_NONE, this must match the"]
-    #[doc = "                 output length of the corresponding hash algorithm."]
-    #[doc = " \\param hash     The buffer holding the message digest or raw data."]
-    #[doc = "                 This must be a readable buffer of at least \\p hashlen Bytes."]
-    #[doc = " \\param sig      The buffer to hold the signature. This must be a writable"]
-    #[doc = "                 buffer of length \\c ctx->len Bytes. For example, \\c 256 Bytes"]
-    #[doc = "                 for an 2048-bit RSA modulus. A buffer length of"]
-    #[doc = "                 #MBEDTLS_MPI_MAX_SIZE is always safe."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if the signing operation was successful."]
-    #[doc = " \\return         An \\c MBEDTLS_ERR_RSA_XXX error code on failure."]
-    pub fn mbedtls_rsa_rsassa_pkcs1_v15_sign(
-        ctx: *mut mbedtls_rsa_context,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-        md_alg: mbedtls_md_type_t,
-        hashlen: crate::c_types::c_uint,
-        hash: *const crate::c_types::c_uchar,
-        sig: *mut crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function performs a PKCS#1 v2.1 PSS signature"]
-    #[doc = "                 operation (RSASSA-PSS-SIGN)."]
-    #[doc = ""]
-    #[doc = " \\note           The \\c hash_id set in \\p ctx by calling"]
-    #[doc = "                 mbedtls_rsa_set_padding() selects the hash used for the"]
-    #[doc = "                 encoding operation and for the mask generation function"]
-    #[doc = "                 (MGF1). For more details on the encoding operation and the"]
-    #[doc = "                 mask generation function, consult <em>RFC-3447: Public-Key"]
-    #[doc = "                 Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography"]
-    #[doc = "                 Specifications</em>."]
-    #[doc = ""]
-    #[doc = " \\note           This function enforces that the provided salt length complies"]
-    #[doc = "                 with FIPS 186-4 §5.5 (e) and RFC 8017 (PKCS#1 v2.2) §9.1.1"]
-    #[doc = "                 step 3. The constraint is that the hash length plus the salt"]
-    #[doc = "                 length plus 2 bytes must be at most the key length. If this"]
-    #[doc = "                 constraint is not met, this function returns"]
-    #[doc = "                 #MBEDTLS_ERR_RSA_BAD_INPUT_DATA."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The initialized RSA context to use."]
-    #[doc = " \\param f_rng    The RNG function. It is mandatory and must not be \\c NULL."]
-    #[doc = " \\param p_rng    The RNG context to be passed to \\p f_rng. This may be \\c NULL"]
-    #[doc = "                 if \\p f_rng doesn't need a context argument."]
-    #[doc = " \\param md_alg   The message-digest algorithm used to hash the original data."]
-    #[doc = "                 Use #MBEDTLS_MD_NONE for signing raw data."]
-    #[doc = " \\param hashlen  The length of the message digest or raw data in Bytes."]
-    #[doc = "                 If \\p md_alg is not #MBEDTLS_MD_NONE, this must match the"]
-    #[doc = "                 output length of the corresponding hash algorithm."]
-    #[doc = " \\param hash     The buffer holding the message digest or raw data."]
-    #[doc = "                 This must be a readable buffer of at least \\p hashlen Bytes."]
-    #[doc = " \\param saltlen  The length of the salt that should be used."]
-    #[doc = "                 If passed #MBEDTLS_RSA_SALT_LEN_ANY, the function will use"]
-    #[doc = "                 the largest possible salt length up to the hash length,"]
-    #[doc = "                 which is the largest permitted by some standards including"]
-    #[doc = "                 FIPS 186-4 §5.5."]
-    #[doc = " \\param sig      The buffer to hold the signature. This must be a writable"]
-    #[doc = "                 buffer of length \\c ctx->len Bytes. For example, \\c 256 Bytes"]
-    #[doc = "                 for an 2048-bit RSA modulus. A buffer length of"]
-    #[doc = "                 #MBEDTLS_MPI_MAX_SIZE is always safe."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if the signing operation was successful."]
-    #[doc = " \\return         An \\c MBEDTLS_ERR_RSA_XXX error code on failure."]
-    pub fn mbedtls_rsa_rsassa_pss_sign_ext(
-        ctx: *mut mbedtls_rsa_context,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-        md_alg: mbedtls_md_type_t,
-        hashlen: crate::c_types::c_uint,
-        hash: *const crate::c_types::c_uchar,
-        saltlen: crate::c_types::c_int,
-        sig: *mut crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function performs a PKCS#1 v2.1 PSS signature"]
-    #[doc = "                 operation (RSASSA-PSS-SIGN)."]
-    #[doc = ""]
-    #[doc = " \\note           The \\c hash_id set in \\p ctx by calling"]
-    #[doc = "                 mbedtls_rsa_set_padding() selects the hash used for the"]
-    #[doc = "                 encoding operation and for the mask generation function"]
-    #[doc = "                 (MGF1). For more details on the encoding operation and the"]
-    #[doc = "                 mask generation function, consult <em>RFC-3447: Public-Key"]
-    #[doc = "                 Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography"]
-    #[doc = "                 Specifications</em>."]
-    #[doc = ""]
-    #[doc = " \\note           This function always uses the maximum possible salt size,"]
-    #[doc = "                 up to the length of the payload hash. This choice of salt"]
-    #[doc = "                 size complies with FIPS 186-4 §5.5 (e) and RFC 8017 (PKCS#1"]
-    #[doc = "                 v2.2) §9.1.1 step 3. Furthermore this function enforces a"]
-    #[doc = "                 minimum salt size which is the hash size minus 2 bytes. If"]
-    #[doc = "                 this minimum size is too large given the key size (the salt"]
-    #[doc = "                 size, plus the hash size, plus 2 bytes must be no more than"]
-    #[doc = "                 the key size in bytes), this function returns"]
-    #[doc = "                 #MBEDTLS_ERR_RSA_BAD_INPUT_DATA."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The initialized RSA context to use."]
-    #[doc = " \\param f_rng    The RNG function. It is mandatory and must not be \\c NULL."]
-    #[doc = " \\param p_rng    The RNG context to be passed to \\p f_rng. This may be \\c NULL"]
-    #[doc = "                 if \\p f_rng doesn't need a context argument."]
-    #[doc = " \\param md_alg   The message-digest algorithm used to hash the original data."]
-    #[doc = "                 Use #MBEDTLS_MD_NONE for signing raw data."]
-    #[doc = " \\param hashlen  The length of the message digest or raw data in Bytes."]
-    #[doc = "                 If \\p md_alg is not #MBEDTLS_MD_NONE, this must match the"]
-    #[doc = "                 output length of the corresponding hash algorithm."]
-    #[doc = " \\param hash     The buffer holding the message digest or raw data."]
-    #[doc = "                 This must be a readable buffer of at least \\p hashlen Bytes."]
-    #[doc = " \\param sig      The buffer to hold the signature. This must be a writable"]
-    #[doc = "                 buffer of length \\c ctx->len Bytes. For example, \\c 256 Bytes"]
-    #[doc = "                 for an 2048-bit RSA modulus. A buffer length of"]
-    #[doc = "                 #MBEDTLS_MPI_MAX_SIZE is always safe."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if the signing operation was successful."]
-    #[doc = " \\return         An \\c MBEDTLS_ERR_RSA_XXX error code on failure."]
-    pub fn mbedtls_rsa_rsassa_pss_sign(
-        ctx: *mut mbedtls_rsa_context,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-        md_alg: mbedtls_md_type_t,
-        hashlen: crate::c_types::c_uint,
-        hash: *const crate::c_types::c_uchar,
-        sig: *mut crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function performs a public RSA operation and checks"]
-    #[doc = "                 the message digest."]
-    #[doc = ""]
-    #[doc = "                 This is the generic wrapper for performing a PKCS#1"]
-    #[doc = "                 verification."]
-    #[doc = ""]
-    #[doc = " \\note           For PKCS#1 v2.1 encoding, see comments on"]
-    #[doc = "                 mbedtls_rsa_rsassa_pss_verify() about \\p md_alg and"]
-    #[doc = "                 \\p hash_id."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The initialized RSA public key context to use."]
-    #[doc = " \\param md_alg   The message-digest algorithm used to hash the original data."]
-    #[doc = "                 Use #MBEDTLS_MD_NONE for signing raw data."]
-    #[doc = " \\param hashlen  The length of the message digest or raw data in Bytes."]
-    #[doc = "                 If \\p md_alg is not #MBEDTLS_MD_NONE, this must match the"]
-    #[doc = "                 output length of the corresponding hash algorithm."]
-    #[doc = " \\param hash     The buffer holding the message digest or raw data."]
-    #[doc = "                 This must be a readable buffer of at least \\p hashlen Bytes."]
-    #[doc = " \\param sig      The buffer holding the signature. This must be a readable"]
-    #[doc = "                 buffer of length \\c ctx->len Bytes. For example, \\c 256 Bytes"]
-    #[doc = "                 for an 2048-bit RSA modulus."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if the verify operation was successful."]
-    #[doc = " \\return         An \\c MBEDTLS_ERR_RSA_XXX error code on failure."]
-    pub fn mbedtls_rsa_pkcs1_verify(
-        ctx: *mut mbedtls_rsa_context,
-        md_alg: mbedtls_md_type_t,
-        hashlen: crate::c_types::c_uint,
-        hash: *const crate::c_types::c_uchar,
-        sig: *const crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function performs a PKCS#1 v1.5 verification"]
-    #[doc = "                 operation (RSASSA-PKCS1-v1_5-VERIFY)."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The initialized RSA public key context to use."]
-    #[doc = " \\param md_alg   The message-digest algorithm used to hash the original data."]
-    #[doc = "                 Use #MBEDTLS_MD_NONE for signing raw data."]
-    #[doc = " \\param hashlen  The length of the message digest or raw data in Bytes."]
-    #[doc = "                 If \\p md_alg is not #MBEDTLS_MD_NONE, this must match the"]
-    #[doc = "                 output length of the corresponding hash algorithm."]
-    #[doc = " \\param hash     The buffer holding the message digest or raw data."]
-    #[doc = "                 This must be a readable buffer of at least \\p hashlen Bytes."]
-    #[doc = " \\param sig      The buffer holding the signature. This must be a readable"]
-    #[doc = "                 buffer of length \\c ctx->len Bytes. For example, \\c 256 Bytes"]
-    #[doc = "                 for an 2048-bit RSA modulus."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if the verify operation was successful."]
-    #[doc = " \\return         An \\c MBEDTLS_ERR_RSA_XXX error code on failure."]
-    pub fn mbedtls_rsa_rsassa_pkcs1_v15_verify(
-        ctx: *mut mbedtls_rsa_context,
-        md_alg: mbedtls_md_type_t,
-        hashlen: crate::c_types::c_uint,
-        hash: *const crate::c_types::c_uchar,
-        sig: *const crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function performs a PKCS#1 v2.1 PSS verification"]
-    #[doc = "                 operation (RSASSA-PSS-VERIFY)."]
-    #[doc = ""]
-    #[doc = " \\note           The \\c hash_id set in \\p ctx by calling"]
-    #[doc = "                 mbedtls_rsa_set_padding() selects the hash used for the"]
-    #[doc = "                 encoding operation and for the mask generation function"]
-    #[doc = "                 (MGF1). For more details on the encoding operation and the"]
-    #[doc = "                 mask generation function, consult <em>RFC-3447: Public-Key"]
-    #[doc = "                 Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography"]
-    #[doc = "                 Specifications</em>. If the \\c hash_id set in \\p ctx by"]
-    #[doc = "                 mbedtls_rsa_set_padding() is #MBEDTLS_MD_NONE, the \\p md_alg"]
-    #[doc = "                 parameter is used."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The initialized RSA public key context to use."]
-    #[doc = " \\param md_alg   The message-digest algorithm used to hash the original data."]
-    #[doc = "                 Use #MBEDTLS_MD_NONE for signing raw data."]
-    #[doc = " \\param hashlen  The length of the message digest or raw data in Bytes."]
-    #[doc = "                 If \\p md_alg is not #MBEDTLS_MD_NONE, this must match the"]
-    #[doc = "                 output length of the corresponding hash algorithm."]
-    #[doc = " \\param hash     The buffer holding the message digest or raw data."]
-    #[doc = "                 This must be a readable buffer of at least \\p hashlen Bytes."]
-    #[doc = " \\param sig      The buffer holding the signature. This must be a readable"]
-    #[doc = "                 buffer of length \\c ctx->len Bytes. For example, \\c 256 Bytes"]
-    #[doc = "                 for an 2048-bit RSA modulus."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if the verify operation was successful."]
-    #[doc = " \\return         An \\c MBEDTLS_ERR_RSA_XXX error code on failure."]
-    pub fn mbedtls_rsa_rsassa_pss_verify(
-        ctx: *mut mbedtls_rsa_context,
-        md_alg: mbedtls_md_type_t,
-        hashlen: crate::c_types::c_uint,
-        hash: *const crate::c_types::c_uchar,
-        sig: *const crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function performs a PKCS#1 v2.1 PSS verification"]
-    #[doc = "                 operation (RSASSA-PSS-VERIFY)."]
-    #[doc = ""]
-    #[doc = " \\note           The \\p sig buffer must be as large as the size"]
-    #[doc = "                 of \\p ctx->N. For example, 128 Bytes if RSA-1024 is used."]
-    #[doc = ""]
-    #[doc = " \\note           The \\c hash_id set in \\p ctx by mbedtls_rsa_set_padding() is"]
-    #[doc = "                 ignored."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The initialized RSA public key context to use."]
-    #[doc = " \\param md_alg   The message-digest algorithm used to hash the original data."]
-    #[doc = "                 Use #MBEDTLS_MD_NONE for signing raw data."]
-    #[doc = " \\param hashlen  The length of the message digest or raw data in Bytes."]
-    #[doc = "                 If \\p md_alg is not #MBEDTLS_MD_NONE, this must match the"]
-    #[doc = "                 output length of the corresponding hash algorithm."]
-    #[doc = " \\param hash     The buffer holding the message digest or raw data."]
-    #[doc = "                 This must be a readable buffer of at least \\p hashlen Bytes."]
-    #[doc = " \\param mgf1_hash_id      The message digest algorithm used for the"]
-    #[doc = "                          verification operation and the mask generation"]
-    #[doc = "                          function (MGF1). For more details on the encoding"]
-    #[doc = "                          operation and the mask generation function, consult"]
-    #[doc = "                          <em>RFC-3447: Public-Key Cryptography Standards"]
-    #[doc = "                          (PKCS) #1 v2.1: RSA Cryptography"]
-    #[doc = "                          Specifications</em>."]
-    #[doc = " \\param expected_salt_len The length of the salt used in padding. Use"]
-    #[doc = "                          #MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length."]
-    #[doc = " \\param sig      The buffer holding the signature. This must be a readable"]
-    #[doc = "                 buffer of length \\c ctx->len Bytes. For example, \\c 256 Bytes"]
-    #[doc = "                 for an 2048-bit RSA modulus."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if the verify operation was successful."]
-    #[doc = " \\return         An \\c MBEDTLS_ERR_RSA_XXX error code on failure."]
-    pub fn mbedtls_rsa_rsassa_pss_verify_ext(
-        ctx: *mut mbedtls_rsa_context,
-        md_alg: mbedtls_md_type_t,
-        hashlen: crate::c_types::c_uint,
-        hash: *const crate::c_types::c_uchar,
-        mgf1_hash_id: mbedtls_md_type_t,
-        expected_salt_len: crate::c_types::c_int,
-        sig: *const crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function copies the components of an RSA context."]
-    #[doc = ""]
-    #[doc = " \\param dst      The destination context. This must be initialized."]
-    #[doc = " \\param src      The source context. This must be initialized."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure."]
-    pub fn mbedtls_rsa_copy(
-        dst: *mut mbedtls_rsa_context,
-        src: *const mbedtls_rsa_context,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function frees the components of an RSA key."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The RSA context to free. May be \\c NULL, in which case"]
-    #[doc = "                 this function is a no-op. If it is not \\c NULL, it must"]
-    #[doc = "                 point to an initialized RSA context."]
-    pub fn mbedtls_rsa_free(ctx: *mut mbedtls_rsa_context);
-}
-extern "C" {
-    #[doc = " \\brief          The RSA checkup routine."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         \\c 1 on failure."]
-    pub fn mbedtls_rsa_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
-}
-#[doc = " \\brief    The ECP key-pair structure."]
-#[doc = ""]
-#[doc = " A generic key-pair that may be used for ECDSA and fixed ECDH, for example."]
-#[doc = ""]
-#[doc = " \\note    Members are deliberately in the same order as in the"]
-#[doc = "          ::mbedtls_ecdsa_context structure."]
-pub type mbedtls_ecdsa_context = mbedtls_ecp_keypair;
-pub type mbedtls_ecdsa_restart_ctx = crate::c_types::c_void;
-extern "C" {
-    #[doc = " \\brief          This function checks whether a given group can be used"]
-    #[doc = "                 for ECDSA."]
-    #[doc = ""]
-    #[doc = " \\param gid      The ECP group ID to check."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 1 if the group can be used, \\c 0 otherwise"]
-    pub fn mbedtls_ecdsa_can_do(gid: mbedtls_ecp_group_id) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function computes the ECDSA signature of a"]
-    #[doc = "                  previously-hashed message."]
-    #[doc = ""]
-    #[doc = " \\note            The deterministic version implemented in"]
-    #[doc = "                  mbedtls_ecdsa_sign_det_ext() is usually preferred."]
-    #[doc = ""]
-    #[doc = " \\note            If the bitlength of the message hash is larger than the"]
-    #[doc = "                  bitlength of the group order, then the hash is truncated"]
-    #[doc = "                  as defined in <em>Standards for Efficient Cryptography Group"]
-    #[doc = "                  (SECG): SEC1 Elliptic Curve Cryptography</em>, section"]
-    #[doc = "                  4.1.3, step 5."]
-    #[doc = ""]
-    #[doc = " \\see             ecp.h"]
-    #[doc = ""]
-    #[doc = " \\param grp       The context for the elliptic curve to use."]
-    #[doc = "                  This must be initialized and have group parameters"]
-    #[doc = "                  set, for example through mbedtls_ecp_group_load()."]
-    #[doc = " \\param r         The MPI context in which to store the first part"]
-    #[doc = "                  the signature. This must be initialized."]
-    #[doc = " \\param s         The MPI context in which to store the second part"]
-    #[doc = "                  the signature. This must be initialized."]
-    #[doc = " \\param d         The private signing key. This must be initialized."]
-    #[doc = " \\param buf       The content to be signed. This is usually the hash of"]
-    #[doc = "                  the original data to be signed. This must be a readable"]
-    #[doc = "                  buffer of length \\p blen Bytes. It may be \\c NULL if"]
-    #[doc = "                  \\p blen is zero."]
-    #[doc = " \\param blen      The length of \\p buf in Bytes."]
-    #[doc = " \\param f_rng     The RNG function. This must not be \\c NULL."]
-    #[doc = " \\param p_rng     The RNG context to be passed to \\p f_rng. This may be"]
-    #[doc = "                  \\c NULL if \\p f_rng doesn't need a context parameter."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          An \\c MBEDTLS_ERR_ECP_XXX"]
-    #[doc = "                  or \\c MBEDTLS_MPI_XXX error code on failure."]
-    pub fn mbedtls_ecdsa_sign(
-        grp: *mut mbedtls_ecp_group,
-        r: *mut mbedtls_mpi,
-        s: *mut mbedtls_mpi,
-        d: *const mbedtls_mpi,
-        buf: *const crate::c_types::c_uchar,
-        blen: size_t,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function computes the ECDSA signature of a"]
-    #[doc = "                  previously-hashed message, deterministic version."]
-    #[doc = ""]
-    #[doc = "                  For more information, see <em>RFC-6979: Deterministic"]
-    #[doc = "                  Usage of the Digital Signature Algorithm (DSA) and Elliptic"]
-    #[doc = "                  Curve Digital Signature Algorithm (ECDSA)</em>."]
-    #[doc = ""]
-    #[doc = " \\note            If the bitlength of the message hash is larger than the"]
-    #[doc = "                  bitlength of the group order, then the hash is truncated as"]
-    #[doc = "                  defined in <em>Standards for Efficient Cryptography Group"]
-    #[doc = "                  (SECG): SEC1 Elliptic Curve Cryptography</em>, section"]
-    #[doc = "                  4.1.3, step 5."]
-    #[doc = ""]
-    #[doc = " \\see             ecp.h"]
-    #[doc = ""]
-    #[doc = " \\param grp           The context for the elliptic curve to use."]
-    #[doc = "                      This must be initialized and have group parameters"]
-    #[doc = "                      set, for example through mbedtls_ecp_group_load()."]
-    #[doc = " \\param r             The MPI context in which to store the first part"]
-    #[doc = "                      the signature. This must be initialized."]
-    #[doc = " \\param s             The MPI context in which to store the second part"]
-    #[doc = "                      the signature. This must be initialized."]
-    #[doc = " \\param d             The private signing key. This must be initialized"]
-    #[doc = "                      and setup, for example through mbedtls_ecp_gen_privkey()."]
-    #[doc = " \\param buf           The hashed content to be signed. This must be a readable"]
-    #[doc = "                      buffer of length \\p blen Bytes. It may be \\c NULL if"]
-    #[doc = "                      \\p blen is zero."]
-    #[doc = " \\param blen          The length of \\p buf in Bytes."]
-    #[doc = " \\param md_alg        The hash algorithm used to hash the original data."]
-    #[doc = " \\param f_rng_blind   The RNG function used for blinding. This must not be"]
-    #[doc = "                      \\c NULL."]
-    #[doc = " \\param p_rng_blind   The RNG context to be passed to \\p f_rng. This may be"]
-    #[doc = "                      \\c NULL if \\p f_rng doesn't need a context parameter."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          An \\c MBEDTLS_ERR_ECP_XXX or \\c MBEDTLS_MPI_XXX"]
-    #[doc = "                  error code on failure."]
-    pub fn mbedtls_ecdsa_sign_det_ext(
-        grp: *mut mbedtls_ecp_group,
-        r: *mut mbedtls_mpi,
-        s: *mut mbedtls_mpi,
-        d: *const mbedtls_mpi,
-        buf: *const crate::c_types::c_uchar,
-        blen: size_t,
-        md_alg: mbedtls_md_type_t,
-        f_rng_blind: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng_blind: *mut crate::c_types::c_void,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief               This function computes the ECDSA signature of a"]
-    #[doc = "                      previously-hashed message, in a restartable way."]
-    #[doc = ""]
-    #[doc = " \\note                The deterministic version implemented in"]
-    #[doc = "                      mbedtls_ecdsa_sign_det_restartable() is usually"]
-    #[doc = "                      preferred."]
-    #[doc = ""]
-    #[doc = " \\note                This function is like \\c mbedtls_ecdsa_sign() but"]
-    #[doc = "                      it can return early and restart according to the"]
-    #[doc = "                      limit set with \\c mbedtls_ecp_set_max_ops() to"]
-    #[doc = "                      reduce blocking."]
-    #[doc = ""]
-    #[doc = " \\note                If the bitlength of the message hash is larger"]
-    #[doc = "                      than the bitlength of the group order, then the"]
-    #[doc = "                      hash is truncated as defined in <em>Standards for"]
-    #[doc = "                      Efficient Cryptography Group (SECG): SEC1 Elliptic"]
-    #[doc = "                      Curve Cryptography</em>, section 4.1.3, step 5."]
-    #[doc = ""]
-    #[doc = " \\see                 ecp.h"]
-    #[doc = ""]
-    #[doc = " \\param grp           The context for the elliptic curve to use."]
-    #[doc = "                      This must be initialized and have group parameters"]
-    #[doc = "                      set, for example through mbedtls_ecp_group_load()."]
-    #[doc = " \\param r             The MPI context in which to store the first part"]
-    #[doc = "                      the signature. This must be initialized."]
-    #[doc = " \\param s             The MPI context in which to store the second part"]
-    #[doc = "                      the signature. This must be initialized."]
-    #[doc = " \\param d             The private signing key. This must be initialized"]
-    #[doc = "                      and setup, for example through"]
-    #[doc = "                      mbedtls_ecp_gen_privkey()."]
-    #[doc = " \\param buf           The hashed content to be signed. This must be a readable"]
-    #[doc = "                      buffer of length \\p blen Bytes. It may be \\c NULL if"]
-    #[doc = "                      \\p blen is zero."]
-    #[doc = " \\param blen          The length of \\p buf in Bytes."]
-    #[doc = " \\param f_rng         The RNG function. This must not be \\c NULL."]
-    #[doc = " \\param p_rng         The RNG context to be passed to \\p f_rng. This may be"]
-    #[doc = "                      \\c NULL if \\p f_rng doesn't need a context parameter."]
-    #[doc = " \\param f_rng_blind   The RNG function used for blinding. This must not be"]
-    #[doc = "                      \\c NULL."]
-    #[doc = " \\param p_rng_blind   The RNG context to be passed to \\p f_rng. This may be"]
-    #[doc = "                      \\c NULL if \\p f_rng doesn't need a context parameter."]
-    #[doc = " \\param rs_ctx        The restart context to use. This may be \\c NULL"]
-    #[doc = "                      to disable restarting. If it is not \\c NULL, it"]
-    #[doc = "                      must point to an initialized restart context."]
-    #[doc = ""]
-    #[doc = " \\return              \\c 0 on success."]
-    #[doc = " \\return              #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of"]
-    #[doc = "                      operations was reached: see \\c"]
-    #[doc = "                      mbedtls_ecp_set_max_ops()."]
-    #[doc = " \\return              Another \\c MBEDTLS_ERR_ECP_XXX, \\c"]
-    #[doc = "                      MBEDTLS_ERR_MPI_XXX or \\c MBEDTLS_ERR_ASN1_XXX"]
-    #[doc = "                      error code on failure."]
-    pub fn mbedtls_ecdsa_sign_restartable(
-        grp: *mut mbedtls_ecp_group,
-        r: *mut mbedtls_mpi,
-        s: *mut mbedtls_mpi,
-        d: *const mbedtls_mpi,
-        buf: *const crate::c_types::c_uchar,
-        blen: size_t,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-        f_rng_blind: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng_blind: *mut crate::c_types::c_void,
-        rs_ctx: *mut mbedtls_ecdsa_restart_ctx,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief               This function computes the ECDSA signature of a"]
-    #[doc = "                      previously-hashed message, in a restartable way."]
-    #[doc = ""]
-    #[doc = " \\note                This function is like \\c"]
-    #[doc = "                      mbedtls_ecdsa_sign_det_ext() but it can return"]
-    #[doc = "                      early and restart according to the limit set with"]
-    #[doc = "                      \\c mbedtls_ecp_set_max_ops() to reduce blocking."]
-    #[doc = ""]
-    #[doc = " \\note                If the bitlength of the message hash is larger"]
-    #[doc = "                      than the bitlength of the group order, then the"]
-    #[doc = "                      hash is truncated as defined in <em>Standards for"]
-    #[doc = "                      Efficient Cryptography Group (SECG): SEC1 Elliptic"]
-    #[doc = "                      Curve Cryptography</em>, section 4.1.3, step 5."]
-    #[doc = ""]
-    #[doc = " \\see                 ecp.h"]
-    #[doc = ""]
-    #[doc = " \\param grp           The context for the elliptic curve to use."]
-    #[doc = "                      This must be initialized and have group parameters"]
-    #[doc = "                      set, for example through mbedtls_ecp_group_load()."]
-    #[doc = " \\param r             The MPI context in which to store the first part"]
-    #[doc = "                      the signature. This must be initialized."]
-    #[doc = " \\param s             The MPI context in which to store the second part"]
-    #[doc = "                      the signature. This must be initialized."]
-    #[doc = " \\param d             The private signing key. This must be initialized"]
-    #[doc = "                      and setup, for example through"]
-    #[doc = "                      mbedtls_ecp_gen_privkey()."]
-    #[doc = " \\param buf           The hashed content to be signed. This must be a readable"]
-    #[doc = "                      buffer of length \\p blen Bytes. It may be \\c NULL if"]
-    #[doc = "                      \\p blen is zero."]
-    #[doc = " \\param blen          The length of \\p buf in Bytes."]
-    #[doc = " \\param f_rng_blind   The RNG function used for blinding. This must not be"]
-    #[doc = "                      \\c NULL."]
-    #[doc = " \\param p_rng_blind   The RNG context to be passed to \\p f_rng. This may be"]
-    #[doc = "                      \\c NULL if \\p f_rng doesn't need a context parameter."]
-    #[doc = " \\param rs_ctx        The restart context to use. This may be \\c NULL"]
-    #[doc = "                      to disable restarting. If it is not \\c NULL, it"]
-    #[doc = "                      must point to an initialized restart context."]
-    #[doc = ""]
-    #[doc = " \\return              \\c 0 on success."]
-    #[doc = " \\return              #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of"]
-    #[doc = "                      operations was reached: see \\c"]
-    #[doc = "                      mbedtls_ecp_set_max_ops()."]
-    #[doc = " \\return              Another \\c MBEDTLS_ERR_ECP_XXX, \\c"]
-    #[doc = "                      MBEDTLS_ERR_MPI_XXX or \\c MBEDTLS_ERR_ASN1_XXX"]
-    #[doc = "                      error code on failure."]
-    pub fn mbedtls_ecdsa_sign_det_restartable(
-        grp: *mut mbedtls_ecp_group,
-        r: *mut mbedtls_mpi,
-        s: *mut mbedtls_mpi,
-        d: *const mbedtls_mpi,
-        buf: *const crate::c_types::c_uchar,
-        blen: size_t,
-        md_alg: mbedtls_md_type_t,
-        f_rng_blind: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng_blind: *mut crate::c_types::c_void,
-        rs_ctx: *mut mbedtls_ecdsa_restart_ctx,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function verifies the ECDSA signature of a"]
-    #[doc = "                  previously-hashed message."]
-    #[doc = ""]
-    #[doc = " \\note            If the bitlength of the message hash is larger than the"]
-    #[doc = "                  bitlength of the group order, then the hash is truncated as"]
-    #[doc = "                  defined in <em>Standards for Efficient Cryptography Group"]
-    #[doc = "                  (SECG): SEC1 Elliptic Curve Cryptography</em>, section"]
-    #[doc = "                  4.1.4, step 3."]
-    #[doc = ""]
-    #[doc = " \\see             ecp.h"]
-    #[doc = ""]
-    #[doc = " \\param grp       The ECP group to use."]
-    #[doc = "                  This must be initialized and have group parameters"]
-    #[doc = "                  set, for example through mbedtls_ecp_group_load()."]
-    #[doc = " \\param buf       The hashed content that was signed. This must be a readable"]
-    #[doc = "                  buffer of length \\p blen Bytes. It may be \\c NULL if"]
-    #[doc = "                  \\p blen is zero."]
-    #[doc = " \\param blen      The length of \\p buf in Bytes."]
-    #[doc = " \\param Q         The public key to use for verification. This must be"]
-    #[doc = "                  initialized and setup."]
-    #[doc = " \\param r         The first integer of the signature."]
-    #[doc = "                  This must be initialized."]
-    #[doc = " \\param s         The second integer of the signature."]
-    #[doc = "                  This must be initialized."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          An \\c MBEDTLS_ERR_ECP_XXX or \\c MBEDTLS_MPI_XXX"]
-    #[doc = "                  error code on failure."]
-    pub fn mbedtls_ecdsa_verify(
-        grp: *mut mbedtls_ecp_group,
-        buf: *const crate::c_types::c_uchar,
-        blen: size_t,
-        Q: *const mbedtls_ecp_point,
-        r: *const mbedtls_mpi,
-        s: *const mbedtls_mpi,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function verifies the ECDSA signature of a"]
-    #[doc = "                  previously-hashed message, in a restartable manner"]
-    #[doc = ""]
-    #[doc = " \\note            If the bitlength of the message hash is larger than the"]
-    #[doc = "                  bitlength of the group order, then the hash is truncated as"]
-    #[doc = "                  defined in <em>Standards for Efficient Cryptography Group"]
-    #[doc = "                  (SECG): SEC1 Elliptic Curve Cryptography</em>, section"]
-    #[doc = "                  4.1.4, step 3."]
-    #[doc = ""]
-    #[doc = " \\see             ecp.h"]
-    #[doc = ""]
-    #[doc = " \\param grp       The ECP group to use."]
-    #[doc = "                  This must be initialized and have group parameters"]
-    #[doc = "                  set, for example through mbedtls_ecp_group_load()."]
-    #[doc = " \\param buf       The hashed content that was signed. This must be a readable"]
-    #[doc = "                  buffer of length \\p blen Bytes. It may be \\c NULL if"]
-    #[doc = "                  \\p blen is zero."]
-    #[doc = " \\param blen      The length of \\p buf in Bytes."]
-    #[doc = " \\param Q         The public key to use for verification. This must be"]
-    #[doc = "                  initialized and setup."]
-    #[doc = " \\param r         The first integer of the signature."]
-    #[doc = "                  This must be initialized."]
-    #[doc = " \\param s         The second integer of the signature."]
-    #[doc = "                  This must be initialized."]
-    #[doc = " \\param rs_ctx    The restart context to use. This may be \\c NULL to disable"]
-    #[doc = "                  restarting. If it is not \\c NULL, it must point to an"]
-    #[doc = "                  initialized restart context."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of"]
-    #[doc = "                  operations was reached: see \\c mbedtls_ecp_set_max_ops()."]
-    #[doc = " \\return          An \\c MBEDTLS_ERR_ECP_XXX or \\c MBEDTLS_MPI_XXX"]
-    #[doc = "                  error code on failure."]
-    pub fn mbedtls_ecdsa_verify_restartable(
-        grp: *mut mbedtls_ecp_group,
-        buf: *const crate::c_types::c_uchar,
-        blen: size_t,
-        Q: *const mbedtls_ecp_point,
-        r: *const mbedtls_mpi,
-        s: *const mbedtls_mpi,
-        rs_ctx: *mut mbedtls_ecdsa_restart_ctx,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function computes the ECDSA signature and writes it"]
-    #[doc = "                  to a buffer, serialized as defined in <em>RFC-4492:"]
-    #[doc = "                  Elliptic Curve Cryptography (ECC) Cipher Suites for"]
-    #[doc = "                  Transport Layer Security (TLS)</em>."]
-    #[doc = ""]
-    #[doc = " \\warning         It is not thread-safe to use the same context in"]
-    #[doc = "                  multiple threads."]
-    #[doc = ""]
-    #[doc = " \\note            The deterministic version is used if"]
-    #[doc = "                  #MBEDTLS_ECDSA_DETERMINISTIC is defined. For more"]
-    #[doc = "                  information, see <em>RFC-6979: Deterministic Usage"]
-    #[doc = "                  of the Digital Signature Algorithm (DSA) and Elliptic"]
-    #[doc = "                  Curve Digital Signature Algorithm (ECDSA)</em>."]
-    #[doc = ""]
-    #[doc = " \\note            If the bitlength of the message hash is larger than the"]
-    #[doc = "                  bitlength of the group order, then the hash is truncated as"]
-    #[doc = "                  defined in <em>Standards for Efficient Cryptography Group"]
-    #[doc = "                  (SECG): SEC1 Elliptic Curve Cryptography</em>, section"]
-    #[doc = "                  4.1.3, step 5."]
-    #[doc = ""]
-    #[doc = " \\see             ecp.h"]
-    #[doc = ""]
-    #[doc = " \\param ctx       The ECDSA context to use. This must be initialized"]
-    #[doc = "                  and have a group and private key bound to it, for example"]
-    #[doc = "                  via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair()."]
-    #[doc = " \\param md_alg    The message digest that was used to hash the message."]
-    #[doc = " \\param hash      The message hash to be signed. This must be a readable"]
-    #[doc = "                  buffer of length \\p blen Bytes."]
-    #[doc = " \\param hlen      The length of the hash \\p hash in Bytes."]
-    #[doc = " \\param sig       The buffer to which to write the signature. This must be a"]
-    #[doc = "                  writable buffer of length at least twice as large as the"]
-    #[doc = "                  size of the curve used, plus 9. For example, 73 Bytes if"]
-    #[doc = "                  a 256-bit curve is used. A buffer length of"]
-    #[doc = "                  #MBEDTLS_ECDSA_MAX_LEN is always safe."]
-    #[doc = " \\param sig_size  The size of the \\p sig buffer in bytes."]
-    #[doc = " \\param slen      The address at which to store the actual length of"]
-    #[doc = "                  the signature written. Must not be \\c NULL."]
-    #[doc = " \\param f_rng     The RNG function. This must not be \\c NULL if"]
-    #[doc = "                  #MBEDTLS_ECDSA_DETERMINISTIC is unset. Otherwise,"]
-    #[doc = "                  it is used only for blinding and may be set to \\c NULL, but"]
-    #[doc = "                  doing so is DEPRECATED."]
-    #[doc = " \\param p_rng     The RNG context to be passed to \\p f_rng. This may be"]
-    #[doc = "                  \\c NULL if \\p f_rng is \\c NULL or doesn't use a context."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          An \\c MBEDTLS_ERR_ECP_XXX, \\c MBEDTLS_ERR_MPI_XXX or"]
-    #[doc = "                  \\c MBEDTLS_ERR_ASN1_XXX error code on failure."]
-    pub fn mbedtls_ecdsa_write_signature(
-        ctx: *mut mbedtls_ecdsa_context,
-        md_alg: mbedtls_md_type_t,
-        hash: *const crate::c_types::c_uchar,
-        hlen: size_t,
-        sig: *mut crate::c_types::c_uchar,
-        sig_size: size_t,
-        slen: *mut size_t,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function computes the ECDSA signature and writes it"]
-    #[doc = "                  to a buffer, in a restartable way."]
-    #[doc = ""]
-    #[doc = " \\see             \\c mbedtls_ecdsa_write_signature()"]
-    #[doc = ""]
-    #[doc = " \\note            This function is like \\c mbedtls_ecdsa_write_signature()"]
-    #[doc = "                  but it can return early and restart according to the limit"]
-    #[doc = "                  set with \\c mbedtls_ecp_set_max_ops() to reduce blocking."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The ECDSA context to use. This must be initialized"]
-    #[doc = "                  and have a group and private key bound to it, for example"]
-    #[doc = "                  via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair()."]
-    #[doc = " \\param md_alg    The message digest that was used to hash the message."]
-    #[doc = " \\param hash      The message hash to be signed. This must be a readable"]
-    #[doc = "                  buffer of length \\p blen Bytes."]
-    #[doc = " \\param hlen      The length of the hash \\p hash in Bytes."]
-    #[doc = " \\param sig       The buffer to which to write the signature. This must be a"]
-    #[doc = "                  writable buffer of length at least twice as large as the"]
-    #[doc = "                  size of the curve used, plus 9. For example, 73 Bytes if"]
-    #[doc = "                  a 256-bit curve is used. A buffer length of"]
-    #[doc = "                  #MBEDTLS_ECDSA_MAX_LEN is always safe."]
-    #[doc = " \\param sig_size  The size of the \\p sig buffer in bytes."]
-    #[doc = " \\param slen      The address at which to store the actual length of"]
-    #[doc = "                  the signature written. Must not be \\c NULL."]
-    #[doc = " \\param f_rng     The RNG function. This must not be \\c NULL if"]
-    #[doc = "                  #MBEDTLS_ECDSA_DETERMINISTIC is unset. Otherwise,"]
-    #[doc = "                  it is unused and may be set to \\c NULL."]
-    #[doc = " \\param p_rng     The RNG context to be passed to \\p f_rng. This may be"]
-    #[doc = "                  \\c NULL if \\p f_rng is \\c NULL or doesn't use a context."]
-    #[doc = " \\param rs_ctx    The restart context to use. This may be \\c NULL to disable"]
-    #[doc = "                  restarting. If it is not \\c NULL, it must point to an"]
-    #[doc = "                  initialized restart context."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of"]
-    #[doc = "                  operations was reached: see \\c mbedtls_ecp_set_max_ops()."]
-    #[doc = " \\return          Another \\c MBEDTLS_ERR_ECP_XXX, \\c MBEDTLS_ERR_MPI_XXX or"]
-    #[doc = "                  \\c MBEDTLS_ERR_ASN1_XXX error code on failure."]
-    pub fn mbedtls_ecdsa_write_signature_restartable(
-        ctx: *mut mbedtls_ecdsa_context,
-        md_alg: mbedtls_md_type_t,
-        hash: *const crate::c_types::c_uchar,
-        hlen: size_t,
-        sig: *mut crate::c_types::c_uchar,
-        sig_size: size_t,
-        slen: *mut size_t,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-        rs_ctx: *mut mbedtls_ecdsa_restart_ctx,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function reads and verifies an ECDSA signature."]
-    #[doc = ""]
-    #[doc = " \\note            If the bitlength of the message hash is larger than the"]
-    #[doc = "                  bitlength of the group order, then the hash is truncated as"]
-    #[doc = "                  defined in <em>Standards for Efficient Cryptography Group"]
-    #[doc = "                  (SECG): SEC1 Elliptic Curve Cryptography</em>, section"]
-    #[doc = "                  4.1.4, step 3."]
-    #[doc = ""]
-    #[doc = " \\see             ecp.h"]
-    #[doc = ""]
-    #[doc = " \\param ctx       The ECDSA context to use. This must be initialized"]
-    #[doc = "                  and have a group and public key bound to it."]
-    #[doc = " \\param hash      The message hash that was signed. This must be a readable"]
-    #[doc = "                  buffer of length \\p size Bytes."]
-    #[doc = " \\param hlen      The size of the hash \\p hash."]
-    #[doc = " \\param sig       The signature to read and verify. This must be a readable"]
-    #[doc = "                  buffer of length \\p slen Bytes."]
-    #[doc = " \\param slen      The size of \\p sig in Bytes."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid."]
-    #[doc = " \\return          #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if there is a valid"]
-    #[doc = "                  signature in \\p sig, but its length is less than \\p siglen."]
-    #[doc = " \\return          An \\c MBEDTLS_ERR_ECP_XXX or \\c MBEDTLS_ERR_MPI_XXX"]
-    #[doc = "                  error code on failure for any other reason."]
-    pub fn mbedtls_ecdsa_read_signature(
-        ctx: *mut mbedtls_ecdsa_context,
-        hash: *const crate::c_types::c_uchar,
-        hlen: size_t,
-        sig: *const crate::c_types::c_uchar,
-        slen: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function reads and verifies an ECDSA signature,"]
-    #[doc = "                  in a restartable way."]
-    #[doc = ""]
-    #[doc = " \\see             \\c mbedtls_ecdsa_read_signature()"]
-    #[doc = ""]
-    #[doc = " \\note            This function is like \\c mbedtls_ecdsa_read_signature()"]
-    #[doc = "                  but it can return early and restart according to the limit"]
-    #[doc = "                  set with \\c mbedtls_ecp_set_max_ops() to reduce blocking."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The ECDSA context to use. This must be initialized"]
-    #[doc = "                  and have a group and public key bound to it."]
-    #[doc = " \\param hash      The message hash that was signed. This must be a readable"]
-    #[doc = "                  buffer of length \\p size Bytes."]
-    #[doc = " \\param hlen      The size of the hash \\p hash."]
-    #[doc = " \\param sig       The signature to read and verify. This must be a readable"]
-    #[doc = "                  buffer of length \\p slen Bytes."]
-    #[doc = " \\param slen      The size of \\p sig in Bytes."]
-    #[doc = " \\param rs_ctx    The restart context to use. This may be \\c NULL to disable"]
-    #[doc = "                  restarting. If it is not \\c NULL, it must point to an"]
-    #[doc = "                  initialized restart context."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid."]
-    #[doc = " \\return          #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if there is a valid"]
-    #[doc = "                  signature in \\p sig, but its length is less than \\p siglen."]
-    #[doc = " \\return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of"]
-    #[doc = "                  operations was reached: see \\c mbedtls_ecp_set_max_ops()."]
-    #[doc = " \\return          Another \\c MBEDTLS_ERR_ECP_XXX or \\c MBEDTLS_ERR_MPI_XXX"]
-    #[doc = "                  error code on failure for any other reason."]
-    pub fn mbedtls_ecdsa_read_signature_restartable(
-        ctx: *mut mbedtls_ecdsa_context,
-        hash: *const crate::c_types::c_uchar,
-        hlen: size_t,
-        sig: *const crate::c_types::c_uchar,
-        slen: size_t,
-        rs_ctx: *mut mbedtls_ecdsa_restart_ctx,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function generates an ECDSA keypair on the given curve."]
-    #[doc = ""]
-    #[doc = " \\see            ecp.h"]
-    #[doc = ""]
-    #[doc = " \\param ctx      The ECDSA context to store the keypair in."]
-    #[doc = "                 This must be initialized."]
-    #[doc = " \\param gid      The elliptic curve to use. One of the various"]
-    #[doc = "                 \\c MBEDTLS_ECP_DP_XXX macros depending on configuration."]
-    #[doc = " \\param f_rng    The RNG function to use. This must not be \\c NULL."]
-    #[doc = " \\param p_rng    The RNG context to be passed to \\p f_rng. This may be"]
-    #[doc = "                 \\c NULL if \\p f_rng doesn't need a context argument."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         An \\c MBEDTLS_ERR_ECP_XXX code on failure."]
-    pub fn mbedtls_ecdsa_genkey(
-        ctx: *mut mbedtls_ecdsa_context,
-        gid: mbedtls_ecp_group_id,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function sets up an ECDSA context from an EC key pair."]
-    #[doc = ""]
-    #[doc = " \\see             ecp.h"]
-    #[doc = ""]
-    #[doc = " \\param ctx       The ECDSA context to setup. This must be initialized."]
-    #[doc = " \\param key       The EC key to use. This must be initialized and hold"]
-    #[doc = "                  a private-public key pair or a public key. In the former"]
-    #[doc = "                  case, the ECDSA context may be used for signature creation"]
-    #[doc = "                  and verification after this call. In the latter case, it"]
-    #[doc = "                  may be used for signature verification."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          An \\c MBEDTLS_ERR_ECP_XXX code on failure."]
-    pub fn mbedtls_ecdsa_from_keypair(
-        ctx: *mut mbedtls_ecdsa_context,
-        key: *const mbedtls_ecp_keypair,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function initializes an ECDSA context."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The ECDSA context to initialize."]
-    #[doc = "                  This must not be \\c NULL."]
-    pub fn mbedtls_ecdsa_init(ctx: *mut mbedtls_ecdsa_context);
-}
-extern "C" {
-    #[doc = " \\brief           This function frees an ECDSA context."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The ECDSA context to free. This may be \\c NULL,"]
-    #[doc = "                  in which case this function does nothing. If it"]
-    #[doc = "                  is not \\c NULL, it must be initialized."]
-    pub fn mbedtls_ecdsa_free(ctx: *mut mbedtls_ecdsa_context);
-}
-pub const mbedtls_pk_type_t_MBEDTLS_PK_NONE: mbedtls_pk_type_t = 0;
-pub const mbedtls_pk_type_t_MBEDTLS_PK_RSA: mbedtls_pk_type_t = 1;
-pub const mbedtls_pk_type_t_MBEDTLS_PK_ECKEY: mbedtls_pk_type_t = 2;
-pub const mbedtls_pk_type_t_MBEDTLS_PK_ECKEY_DH: mbedtls_pk_type_t = 3;
-pub const mbedtls_pk_type_t_MBEDTLS_PK_ECDSA: mbedtls_pk_type_t = 4;
-pub const mbedtls_pk_type_t_MBEDTLS_PK_RSA_ALT: mbedtls_pk_type_t = 5;
-pub const mbedtls_pk_type_t_MBEDTLS_PK_RSASSA_PSS: mbedtls_pk_type_t = 6;
-pub const mbedtls_pk_type_t_MBEDTLS_PK_OPAQUE: mbedtls_pk_type_t = 7;
-#[doc = " \\brief          Public key types"]
-pub type mbedtls_pk_type_t = crate::c_types::c_uint;
-#[doc = " \\brief           Options for RSASSA-PSS signature verification."]
-#[doc = "                  See \\c mbedtls_rsa_rsassa_pss_verify_ext()"]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_pk_rsassa_pss_options {
-    #[doc = " The digest to use for MGF1 in PSS."]
-    #[doc = ""]
-    #[doc = " \\note When #MBEDTLS_USE_PSA_CRYPTO is enabled and #MBEDTLS_RSA_C is"]
-    #[doc = "       disabled, this must be equal to the \\c md_alg argument passed"]
-    #[doc = "       to mbedtls_pk_verify_ext(). In a future version of the library,"]
-    #[doc = "       this constraint may apply whenever #MBEDTLS_USE_PSA_CRYPTO is"]
-    #[doc = "       enabled regardless of the status of #MBEDTLS_RSA_C."]
-    pub mgf1_hash_id: mbedtls_md_type_t,
-    #[doc = " The expected length of the salt, in bytes. This may be"]
-    #[doc = " #MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length."]
-    #[doc = ""]
-    #[doc = " \\note When #MBEDTLS_USE_PSA_CRYPTO is enabled, only"]
-    #[doc = "       #MBEDTLS_RSA_SALT_LEN_ANY is valid. Any other value may be"]
-    #[doc = "       ignored (allowing any salt length)."]
-    pub expected_salt_len: crate::c_types::c_int,
-}
-pub const mbedtls_pk_debug_type_MBEDTLS_PK_DEBUG_NONE: mbedtls_pk_debug_type = 0;
-pub const mbedtls_pk_debug_type_MBEDTLS_PK_DEBUG_MPI: mbedtls_pk_debug_type = 1;
-pub const mbedtls_pk_debug_type_MBEDTLS_PK_DEBUG_ECP: mbedtls_pk_debug_type = 2;
-#[doc = " \\brief           Types for interfacing with the debug module"]
-pub type mbedtls_pk_debug_type = crate::c_types::c_uint;
-#[doc = " \\brief           Item to send to the debug module"]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_pk_debug_item {
-    pub private_type: mbedtls_pk_debug_type,
-    pub private_name: *const crate::c_types::c_char,
-    pub private_value: *mut crate::c_types::c_void,
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_pk_info_t {
-    _unused: [u8; 0],
-}
-#[doc = " \\brief           Public key container"]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_pk_context {
-    pub private_pk_info: *const mbedtls_pk_info_t,
-    pub private_pk_ctx: *mut crate::c_types::c_void,
-}
-pub type mbedtls_pk_restart_ctx = crate::c_types::c_void;
-#[doc = " \\brief           Types for RSA-alt abstraction"]
-pub type mbedtls_pk_rsa_alt_decrypt_func = ::core::option::Option<
-    unsafe extern "C" fn(
-        ctx: *mut crate::c_types::c_void,
-        olen: *mut size_t,
-        input: *const crate::c_types::c_uchar,
-        output: *mut crate::c_types::c_uchar,
-        output_max_len: size_t,
-    ) -> crate::c_types::c_int,
->;
-pub type mbedtls_pk_rsa_alt_sign_func = ::core::option::Option<
-    unsafe extern "C" fn(
-        ctx: *mut crate::c_types::c_void,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-        md_alg: mbedtls_md_type_t,
-        hashlen: crate::c_types::c_uint,
-        hash: *const crate::c_types::c_uchar,
-        sig: *mut crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int,
->;
-pub type mbedtls_pk_rsa_alt_key_len_func =
-    ::core::option::Option<unsafe extern "C" fn(ctx: *mut crate::c_types::c_void) -> size_t>;
-extern "C" {
-    #[doc = " \\brief           Return information associated with the given PK type"]
-    #[doc = ""]
-    #[doc = " \\param pk_type   PK type to search for."]
-    #[doc = ""]
-    #[doc = " \\return          The PK info associated with the type or NULL if not found."]
-    pub fn mbedtls_pk_info_from_type(pk_type: mbedtls_pk_type_t) -> *const mbedtls_pk_info_t;
-}
-extern "C" {
-    #[doc = " \\brief           Initialize a #mbedtls_pk_context (as NONE)."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The context to initialize."]
-    #[doc = "                  This must not be \\c NULL."]
-    pub fn mbedtls_pk_init(ctx: *mut mbedtls_pk_context);
-}
-extern "C" {
-    #[doc = " \\brief           Free the components of a #mbedtls_pk_context."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The context to clear. It must have been initialized."]
-    #[doc = "                  If this is \\c NULL, this function does nothing."]
-    #[doc = ""]
-    #[doc = " \\note            For contexts that have been set up with"]
-    #[doc = "                  mbedtls_pk_setup_opaque(), this does not free the underlying"]
-    #[doc = "                  PSA key and you still need to call psa_destroy_key()"]
-    #[doc = "                  independently if you want to destroy that key."]
-    pub fn mbedtls_pk_free(ctx: *mut mbedtls_pk_context);
-}
-extern "C" {
-    #[doc = " \\brief           Initialize a PK context with the information given"]
-    #[doc = "                  and allocates the type-specific PK subcontext."]
-    #[doc = ""]
-    #[doc = " \\param ctx       Context to initialize. It must not have been set"]
-    #[doc = "                  up yet (type #MBEDTLS_PK_NONE)."]
-    #[doc = " \\param info      Information to use"]
-    #[doc = ""]
-    #[doc = " \\return          0 on success,"]
-    #[doc = "                  MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input,"]
-    #[doc = "                  MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure."]
-    #[doc = ""]
-    #[doc = " \\note            For contexts holding an RSA-alt key, use"]
-    #[doc = "                  \\c mbedtls_pk_setup_rsa_alt() instead."]
-    pub fn mbedtls_pk_setup(
-        ctx: *mut mbedtls_pk_context,
-        info: *const mbedtls_pk_info_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Initialize an RSA-alt context"]
-    #[doc = ""]
-    #[doc = " \\param ctx       Context to initialize. It must not have been set"]
-    #[doc = "                  up yet (type #MBEDTLS_PK_NONE)."]
-    #[doc = " \\param key       RSA key pointer"]
-    #[doc = " \\param decrypt_func  Decryption function"]
-    #[doc = " \\param sign_func     Signing function"]
-    #[doc = " \\param key_len_func  Function returning key length in bytes"]
-    #[doc = ""]
-    #[doc = " \\return          0 on success, or MBEDTLS_ERR_PK_BAD_INPUT_DATA if the"]
-    #[doc = "                  context wasn't already initialized as RSA_ALT."]
-    #[doc = ""]
-    #[doc = " \\note            This function replaces \\c mbedtls_pk_setup() for RSA-alt."]
-    pub fn mbedtls_pk_setup_rsa_alt(
-        ctx: *mut mbedtls_pk_context,
-        key: *mut crate::c_types::c_void,
-        decrypt_func: mbedtls_pk_rsa_alt_decrypt_func,
-        sign_func: mbedtls_pk_rsa_alt_sign_func,
-        key_len_func: mbedtls_pk_rsa_alt_key_len_func,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Get the size in bits of the underlying key"]
-    #[doc = ""]
-    #[doc = " \\param ctx       The context to query. It must have been initialized."]
-    #[doc = ""]
-    #[doc = " \\return          Key size in bits, or 0 on error"]
-    pub fn mbedtls_pk_get_bitlen(ctx: *const mbedtls_pk_context) -> size_t;
-}
-extern "C" {
-    #[doc = " \\brief           Tell if a context can do the operation given by type"]
-    #[doc = ""]
-    #[doc = " \\param ctx       The context to query. It must have been initialized."]
-    #[doc = " \\param type      The desired type."]
-    #[doc = ""]
-    #[doc = " \\return          1 if the context can do operations on the given type."]
-    #[doc = " \\return          0 if the context cannot do the operations on the given"]
-    #[doc = "                  type. This is always the case for a context that has"]
-    #[doc = "                  been initialized but not set up, or that has been"]
-    #[doc = "                  cleared with mbedtls_pk_free()."]
-    pub fn mbedtls_pk_can_do(
-        ctx: *const mbedtls_pk_context,
-        type_: mbedtls_pk_type_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Verify signature (including padding if relevant)."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The PK context to use. It must have been set up."]
-    #[doc = " \\param md_alg    Hash algorithm used."]
-    #[doc = "                  This can be #MBEDTLS_MD_NONE if the signature algorithm"]
-    #[doc = "                  does not rely on a hash algorithm (non-deterministic"]
-    #[doc = "                  ECDSA, RSA PKCS#1 v1.5)."]
-    #[doc = "                  For PKCS#1 v1.5, if \\p md_alg is #MBEDTLS_MD_NONE, then"]
-    #[doc = "                  \\p hash is the DigestInfo structure used by RFC 8017"]
-    #[doc = "                  &sect;9.2 steps 3&ndash;6. If \\p md_alg is a valid hash"]
-    #[doc = "                  algorithm then \\p hash is the digest itself, and this"]
-    #[doc = "                  function calculates the DigestInfo encoding internally."]
-    #[doc = " \\param hash      Hash of the message to sign"]
-    #[doc = " \\param hash_len  Hash length"]
-    #[doc = " \\param sig       Signature to verify"]
-    #[doc = " \\param sig_len   Signature length"]
-    #[doc = ""]
-    #[doc = " \\return          0 on success (signature is valid),"]
-    #[doc = "                  #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid"]
-    #[doc = "                  signature in sig but its length is less than \\p siglen,"]
-    #[doc = "                  or a specific error code."]
-    #[doc = ""]
-    #[doc = " \\note            For RSA keys, the default padding type is PKCS#1 v1.5."]
-    #[doc = "                  Use \\c mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, ... )"]
-    #[doc = "                  to verify RSASSA_PSS signatures."]
-    pub fn mbedtls_pk_verify(
-        ctx: *mut mbedtls_pk_context,
-        md_alg: mbedtls_md_type_t,
-        hash: *const crate::c_types::c_uchar,
-        hash_len: size_t,
-        sig: *const crate::c_types::c_uchar,
-        sig_len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Restartable version of \\c mbedtls_pk_verify()"]
-    #[doc = ""]
-    #[doc = " \\note            Performs the same job as \\c mbedtls_pk_verify(), but can"]
-    #[doc = "                  return early and restart according to the limit set with"]
-    #[doc = "                  \\c mbedtls_ecp_set_max_ops() to reduce blocking for ECC"]
-    #[doc = "                  operations. For RSA, same as \\c mbedtls_pk_verify()."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The PK context to use. It must have been set up."]
-    #[doc = " \\param md_alg    Hash algorithm used (see notes)"]
-    #[doc = " \\param hash      Hash of the message to sign"]
-    #[doc = " \\param hash_len  Hash length or 0 (see notes)"]
-    #[doc = " \\param sig       Signature to verify"]
-    #[doc = " \\param sig_len   Signature length"]
-    #[doc = " \\param rs_ctx    Restart context (NULL to disable restart)"]
-    #[doc = ""]
-    #[doc = " \\return          See \\c mbedtls_pk_verify(), or"]
-    #[doc = " \\return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of"]
-    #[doc = "                  operations was reached: see \\c mbedtls_ecp_set_max_ops()."]
-    pub fn mbedtls_pk_verify_restartable(
-        ctx: *mut mbedtls_pk_context,
-        md_alg: mbedtls_md_type_t,
-        hash: *const crate::c_types::c_uchar,
-        hash_len: size_t,
-        sig: *const crate::c_types::c_uchar,
-        sig_len: size_t,
-        rs_ctx: *mut mbedtls_pk_restart_ctx,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Verify signature, with options."]
-    #[doc = "                  (Includes verification of the padding depending on type.)"]
-    #[doc = ""]
-    #[doc = " \\param type      Signature type (inc. possible padding type) to verify"]
-    #[doc = " \\param options   Pointer to type-specific options, or NULL"]
-    #[doc = " \\param ctx       The PK context to use. It must have been set up."]
-    #[doc = " \\param md_alg    Hash algorithm used (see notes)"]
-    #[doc = " \\param hash      Hash of the message to sign"]
-    #[doc = " \\param hash_len  Hash length or 0 (see notes)"]
-    #[doc = " \\param sig       Signature to verify"]
-    #[doc = " \\param sig_len   Signature length"]
-    #[doc = ""]
-    #[doc = " \\return          0 on success (signature is valid),"]
-    #[doc = "                  #MBEDTLS_ERR_PK_TYPE_MISMATCH if the PK context can't be"]
-    #[doc = "                  used for this type of signatures,"]
-    #[doc = "                  #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid"]
-    #[doc = "                  signature in sig but its length is less than \\p siglen,"]
-    #[doc = "                  or a specific error code."]
-    #[doc = ""]
-    #[doc = " \\note            If hash_len is 0, then the length associated with md_alg"]
-    #[doc = "                  is used instead, or an error returned if it is invalid."]
-    #[doc = ""]
-    #[doc = " \\note            md_alg may be MBEDTLS_MD_NONE, only if hash_len != 0"]
-    #[doc = ""]
-    #[doc = " \\note            If type is MBEDTLS_PK_RSASSA_PSS, then options must point"]
-    #[doc = "                  to a mbedtls_pk_rsassa_pss_options structure,"]
-    #[doc = "                  otherwise it must be NULL. Note that if"]
-    #[doc = "                  #MBEDTLS_USE_PSA_CRYPTO is defined, the salt length is not"]
-    #[doc = "                  verified as PSA_ALG_RSA_PSS_ANY_SALT is used."]
-    pub fn mbedtls_pk_verify_ext(
-        type_: mbedtls_pk_type_t,
-        options: *const crate::c_types::c_void,
-        ctx: *mut mbedtls_pk_context,
-        md_alg: mbedtls_md_type_t,
-        hash: *const crate::c_types::c_uchar,
-        hash_len: size_t,
-        sig: *const crate::c_types::c_uchar,
-        sig_len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Make signature, including padding if relevant."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The PK context to use. It must have been set up"]
-    #[doc = "                  with a private key."]
-    #[doc = " \\param md_alg    Hash algorithm used (see notes)"]
-    #[doc = " \\param hash      Hash of the message to sign"]
-    #[doc = " \\param hash_len  Hash length"]
-    #[doc = " \\param sig       Place to write the signature."]
-    #[doc = "                  It must have enough room for the signature."]
-    #[doc = "                  #MBEDTLS_PK_SIGNATURE_MAX_SIZE is always enough."]
-    #[doc = "                  You may use a smaller buffer if it is large enough"]
-    #[doc = "                  given the key type."]
-    #[doc = " \\param sig_size  The size of the \\p sig buffer in bytes."]
-    #[doc = " \\param sig_len   On successful return,"]
-    #[doc = "                  the number of bytes written to \\p sig."]
-    #[doc = " \\param f_rng     RNG function, must not be \\c NULL."]
-    #[doc = " \\param p_rng     RNG parameter"]
-    #[doc = ""]
-    #[doc = " \\return          0 on success, or a specific error code."]
-    #[doc = ""]
-    #[doc = " \\note            For RSA keys, the default padding type is PKCS#1 v1.5."]
-    #[doc = "                  There is no interface in the PK module to make RSASSA-PSS"]
-    #[doc = "                  signatures yet."]
-    #[doc = ""]
-    #[doc = " \\note            For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0."]
-    #[doc = "                  For ECDSA, md_alg may never be MBEDTLS_MD_NONE."]
-    pub fn mbedtls_pk_sign(
-        ctx: *mut mbedtls_pk_context,
-        md_alg: mbedtls_md_type_t,
-        hash: *const crate::c_types::c_uchar,
-        hash_len: size_t,
-        sig: *mut crate::c_types::c_uchar,
-        sig_size: size_t,
-        sig_len: *mut size_t,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Make signature given a signature type."]
-    #[doc = ""]
-    #[doc = " \\param pk_type   Signature type."]
-    #[doc = " \\param ctx       The PK context to use. It must have been set up"]
-    #[doc = "                  with a private key."]
-    #[doc = " \\param md_alg    Hash algorithm used (see notes)"]
-    #[doc = " \\param hash      Hash of the message to sign"]
-    #[doc = " \\param hash_len  Hash length"]
-    #[doc = " \\param sig       Place to write the signature."]
-    #[doc = "                  It must have enough room for the signature."]
-    #[doc = "                  #MBEDTLS_PK_SIGNATURE_MAX_SIZE is always enough."]
-    #[doc = "                  You may use a smaller buffer if it is large enough"]
-    #[doc = "                  given the key type."]
-    #[doc = " \\param sig_size  The size of the \\p sig buffer in bytes."]
-    #[doc = " \\param sig_len   On successful return,"]
-    #[doc = "                  the number of bytes written to \\p sig."]
-    #[doc = " \\param f_rng     RNG function, must not be \\c NULL."]
-    #[doc = " \\param p_rng     RNG parameter"]
-    #[doc = ""]
-    #[doc = " \\return          0 on success, or a specific error code."]
-    #[doc = ""]
-    #[doc = " \\note            When \\p pk_type is #MBEDTLS_PK_RSASSA_PSS,"]
-    #[doc = "                  see #PSA_ALG_RSA_PSS for a description of PSS options used."]
-    #[doc = ""]
-    #[doc = " \\note            For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0."]
-    #[doc = "                  For ECDSA, md_alg may never be MBEDTLS_MD_NONE."]
-    #[doc = ""]
-    pub fn mbedtls_pk_sign_ext(
-        pk_type: mbedtls_pk_type_t,
-        ctx: *mut mbedtls_pk_context,
-        md_alg: mbedtls_md_type_t,
-        hash: *const crate::c_types::c_uchar,
-        hash_len: size_t,
-        sig: *mut crate::c_types::c_uchar,
-        sig_size: size_t,
-        sig_len: *mut size_t,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Restartable version of \\c mbedtls_pk_sign()"]
-    #[doc = ""]
-    #[doc = " \\note            Performs the same job as \\c mbedtls_pk_sign(), but can"]
-    #[doc = "                  return early and restart according to the limit set with"]
-    #[doc = "                  \\c mbedtls_ecp_set_max_ops() to reduce blocking for ECC"]
-    #[doc = "                  operations. For RSA, same as \\c mbedtls_pk_sign()."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The PK context to use. It must have been set up"]
-    #[doc = "                  with a private key."]
-    #[doc = " \\param md_alg    Hash algorithm used (see notes for mbedtls_pk_sign())"]
-    #[doc = " \\param hash      Hash of the message to sign"]
-    #[doc = " \\param hash_len  Hash length"]
-    #[doc = " \\param sig       Place to write the signature."]
-    #[doc = "                  It must have enough room for the signature."]
-    #[doc = "                  #MBEDTLS_PK_SIGNATURE_MAX_SIZE is always enough."]
-    #[doc = "                  You may use a smaller buffer if it is large enough"]
-    #[doc = "                  given the key type."]
-    #[doc = " \\param sig_size  The size of the \\p sig buffer in bytes."]
-    #[doc = " \\param sig_len   On successful return,"]
-    #[doc = "                  the number of bytes written to \\p sig."]
-    #[doc = " \\param f_rng     RNG function, must not be \\c NULL."]
-    #[doc = " \\param p_rng     RNG parameter"]
-    #[doc = " \\param rs_ctx    Restart context (NULL to disable restart)"]
-    #[doc = ""]
-    #[doc = " \\return          See \\c mbedtls_pk_sign()."]
-    #[doc = " \\return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of"]
-    #[doc = "                  operations was reached: see \\c mbedtls_ecp_set_max_ops()."]
-    pub fn mbedtls_pk_sign_restartable(
-        ctx: *mut mbedtls_pk_context,
-        md_alg: mbedtls_md_type_t,
-        hash: *const crate::c_types::c_uchar,
-        hash_len: size_t,
-        sig: *mut crate::c_types::c_uchar,
-        sig_size: size_t,
-        sig_len: *mut size_t,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-        rs_ctx: *mut mbedtls_pk_restart_ctx,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Decrypt message (including padding if relevant)."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The PK context to use. It must have been set up"]
-    #[doc = "                  with a private key."]
-    #[doc = " \\param input     Input to decrypt"]
-    #[doc = " \\param ilen      Input size"]
-    #[doc = " \\param output    Decrypted output"]
-    #[doc = " \\param olen      Decrypted message length"]
-    #[doc = " \\param osize     Size of the output buffer"]
-    #[doc = " \\param f_rng     RNG function, must not be \\c NULL."]
-    #[doc = " \\param p_rng     RNG parameter"]
-    #[doc = ""]
-    #[doc = " \\note            For RSA keys, the default padding type is PKCS#1 v1.5."]
-    #[doc = ""]
-    #[doc = " \\return          0 on success, or a specific error code."]
-    pub fn mbedtls_pk_decrypt(
-        ctx: *mut mbedtls_pk_context,
-        input: *const crate::c_types::c_uchar,
-        ilen: size_t,
-        output: *mut crate::c_types::c_uchar,
-        olen: *mut size_t,
-        osize: size_t,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Encrypt message (including padding if relevant)."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The PK context to use. It must have been set up."]
-    #[doc = " \\param input     Message to encrypt"]
-    #[doc = " \\param ilen      Message size"]
-    #[doc = " \\param output    Encrypted output"]
-    #[doc = " \\param olen      Encrypted output length"]
-    #[doc = " \\param osize     Size of the output buffer"]
-    #[doc = " \\param f_rng     RNG function, must not be \\c NULL."]
-    #[doc = " \\param p_rng     RNG parameter"]
-    #[doc = ""]
-    #[doc = " \\note            \\p f_rng is used for padding generation."]
-    #[doc = ""]
-    #[doc = " \\note            For RSA keys, the default padding type is PKCS#1 v1.5."]
-    #[doc = ""]
-    #[doc = " \\return          0 on success, or a specific error code."]
-    pub fn mbedtls_pk_encrypt(
-        ctx: *mut mbedtls_pk_context,
-        input: *const crate::c_types::c_uchar,
-        ilen: size_t,
-        output: *mut crate::c_types::c_uchar,
-        olen: *mut size_t,
-        osize: size_t,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Check if a public-private pair of keys matches."]
-    #[doc = ""]
-    #[doc = " \\param pub       Context holding a public key."]
-    #[doc = " \\param prv       Context holding a private (and public) key."]
-    #[doc = " \\param f_rng     RNG function, must not be \\c NULL."]
-    #[doc = " \\param p_rng     RNG parameter"]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success (keys were checked and match each other)."]
-    #[doc = " \\return          #MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE if the keys could not"]
-    #[doc = "                  be checked - in that case they may or may not match."]
-    #[doc = " \\return          #MBEDTLS_ERR_PK_BAD_INPUT_DATA if a context is invalid."]
-    #[doc = " \\return          Another non-zero value if the keys do not match."]
-    pub fn mbedtls_pk_check_pair(
-        pub_: *const mbedtls_pk_context,
-        prv: *const mbedtls_pk_context,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Export debug information"]
-    #[doc = ""]
-    #[doc = " \\param ctx       The PK context to use. It must have been initialized."]
-    #[doc = " \\param items     Place to write debug items"]
-    #[doc = ""]
-    #[doc = " \\return          0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA"]
-    pub fn mbedtls_pk_debug(
-        ctx: *const mbedtls_pk_context,
-        items: *mut mbedtls_pk_debug_item,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Access the type name"]
-    #[doc = ""]
-    #[doc = " \\param ctx       The PK context to use. It must have been initialized."]
-    #[doc = ""]
-    #[doc = " \\return          Type name on success, or \"invalid PK\""]
-    pub fn mbedtls_pk_get_name(ctx: *const mbedtls_pk_context) -> *const crate::c_types::c_char;
-}
-extern "C" {
-    #[doc = " \\brief           Get the key type"]
-    #[doc = ""]
-    #[doc = " \\param ctx       The PK context to use. It must have been initialized."]
-    #[doc = ""]
-    #[doc = " \\return          Type on success."]
-    #[doc = " \\return          #MBEDTLS_PK_NONE for a context that has not been set up."]
-    pub fn mbedtls_pk_get_type(ctx: *const mbedtls_pk_context) -> mbedtls_pk_type_t;
-}
-extern "C" {
-    #[doc = " \\ingroup pk_module */"]
-    #[doc = " \\brief           Parse a private key in PEM or DER format"]
-    #[doc = ""]
-    #[doc = " \\note            If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto"]
-    #[doc = "                  subsystem must have been initialized by calling"]
-    #[doc = "                  psa_crypto_init() before calling this function."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The PK context to fill. It must have been initialized"]
-    #[doc = "                  but not set up."]
-    #[doc = " \\param key       Input buffer to parse."]
-    #[doc = "                  The buffer must contain the input exactly, with no"]
-    #[doc = "                  extra trailing material. For PEM, the buffer must"]
-    #[doc = "                  contain a null-terminated string."]
-    #[doc = " \\param keylen    Size of \\b key in bytes."]
-    #[doc = "                  For PEM data, this includes the terminating null byte,"]
-    #[doc = "                  so \\p keylen must be equal to `strlen(key) + 1`."]
-    #[doc = " \\param pwd       Optional password for decryption."]
-    #[doc = "                  Pass \\c NULL if expecting a non-encrypted key."]
-    #[doc = "                  Pass a string of \\p pwdlen bytes if expecting an encrypted"]
-    #[doc = "                  key; a non-encrypted key will also be accepted."]
-    #[doc = "                  The empty password is not supported."]
-    #[doc = " \\param pwdlen    Size of the password in bytes."]
-    #[doc = "                  Ignored if \\p pwd is \\c NULL."]
-    #[doc = " \\param f_rng     RNG function, must not be \\c NULL. Used for blinding."]
-    #[doc = " \\param p_rng     RNG parameter"]
-    #[doc = ""]
-    #[doc = " \\note            On entry, ctx must be empty, either freshly initialised"]
-    #[doc = "                  with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a"]
-    #[doc = "                  specific key type, check the result with mbedtls_pk_can_do()."]
-    #[doc = ""]
-    #[doc = " \\note            The key is also checked for correctness."]
-    #[doc = ""]
-    #[doc = " \\return          0 if successful, or a specific PK or PEM error code"]
-    pub fn mbedtls_pk_parse_key(
-        ctx: *mut mbedtls_pk_context,
-        key: *const crate::c_types::c_uchar,
-        keylen: size_t,
-        pwd: *const crate::c_types::c_uchar,
-        pwdlen: size_t,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\ingroup pk_module */"]
-    #[doc = " \\brief           Parse a public key in PEM or DER format"]
-    #[doc = ""]
-    #[doc = " \\note            If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto"]
-    #[doc = "                  subsystem must have been initialized by calling"]
-    #[doc = "                  psa_crypto_init() before calling this function."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The PK context to fill. It must have been initialized"]
-    #[doc = "                  but not set up."]
-    #[doc = " \\param key       Input buffer to parse."]
-    #[doc = "                  The buffer must contain the input exactly, with no"]
-    #[doc = "                  extra trailing material. For PEM, the buffer must"]
-    #[doc = "                  contain a null-terminated string."]
-    #[doc = " \\param keylen    Size of \\b key in bytes."]
-    #[doc = "                  For PEM data, this includes the terminating null byte,"]
-    #[doc = "                  so \\p keylen must be equal to `strlen(key) + 1`."]
-    #[doc = ""]
-    #[doc = " \\note            On entry, ctx must be empty, either freshly initialised"]
-    #[doc = "                  with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a"]
-    #[doc = "                  specific key type, check the result with mbedtls_pk_can_do()."]
-    #[doc = ""]
-    #[doc = " \\note            For compressed points, see #MBEDTLS_ECP_PF_COMPRESSED for"]
-    #[doc = "                  limitations."]
-    #[doc = ""]
-    #[doc = " \\note            The key is also checked for correctness."]
-    #[doc = ""]
-    #[doc = " \\return          0 if successful, or a specific PK or PEM error code"]
-    pub fn mbedtls_pk_parse_public_key(
-        ctx: *mut mbedtls_pk_context,
-        key: *const crate::c_types::c_uchar,
-        keylen: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Write a private key to a PKCS#1 or SEC1 DER structure"]
-    #[doc = "                  Note: data is written at the end of the buffer! Use the"]
-    #[doc = "                        return value to determine where you should start"]
-    #[doc = "                        using the buffer"]
-    #[doc = ""]
-    #[doc = " \\param ctx       PK context which must contain a valid private key."]
-    #[doc = " \\param buf       buffer to write to"]
-    #[doc = " \\param size      size of the buffer"]
-    #[doc = ""]
-    #[doc = " \\return          length of data written if successful, or a specific"]
-    #[doc = "                  error code"]
-    pub fn mbedtls_pk_write_key_der(
-        ctx: *const mbedtls_pk_context,
-        buf: *mut crate::c_types::c_uchar,
-        size: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Write a public key to a SubjectPublicKeyInfo DER structure"]
-    #[doc = "                  Note: data is written at the end of the buffer! Use the"]
-    #[doc = "                        return value to determine where you should start"]
-    #[doc = "                        using the buffer"]
-    #[doc = ""]
-    #[doc = " \\param ctx       PK context which must contain a valid public or private key."]
-    #[doc = " \\param buf       buffer to write to"]
-    #[doc = " \\param size      size of the buffer"]
-    #[doc = ""]
-    #[doc = " \\return          length of data written if successful, or a specific"]
-    #[doc = "                  error code"]
-    pub fn mbedtls_pk_write_pubkey_der(
-        ctx: *const mbedtls_pk_context,
-        buf: *mut crate::c_types::c_uchar,
-        size: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Write a public key to a PEM string"]
-    #[doc = ""]
-    #[doc = " \\param ctx       PK context which must contain a valid public or private key."]
-    #[doc = " \\param buf       Buffer to write to. The output includes a"]
-    #[doc = "                  terminating null byte."]
-    #[doc = " \\param size      Size of the buffer in bytes."]
-    #[doc = ""]
-    #[doc = " \\return          0 if successful, or a specific error code"]
-    pub fn mbedtls_pk_write_pubkey_pem(
-        ctx: *const mbedtls_pk_context,
-        buf: *mut crate::c_types::c_uchar,
-        size: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Write a private key to a PKCS#1 or SEC1 PEM string"]
-    #[doc = ""]
-    #[doc = " \\param ctx       PK context which must contain a valid private key."]
-    #[doc = " \\param buf       Buffer to write to. The output includes a"]
-    #[doc = "                  terminating null byte."]
-    #[doc = " \\param size      Size of the buffer in bytes."]
-    #[doc = ""]
-    #[doc = " \\return          0 if successful, or a specific error code"]
-    pub fn mbedtls_pk_write_key_pem(
-        ctx: *const mbedtls_pk_context,
-        buf: *mut crate::c_types::c_uchar,
-        size: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Parse a SubjectPublicKeyInfo DER structure"]
-    #[doc = ""]
-    #[doc = " \\param p         the position in the ASN.1 data"]
-    #[doc = " \\param end       end of the buffer"]
-    #[doc = " \\param pk        The PK context to fill. It must have been initialized"]
-    #[doc = "                  but not set up."]
-    #[doc = ""]
-    #[doc = " \\return          0 if successful, or a specific PK error code"]
-    pub fn mbedtls_pk_parse_subpubkey(
-        p: *mut *mut crate::c_types::c_uchar,
-        end: *const crate::c_types::c_uchar,
-        pk: *mut mbedtls_pk_context,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Write a subjectPublicKey to ASN.1 data"]
-    #[doc = "                  Note: function works backwards in data buffer"]
-    #[doc = ""]
-    #[doc = " \\param p         reference to current position pointer"]
-    #[doc = " \\param start     start of the buffer (for bounds-checking)"]
-    #[doc = " \\param key       PK context which must contain a valid public or private key."]
-    #[doc = ""]
-    #[doc = " \\return          the length written or a negative error code"]
-    pub fn mbedtls_pk_write_pubkey(
-        p: *mut *mut crate::c_types::c_uchar,
-        start: *mut crate::c_types::c_uchar,
-        key: *const mbedtls_pk_context,
-    ) -> crate::c_types::c_int;
-}
-#[doc = "< Placeholder to mark the end of cipher ID lists."]
-pub const mbedtls_cipher_id_t_MBEDTLS_CIPHER_ID_NONE: mbedtls_cipher_id_t = 0;
-#[doc = "< The identity cipher, treated as a stream cipher."]
-pub const mbedtls_cipher_id_t_MBEDTLS_CIPHER_ID_NULL: mbedtls_cipher_id_t = 1;
-#[doc = "< The AES cipher."]
-pub const mbedtls_cipher_id_t_MBEDTLS_CIPHER_ID_AES: mbedtls_cipher_id_t = 2;
-#[doc = "< The DES cipher. \\warning DES is considered weak."]
-pub const mbedtls_cipher_id_t_MBEDTLS_CIPHER_ID_DES: mbedtls_cipher_id_t = 3;
-#[doc = "< The Triple DES cipher. \\warning 3DES is considered weak."]
-pub const mbedtls_cipher_id_t_MBEDTLS_CIPHER_ID_3DES: mbedtls_cipher_id_t = 4;
-#[doc = "< The Camellia cipher."]
-pub const mbedtls_cipher_id_t_MBEDTLS_CIPHER_ID_CAMELLIA: mbedtls_cipher_id_t = 5;
-#[doc = "< The Aria cipher."]
-pub const mbedtls_cipher_id_t_MBEDTLS_CIPHER_ID_ARIA: mbedtls_cipher_id_t = 6;
-#[doc = "< The ChaCha20 cipher."]
-pub const mbedtls_cipher_id_t_MBEDTLS_CIPHER_ID_CHACHA20: mbedtls_cipher_id_t = 7;
-#[doc = " \\brief     Supported cipher types."]
-#[doc = ""]
-#[doc = " \\warning   DES/3DES are considered weak ciphers and their use"]
-#[doc = "            constitutes a security risk. We recommend considering stronger"]
-#[doc = "            ciphers instead."]
-pub type mbedtls_cipher_id_t = crate::c_types::c_uint;
-#[doc = "< Placeholder to mark the end of cipher-pair lists."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_NONE: mbedtls_cipher_type_t = 0;
-#[doc = "< The identity stream cipher."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_NULL: mbedtls_cipher_type_t = 1;
-#[doc = "< AES cipher with 128-bit ECB mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_ECB: mbedtls_cipher_type_t = 2;
-#[doc = "< AES cipher with 192-bit ECB mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_ECB: mbedtls_cipher_type_t = 3;
-#[doc = "< AES cipher with 256-bit ECB mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_ECB: mbedtls_cipher_type_t = 4;
-#[doc = "< AES cipher with 128-bit CBC mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_CBC: mbedtls_cipher_type_t = 5;
-#[doc = "< AES cipher with 192-bit CBC mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_CBC: mbedtls_cipher_type_t = 6;
-#[doc = "< AES cipher with 256-bit CBC mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_CBC: mbedtls_cipher_type_t = 7;
-#[doc = "< AES cipher with 128-bit CFB128 mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_CFB128: mbedtls_cipher_type_t = 8;
-#[doc = "< AES cipher with 192-bit CFB128 mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_CFB128: mbedtls_cipher_type_t = 9;
-#[doc = "< AES cipher with 256-bit CFB128 mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_CFB128: mbedtls_cipher_type_t = 10;
-#[doc = "< AES cipher with 128-bit CTR mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_CTR: mbedtls_cipher_type_t = 11;
-#[doc = "< AES cipher with 192-bit CTR mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_CTR: mbedtls_cipher_type_t = 12;
-#[doc = "< AES cipher with 256-bit CTR mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_CTR: mbedtls_cipher_type_t = 13;
-#[doc = "< AES cipher with 128-bit GCM mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_GCM: mbedtls_cipher_type_t = 14;
-#[doc = "< AES cipher with 192-bit GCM mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_GCM: mbedtls_cipher_type_t = 15;
-#[doc = "< AES cipher with 256-bit GCM mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_GCM: mbedtls_cipher_type_t = 16;
-#[doc = "< Camellia cipher with 128-bit ECB mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_128_ECB: mbedtls_cipher_type_t = 17;
-#[doc = "< Camellia cipher with 192-bit ECB mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_192_ECB: mbedtls_cipher_type_t = 18;
-#[doc = "< Camellia cipher with 256-bit ECB mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_256_ECB: mbedtls_cipher_type_t = 19;
-#[doc = "< Camellia cipher with 128-bit CBC mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_128_CBC: mbedtls_cipher_type_t = 20;
-#[doc = "< Camellia cipher with 192-bit CBC mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_192_CBC: mbedtls_cipher_type_t = 21;
-#[doc = "< Camellia cipher with 256-bit CBC mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_256_CBC: mbedtls_cipher_type_t = 22;
-#[doc = "< Camellia cipher with 128-bit CFB128 mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_128_CFB128: mbedtls_cipher_type_t = 23;
-#[doc = "< Camellia cipher with 192-bit CFB128 mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_192_CFB128: mbedtls_cipher_type_t = 24;
-#[doc = "< Camellia cipher with 256-bit CFB128 mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_256_CFB128: mbedtls_cipher_type_t = 25;
-#[doc = "< Camellia cipher with 128-bit CTR mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_128_CTR: mbedtls_cipher_type_t = 26;
-#[doc = "< Camellia cipher with 192-bit CTR mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_192_CTR: mbedtls_cipher_type_t = 27;
-#[doc = "< Camellia cipher with 256-bit CTR mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_256_CTR: mbedtls_cipher_type_t = 28;
-#[doc = "< Camellia cipher with 128-bit GCM mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_128_GCM: mbedtls_cipher_type_t = 29;
-#[doc = "< Camellia cipher with 192-bit GCM mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_192_GCM: mbedtls_cipher_type_t = 30;
-#[doc = "< Camellia cipher with 256-bit GCM mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_256_GCM: mbedtls_cipher_type_t = 31;
-#[doc = "< DES cipher with ECB mode. \\warning DES is considered weak."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_DES_ECB: mbedtls_cipher_type_t = 32;
-#[doc = "< DES cipher with CBC mode. \\warning DES is considered weak."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_DES_CBC: mbedtls_cipher_type_t = 33;
-#[doc = "< DES cipher with EDE ECB mode. \\warning 3DES is considered weak."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_DES_EDE_ECB: mbedtls_cipher_type_t = 34;
-#[doc = "< DES cipher with EDE CBC mode. \\warning 3DES is considered weak."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_DES_EDE_CBC: mbedtls_cipher_type_t = 35;
-#[doc = "< DES cipher with EDE3 ECB mode. \\warning 3DES is considered weak."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_DES_EDE3_ECB: mbedtls_cipher_type_t = 36;
-#[doc = "< DES cipher with EDE3 CBC mode. \\warning 3DES is considered weak."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_DES_EDE3_CBC: mbedtls_cipher_type_t = 37;
-#[doc = "< AES cipher with 128-bit CCM mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_CCM: mbedtls_cipher_type_t = 38;
-#[doc = "< AES cipher with 192-bit CCM mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_CCM: mbedtls_cipher_type_t = 39;
-#[doc = "< AES cipher with 256-bit CCM mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_CCM: mbedtls_cipher_type_t = 40;
-#[doc = "< AES cipher with 128-bit CCM_STAR_NO_TAG mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG: mbedtls_cipher_type_t = 41;
-#[doc = "< AES cipher with 192-bit CCM_STAR_NO_TAG mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG: mbedtls_cipher_type_t = 42;
-#[doc = "< AES cipher with 256-bit CCM_STAR_NO_TAG mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG: mbedtls_cipher_type_t = 43;
-#[doc = "< Camellia cipher with 128-bit CCM mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_128_CCM: mbedtls_cipher_type_t = 44;
-#[doc = "< Camellia cipher with 192-bit CCM mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_192_CCM: mbedtls_cipher_type_t = 45;
-#[doc = "< Camellia cipher with 256-bit CCM mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_256_CCM: mbedtls_cipher_type_t = 46;
-#[doc = "< Camellia cipher with 128-bit CCM_STAR_NO_TAG mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG: mbedtls_cipher_type_t =
-    47;
-#[doc = "< Camellia cipher with 192-bit CCM_STAR_NO_TAG mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG: mbedtls_cipher_type_t =
-    48;
-#[doc = "< Camellia cipher with 256-bit CCM_STAR_NO_TAG mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG: mbedtls_cipher_type_t =
-    49;
-#[doc = "< Aria cipher with 128-bit key and ECB mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_128_ECB: mbedtls_cipher_type_t = 50;
-#[doc = "< Aria cipher with 192-bit key and ECB mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_192_ECB: mbedtls_cipher_type_t = 51;
-#[doc = "< Aria cipher with 256-bit key and ECB mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_256_ECB: mbedtls_cipher_type_t = 52;
-#[doc = "< Aria cipher with 128-bit key and CBC mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_128_CBC: mbedtls_cipher_type_t = 53;
-#[doc = "< Aria cipher with 192-bit key and CBC mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_192_CBC: mbedtls_cipher_type_t = 54;
-#[doc = "< Aria cipher with 256-bit key and CBC mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_256_CBC: mbedtls_cipher_type_t = 55;
-#[doc = "< Aria cipher with 128-bit key and CFB-128 mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_128_CFB128: mbedtls_cipher_type_t = 56;
-#[doc = "< Aria cipher with 192-bit key and CFB-128 mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_192_CFB128: mbedtls_cipher_type_t = 57;
-#[doc = "< Aria cipher with 256-bit key and CFB-128 mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_256_CFB128: mbedtls_cipher_type_t = 58;
-#[doc = "< Aria cipher with 128-bit key and CTR mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_128_CTR: mbedtls_cipher_type_t = 59;
-#[doc = "< Aria cipher with 192-bit key and CTR mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_192_CTR: mbedtls_cipher_type_t = 60;
-#[doc = "< Aria cipher with 256-bit key and CTR mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_256_CTR: mbedtls_cipher_type_t = 61;
-#[doc = "< Aria cipher with 128-bit key and GCM mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_128_GCM: mbedtls_cipher_type_t = 62;
-#[doc = "< Aria cipher with 192-bit key and GCM mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_192_GCM: mbedtls_cipher_type_t = 63;
-#[doc = "< Aria cipher with 256-bit key and GCM mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_256_GCM: mbedtls_cipher_type_t = 64;
-#[doc = "< Aria cipher with 128-bit key and CCM mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_128_CCM: mbedtls_cipher_type_t = 65;
-#[doc = "< Aria cipher with 192-bit key and CCM mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_192_CCM: mbedtls_cipher_type_t = 66;
-#[doc = "< Aria cipher with 256-bit key and CCM mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_256_CCM: mbedtls_cipher_type_t = 67;
-#[doc = "< Aria cipher with 128-bit key and CCM_STAR_NO_TAG mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG: mbedtls_cipher_type_t = 68;
-#[doc = "< Aria cipher with 192-bit key and CCM_STAR_NO_TAG mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG: mbedtls_cipher_type_t = 69;
-#[doc = "< Aria cipher with 256-bit key and CCM_STAR_NO_TAG mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG: mbedtls_cipher_type_t = 70;
-#[doc = "< AES 128-bit cipher in OFB mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_OFB: mbedtls_cipher_type_t = 71;
-#[doc = "< AES 192-bit cipher in OFB mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_OFB: mbedtls_cipher_type_t = 72;
-#[doc = "< AES 256-bit cipher in OFB mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_OFB: mbedtls_cipher_type_t = 73;
-#[doc = "< AES 128-bit cipher in XTS block mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_XTS: mbedtls_cipher_type_t = 74;
-#[doc = "< AES 256-bit cipher in XTS block mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_XTS: mbedtls_cipher_type_t = 75;
-#[doc = "< ChaCha20 stream cipher."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CHACHA20: mbedtls_cipher_type_t = 76;
-#[doc = "< ChaCha20-Poly1305 AEAD cipher."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CHACHA20_POLY1305: mbedtls_cipher_type_t = 77;
-#[doc = "< AES cipher with 128-bit NIST KW mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_KW: mbedtls_cipher_type_t = 78;
-#[doc = "< AES cipher with 192-bit NIST KW mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_KW: mbedtls_cipher_type_t = 79;
-#[doc = "< AES cipher with 256-bit NIST KW mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_KW: mbedtls_cipher_type_t = 80;
-#[doc = "< AES cipher with 128-bit NIST KWP mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_KWP: mbedtls_cipher_type_t = 81;
-#[doc = "< AES cipher with 192-bit NIST KWP mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_KWP: mbedtls_cipher_type_t = 82;
-#[doc = "< AES cipher with 256-bit NIST KWP mode."]
-pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_KWP: mbedtls_cipher_type_t = 83;
-#[doc = " \\brief     Supported {cipher type, cipher mode} pairs."]
-#[doc = ""]
-#[doc = " \\warning   DES/3DES are considered weak ciphers and their use"]
-#[doc = "            constitutes a security risk. We recommend considering stronger"]
-#[doc = "            ciphers instead."]
-pub type mbedtls_cipher_type_t = crate::c_types::c_uint;
-#[doc = "< None."]
-pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_NONE: mbedtls_cipher_mode_t = 0;
-#[doc = "< The ECB cipher mode."]
-pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_ECB: mbedtls_cipher_mode_t = 1;
-#[doc = "< The CBC cipher mode."]
-pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_CBC: mbedtls_cipher_mode_t = 2;
-#[doc = "< The CFB cipher mode."]
-pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_CFB: mbedtls_cipher_mode_t = 3;
-#[doc = "< The OFB cipher mode."]
-pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_OFB: mbedtls_cipher_mode_t = 4;
-#[doc = "< The CTR cipher mode."]
-pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_CTR: mbedtls_cipher_mode_t = 5;
-#[doc = "< The GCM cipher mode."]
-pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_GCM: mbedtls_cipher_mode_t = 6;
-#[doc = "< The stream cipher mode."]
-pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_STREAM: mbedtls_cipher_mode_t = 7;
-#[doc = "< The CCM cipher mode."]
-pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_CCM: mbedtls_cipher_mode_t = 8;
-#[doc = "< The CCM*-no-tag cipher mode."]
-pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_CCM_STAR_NO_TAG: mbedtls_cipher_mode_t = 9;
-#[doc = "< The XTS cipher mode."]
-pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_XTS: mbedtls_cipher_mode_t = 10;
-#[doc = "< The ChaCha-Poly cipher mode."]
-pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_CHACHAPOLY: mbedtls_cipher_mode_t = 11;
-#[doc = "< The SP800-38F KW mode"]
-pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_KW: mbedtls_cipher_mode_t = 12;
-#[doc = "< The SP800-38F KWP mode"]
-pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_KWP: mbedtls_cipher_mode_t = 13;
-#[doc = " Supported cipher modes."]
-pub type mbedtls_cipher_mode_t = crate::c_types::c_uint;
-#[doc = "< PKCS7 padding (default)."]
-pub const mbedtls_cipher_padding_t_MBEDTLS_PADDING_PKCS7: mbedtls_cipher_padding_t = 0;
-#[doc = "< ISO/IEC 7816-4 padding."]
-pub const mbedtls_cipher_padding_t_MBEDTLS_PADDING_ONE_AND_ZEROS: mbedtls_cipher_padding_t = 1;
-#[doc = "< ANSI X.923 padding."]
-pub const mbedtls_cipher_padding_t_MBEDTLS_PADDING_ZEROS_AND_LEN: mbedtls_cipher_padding_t = 2;
-#[doc = "< Zero padding (not reversible)."]
-pub const mbedtls_cipher_padding_t_MBEDTLS_PADDING_ZEROS: mbedtls_cipher_padding_t = 3;
-#[doc = "< Never pad (full blocks only)."]
-pub const mbedtls_cipher_padding_t_MBEDTLS_PADDING_NONE: mbedtls_cipher_padding_t = 4;
-#[doc = " Supported cipher padding types."]
-pub type mbedtls_cipher_padding_t = crate::c_types::c_uint;
-pub const mbedtls_operation_t_MBEDTLS_OPERATION_NONE: mbedtls_operation_t = -1;
-pub const mbedtls_operation_t_MBEDTLS_DECRYPT: mbedtls_operation_t = 0;
-pub const mbedtls_operation_t_MBEDTLS_ENCRYPT: mbedtls_operation_t = 1;
-#[doc = " Type of operation."]
-pub type mbedtls_operation_t = crate::c_types::c_int;
-#[doc = " Undefined key length."]
-pub const MBEDTLS_KEY_LENGTH_NONE: crate::c_types::c_uint = 0;
-#[doc = " Key length, in bits (including parity), for DES keys. \\warning DES is considered weak."]
-pub const MBEDTLS_KEY_LENGTH_DES: crate::c_types::c_uint = 64;
-#[doc = " Key length in bits, including parity, for DES in two-key EDE. \\warning 3DES is considered weak."]
-pub const MBEDTLS_KEY_LENGTH_DES_EDE: crate::c_types::c_uint = 128;
-#[doc = " Key length in bits, including parity, for DES in three-key EDE. \\warning 3DES is considered weak."]
-pub const MBEDTLS_KEY_LENGTH_DES_EDE3: crate::c_types::c_uint = 192;
-pub type _bindgen_ty_1 = crate::c_types::c_uint;
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_cipher_base_t {
-    _unused: [u8; 0],
-}
-#[doc = " Cipher information. Allows calling cipher functions"]
-#[doc = " in a generic way."]
-#[doc = ""]
-#[doc = " \\note        The library does not support custom cipher info structures,"]
-#[doc = "              only built-in structures returned by the functions"]
-#[doc = "              mbedtls_cipher_info_from_string(),"]
-#[doc = "              mbedtls_cipher_info_from_type(),"]
-#[doc = "              mbedtls_cipher_info_from_values(),"]
-#[doc = "              mbedtls_cipher_info_from_psa()."]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_cipher_info_t {
-    pub private_type: mbedtls_cipher_type_t,
-    pub private_mode: mbedtls_cipher_mode_t,
-    pub private_key_bitlen: crate::c_types::c_uint,
-    pub private_name: *const crate::c_types::c_char,
-    pub private_iv_size: crate::c_types::c_uint,
-    pub private_flags: crate::c_types::c_int,
-    pub private_block_size: crate::c_types::c_uint,
-    pub private_base: *const mbedtls_cipher_base_t,
-}
-#[doc = " Generic cipher context."]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_cipher_context_t {
-    pub private_cipher_info: *const mbedtls_cipher_info_t,
-    pub private_key_bitlen: crate::c_types::c_int,
-    pub private_operation: mbedtls_operation_t,
-    pub private_add_padding: ::core::option::Option<
-        unsafe extern "C" fn(output: *mut crate::c_types::c_uchar, olen: size_t, data_len: size_t),
-    >,
-    pub private_get_padding: ::core::option::Option<
-        unsafe extern "C" fn(
-            input: *mut crate::c_types::c_uchar,
-            ilen: size_t,
-            data_len: *mut size_t,
-        ) -> crate::c_types::c_int,
-    >,
-    pub private_unprocessed_data: [crate::c_types::c_uchar; 16usize],
-    pub private_unprocessed_len: size_t,
-    pub private_iv: [crate::c_types::c_uchar; 16usize],
-    pub private_iv_size: size_t,
-    pub private_cipher_ctx: *mut crate::c_types::c_void,
-    pub private_cmac_ctx: *mut mbedtls_cmac_context_t,
-}
-extern "C" {
-    #[doc = " \\brief This function retrieves the list of ciphers supported"]
-    #[doc = "        by the generic cipher module."]
-    #[doc = ""]
-    #[doc = "        For any cipher identifier in the returned list, you can"]
-    #[doc = "        obtain the corresponding generic cipher information structure"]
-    #[doc = "        via mbedtls_cipher_info_from_type(), which can then be used"]
-    #[doc = "        to prepare a cipher context via mbedtls_cipher_setup()."]
-    #[doc = ""]
-    #[doc = ""]
-    #[doc = " \\return      A statically-allocated array of cipher identifiers"]
-    #[doc = "              of type cipher_type_t. The last entry is zero."]
-    pub fn mbedtls_cipher_list() -> *const crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief               This function retrieves the cipher-information"]
-    #[doc = "                      structure associated with the given cipher name."]
-    #[doc = ""]
-    #[doc = " \\param cipher_name   Name of the cipher to search for. This must not be"]
-    #[doc = "                      \\c NULL."]
-    #[doc = ""]
-    #[doc = " \\return              The cipher information structure associated with the"]
-    #[doc = "                      given \\p cipher_name."]
-    #[doc = " \\return              \\c NULL if the associated cipher information is not found."]
-    pub fn mbedtls_cipher_info_from_string(
-        cipher_name: *const crate::c_types::c_char,
-    ) -> *const mbedtls_cipher_info_t;
-}
-extern "C" {
-    #[doc = " \\brief               This function retrieves the cipher-information"]
-    #[doc = "                      structure associated with the given cipher type."]
-    #[doc = ""]
-    #[doc = " \\param cipher_type   Type of the cipher to search for."]
-    #[doc = ""]
-    #[doc = " \\return              The cipher information structure associated with the"]
-    #[doc = "                      given \\p cipher_type."]
-    #[doc = " \\return              \\c NULL if the associated cipher information is not found."]
-    pub fn mbedtls_cipher_info_from_type(
-        cipher_type: mbedtls_cipher_type_t,
-    ) -> *const mbedtls_cipher_info_t;
-}
-extern "C" {
-    #[doc = " \\brief               This function retrieves the cipher-information"]
-    #[doc = "                      structure associated with the given cipher ID,"]
-    #[doc = "                      key size and mode."]
-    #[doc = ""]
-    #[doc = " \\param cipher_id     The ID of the cipher to search for. For example,"]
-    #[doc = "                      #MBEDTLS_CIPHER_ID_AES."]
-    #[doc = " \\param key_bitlen    The length of the key in bits."]
-    #[doc = " \\param mode          The cipher mode. For example, #MBEDTLS_MODE_CBC."]
-    #[doc = ""]
-    #[doc = " \\return              The cipher information structure associated with the"]
-    #[doc = "                      given \\p cipher_id."]
-    #[doc = " \\return              \\c NULL if the associated cipher information is not found."]
-    pub fn mbedtls_cipher_info_from_values(
-        cipher_id: mbedtls_cipher_id_t,
-        key_bitlen: crate::c_types::c_int,
-        mode: mbedtls_cipher_mode_t,
-    ) -> *const mbedtls_cipher_info_t;
-}
-extern "C" {
-    #[doc = " \\brief               This function initializes a \\p cipher_context as NONE."]
-    #[doc = ""]
-    #[doc = " \\param ctx           The context to be initialized. This must not be \\c NULL."]
-    pub fn mbedtls_cipher_init(ctx: *mut mbedtls_cipher_context_t);
-}
-extern "C" {
-    #[doc = " \\brief               This function frees and clears the cipher-specific"]
-    #[doc = "                      context of \\p ctx. Freeing \\p ctx itself remains the"]
-    #[doc = "                      responsibility of the caller."]
-    #[doc = ""]
-    #[doc = " \\param ctx           The context to be freed. If this is \\c NULL, the"]
-    #[doc = "                      function has no effect, otherwise this must point to an"]
-    #[doc = "                      initialized context."]
-    pub fn mbedtls_cipher_free(ctx: *mut mbedtls_cipher_context_t);
-}
-extern "C" {
-    #[doc = " \\brief               This function prepares a cipher context for"]
-    #[doc = "                      use with the given cipher primitive."]
-    #[doc = ""]
-    #[doc = " \\note                After calling this function, you should call"]
-    #[doc = "                      mbedtls_cipher_setkey() and, if the mode uses padding,"]
-    #[doc = "                      mbedtls_cipher_set_padding_mode(), then for each"]
-    #[doc = "                      message to encrypt or decrypt with this key, either:"]
-    #[doc = "                      - mbedtls_cipher_crypt() for one-shot processing with"]
-    #[doc = "                      non-AEAD modes;"]
-    #[doc = "                      - mbedtls_cipher_auth_encrypt_ext() or"]
-    #[doc = "                      mbedtls_cipher_auth_decrypt_ext() for one-shot"]
-    #[doc = "                      processing with AEAD modes or NIST_KW;"]
-    #[doc = "                      - for multi-part processing, see the documentation of"]
-    #[doc = "                      mbedtls_cipher_reset()."]
-    #[doc = ""]
-    #[doc = " \\param ctx           The context to prepare. This must be initialized by"]
-    #[doc = "                      a call to mbedtls_cipher_init() first."]
-    #[doc = " \\param cipher_info   The cipher to use."]
-    #[doc = ""]
-    #[doc = " \\return              \\c 0 on success."]
-    #[doc = " \\return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on"]
-    #[doc = "                      parameter-verification failure."]
-    #[doc = " \\return              #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the"]
-    #[doc = "                      cipher-specific context fails."]
-    pub fn mbedtls_cipher_setup(
-        ctx: *mut mbedtls_cipher_context_t,
-        cipher_info: *const mbedtls_cipher_info_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief               This function sets the key to use with the given context."]
-    #[doc = ""]
-    #[doc = " \\param ctx           The generic cipher context. This must be initialized and"]
-    #[doc = "                      bound to a cipher information structure."]
-    #[doc = " \\param key           The key to use. This must be a readable buffer of at"]
-    #[doc = "                      least \\p key_bitlen Bits."]
-    #[doc = " \\param key_bitlen    The key length to use, in Bits."]
-    #[doc = " \\param operation     The operation that the key will be used for:"]
-    #[doc = "                      #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT."]
-    #[doc = ""]
-    #[doc = " \\return              \\c 0 on success."]
-    #[doc = " \\return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on"]
-    #[doc = "                      parameter-verification failure."]
-    #[doc = " \\return              A cipher-specific error code on failure."]
-    pub fn mbedtls_cipher_setkey(
-        ctx: *mut mbedtls_cipher_context_t,
-        key: *const crate::c_types::c_uchar,
-        key_bitlen: crate::c_types::c_int,
-        operation: mbedtls_operation_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief               This function sets the padding mode, for cipher modes"]
-    #[doc = "                      that use padding."]
-    #[doc = ""]
-    #[doc = "                      The default passing mode is PKCS7 padding."]
-    #[doc = ""]
-    #[doc = " \\param ctx           The generic cipher context. This must be initialized and"]
-    #[doc = "                      bound to a cipher information structure."]
-    #[doc = " \\param mode          The padding mode."]
-    #[doc = ""]
-    #[doc = " \\return              \\c 0 on success."]
-    #[doc = " \\return              #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE"]
-    #[doc = "                      if the selected padding mode is not supported."]
-    #[doc = " \\return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode"]
-    #[doc = "                      does not support padding."]
-    pub fn mbedtls_cipher_set_padding_mode(
-        ctx: *mut mbedtls_cipher_context_t,
-        mode: mbedtls_cipher_padding_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function sets the initialization vector (IV)"]
-    #[doc = "                  or nonce."]
-    #[doc = ""]
-    #[doc = " \\note            Some ciphers do not use IVs nor nonce. For these"]
-    #[doc = "                  ciphers, this function has no effect."]
-    #[doc = ""]
-    #[doc = " \\note            For #MBEDTLS_CIPHER_CHACHA20, the nonce length must"]
-    #[doc = "                  be 12, and the initial counter value is 0."]
-    #[doc = ""]
-    #[doc = " \\note            For #MBEDTLS_CIPHER_CHACHA20_POLY1305, the nonce length"]
-    #[doc = "                  must be 12."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The generic cipher context. This must be initialized and"]
-    #[doc = "                  bound to a cipher information structure."]
-    #[doc = " \\param iv        The IV to use, or NONCE_COUNTER for CTR-mode ciphers. This"]
-    #[doc = "                  must be a readable buffer of at least \\p iv_len Bytes."]
-    #[doc = " \\param iv_len    The IV length for ciphers with variable-size IV."]
-    #[doc = "                  This parameter is discarded by ciphers with fixed-size IV."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on"]
-    #[doc = "                  parameter-verification failure."]
-    pub fn mbedtls_cipher_set_iv(
-        ctx: *mut mbedtls_cipher_context_t,
-        iv: *const crate::c_types::c_uchar,
-        iv_len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief         This function resets the cipher state."]
-    #[doc = ""]
-    #[doc = " \\note          With non-AEAD ciphers, the order of calls for each message"]
-    #[doc = "                is as follows:"]
-    #[doc = "                1. mbedtls_cipher_set_iv() if the mode uses an IV/nonce."]
-    #[doc = "                2. mbedtls_cipher_reset()"]
-    #[doc = "                3. mbedtls_cipher_update() one or more times"]
-    #[doc = "                4. mbedtls_cipher_finish()"]
-    #[doc = "                ."]
-    #[doc = "                This sequence can be repeated to encrypt or decrypt multiple"]
-    #[doc = "                messages with the same key."]
-    #[doc = ""]
-    #[doc = " \\note          With AEAD ciphers, the order of calls for each message"]
-    #[doc = "                is as follows:"]
-    #[doc = "                1. mbedtls_cipher_set_iv() if the mode uses an IV/nonce."]
-    #[doc = "                2. mbedtls_cipher_reset()"]
-    #[doc = "                3. mbedtls_cipher_update_ad()"]
-    #[doc = "                4. mbedtls_cipher_update() one or more times"]
-    #[doc = "                5. mbedtls_cipher_finish()"]
-    #[doc = "                6. mbedtls_cipher_check_tag() (for decryption) or"]
-    #[doc = "                mbedtls_cipher_write_tag() (for encryption)."]
-    #[doc = "                ."]
-    #[doc = "                This sequence can be repeated to encrypt or decrypt multiple"]
-    #[doc = "                messages with the same key."]
-    #[doc = ""]
-    #[doc = " \\param ctx     The generic cipher context. This must be bound to a key."]
-    #[doc = ""]
-    #[doc = " \\return        \\c 0 on success."]
-    #[doc = " \\return        #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on"]
-    #[doc = "                parameter-verification failure."]
-    pub fn mbedtls_cipher_reset(ctx: *mut mbedtls_cipher_context_t) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief               This function adds additional data for AEAD ciphers."]
-    #[doc = "                      Currently supported with GCM and ChaCha20+Poly1305."]
-    #[doc = ""]
-    #[doc = " \\param ctx           The generic cipher context. This must be initialized."]
-    #[doc = " \\param ad            The additional data to use. This must be a readable"]
-    #[doc = "                      buffer of at least \\p ad_len Bytes."]
-    #[doc = " \\param ad_len        The length of \\p ad in Bytes."]
-    #[doc = ""]
-    #[doc = " \\return              \\c 0 on success."]
-    #[doc = " \\return              A specific error code on failure."]
-    pub fn mbedtls_cipher_update_ad(
-        ctx: *mut mbedtls_cipher_context_t,
-        ad: *const crate::c_types::c_uchar,
-        ad_len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief               The generic cipher update function. It encrypts or"]
-    #[doc = "                      decrypts using the given cipher context. Writes as"]
-    #[doc = "                      many block-sized blocks of data as possible to output."]
-    #[doc = "                      Any data that cannot be written immediately is either"]
-    #[doc = "                      added to the next block, or flushed when"]
-    #[doc = "                      mbedtls_cipher_finish() is called."]
-    #[doc = "                      Exception: For MBEDTLS_MODE_ECB, expects a single block"]
-    #[doc = "                      in size. For example, 16 Bytes for AES."]
-    #[doc = ""]
-    #[doc = " \\param ctx           The generic cipher context. This must be initialized and"]
-    #[doc = "                      bound to a key."]
-    #[doc = " \\param input         The buffer holding the input data. This must be a"]
-    #[doc = "                      readable buffer of at least \\p ilen Bytes."]
-    #[doc = " \\param ilen          The length of the input data."]
-    #[doc = " \\param output        The buffer for the output data. This must be able to"]
-    #[doc = "                      hold at least `ilen + block_size`. This must not be the"]
-    #[doc = "                      same buffer as \\p input."]
-    #[doc = " \\param olen          The length of the output data, to be updated with the"]
-    #[doc = "                      actual number of Bytes written. This must not be"]
-    #[doc = "                      \\c NULL."]
-    #[doc = ""]
-    #[doc = " \\return              \\c 0 on success."]
-    #[doc = " \\return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on"]
-    #[doc = "                      parameter-verification failure."]
-    #[doc = " \\return              #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an"]
-    #[doc = "                      unsupported mode for a cipher."]
-    #[doc = " \\return              A cipher-specific error code on failure."]
-    pub fn mbedtls_cipher_update(
-        ctx: *mut mbedtls_cipher_context_t,
-        input: *const crate::c_types::c_uchar,
-        ilen: size_t,
-        output: *mut crate::c_types::c_uchar,
-        olen: *mut size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief               The generic cipher finalization function. If data still"]
-    #[doc = "                      needs to be flushed from an incomplete block, the data"]
-    #[doc = "                      contained in it is padded to the size of"]
-    #[doc = "                      the last block, and written to the \\p output buffer."]
-    #[doc = ""]
-    #[doc = " \\param ctx           The generic cipher context. This must be initialized and"]
-    #[doc = "                      bound to a key."]
-    #[doc = " \\param output        The buffer to write data to. This needs to be a writable"]
-    #[doc = "                      buffer of at least \\p block_size Bytes."]
-    #[doc = " \\param olen          The length of the data written to the \\p output buffer."]
-    #[doc = "                      This may not be \\c NULL."]
-    #[doc = ""]
-    #[doc = " \\return              \\c 0 on success."]
-    #[doc = " \\return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on"]
-    #[doc = "                      parameter-verification failure."]
-    #[doc = " \\return              #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED on decryption"]
-    #[doc = "                      expecting a full block but not receiving one."]
-    #[doc = " \\return              #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding"]
-    #[doc = "                      while decrypting."]
-    #[doc = " \\return              A cipher-specific error code on failure."]
-    pub fn mbedtls_cipher_finish(
-        ctx: *mut mbedtls_cipher_context_t,
-        output: *mut crate::c_types::c_uchar,
-        olen: *mut size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief               This function writes a tag for AEAD ciphers."]
-    #[doc = "                      Currently supported with GCM and ChaCha20+Poly1305."]
-    #[doc = "                      This must be called after mbedtls_cipher_finish()."]
-    #[doc = ""]
-    #[doc = " \\param ctx           The generic cipher context. This must be initialized,"]
-    #[doc = "                      bound to a key, and have just completed a cipher"]
-    #[doc = "                      operation through mbedtls_cipher_finish() the tag for"]
-    #[doc = "                      which should be written."]
-    #[doc = " \\param tag           The buffer to write the tag to. This must be a writable"]
-    #[doc = "                      buffer of at least \\p tag_len Bytes."]
-    #[doc = " \\param tag_len       The length of the tag to write."]
-    #[doc = ""]
-    #[doc = " \\return              \\c 0 on success."]
-    #[doc = " \\return              A specific error code on failure."]
-    pub fn mbedtls_cipher_write_tag(
-        ctx: *mut mbedtls_cipher_context_t,
-        tag: *mut crate::c_types::c_uchar,
-        tag_len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief               This function checks the tag for AEAD ciphers."]
-    #[doc = "                      Currently supported with GCM and ChaCha20+Poly1305."]
-    #[doc = "                      This must be called after mbedtls_cipher_finish()."]
-    #[doc = ""]
-    #[doc = " \\param ctx           The generic cipher context. This must be initialized."]
-    #[doc = " \\param tag           The buffer holding the tag. This must be a readable"]
-    #[doc = "                      buffer of at least \\p tag_len Bytes."]
-    #[doc = " \\param tag_len       The length of the tag to check."]
-    #[doc = ""]
-    #[doc = " \\return              \\c 0 on success."]
-    #[doc = " \\return              A specific error code on failure."]
-    pub fn mbedtls_cipher_check_tag(
-        ctx: *mut mbedtls_cipher_context_t,
-        tag: *const crate::c_types::c_uchar,
-        tag_len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief               The generic all-in-one encryption/decryption function,"]
-    #[doc = "                      for all ciphers except AEAD constructs."]
-    #[doc = ""]
-    #[doc = " \\param ctx           The generic cipher context. This must be initialized."]
-    #[doc = " \\param iv            The IV to use, or NONCE_COUNTER for CTR-mode ciphers."]
-    #[doc = "                      This must be a readable buffer of at least \\p iv_len"]
-    #[doc = "                      Bytes."]
-    #[doc = " \\param iv_len        The IV length for ciphers with variable-size IV."]
-    #[doc = "                      This parameter is discarded by ciphers with fixed-size"]
-    #[doc = "                      IV."]
-    #[doc = " \\param input         The buffer holding the input data. This must be a"]
-    #[doc = "                      readable buffer of at least \\p ilen Bytes."]
-    #[doc = " \\param ilen          The length of the input data in Bytes."]
-    #[doc = " \\param output        The buffer for the output data. This must be able to"]
-    #[doc = "                      hold at least `ilen + block_size`. This must not be the"]
-    #[doc = "                      same buffer as \\p input."]
-    #[doc = " \\param olen          The length of the output data, to be updated with the"]
-    #[doc = "                      actual number of Bytes written. This must not be"]
-    #[doc = "                      \\c NULL."]
-    #[doc = ""]
-    #[doc = " \\note                Some ciphers do not use IVs nor nonce. For these"]
-    #[doc = "                      ciphers, use \\p iv = NULL and \\p iv_len = 0."]
-    #[doc = ""]
-    #[doc = " \\return              \\c 0 on success."]
-    #[doc = " \\return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on"]
-    #[doc = "                      parameter-verification failure."]
-    #[doc = " \\return              #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED on decryption"]
-    #[doc = "                      expecting a full block but not receiving one."]
-    #[doc = " \\return              #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding"]
-    #[doc = "                      while decrypting."]
-    #[doc = " \\return              A cipher-specific error code on failure."]
-    pub fn mbedtls_cipher_crypt(
-        ctx: *mut mbedtls_cipher_context_t,
-        iv: *const crate::c_types::c_uchar,
-        iv_len: size_t,
-        input: *const crate::c_types::c_uchar,
-        ilen: size_t,
-        output: *mut crate::c_types::c_uchar,
-        olen: *mut size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief               The authenticated encryption (AEAD/NIST_KW) function."]
-    #[doc = ""]
-    #[doc = " \\note                For AEAD modes, the tag will be appended to the"]
-    #[doc = "                      ciphertext, as recommended by RFC 5116."]
-    #[doc = "                      (NIST_KW doesn't have a separate tag.)"]
-    #[doc = ""]
-    #[doc = " \\param ctx           The generic cipher context. This must be initialized and"]
-    #[doc = "                      bound to a key, with an AEAD algorithm or NIST_KW."]
-    #[doc = " \\param iv            The nonce to use. This must be a readable buffer of"]
-    #[doc = "                      at least \\p iv_len Bytes and may be \\c NULL if \\p"]
-    #[doc = "                      iv_len is \\c 0."]
-    #[doc = " \\param iv_len        The length of the nonce. For AEAD ciphers, this must"]
-    #[doc = "                      satisfy the constraints imposed by the cipher used."]
-    #[doc = "                      For NIST_KW, this must be \\c 0."]
-    #[doc = " \\param ad            The additional data to authenticate. This must be a"]
-    #[doc = "                      readable buffer of at least \\p ad_len Bytes, and may"]
-    #[doc = "                      be \\c NULL is \\p ad_len is \\c 0."]
-    #[doc = " \\param ad_len        The length of \\p ad. For NIST_KW, this must be \\c 0."]
-    #[doc = " \\param input         The buffer holding the input data. This must be a"]
-    #[doc = "                      readable buffer of at least \\p ilen Bytes, and may be"]
-    #[doc = "                      \\c NULL if \\p ilen is \\c 0."]
-    #[doc = " \\param ilen          The length of the input data."]
-    #[doc = " \\param output        The buffer for the output data. This must be a"]
-    #[doc = "                      writable buffer of at least \\p output_len Bytes, and"]
-    #[doc = "                      must not be \\c NULL."]
-    #[doc = " \\param output_len    The length of the \\p output buffer in Bytes. For AEAD"]
-    #[doc = "                      ciphers, this must be at least \\p ilen + \\p tag_len."]
-    #[doc = "                      For NIST_KW, this must be at least \\p ilen + 8"]
-    #[doc = "                      (rounded up to a multiple of 8 if KWP is used);"]
-    #[doc = "                      \\p ilen + 15 is always a safe value."]
-    #[doc = " \\param olen          This will be filled with the actual number of Bytes"]
-    #[doc = "                      written to the \\p output buffer. This must point to a"]
-    #[doc = "                      writable object of type \\c size_t."]
-    #[doc = " \\param tag_len       The desired length of the authentication tag. For AEAD"]
-    #[doc = "                      ciphers, this must match the constraints imposed by"]
-    #[doc = "                      the cipher used, and in particular must not be \\c 0."]
-    #[doc = "                      For NIST_KW, this must be \\c 0."]
-    #[doc = ""]
-    #[doc = " \\return              \\c 0 on success."]
-    #[doc = " \\return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on"]
-    #[doc = "                      parameter-verification failure."]
-    #[doc = " \\return              A cipher-specific error code on failure."]
-    pub fn mbedtls_cipher_auth_encrypt_ext(
-        ctx: *mut mbedtls_cipher_context_t,
-        iv: *const crate::c_types::c_uchar,
-        iv_len: size_t,
-        ad: *const crate::c_types::c_uchar,
-        ad_len: size_t,
-        input: *const crate::c_types::c_uchar,
-        ilen: size_t,
-        output: *mut crate::c_types::c_uchar,
-        output_len: size_t,
-        olen: *mut size_t,
-        tag_len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief               The authenticated encryption (AEAD/NIST_KW) function."]
-    #[doc = ""]
-    #[doc = " \\note                If the data is not authentic, then the output buffer"]
-    #[doc = "                      is zeroed out to prevent the unauthentic plaintext being"]
-    #[doc = "                      used, making this interface safer."]
-    #[doc = ""]
-    #[doc = " \\note                For AEAD modes, the tag must be appended to the"]
-    #[doc = "                      ciphertext, as recommended by RFC 5116."]
-    #[doc = "                      (NIST_KW doesn't have a separate tag.)"]
-    #[doc = ""]
-    #[doc = " \\param ctx           The generic cipher context. This must be initialized and"]
-    #[doc = "                      bound to a key, with an AEAD algorithm or NIST_KW."]
-    #[doc = " \\param iv            The nonce to use. This must be a readable buffer of"]
-    #[doc = "                      at least \\p iv_len Bytes and may be \\c NULL if \\p"]
-    #[doc = "                      iv_len is \\c 0."]
-    #[doc = " \\param iv_len        The length of the nonce. For AEAD ciphers, this must"]
-    #[doc = "                      satisfy the constraints imposed by the cipher used."]
-    #[doc = "                      For NIST_KW, this must be \\c 0."]
-    #[doc = " \\param ad            The additional data to authenticate. This must be a"]
-    #[doc = "                      readable buffer of at least \\p ad_len Bytes, and may"]
-    #[doc = "                      be \\c NULL is \\p ad_len is \\c 0."]
-    #[doc = " \\param ad_len        The length of \\p ad. For NIST_KW, this must be \\c 0."]
-    #[doc = " \\param input         The buffer holding the input data. This must be a"]
-    #[doc = "                      readable buffer of at least \\p ilen Bytes, and may be"]
-    #[doc = "                      \\c NULL if \\p ilen is \\c 0."]
-    #[doc = " \\param ilen          The length of the input data. For AEAD ciphers this"]
-    #[doc = "                      must be at least \\p tag_len. For NIST_KW this must be"]
-    #[doc = "                      at least \\c 8."]
-    #[doc = " \\param output        The buffer for the output data. This must be a"]
-    #[doc = "                      writable buffer of at least \\p output_len Bytes, and"]
-    #[doc = "                      may be \\c NULL if \\p output_len is \\c 0."]
-    #[doc = " \\param output_len    The length of the \\p output buffer in Bytes. For AEAD"]
-    #[doc = "                      ciphers, this must be at least \\p ilen - \\p tag_len."]
-    #[doc = "                      For NIST_KW, this must be at least \\p ilen - 8."]
-    #[doc = " \\param olen          This will be filled with the actual number of Bytes"]
-    #[doc = "                      written to the \\p output buffer. This must point to a"]
-    #[doc = "                      writable object of type \\c size_t."]
-    #[doc = " \\param tag_len       The actual length of the authentication tag. For AEAD"]
-    #[doc = "                      ciphers, this must match the constraints imposed by"]
-    #[doc = "                      the cipher used, and in particular must not be \\c 0."]
-    #[doc = "                      For NIST_KW, this must be \\c 0."]
-    #[doc = ""]
-    #[doc = " \\return              \\c 0 on success."]
-    #[doc = " \\return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on"]
-    #[doc = "                      parameter-verification failure."]
-    #[doc = " \\return              #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic."]
-    #[doc = " \\return              A cipher-specific error code on failure."]
-    pub fn mbedtls_cipher_auth_decrypt_ext(
-        ctx: *mut mbedtls_cipher_context_t,
-        iv: *const crate::c_types::c_uchar,
-        iv_len: size_t,
-        ad: *const crate::c_types::c_uchar,
-        ad_len: size_t,
-        input: *const crate::c_types::c_uchar,
-        ilen: size_t,
-        output: *mut crate::c_types::c_uchar,
-        output_len: size_t,
-        olen: *mut size_t,
-        tag_len: size_t,
-    ) -> crate::c_types::c_int;
-}
-pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_NONE: mbedtls_key_exchange_type_t = 0;
-pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_RSA: mbedtls_key_exchange_type_t = 1;
-pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_DHE_RSA: mbedtls_key_exchange_type_t = 2;
-pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: mbedtls_key_exchange_type_t =
-    3;
-pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
-    mbedtls_key_exchange_type_t = 4;
-pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_PSK: mbedtls_key_exchange_type_t = 5;
-pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_DHE_PSK: mbedtls_key_exchange_type_t = 6;
-pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_RSA_PSK: mbedtls_key_exchange_type_t = 7;
-pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: mbedtls_key_exchange_type_t =
-    8;
-pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_ECDH_RSA: mbedtls_key_exchange_type_t =
-    9;
-pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: mbedtls_key_exchange_type_t =
-    10;
-pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_ECJPAKE: mbedtls_key_exchange_type_t =
-    11;
-pub type mbedtls_key_exchange_type_t = crate::c_types::c_uint;
-#[doc = " \\brief   This structure is used for storing ciphersuite information"]
-#[doc = ""]
-#[doc = " \\note    members are defined using integral types instead of enums"]
-#[doc = "          in order to pack structure and reduce memory usage by internal"]
-#[doc = "          \\c ciphersuite_definitions[]"]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_ssl_ciphersuite_t {
-    pub private_id: crate::c_types::c_int,
-    pub private_name: *const crate::c_types::c_char,
-    pub private_cipher: u8,
-    pub private_mac: u8,
-    pub private_key_exchange: u8,
-    pub private_flags: u8,
-    pub private_min_tls_version: u16,
-    pub private_max_tls_version: u16,
-}
-extern "C" {
-    pub fn mbedtls_ssl_list_ciphersuites() -> *const crate::c_types::c_int;
-}
-extern "C" {
-    pub fn mbedtls_ssl_ciphersuite_from_string(
-        ciphersuite_name: *const crate::c_types::c_char,
-    ) -> *const mbedtls_ssl_ciphersuite_t;
-}
-extern "C" {
-    pub fn mbedtls_ssl_ciphersuite_from_id(
-        ciphersuite_id: crate::c_types::c_int,
-    ) -> *const mbedtls_ssl_ciphersuite_t;
-}
-extern "C" {
-    pub fn mbedtls_ssl_get_ciphersuite_sig_pk_alg(
-        info: *const mbedtls_ssl_ciphersuite_t,
-    ) -> mbedtls_pk_type_t;
-}
-extern "C" {
-    pub fn mbedtls_ssl_get_ciphersuite_sig_alg(
-        info: *const mbedtls_ssl_ciphersuite_t,
-    ) -> mbedtls_pk_type_t;
-}
-extern "C" {
-    pub fn mbedtls_ssl_ciphersuite_uses_ec(
-        info: *const mbedtls_ssl_ciphersuite_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    pub fn mbedtls_ssl_ciphersuite_uses_psk(
-        info: *const mbedtls_ssl_ciphersuite_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    pub fn mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(
-        info: *const mbedtls_ssl_ciphersuite_t,
-    ) -> size_t;
-}
-#[doc = " The type of the context passed to mbedtls_psa_external_get_random()."]
-#[doc = ""]
-#[doc = " Mbed TLS initializes the context to all-bits-zero before calling"]
-#[doc = " mbedtls_psa_external_get_random() for the first time."]
-#[doc = ""]
-#[doc = " The definition of this type in the Mbed TLS source code is for"]
-#[doc = " demonstration purposes. Implementers of mbedtls_psa_external_get_random()"]
-#[doc = " are expected to replace it with a custom definition."]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_psa_external_random_context_t {
-    pub private_opaque: [usize; 2usize],
-}
-pub type psa_status_t = i32;
-#[doc = " \\brief Encoding of a key type."]
-#[doc = ""]
-#[doc = " Values of this type are generally constructed by macros called"]
-#[doc = " `PSA_KEY_TYPE_xxx`."]
-#[doc = ""]
-#[doc = " \\note Values of this type are encoded in the persistent key store."]
-#[doc = "       Any changes to existing values will require bumping the storage"]
-#[doc = "       format version and providing a translation when reading the old"]
-#[doc = "       format."]
-pub type psa_key_type_t = u16;
-#[doc = " The type of PSA elliptic curve family identifiers."]
-#[doc = ""]
-#[doc = " Values of this type are generally constructed by macros called"]
-#[doc = " `PSA_ECC_FAMILY_xxx`."]
-#[doc = ""]
-#[doc = " The curve identifier is required to create an ECC key using the"]
-#[doc = " PSA_KEY_TYPE_ECC_KEY_PAIR() or PSA_KEY_TYPE_ECC_PUBLIC_KEY()"]
-#[doc = " macros."]
-#[doc = ""]
-#[doc = " Values defined by this standard will never be in the range 0x80-0xff."]
-#[doc = " Vendors who define additional families must use an encoding in this range."]
-#[doc = ""]
-#[doc = " \\note Values of this type are encoded in the persistent key store."]
-#[doc = "       Any changes to existing values will require bumping the storage"]
-#[doc = "       format version and providing a translation when reading the old"]
-#[doc = "       format."]
-pub type psa_ecc_family_t = u8;
-#[doc = " The type of PSA Diffie-Hellman group family identifiers."]
-#[doc = ""]
-#[doc = " Values of this type are generally constructed by macros called"]
-#[doc = " `PSA_DH_FAMILY_xxx`."]
-#[doc = ""]
-#[doc = " The group identifier is required to create a Diffie-Hellman key using the"]
-#[doc = " PSA_KEY_TYPE_DH_KEY_PAIR() or PSA_KEY_TYPE_DH_PUBLIC_KEY()"]
-#[doc = " macros."]
-#[doc = ""]
-#[doc = " Values defined by this standard will never be in the range 0x80-0xff."]
-#[doc = " Vendors who define additional families must use an encoding in this range."]
-#[doc = ""]
-#[doc = " \\note Values of this type are encoded in the persistent key store."]
-#[doc = "       Any changes to existing values will require bumping the storage"]
-#[doc = "       format version and providing a translation when reading the old"]
-#[doc = "       format."]
-pub type psa_dh_family_t = u8;
-#[doc = " \\brief Encoding of a cryptographic algorithm."]
-#[doc = ""]
-#[doc = " Values of this type are generally constructed by macros called"]
-#[doc = " `PSA_ALG_xxx`."]
-#[doc = ""]
-#[doc = " For algorithms that can be applied to multiple key types, this type"]
-#[doc = " does not encode the key type. For example, for symmetric ciphers"]
-#[doc = " based on a block cipher, #psa_algorithm_t encodes the block cipher"]
-#[doc = " mode and the padding mode while the block cipher itself is encoded"]
-#[doc = " via #psa_key_type_t."]
-#[doc = ""]
-#[doc = " \\note Values of this type are encoded in the persistent key store."]
-#[doc = "       Any changes to existing values will require bumping the storage"]
-#[doc = "       format version and providing a translation when reading the old"]
-#[doc = "       format."]
-pub type psa_algorithm_t = u32;
-#[doc = " Encoding of key lifetimes."]
-#[doc = ""]
-#[doc = " The lifetime of a key indicates where it is stored and what system actions"]
-#[doc = " may create and destroy it."]
-#[doc = ""]
-#[doc = " Lifetime values have the following structure:"]
-#[doc = " - Bits 0-7 (#PSA_KEY_LIFETIME_GET_PERSISTENCE(\\c lifetime)):"]
-#[doc = "   persistence level. This value indicates what device management"]
-#[doc = "   actions can cause it to be destroyed. In particular, it indicates"]
-#[doc = "   whether the key is _volatile_ or _persistent_."]
-#[doc = "   See ::psa_key_persistence_t for more information."]
-#[doc = " - Bits 8-31 (#PSA_KEY_LIFETIME_GET_LOCATION(\\c lifetime)):"]
-#[doc = "   location indicator. This value indicates which part of the system"]
-#[doc = "   has access to the key material and can perform operations using the key."]
-#[doc = "   See ::psa_key_location_t for more information."]
-#[doc = ""]
-#[doc = " Volatile keys are automatically destroyed when the application instance"]
-#[doc = " terminates or on a power reset of the device. Persistent keys are"]
-#[doc = " preserved until the application explicitly destroys them or until an"]
-#[doc = " integration-specific device management event occurs (for example,"]
-#[doc = " a factory reset)."]
-#[doc = ""]
-#[doc = " Persistent keys have a key identifier of type #mbedtls_svc_key_id_t."]
-#[doc = " This identifier remains valid throughout the lifetime of the key,"]
-#[doc = " even if the application instance that created the key terminates."]
-#[doc = " The application can call psa_open_key() to open a persistent key that"]
-#[doc = " it created previously."]
-#[doc = ""]
-#[doc = " The default lifetime of a key is #PSA_KEY_LIFETIME_VOLATILE. The lifetime"]
-#[doc = " #PSA_KEY_LIFETIME_PERSISTENT is supported if persistent storage is"]
-#[doc = " available. Other lifetime values may be supported depending on the"]
-#[doc = " library configuration."]
-#[doc = ""]
-#[doc = " Values of this type are generally constructed by macros called"]
-#[doc = " `PSA_KEY_LIFETIME_xxx`."]
-#[doc = ""]
-#[doc = " \\note Values of this type are encoded in the persistent key store."]
-#[doc = "       Any changes to existing values will require bumping the storage"]
-#[doc = "       format version and providing a translation when reading the old"]
-#[doc = "       format."]
-pub type psa_key_lifetime_t = u32;
-#[doc = " Encoding of key persistence levels."]
-#[doc = ""]
-#[doc = " What distinguishes different persistence levels is what device management"]
-#[doc = " events may cause keys to be destroyed. _Volatile_ keys are destroyed"]
-#[doc = " by a power reset. Persistent keys may be destroyed by events such as"]
-#[doc = " a transfer of ownership or a factory reset. What management events"]
-#[doc = " actually affect persistent keys at different levels is outside the"]
-#[doc = " scope of the PSA Cryptography specification."]
-#[doc = ""]
-#[doc = " The PSA Cryptography specification defines the following values of"]
-#[doc = " persistence levels:"]
-#[doc = " - \\c 0 = #PSA_KEY_PERSISTENCE_VOLATILE: volatile key."]
-#[doc = "   A volatile key is automatically destroyed by the implementation when"]
-#[doc = "   the application instance terminates. In particular, a volatile key"]
-#[doc = "   is automatically destroyed on a power reset of the device."]
-#[doc = " - \\c 1 = #PSA_KEY_PERSISTENCE_DEFAULT:"]
-#[doc = "   persistent key with a default lifetime."]
-#[doc = " - \\c 2-254: currently not supported by Mbed TLS."]
-#[doc = " - \\c 255 = #PSA_KEY_PERSISTENCE_READ_ONLY:"]
-#[doc = "   read-only or write-once key."]
-#[doc = "   A key with this persistence level cannot be destroyed."]
-#[doc = "   Mbed TLS does not currently offer a way to create such keys, but"]
-#[doc = "   integrations of Mbed TLS can use it for built-in keys that the"]
-#[doc = "   application cannot modify (for example, a hardware unique key (HUK))."]
-#[doc = ""]
-#[doc = " \\note Key persistence levels are 8-bit values. Key management"]
-#[doc = "       interfaces operate on lifetimes (type ::psa_key_lifetime_t) which"]
-#[doc = "       encode the persistence as the lower 8 bits of a 32-bit value."]
-#[doc = ""]
-#[doc = " \\note Values of this type are encoded in the persistent key store."]
-#[doc = "       Any changes to existing values will require bumping the storage"]
-#[doc = "       format version and providing a translation when reading the old"]
-#[doc = "       format."]
-pub type psa_key_persistence_t = u8;
-#[doc = " Encoding of key location indicators."]
-#[doc = ""]
-#[doc = " If an integration of Mbed TLS can make calls to external"]
-#[doc = " cryptoprocessors such as secure elements, the location of a key"]
-#[doc = " indicates which secure element performs the operations on the key."]
-#[doc = " Depending on the design of the secure element, the key"]
-#[doc = " material may be stored either in the secure element, or"]
-#[doc = " in wrapped (encrypted) form alongside the key metadata in the"]
-#[doc = " primary local storage."]
-#[doc = ""]
-#[doc = " The PSA Cryptography API specification defines the following values of"]
-#[doc = " location indicators:"]
-#[doc = " - \\c 0: primary local storage."]
-#[doc = "   This location is always available."]
-#[doc = "   The primary local storage is typically the same storage area that"]
-#[doc = "   contains the key metadata."]
-#[doc = " - \\c 1: primary secure element."]
-#[doc = "   Integrations of Mbed TLS should support this value if there is a secure"]
-#[doc = "   element attached to the operating environment."]
-#[doc = "   As a guideline, secure elements may provide higher resistance against"]
-#[doc = "   side channel and physical attacks than the primary local storage, but may"]
-#[doc = "   have restrictions on supported key types, sizes, policies and operations"]
-#[doc = "   and may have different performance characteristics."]
-#[doc = " - \\c 2-0x7fffff: other locations defined by a PSA specification."]
-#[doc = "   The PSA Cryptography API does not currently assign any meaning to these"]
-#[doc = "   locations, but future versions of that specification or other PSA"]
-#[doc = "   specifications may do so."]
-#[doc = " - \\c 0x800000-0xffffff: vendor-defined locations."]
-#[doc = "   No PSA specification will assign a meaning to locations in this range."]
-#[doc = ""]
-#[doc = " \\note Key location indicators are 24-bit values. Key management"]
-#[doc = "       interfaces operate on lifetimes (type ::psa_key_lifetime_t) which"]
-#[doc = "       encode the location as the upper 24 bits of a 32-bit value."]
-#[doc = ""]
-#[doc = " \\note Values of this type are encoded in the persistent key store."]
-#[doc = "       Any changes to existing values will require bumping the storage"]
-#[doc = "       format version and providing a translation when reading the old"]
-#[doc = "       format."]
-pub type psa_key_location_t = u32;
-#[doc = " Encoding of identifiers of persistent keys."]
-#[doc = ""]
-#[doc = " - Applications may freely choose key identifiers in the range"]
-#[doc = "   #PSA_KEY_ID_USER_MIN to #PSA_KEY_ID_USER_MAX."]
-#[doc = " - The implementation may define additional key identifiers in the range"]
-#[doc = "   #PSA_KEY_ID_VENDOR_MIN to #PSA_KEY_ID_VENDOR_MAX."]
-#[doc = " - 0 is reserved as an invalid key identifier."]
-#[doc = " - Key identifiers outside these ranges are reserved for future use."]
-#[doc = ""]
-#[doc = " \\note Values of this type are encoded in the persistent key store."]
-#[doc = "       Any changes to how values are allocated must require careful"]
-#[doc = "       consideration to allow backward compatibility."]
-pub type psa_key_id_t = u32;
-pub type mbedtls_svc_key_id_t = psa_key_id_t;
-#[doc = " \\brief Encoding of permitted usage on a key."]
-#[doc = ""]
-#[doc = " Values of this type are generally constructed as bitwise-ors of macros"]
-#[doc = " called `PSA_KEY_USAGE_xxx`."]
-#[doc = ""]
-#[doc = " \\note Values of this type are encoded in the persistent key store."]
-#[doc = "       Any changes to existing values will require bumping the storage"]
-#[doc = "       format version and providing a translation when reading the old"]
-#[doc = "       format."]
-pub type psa_key_usage_t = u32;
-#[doc = " The type of a structure containing key attributes."]
-#[doc = ""]
-#[doc = " This is an opaque structure that can represent the metadata of a key"]
-#[doc = " object. Metadata that can be stored in attributes includes:"]
-#[doc = " - The location of the key in storage, indicated by its key identifier"]
-#[doc = "   and its lifetime."]
-#[doc = " - The key's policy, comprising usage flags and a specification of"]
-#[doc = "   the permitted algorithm(s)."]
-#[doc = " - Information about the key itself: the key type and its size."]
-#[doc = " - Additional implementation-defined attributes."]
-#[doc = ""]
-#[doc = " The actual key material is not considered an attribute of a key."]
-#[doc = " Key attributes do not contain information that is generally considered"]
-#[doc = " highly confidential."]
-#[doc = ""]
-#[doc = " An attribute structure works like a simple data structure where each function"]
-#[doc = " `psa_set_key_xxx` sets a field and the corresponding function"]
-#[doc = " `psa_get_key_xxx` retrieves the value of the corresponding field."]
-#[doc = " However, a future version of the library  may report values that are"]
-#[doc = " equivalent to the original one, but have a different encoding. Invalid"]
-#[doc = " values may be mapped to different, also invalid values."]
-#[doc = ""]
-#[doc = " An attribute structure may contain references to auxiliary resources,"]
-#[doc = " for example pointers to allocated memory or indirect references to"]
-#[doc = " pre-calculated values. In order to free such resources, the application"]
-#[doc = " must call psa_reset_key_attributes(). As an exception, calling"]
-#[doc = " psa_reset_key_attributes() on an attribute structure is optional if"]
-#[doc = " the structure has only been modified by the following functions"]
-#[doc = " since it was initialized or last reset with psa_reset_key_attributes():"]
-#[doc = " - psa_set_key_id()"]
-#[doc = " - psa_set_key_lifetime()"]
-#[doc = " - psa_set_key_type()"]
-#[doc = " - psa_set_key_bits()"]
-#[doc = " - psa_set_key_usage_flags()"]
-#[doc = " - psa_set_key_algorithm()"]
-#[doc = ""]
-#[doc = " Before calling any function on a key attribute structure, the application"]
-#[doc = " must initialize it by any of the following means:"]
-#[doc = " - Set the structure to all-bits-zero, for example:"]
-#[doc = "   \\code"]
-#[doc = "   psa_key_attributes_t attributes;"]
-#[doc = "   memset(&attributes, 0, sizeof(attributes));"]
-#[doc = "   \\endcode"]
-#[doc = " - Initialize the structure to logical zero values, for example:"]
-#[doc = "   \\code"]
-#[doc = "   psa_key_attributes_t attributes = {0};"]
-#[doc = "   \\endcode"]
-#[doc = " - Initialize the structure to the initializer #PSA_KEY_ATTRIBUTES_INIT,"]
-#[doc = "   for example:"]
-#[doc = "   \\code"]
-#[doc = "   psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;"]
-#[doc = "   \\endcode"]
-#[doc = " - Assign the result of the function psa_key_attributes_init()"]
-#[doc = "   to the structure, for example:"]
-#[doc = "   \\code"]
-#[doc = "   psa_key_attributes_t attributes;"]
-#[doc = "   attributes = psa_key_attributes_init();"]
-#[doc = "   \\endcode"]
-#[doc = ""]
-#[doc = " A freshly initialized attribute structure contains the following"]
-#[doc = " values:"]
-#[doc = ""]
-#[doc = " - lifetime: #PSA_KEY_LIFETIME_VOLATILE."]
-#[doc = " - key identifier: 0 (which is not a valid key identifier)."]
-#[doc = " - type: \\c 0 (meaning that the type is unspecified)."]
-#[doc = " - key size: \\c 0 (meaning that the size is unspecified)."]
-#[doc = " - usage flags: \\c 0 (which allows no usage except exporting a public key)."]
-#[doc = " - algorithm: \\c 0 (which allows no cryptographic usage, but allows"]
-#[doc = "   exporting)."]
-#[doc = ""]
-#[doc = " A typical sequence to create a key is as follows:"]
-#[doc = " -# Create and initialize an attribute structure."]
-#[doc = " -# If the key is persistent, call psa_set_key_id()."]
-#[doc = "    Also call psa_set_key_lifetime() to place the key in a non-default"]
-#[doc = "    location."]
-#[doc = " -# Set the key policy with psa_set_key_usage_flags() and"]
-#[doc = "    psa_set_key_algorithm()."]
-#[doc = " -# Set the key type with psa_set_key_type()."]
-#[doc = "    Skip this step if copying an existing key with psa_copy_key()."]
-#[doc = " -# When generating a random key with psa_generate_key() or deriving a key"]
-#[doc = "    with psa_key_derivation_output_key(), set the desired key size with"]
-#[doc = "    psa_set_key_bits()."]
-#[doc = " -# Call a key creation function: psa_import_key(), psa_generate_key(),"]
-#[doc = "    psa_key_derivation_output_key() or psa_copy_key(). This function reads"]
-#[doc = "    the attribute structure, creates a key with these attributes, and"]
-#[doc = "    outputs a key identifier to the newly created key."]
-#[doc = " -# The attribute structure is now no longer necessary."]
-#[doc = "    You may call psa_reset_key_attributes(), although this is optional"]
-#[doc = "    with the workflow presented here because the attributes currently"]
-#[doc = "    defined in this specification do not require any additional resources"]
-#[doc = "    beyond the structure itself."]
-#[doc = ""]
-#[doc = " A typical sequence to query a key's attributes is as follows:"]
-#[doc = " -# Call psa_get_key_attributes()."]
-#[doc = " -# Call `psa_get_key_xxx` functions to retrieve the attribute(s) that"]
-#[doc = "    you are interested in."]
-#[doc = " -# Call psa_reset_key_attributes() to free any resources that may be"]
-#[doc = "    used by the attribute structure."]
-#[doc = ""]
-#[doc = " Once a key has been created, it is impossible to change its attributes."]
-pub type psa_key_attributes_t = psa_key_attributes_s;
-#[doc = " \\brief Encoding of the step of a key derivation."]
-#[doc = ""]
-#[doc = " Values of this type are generally constructed by macros called"]
-#[doc = " `PSA_KEY_DERIVATION_INPUT_xxx`."]
-pub type psa_key_derivation_step_t = u16;
-extern "C" {
-    #[doc = " \\brief Library initialization."]
-    #[doc = ""]
-    #[doc = " Applications must call this function before calling any other"]
-    #[doc = " function in this module."]
-    #[doc = ""]
-    #[doc = " Applications may call this function more than once. Once a call"]
-    #[doc = " succeeds, subsequent calls are guaranteed to succeed."]
-    #[doc = ""]
-    #[doc = " If the application calls other functions before calling psa_crypto_init(),"]
-    #[doc = " the behavior is undefined. Implementations are encouraged to either perform"]
-    #[doc = " the operation as if the library had been initialized or to return"]
-    #[doc = " #PSA_ERROR_BAD_STATE or some other applicable error. In particular,"]
-    #[doc = " implementations should not return a success status if the lack of"]
-    #[doc = " initialization may have security implications, for example due to improper"]
-    #[doc = " seeding of the random number generator."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_STORAGE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_ENTROPY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_DATA_INVALID \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_DATA_CORRUPT \\emptydescription"]
-    pub fn psa_crypto_init() -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Retrieve the attributes of a key."]
-    #[doc = ""]
-    #[doc = " This function first resets the attribute structure as with"]
-    #[doc = " psa_reset_key_attributes(). It then copies the attributes of"]
-    #[doc = " the given key into the given attribute structure."]
-    #[doc = ""]
-    #[doc = " \\note This function may allocate memory or other resources."]
-    #[doc = "       Once you have called this function on an attribute structure,"]
-    #[doc = "       you must call psa_reset_key_attributes() to free these resources."]
-    #[doc = ""]
-    #[doc = " \\param[in] key               Identifier of the key to query."]
-    #[doc = " \\param[in,out] attributes    On success, the attributes of the key."]
-    #[doc = "                              On failure, equivalent to a"]
-    #[doc = "                              freshly-initialized structure."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INVALID_HANDLE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_DATA_CORRUPT \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_DATA_INVALID \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_get_key_attributes(
-        key: mbedtls_svc_key_id_t,
-        attributes: *mut psa_key_attributes_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Reset a key attribute structure to a freshly initialized state."]
-    #[doc = ""]
-    #[doc = " You must initialize the attribute structure as described in the"]
-    #[doc = " documentation of the type #psa_key_attributes_t before calling this"]
-    #[doc = " function. Once the structure has been initialized, you may call this"]
-    #[doc = " function at any time."]
-    #[doc = ""]
-    #[doc = " This function frees any auxiliary resources that the structure"]
-    #[doc = " may contain."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] attributes    The attribute structure to reset."]
-    pub fn psa_reset_key_attributes(attributes: *mut psa_key_attributes_t);
-}
-extern "C" {
-    #[doc = " Remove non-essential copies of key material from memory."]
-    #[doc = ""]
-    #[doc = " If the key identifier designates a volatile key, this functions does not do"]
-    #[doc = " anything and returns successfully."]
-    #[doc = ""]
-    #[doc = " If the key identifier designates a persistent key, then this function will"]
-    #[doc = " free all resources associated with the key in volatile memory. The key"]
-    #[doc = " data in persistent storage is not affected and the key can still be used."]
-    #[doc = ""]
-    #[doc = " \\param key Identifier of the key to purge."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         The key material will have been removed from memory if it is not"]
-    #[doc = "         currently required."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT"]
-    #[doc = "         \\p key is not a valid key identifier."]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_purge_key(key: mbedtls_svc_key_id_t) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Make a copy of a key."]
-    #[doc = ""]
-    #[doc = " Copy key material from one location to another."]
-    #[doc = ""]
-    #[doc = " This function is primarily useful to copy a key from one location"]
-    #[doc = " to another, since it populates a key using the material from"]
-    #[doc = " another key which may have a different lifetime."]
-    #[doc = ""]
-    #[doc = " This function may be used to share a key with a different party,"]
-    #[doc = " subject to implementation-defined restrictions on key sharing."]
-    #[doc = ""]
-    #[doc = " The policy on the source key must have the usage flag"]
-    #[doc = " #PSA_KEY_USAGE_COPY set."]
-    #[doc = " This flag is sufficient to permit the copy if the key has the lifetime"]
-    #[doc = " #PSA_KEY_LIFETIME_VOLATILE or #PSA_KEY_LIFETIME_PERSISTENT."]
-    #[doc = " Some secure elements do not provide a way to copy a key without"]
-    #[doc = " making it extractable from the secure element. If a key is located"]
-    #[doc = " in such a secure element, then the key must have both usage flags"]
-    #[doc = " #PSA_KEY_USAGE_COPY and #PSA_KEY_USAGE_EXPORT in order to make"]
-    #[doc = " a copy of the key outside the secure element."]
-    #[doc = ""]
-    #[doc = " The resulting key may only be used in a way that conforms to"]
-    #[doc = " both the policy of the original key and the policy specified in"]
-    #[doc = " the \\p attributes parameter:"]
-    #[doc = " - The usage flags on the resulting key are the bitwise-and of the"]
-    #[doc = "   usage flags on the source policy and the usage flags in \\p attributes."]
-    #[doc = " - If both allow the same algorithm or wildcard-based"]
-    #[doc = "   algorithm policy, the resulting key has the same algorithm policy."]
-    #[doc = " - If either of the policies allows an algorithm and the other policy"]
-    #[doc = "   allows a wildcard-based algorithm policy that includes this algorithm,"]
-    #[doc = "   the resulting key allows the same algorithm."]
-    #[doc = " - If the policies do not allow any algorithm in common, this function"]
-    #[doc = "   fails with the status #PSA_ERROR_INVALID_ARGUMENT."]
-    #[doc = ""]
-    #[doc = " The effect of this function on implementation-defined attributes is"]
-    #[doc = " implementation-defined."]
-    #[doc = ""]
-    #[doc = " \\param source_key        The key to copy. It must allow the usage"]
-    #[doc = "                          #PSA_KEY_USAGE_COPY. If a private or secret key is"]
-    #[doc = "                          being copied outside of a secure element it must"]
-    #[doc = "                          also allow #PSA_KEY_USAGE_EXPORT."]
-    #[doc = " \\param[in] attributes    The attributes for the new key."]
-    #[doc = "                          They are used as follows:"]
-    #[doc = "                          - The key type and size may be 0. If either is"]
-    #[doc = "                            nonzero, it must match the corresponding"]
-    #[doc = "                            attribute of the source key."]
-    #[doc = "                          - The key location (the lifetime and, for"]
-    #[doc = "                            persistent keys, the key identifier) is"]
-    #[doc = "                            used directly."]
-    #[doc = "                          - The policy constraints (usage flags and"]
-    #[doc = "                            algorithm policy) are combined from"]
-    #[doc = "                            the source key and \\p attributes so that"]
-    #[doc = "                            both sets of restrictions apply, as"]
-    #[doc = "                            described in the documentation of this function."]
-    #[doc = " \\param[out] target_key   On success, an identifier for the newly created"]
-    #[doc = "                          key. For persistent keys, this is the key"]
-    #[doc = "                          identifier defined in \\p attributes."]
-    #[doc = "                          \\c 0 on failure."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INVALID_HANDLE"]
-    #[doc = "         \\p source_key is invalid."]
-    #[doc = " \\retval #PSA_ERROR_ALREADY_EXISTS"]
-    #[doc = "         This is an attempt to create a persistent key, and there is"]
-    #[doc = "         already a persistent key with the given identifier."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT"]
-    #[doc = "         The lifetime or identifier in \\p attributes are invalid, or"]
-    #[doc = "         the policy constraints on the source and specified in"]
-    #[doc = "         \\p attributes are incompatible, or"]
-    #[doc = "         \\p attributes specifies a key type or key size"]
-    #[doc = "         which does not match the attributes of the source key."]
-    #[doc = " \\retval #PSA_ERROR_NOT_PERMITTED"]
-    #[doc = "         The source key does not have the #PSA_KEY_USAGE_COPY usage flag, or"]
-    #[doc = "         the source key is not exportable and its lifetime does not"]
-    #[doc = "         allow copying it to the target's lifetime."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_STORAGE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_DATA_INVALID \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_DATA_CORRUPT \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_copy_key(
-        source_key: mbedtls_svc_key_id_t,
-        attributes: *const psa_key_attributes_t,
-        target_key: *mut mbedtls_svc_key_id_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " \\brief Destroy a key."]
-    #[doc = ""]
-    #[doc = " This function destroys a key from both volatile"]
-    #[doc = " memory and, if applicable, non-volatile storage. Implementations shall"]
-    #[doc = " make a best effort to ensure that the key material cannot be recovered."]
-    #[doc = ""]
-    #[doc = " This function also erases any metadata such as policies and frees"]
-    #[doc = " resources associated with the key."]
-    #[doc = ""]
-    #[doc = " If a key is currently in use in a multipart operation, then destroying the"]
-    #[doc = " key will cause the multipart operation to fail."]
-    #[doc = ""]
-    #[doc = " \\param key  Identifier of the key to erase. If this is \\c 0, do nothing and"]
-    #[doc = "             return #PSA_SUCCESS."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         \\p key was a valid identifier and the key material that it"]
-    #[doc = "         referred to has been erased. Alternatively, \\p key is \\c 0."]
-    #[doc = " \\retval #PSA_ERROR_NOT_PERMITTED"]
-    #[doc = "         The key cannot be erased because it is"]
-    #[doc = "         read-only, either due to a policy or due to physical restrictions."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_HANDLE"]
-    #[doc = "         \\p key is not a valid identifier nor \\c 0."]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE"]
-    #[doc = "         There was a failure in communication with the cryptoprocessor."]
-    #[doc = "         The key material may still be present in the cryptoprocessor."]
-    #[doc = " \\retval #PSA_ERROR_DATA_INVALID"]
-    #[doc = "         This error is typically a result of either storage corruption on a"]
-    #[doc = "         cleartext storage backend, or an attempt to read data that was"]
-    #[doc = "         written by an incompatible version of the library."]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE"]
-    #[doc = "         The storage is corrupted. Implementations shall make a best effort"]
-    #[doc = "         to erase key material even in this stage, however applications"]
-    #[doc = "         should be aware that it may be impossible to guarantee that the"]
-    #[doc = "         key material is not recoverable in such cases."]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED"]
-    #[doc = "         An unexpected condition which is not a storage corruption or"]
-    #[doc = "         a communication failure occurred. The cryptoprocessor may have"]
-    #[doc = "         been compromised."]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_destroy_key(key: mbedtls_svc_key_id_t) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " \\brief Import a key in binary format."]
-    #[doc = ""]
-    #[doc = " This function supports any output from psa_export_key(). Refer to the"]
-    #[doc = " documentation of psa_export_public_key() for the format of public keys"]
-    #[doc = " and to the documentation of psa_export_key() for the format for"]
-    #[doc = " other key types."]
-    #[doc = ""]
-    #[doc = " The key data determines the key size. The attributes may optionally"]
-    #[doc = " specify a key size; in this case it must match the size determined"]
-    #[doc = " from the key data. A key size of 0 in \\p attributes indicates that"]
-    #[doc = " the key size is solely determined by the key data."]
-    #[doc = ""]
-    #[doc = " Implementations must reject an attempt to import a key of size 0."]
-    #[doc = ""]
-    #[doc = " This specification supports a single format for each key type."]
-    #[doc = " Implementations may support other formats as long as the standard"]
-    #[doc = " format is supported. Implementations that support other formats"]
-    #[doc = " should ensure that the formats are clearly unambiguous so as to"]
-    #[doc = " minimize the risk that an invalid input is accidentally interpreted"]
-    #[doc = " according to a different format."]
-    #[doc = ""]
-    #[doc = " \\param[in] attributes    The attributes for the new key."]
-    #[doc = "                          The key size is always determined from the"]
-    #[doc = "                          \\p data buffer."]
-    #[doc = "                          If the key size in \\p attributes is nonzero,"]
-    #[doc = "                          it must be equal to the size from \\p data."]
-    #[doc = " \\param[out] key          On success, an identifier to the newly created key."]
-    #[doc = "                          For persistent keys, this is the key identifier"]
-    #[doc = "                          defined in \\p attributes."]
-    #[doc = "                          \\c 0 on failure."]
-    #[doc = " \\param[in] data    Buffer containing the key data. The content of this"]
-    #[doc = "                    buffer is interpreted according to the type declared"]
-    #[doc = "                    in \\p attributes."]
-    #[doc = "                    All implementations must support at least the format"]
-    #[doc = "                    described in the documentation"]
-    #[doc = "                    of psa_export_key() or psa_export_public_key() for"]
-    #[doc = "                    the chosen type. Implementations may allow other"]
-    #[doc = "                    formats, but should be conservative: implementations"]
-    #[doc = "                    should err on the side of rejecting content if it"]
-    #[doc = "                    may be erroneous (e.g. wrong type or truncated data)."]
-    #[doc = " \\param data_length Size of the \\p data buffer in bytes."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = "         If the key is persistent, the key material and the key's metadata"]
-    #[doc = "         have been saved to persistent storage."]
-    #[doc = " \\retval #PSA_ERROR_ALREADY_EXISTS"]
-    #[doc = "         This is an attempt to create a persistent key, and there is"]
-    #[doc = "         already a persistent key with the given identifier."]
-    #[doc = " \\retval #PSA_ERROR_NOT_SUPPORTED"]
-    #[doc = "         The key type or key size is not supported, either by the"]
-    #[doc = "         implementation in general or in this particular persistent location."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT"]
-    #[doc = "         The key attributes, as a whole, are invalid, or"]
-    #[doc = "         the key data is not correctly formatted, or"]
-    #[doc = "         the size in \\p attributes is nonzero and does not match the size"]
-    #[doc = "         of the key data."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_STORAGE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_DATA_CORRUPT \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_DATA_INVALID \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_import_key(
-        attributes: *const psa_key_attributes_t,
-        data: *const u8,
-        data_length: size_t,
-        key: *mut mbedtls_svc_key_id_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " \\brief Export a key in binary format."]
-    #[doc = ""]
-    #[doc = " The output of this function can be passed to psa_import_key() to"]
-    #[doc = " create an equivalent object."]
-    #[doc = ""]
-    #[doc = " If the implementation of psa_import_key() supports other formats"]
-    #[doc = " beyond the format specified here, the output from psa_export_key()"]
-    #[doc = " must use the representation specified here, not the original"]
-    #[doc = " representation."]
-    #[doc = ""]
-    #[doc = " For standard key types, the output format is as follows:"]
-    #[doc = ""]
-    #[doc = " - For symmetric keys (including MAC keys), the format is the"]
-    #[doc = "   raw bytes of the key."]
-    #[doc = " - For DES, the key data consists of 8 bytes. The parity bits must be"]
-    #[doc = "   correct."]
-    #[doc = " - For Triple-DES, the format is the concatenation of the"]
-    #[doc = "   two or three DES keys."]
-    #[doc = " - For RSA key pairs (#PSA_KEY_TYPE_RSA_KEY_PAIR), the format"]
-    #[doc = "   is the non-encrypted DER encoding of the representation defined by"]
-    #[doc = "   PKCS\\#1 (RFC 8017) as `RSAPrivateKey`, version 0."]
-    #[doc = "   ```"]
-    #[doc = "   RSAPrivateKey ::= SEQUENCE {"]
-    #[doc = "       version             INTEGER,  -- must be 0"]
-    #[doc = "       modulus             INTEGER,  -- n"]
-    #[doc = "       publicExponent      INTEGER,  -- e"]
-    #[doc = "       privateExponent     INTEGER,  -- d"]
-    #[doc = "       prime1              INTEGER,  -- p"]
-    #[doc = "       prime2              INTEGER,  -- q"]
-    #[doc = "       exponent1           INTEGER,  -- d mod (p-1)"]
-    #[doc = "       exponent2           INTEGER,  -- d mod (q-1)"]
-    #[doc = "       coefficient         INTEGER,  -- (inverse of q) mod p"]
-    #[doc = "   }"]
-    #[doc = "   ```"]
-    #[doc = " - For elliptic curve key pairs (key types for which"]
-    #[doc = "   #PSA_KEY_TYPE_IS_ECC_KEY_PAIR is true), the format is"]
-    #[doc = "   a representation of the private value as a `ceiling(m/8)`-byte string"]
-    #[doc = "   where `m` is the bit size associated with the curve, i.e. the bit size"]
-    #[doc = "   of the order of the curve's coordinate field. This byte string is"]
-    #[doc = "   in little-endian order for Montgomery curves (curve types"]
-    #[doc = "   `PSA_ECC_FAMILY_CURVEXXX`), and in big-endian order for Weierstrass"]
-    #[doc = "   curves (curve types `PSA_ECC_FAMILY_SECTXXX`, `PSA_ECC_FAMILY_SECPXXX`"]
-    #[doc = "   and `PSA_ECC_FAMILY_BRAINPOOL_PXXX`)."]
-    #[doc = "   For Weierstrass curves, this is the content of the `privateKey` field of"]
-    #[doc = "   the `ECPrivateKey` format defined by RFC 5915.  For Montgomery curves,"]
-    #[doc = "   the format is defined by RFC 7748, and output is masked according to §5."]
-    #[doc = "   For twisted Edwards curves, the private key is as defined by RFC 8032"]
-    #[doc = "   (a 32-byte string for Edwards25519, a 57-byte string for Edwards448)."]
-    #[doc = " - For Diffie-Hellman key exchange key pairs (key types for which"]
-    #[doc = "   #PSA_KEY_TYPE_IS_DH_KEY_PAIR is true), the"]
-    #[doc = "   format is the representation of the private key `x` as a big-endian byte"]
-    #[doc = "   string. The length of the byte string is the private key size in bytes"]
-    #[doc = "   (leading zeroes are not stripped)."]
-    #[doc = " - For public keys (key types for which #PSA_KEY_TYPE_IS_PUBLIC_KEY is"]
-    #[doc = "   true), the format is the same as for psa_export_public_key()."]
-    #[doc = ""]
-    #[doc = " The policy on the key must have the usage flag #PSA_KEY_USAGE_EXPORT set."]
-    #[doc = ""]
-    #[doc = " \\param key               Identifier of the key to export. It must allow the"]
-    #[doc = "                          usage #PSA_KEY_USAGE_EXPORT, unless it is a public"]
-    #[doc = "                          key."]
-    #[doc = " \\param[out] data         Buffer where the key data is to be written."]
-    #[doc = " \\param data_size         Size of the \\p data buffer in bytes."]
-    #[doc = " \\param[out] data_length  On success, the number of bytes"]
-    #[doc = "                          that make up the key data."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INVALID_HANDLE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_NOT_PERMITTED"]
-    #[doc = "         The key does not have the #PSA_KEY_USAGE_EXPORT flag."]
-    #[doc = " \\retval #PSA_ERROR_NOT_SUPPORTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BUFFER_TOO_SMALL"]
-    #[doc = "         The size of the \\p data buffer is too small. You can determine a"]
-    #[doc = "         sufficient buffer size by calling"]
-    #[doc = "         #PSA_EXPORT_KEY_OUTPUT_SIZE(\\c type, \\c bits)"]
-    #[doc = "         where \\c type is the key type"]
-    #[doc = "         and \\c bits is the key size in bits."]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_export_key(
-        key: mbedtls_svc_key_id_t,
-        data: *mut u8,
-        data_size: size_t,
-        data_length: *mut size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " \\brief Export a public key or the public part of a key pair in binary format."]
-    #[doc = ""]
-    #[doc = " The output of this function can be passed to psa_import_key() to"]
-    #[doc = " create an object that is equivalent to the public key."]
-    #[doc = ""]
-    #[doc = " This specification supports a single format for each key type."]
-    #[doc = " Implementations may support other formats as long as the standard"]
-    #[doc = " format is supported. Implementations that support other formats"]
-    #[doc = " should ensure that the formats are clearly unambiguous so as to"]
-    #[doc = " minimize the risk that an invalid input is accidentally interpreted"]
-    #[doc = " according to a different format."]
-    #[doc = ""]
-    #[doc = " For standard key types, the output format is as follows:"]
-    #[doc = " - For RSA public keys (#PSA_KEY_TYPE_RSA_PUBLIC_KEY), the DER encoding of"]
-    #[doc = "   the representation defined by RFC 3279 &sect;2.3.1 as `RSAPublicKey`."]
-    #[doc = "   ```"]
-    #[doc = "   RSAPublicKey ::= SEQUENCE {"]
-    #[doc = "      modulus            INTEGER,    -- n"]
-    #[doc = "      publicExponent     INTEGER  }  -- e"]
-    #[doc = "   ```"]
-    #[doc = " - For elliptic curve keys on a twisted Edwards curve (key types for which"]
-    #[doc = "   #PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY is true and #PSA_KEY_TYPE_ECC_GET_FAMILY"]
-    #[doc = "   returns #PSA_ECC_FAMILY_TWISTED_EDWARDS), the public key is as defined"]
-    #[doc = "   by RFC 8032"]
-    #[doc = "   (a 32-byte string for Edwards25519, a 57-byte string for Edwards448)."]
-    #[doc = " - For other elliptic curve public keys (key types for which"]
-    #[doc = "   #PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY is true), the format is the uncompressed"]
-    #[doc = "   representation defined by SEC1 &sect;2.3.3 as the content of an ECPoint."]
-    #[doc = "   Let `m` be the bit size associated with the curve, i.e. the bit size of"]
-    #[doc = "   `q` for a curve over `F_q`. The representation consists of:"]
-    #[doc = "      - The byte 0x04;"]
-    #[doc = "      - `x_P` as a `ceiling(m/8)`-byte string, big-endian;"]
-    #[doc = "      - `y_P` as a `ceiling(m/8)`-byte string, big-endian."]
-    #[doc = " - For Diffie-Hellman key exchange public keys (key types for which"]
-    #[doc = "   #PSA_KEY_TYPE_IS_DH_PUBLIC_KEY is true),"]
-    #[doc = "   the format is the representation of the public key `y = g^x mod p` as a"]
-    #[doc = "   big-endian byte string. The length of the byte string is the length of the"]
-    #[doc = "   base prime `p` in bytes."]
-    #[doc = ""]
-    #[doc = " Exporting a public key object or the public part of a key pair is"]
-    #[doc = " always permitted, regardless of the key's usage flags."]
-    #[doc = ""]
-    #[doc = " \\param key               Identifier of the key to export."]
-    #[doc = " \\param[out] data         Buffer where the key data is to be written."]
-    #[doc = " \\param data_size         Size of the \\p data buffer in bytes."]
-    #[doc = " \\param[out] data_length  On success, the number of bytes"]
-    #[doc = "                          that make up the key data."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INVALID_HANDLE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT"]
-    #[doc = "         The key is neither a public key nor a key pair."]
-    #[doc = " \\retval #PSA_ERROR_NOT_SUPPORTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BUFFER_TOO_SMALL"]
-    #[doc = "         The size of the \\p data buffer is too small. You can determine a"]
-    #[doc = "         sufficient buffer size by calling"]
-    #[doc = "         #PSA_EXPORT_KEY_OUTPUT_SIZE(#PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(\\c type), \\c bits)"]
-    #[doc = "         where \\c type is the key type"]
-    #[doc = "         and \\c bits is the key size in bits."]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_export_public_key(
-        key: mbedtls_svc_key_id_t,
-        data: *mut u8,
-        data_size: size_t,
-        data_length: *mut size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Calculate the hash (digest) of a message."]
-    #[doc = ""]
-    #[doc = " \\note To verify the hash of a message against an"]
-    #[doc = "       expected value, use psa_hash_compare() instead."]
-    #[doc = ""]
-    #[doc = " \\param alg               The hash algorithm to compute (\\c PSA_ALG_XXX value"]
-    #[doc = "                          such that #PSA_ALG_IS_HASH(\\p alg) is true)."]
-    #[doc = " \\param[in] input         Buffer containing the message to hash."]
-    #[doc = " \\param input_length      Size of the \\p input buffer in bytes."]
-    #[doc = " \\param[out] hash         Buffer where the hash is to be written."]
-    #[doc = " \\param hash_size         Size of the \\p hash buffer in bytes."]
-    #[doc = " \\param[out] hash_length  On success, the number of bytes"]
-    #[doc = "                          that make up the hash value. This is always"]
-    #[doc = "                          #PSA_HASH_LENGTH(\\p alg)."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_NOT_SUPPORTED"]
-    #[doc = "         \\p alg is not supported or is not a hash algorithm."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BUFFER_TOO_SMALL"]
-    #[doc = "         \\p hash_size is too small"]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_hash_compute(
-        alg: psa_algorithm_t,
-        input: *const u8,
-        input_length: size_t,
-        hash: *mut u8,
-        hash_size: size_t,
-        hash_length: *mut size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Calculate the hash (digest) of a message and compare it with a"]
-    #[doc = " reference value."]
-    #[doc = ""]
-    #[doc = " \\param alg               The hash algorithm to compute (\\c PSA_ALG_XXX value"]
-    #[doc = "                          such that #PSA_ALG_IS_HASH(\\p alg) is true)."]
-    #[doc = " \\param[in] input         Buffer containing the message to hash."]
-    #[doc = " \\param input_length      Size of the \\p input buffer in bytes."]
-    #[doc = " \\param[out] hash         Buffer containing the expected hash value."]
-    #[doc = " \\param hash_length       Size of the \\p hash buffer in bytes."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         The expected hash is identical to the actual hash of the input."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_SIGNATURE"]
-    #[doc = "         The hash of the message was calculated successfully, but it"]
-    #[doc = "         differs from the expected hash."]
-    #[doc = " \\retval #PSA_ERROR_NOT_SUPPORTED"]
-    #[doc = "         \\p alg is not supported or is not a hash algorithm."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT"]
-    #[doc = "         \\p input_length or \\p hash_length do not match the hash size for \\p alg"]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_hash_compare(
-        alg: psa_algorithm_t,
-        input: *const u8,
-        input_length: size_t,
-        hash: *const u8,
-        hash_length: size_t,
-    ) -> psa_status_t;
-}
-#[doc = " The type of the state data structure for multipart hash operations."]
-#[doc = ""]
-#[doc = " Before calling any function on a hash operation object, the application must"]
-#[doc = " initialize it by any of the following means:"]
-#[doc = " - Set the structure to all-bits-zero, for example:"]
-#[doc = "   \\code"]
-#[doc = "   psa_hash_operation_t operation;"]
-#[doc = "   memset(&operation, 0, sizeof(operation));"]
-#[doc = "   \\endcode"]
-#[doc = " - Initialize the structure to logical zero values, for example:"]
-#[doc = "   \\code"]
-#[doc = "   psa_hash_operation_t operation = {0};"]
-#[doc = "   \\endcode"]
-#[doc = " - Initialize the structure to the initializer #PSA_HASH_OPERATION_INIT,"]
-#[doc = "   for example:"]
-#[doc = "   \\code"]
-#[doc = "   psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;"]
-#[doc = "   \\endcode"]
-#[doc = " - Assign the result of the function psa_hash_operation_init()"]
-#[doc = "   to the structure, for example:"]
-#[doc = "   \\code"]
-#[doc = "   psa_hash_operation_t operation;"]
-#[doc = "   operation = psa_hash_operation_init();"]
-#[doc = "   \\endcode"]
-#[doc = ""]
-#[doc = " This is an implementation-defined \\c struct. Applications should not"]
-#[doc = " make any assumptions about the content of this structure."]
-#[doc = " Implementation details can change in future versions without notice."]
-pub type psa_hash_operation_t = psa_hash_operation_s;
-extern "C" {
-    #[doc = " Set up a multipart hash operation."]
-    #[doc = ""]
-    #[doc = " The sequence of operations to calculate a hash (message digest)"]
-    #[doc = " is as follows:"]
-    #[doc = " -# Allocate an operation object which will be passed to all the functions"]
-    #[doc = "    listed here."]
-    #[doc = " -# Initialize the operation object with one of the methods described in the"]
-    #[doc = "    documentation for #psa_hash_operation_t, e.g. #PSA_HASH_OPERATION_INIT."]
-    #[doc = " -# Call psa_hash_setup() to specify the algorithm."]
-    #[doc = " -# Call psa_hash_update() zero, one or more times, passing a fragment"]
-    #[doc = "    of the message each time. The hash that is calculated is the hash"]
-    #[doc = "    of the concatenation of these messages in order."]
-    #[doc = " -# To calculate the hash, call psa_hash_finish()."]
-    #[doc = "    To compare the hash with an expected value, call psa_hash_verify()."]
-    #[doc = ""]
-    #[doc = " If an error occurs at any step after a call to psa_hash_setup(), the"]
-    #[doc = " operation will need to be reset by a call to psa_hash_abort(). The"]
-    #[doc = " application may call psa_hash_abort() at any time after the operation"]
-    #[doc = " has been initialized."]
-    #[doc = ""]
-    #[doc = " After a successful call to psa_hash_setup(), the application must"]
-    #[doc = " eventually terminate the operation. The following events terminate an"]
-    #[doc = " operation:"]
-    #[doc = " - A successful call to psa_hash_finish() or psa_hash_verify()."]
-    #[doc = " - A call to psa_hash_abort()."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation The operation object to set up. It must have"]
-    #[doc = "                          been initialized as per the documentation for"]
-    #[doc = "                          #psa_hash_operation_t and not yet in use."]
-    #[doc = " \\param alg               The hash algorithm to compute (\\c PSA_ALG_XXX value"]
-    #[doc = "                          such that #PSA_ALG_IS_HASH(\\p alg) is true)."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_NOT_SUPPORTED"]
-    #[doc = "         \\p alg is not a supported hash algorithm."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT"]
-    #[doc = "         \\p alg is not a hash algorithm."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The operation state is not valid (it must be inactive), or"]
-    #[doc = "         the library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_hash_setup(
-        operation: *mut psa_hash_operation_t,
-        alg: psa_algorithm_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Add a message fragment to a multipart hash operation."]
-    #[doc = ""]
-    #[doc = " The application must call psa_hash_setup() before calling this function."]
-    #[doc = ""]
-    #[doc = " If this function returns an error status, the operation enters an error"]
-    #[doc = " state and must be aborted by calling psa_hash_abort()."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation Active hash operation."]
-    #[doc = " \\param[in] input         Buffer containing the message fragment to hash."]
-    #[doc = " \\param input_length      Size of the \\p input buffer in bytes."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The operation state is not valid (it must be active), or"]
-    #[doc = "         the library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_hash_update(
-        operation: *mut psa_hash_operation_t,
-        input: *const u8,
-        input_length: size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Finish the calculation of the hash of a message."]
-    #[doc = ""]
-    #[doc = " The application must call psa_hash_setup() before calling this function."]
-    #[doc = " This function calculates the hash of the message formed by concatenating"]
-    #[doc = " the inputs passed to preceding calls to psa_hash_update()."]
-    #[doc = ""]
-    #[doc = " When this function returns successfully, the operation becomes inactive."]
-    #[doc = " If this function returns an error status, the operation enters an error"]
-    #[doc = " state and must be aborted by calling psa_hash_abort()."]
-    #[doc = ""]
-    #[doc = " \\warning Applications should not call this function if they expect"]
-    #[doc = "          a specific value for the hash. Call psa_hash_verify() instead."]
-    #[doc = "          Beware that comparing integrity or authenticity data such as"]
-    #[doc = "          hash values with a function such as \\c memcmp is risky"]
-    #[doc = "          because the time taken by the comparison may leak information"]
-    #[doc = "          about the hashed data which could allow an attacker to guess"]
-    #[doc = "          a valid hash and thereby bypass security controls."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation     Active hash operation."]
-    #[doc = " \\param[out] hash             Buffer where the hash is to be written."]
-    #[doc = " \\param hash_size             Size of the \\p hash buffer in bytes."]
-    #[doc = " \\param[out] hash_length      On success, the number of bytes"]
-    #[doc = "                              that make up the hash value. This is always"]
-    #[doc = "                              #PSA_HASH_LENGTH(\\c alg) where \\c alg is the"]
-    #[doc = "                              hash algorithm that is calculated."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_BUFFER_TOO_SMALL"]
-    #[doc = "         The size of the \\p hash buffer is too small. You can determine a"]
-    #[doc = "         sufficient buffer size by calling #PSA_HASH_LENGTH(\\c alg)"]
-    #[doc = "         where \\c alg is the hash algorithm that is calculated."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The operation state is not valid (it must be active), or"]
-    #[doc = "         the library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_hash_finish(
-        operation: *mut psa_hash_operation_t,
-        hash: *mut u8,
-        hash_size: size_t,
-        hash_length: *mut size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Finish the calculation of the hash of a message and compare it with"]
-    #[doc = " an expected value."]
-    #[doc = ""]
-    #[doc = " The application must call psa_hash_setup() before calling this function."]
-    #[doc = " This function calculates the hash of the message formed by concatenating"]
-    #[doc = " the inputs passed to preceding calls to psa_hash_update(). It then"]
-    #[doc = " compares the calculated hash with the expected hash passed as a"]
-    #[doc = " parameter to this function."]
-    #[doc = ""]
-    #[doc = " When this function returns successfully, the operation becomes inactive."]
-    #[doc = " If this function returns an error status, the operation enters an error"]
-    #[doc = " state and must be aborted by calling psa_hash_abort()."]
-    #[doc = ""]
-    #[doc = " \\note Implementations shall make the best effort to ensure that the"]
-    #[doc = " comparison between the actual hash and the expected hash is performed"]
-    #[doc = " in constant time."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation     Active hash operation."]
-    #[doc = " \\param[in] hash              Buffer containing the expected hash value."]
-    #[doc = " \\param hash_length           Size of the \\p hash buffer in bytes."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         The expected hash is identical to the actual hash of the message."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_SIGNATURE"]
-    #[doc = "         The hash of the message was calculated successfully, but it"]
-    #[doc = "         differs from the expected hash."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The operation state is not valid (it must be active), or"]
-    #[doc = "         the library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_hash_verify(
-        operation: *mut psa_hash_operation_t,
-        hash: *const u8,
-        hash_length: size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Abort a hash operation."]
-    #[doc = ""]
-    #[doc = " Aborting an operation frees all associated resources except for the"]
-    #[doc = " \\p operation structure itself. Once aborted, the operation object"]
-    #[doc = " can be reused for another operation by calling"]
-    #[doc = " psa_hash_setup() again."]
-    #[doc = ""]
-    #[doc = " You may call this function any time after the operation object has"]
-    #[doc = " been initialized by one of the methods described in #psa_hash_operation_t."]
-    #[doc = ""]
-    #[doc = " In particular, calling psa_hash_abort() after the operation has been"]
-    #[doc = " terminated by a call to psa_hash_abort(), psa_hash_finish() or"]
-    #[doc = " psa_hash_verify() is safe and has no effect."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation     Initialized hash operation."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_hash_abort(operation: *mut psa_hash_operation_t) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Clone a hash operation."]
-    #[doc = ""]
-    #[doc = " This function copies the state of an ongoing hash operation to"]
-    #[doc = " a new operation object. In other words, this function is equivalent"]
-    #[doc = " to calling psa_hash_setup() on \\p target_operation with the same"]
-    #[doc = " algorithm that \\p source_operation was set up for, then"]
-    #[doc = " psa_hash_update() on \\p target_operation with the same input that"]
-    #[doc = " that was passed to \\p source_operation. After this function returns, the"]
-    #[doc = " two objects are independent, i.e. subsequent calls involving one of"]
-    #[doc = " the objects do not affect the other object."]
-    #[doc = ""]
-    #[doc = " \\param[in] source_operation      The active hash operation to clone."]
-    #[doc = " \\param[in,out] target_operation  The operation object to set up."]
-    #[doc = "                                  It must be initialized but not active."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The \\p source_operation state is not valid (it must be active), or"]
-    #[doc = "         the \\p target_operation state is not valid (it must be inactive), or"]
-    #[doc = "         the library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_hash_clone(
-        source_operation: *const psa_hash_operation_t,
-        target_operation: *mut psa_hash_operation_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Calculate the MAC (message authentication code) of a message."]
-    #[doc = ""]
-    #[doc = " \\note To verify the MAC of a message against an"]
-    #[doc = "       expected value, use psa_mac_verify() instead."]
-    #[doc = "       Beware that comparing integrity or authenticity data such as"]
-    #[doc = "       MAC values with a function such as \\c memcmp is risky"]
-    #[doc = "       because the time taken by the comparison may leak information"]
-    #[doc = "       about the MAC value which could allow an attacker to guess"]
-    #[doc = "       a valid MAC and thereby bypass security controls."]
-    #[doc = ""]
-    #[doc = " \\param key               Identifier of the key to use for the operation. It"]
-    #[doc = "                          must allow the usage PSA_KEY_USAGE_SIGN_MESSAGE."]
-    #[doc = " \\param alg               The MAC algorithm to compute (\\c PSA_ALG_XXX value"]
-    #[doc = "                          such that #PSA_ALG_IS_MAC(\\p alg) is true)."]
-    #[doc = " \\param[in] input         Buffer containing the input message."]
-    #[doc = " \\param input_length      Size of the \\p input buffer in bytes."]
-    #[doc = " \\param[out] mac          Buffer where the MAC value is to be written."]
-    #[doc = " \\param mac_size          Size of the \\p mac buffer in bytes."]
-    #[doc = " \\param[out] mac_length   On success, the number of bytes"]
-    #[doc = "                          that make up the MAC value."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_HANDLE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_NOT_PERMITTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT"]
-    #[doc = "         \\p key is not compatible with \\p alg."]
-    #[doc = " \\retval #PSA_ERROR_NOT_SUPPORTED"]
-    #[doc = "         \\p alg is not supported or is not a MAC algorithm."]
-    #[doc = " \\retval #PSA_ERROR_BUFFER_TOO_SMALL"]
-    #[doc = "         \\p mac_size is too small"]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE"]
-    #[doc = "         The key could not be retrieved from storage."]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_mac_compute(
-        key: mbedtls_svc_key_id_t,
-        alg: psa_algorithm_t,
-        input: *const u8,
-        input_length: size_t,
-        mac: *mut u8,
-        mac_size: size_t,
-        mac_length: *mut size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Calculate the MAC of a message and compare it with a reference value."]
-    #[doc = ""]
-    #[doc = " \\param key               Identifier of the key to use for the operation. It"]
-    #[doc = "                          must allow the usage PSA_KEY_USAGE_VERIFY_MESSAGE."]
-    #[doc = " \\param alg               The MAC algorithm to compute (\\c PSA_ALG_XXX value"]
-    #[doc = "                          such that #PSA_ALG_IS_MAC(\\p alg) is true)."]
-    #[doc = " \\param[in] input         Buffer containing the input message."]
-    #[doc = " \\param input_length      Size of the \\p input buffer in bytes."]
-    #[doc = " \\param[out] mac          Buffer containing the expected MAC value."]
-    #[doc = " \\param mac_length        Size of the \\p mac buffer in bytes."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         The expected MAC is identical to the actual MAC of the input."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_SIGNATURE"]
-    #[doc = "         The MAC of the message was calculated successfully, but it"]
-    #[doc = "         differs from the expected value."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_HANDLE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_NOT_PERMITTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT"]
-    #[doc = "         \\p key is not compatible with \\p alg."]
-    #[doc = " \\retval #PSA_ERROR_NOT_SUPPORTED"]
-    #[doc = "         \\p alg is not supported or is not a MAC algorithm."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE"]
-    #[doc = "         The key could not be retrieved from storage."]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_mac_verify(
-        key: mbedtls_svc_key_id_t,
-        alg: psa_algorithm_t,
-        input: *const u8,
-        input_length: size_t,
-        mac: *const u8,
-        mac_length: size_t,
-    ) -> psa_status_t;
-}
-#[doc = " The type of the state data structure for multipart MAC operations."]
-#[doc = ""]
-#[doc = " Before calling any function on a MAC operation object, the application must"]
-#[doc = " initialize it by any of the following means:"]
-#[doc = " - Set the structure to all-bits-zero, for example:"]
-#[doc = "   \\code"]
-#[doc = "   psa_mac_operation_t operation;"]
-#[doc = "   memset(&operation, 0, sizeof(operation));"]
-#[doc = "   \\endcode"]
-#[doc = " - Initialize the structure to logical zero values, for example:"]
-#[doc = "   \\code"]
-#[doc = "   psa_mac_operation_t operation = {0};"]
-#[doc = "   \\endcode"]
-#[doc = " - Initialize the structure to the initializer #PSA_MAC_OPERATION_INIT,"]
-#[doc = "   for example:"]
-#[doc = "   \\code"]
-#[doc = "   psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;"]
-#[doc = "   \\endcode"]
-#[doc = " - Assign the result of the function psa_mac_operation_init()"]
-#[doc = "   to the structure, for example:"]
-#[doc = "   \\code"]
-#[doc = "   psa_mac_operation_t operation;"]
-#[doc = "   operation = psa_mac_operation_init();"]
-#[doc = "   \\endcode"]
-#[doc = ""]
-#[doc = ""]
-#[doc = " This is an implementation-defined \\c struct. Applications should not"]
-#[doc = " make any assumptions about the content of this structure."]
-#[doc = " Implementation details can change in future versions without notice."]
-pub type psa_mac_operation_t = psa_mac_operation_s;
-extern "C" {
-    #[doc = " Set up a multipart MAC calculation operation."]
-    #[doc = ""]
-    #[doc = " This function sets up the calculation of the MAC"]
-    #[doc = " (message authentication code) of a byte string."]
-    #[doc = " To verify the MAC of a message against an"]
-    #[doc = " expected value, use psa_mac_verify_setup() instead."]
-    #[doc = ""]
-    #[doc = " The sequence of operations to calculate a MAC is as follows:"]
-    #[doc = " -# Allocate an operation object which will be passed to all the functions"]
-    #[doc = "    listed here."]
-    #[doc = " -# Initialize the operation object with one of the methods described in the"]
-    #[doc = "    documentation for #psa_mac_operation_t, e.g. #PSA_MAC_OPERATION_INIT."]
-    #[doc = " -# Call psa_mac_sign_setup() to specify the algorithm and key."]
-    #[doc = " -# Call psa_mac_update() zero, one or more times, passing a fragment"]
-    #[doc = "    of the message each time. The MAC that is calculated is the MAC"]
-    #[doc = "    of the concatenation of these messages in order."]
-    #[doc = " -# At the end of the message, call psa_mac_sign_finish() to finish"]
-    #[doc = "    calculating the MAC value and retrieve it."]
-    #[doc = ""]
-    #[doc = " If an error occurs at any step after a call to psa_mac_sign_setup(), the"]
-    #[doc = " operation will need to be reset by a call to psa_mac_abort(). The"]
-    #[doc = " application may call psa_mac_abort() at any time after the operation"]
-    #[doc = " has been initialized."]
-    #[doc = ""]
-    #[doc = " After a successful call to psa_mac_sign_setup(), the application must"]
-    #[doc = " eventually terminate the operation through one of the following methods:"]
-    #[doc = " - A successful call to psa_mac_sign_finish()."]
-    #[doc = " - A call to psa_mac_abort()."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation The operation object to set up. It must have"]
-    #[doc = "                          been initialized as per the documentation for"]
-    #[doc = "                          #psa_mac_operation_t and not yet in use."]
-    #[doc = " \\param key               Identifier of the key to use for the operation. It"]
-    #[doc = "                          must remain valid until the operation terminates."]
-    #[doc = "                          It must allow the usage PSA_KEY_USAGE_SIGN_MESSAGE."]
-    #[doc = " \\param alg               The MAC algorithm to compute (\\c PSA_ALG_XXX value"]
-    #[doc = "                          such that #PSA_ALG_IS_MAC(\\p alg) is true)."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_HANDLE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_NOT_PERMITTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT"]
-    #[doc = "         \\p key is not compatible with \\p alg."]
-    #[doc = " \\retval #PSA_ERROR_NOT_SUPPORTED"]
-    #[doc = "         \\p alg is not supported or is not a MAC algorithm."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE"]
-    #[doc = "         The key could not be retrieved from storage."]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The operation state is not valid (it must be inactive), or"]
-    #[doc = "         the library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_mac_sign_setup(
-        operation: *mut psa_mac_operation_t,
-        key: mbedtls_svc_key_id_t,
-        alg: psa_algorithm_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Set up a multipart MAC verification operation."]
-    #[doc = ""]
-    #[doc = " This function sets up the verification of the MAC"]
-    #[doc = " (message authentication code) of a byte string against an expected value."]
-    #[doc = ""]
-    #[doc = " The sequence of operations to verify a MAC is as follows:"]
-    #[doc = " -# Allocate an operation object which will be passed to all the functions"]
-    #[doc = "    listed here."]
-    #[doc = " -# Initialize the operation object with one of the methods described in the"]
-    #[doc = "    documentation for #psa_mac_operation_t, e.g. #PSA_MAC_OPERATION_INIT."]
-    #[doc = " -# Call psa_mac_verify_setup() to specify the algorithm and key."]
-    #[doc = " -# Call psa_mac_update() zero, one or more times, passing a fragment"]
-    #[doc = "    of the message each time. The MAC that is calculated is the MAC"]
-    #[doc = "    of the concatenation of these messages in order."]
-    #[doc = " -# At the end of the message, call psa_mac_verify_finish() to finish"]
-    #[doc = "    calculating the actual MAC of the message and verify it against"]
-    #[doc = "    the expected value."]
-    #[doc = ""]
-    #[doc = " If an error occurs at any step after a call to psa_mac_verify_setup(), the"]
-    #[doc = " operation will need to be reset by a call to psa_mac_abort(). The"]
-    #[doc = " application may call psa_mac_abort() at any time after the operation"]
-    #[doc = " has been initialized."]
-    #[doc = ""]
-    #[doc = " After a successful call to psa_mac_verify_setup(), the application must"]
-    #[doc = " eventually terminate the operation through one of the following methods:"]
-    #[doc = " - A successful call to psa_mac_verify_finish()."]
-    #[doc = " - A call to psa_mac_abort()."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation The operation object to set up. It must have"]
-    #[doc = "                          been initialized as per the documentation for"]
-    #[doc = "                          #psa_mac_operation_t and not yet in use."]
-    #[doc = " \\param key               Identifier of the key to use for the operation. It"]
-    #[doc = "                          must remain valid until the operation terminates."]
-    #[doc = "                          It must allow the usage"]
-    #[doc = "                          PSA_KEY_USAGE_VERIFY_MESSAGE."]
-    #[doc = " \\param alg               The MAC algorithm to compute (\\c PSA_ALG_XXX value"]
-    #[doc = "                          such that #PSA_ALG_IS_MAC(\\p alg) is true)."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_HANDLE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_NOT_PERMITTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT"]
-    #[doc = "         \\c key is not compatible with \\c alg."]
-    #[doc = " \\retval #PSA_ERROR_NOT_SUPPORTED"]
-    #[doc = "         \\c alg is not supported or is not a MAC algorithm."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE"]
-    #[doc = "         The key could not be retrieved from storage."]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The operation state is not valid (it must be inactive), or"]
-    #[doc = "         the library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_mac_verify_setup(
-        operation: *mut psa_mac_operation_t,
-        key: mbedtls_svc_key_id_t,
-        alg: psa_algorithm_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Add a message fragment to a multipart MAC operation."]
-    #[doc = ""]
-    #[doc = " The application must call psa_mac_sign_setup() or psa_mac_verify_setup()"]
-    #[doc = " before calling this function."]
-    #[doc = ""]
-    #[doc = " If this function returns an error status, the operation enters an error"]
-    #[doc = " state and must be aborted by calling psa_mac_abort()."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation Active MAC operation."]
-    #[doc = " \\param[in] input         Buffer containing the message fragment to add to"]
-    #[doc = "                          the MAC calculation."]
-    #[doc = " \\param input_length      Size of the \\p input buffer in bytes."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The operation state is not valid (it must be active), or"]
-    #[doc = "         the library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_mac_update(
-        operation: *mut psa_mac_operation_t,
-        input: *const u8,
-        input_length: size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Finish the calculation of the MAC of a message."]
-    #[doc = ""]
-    #[doc = " The application must call psa_mac_sign_setup() before calling this function."]
-    #[doc = " This function calculates the MAC of the message formed by concatenating"]
-    #[doc = " the inputs passed to preceding calls to psa_mac_update()."]
-    #[doc = ""]
-    #[doc = " When this function returns successfully, the operation becomes inactive."]
-    #[doc = " If this function returns an error status, the operation enters an error"]
-    #[doc = " state and must be aborted by calling psa_mac_abort()."]
-    #[doc = ""]
-    #[doc = " \\warning Applications should not call this function if they expect"]
-    #[doc = "          a specific value for the MAC. Call psa_mac_verify_finish() instead."]
-    #[doc = "          Beware that comparing integrity or authenticity data such as"]
-    #[doc = "          MAC values with a function such as \\c memcmp is risky"]
-    #[doc = "          because the time taken by the comparison may leak information"]
-    #[doc = "          about the MAC value which could allow an attacker to guess"]
-    #[doc = "          a valid MAC and thereby bypass security controls."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation Active MAC operation."]
-    #[doc = " \\param[out] mac          Buffer where the MAC value is to be written."]
-    #[doc = " \\param mac_size          Size of the \\p mac buffer in bytes."]
-    #[doc = " \\param[out] mac_length   On success, the number of bytes"]
-    #[doc = "                          that make up the MAC value. This is always"]
-    #[doc = "                          #PSA_MAC_LENGTH(\\c key_type, \\c key_bits, \\c alg)"]
-    #[doc = "                          where \\c key_type and \\c key_bits are the type and"]
-    #[doc = "                          bit-size respectively of the key and \\c alg is the"]
-    #[doc = "                          MAC algorithm that is calculated."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_BUFFER_TOO_SMALL"]
-    #[doc = "         The size of the \\p mac buffer is too small. You can determine a"]
-    #[doc = "         sufficient buffer size by calling PSA_MAC_LENGTH()."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The operation state is not valid (it must be an active mac sign"]
-    #[doc = "         operation), or the library has not been previously initialized"]
-    #[doc = "         by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_mac_sign_finish(
-        operation: *mut psa_mac_operation_t,
-        mac: *mut u8,
-        mac_size: size_t,
-        mac_length: *mut size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Finish the calculation of the MAC of a message and compare it with"]
-    #[doc = " an expected value."]
-    #[doc = ""]
-    #[doc = " The application must call psa_mac_verify_setup() before calling this function."]
-    #[doc = " This function calculates the MAC of the message formed by concatenating"]
-    #[doc = " the inputs passed to preceding calls to psa_mac_update(). It then"]
-    #[doc = " compares the calculated MAC with the expected MAC passed as a"]
-    #[doc = " parameter to this function."]
-    #[doc = ""]
-    #[doc = " When this function returns successfully, the operation becomes inactive."]
-    #[doc = " If this function returns an error status, the operation enters an error"]
-    #[doc = " state and must be aborted by calling psa_mac_abort()."]
-    #[doc = ""]
-    #[doc = " \\note Implementations shall make the best effort to ensure that the"]
-    #[doc = " comparison between the actual MAC and the expected MAC is performed"]
-    #[doc = " in constant time."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation Active MAC operation."]
-    #[doc = " \\param[in] mac           Buffer containing the expected MAC value."]
-    #[doc = " \\param mac_length        Size of the \\p mac buffer in bytes."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         The expected MAC is identical to the actual MAC of the message."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_SIGNATURE"]
-    #[doc = "         The MAC of the message was calculated successfully, but it"]
-    #[doc = "         differs from the expected MAC."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The operation state is not valid (it must be an active mac verify"]
-    #[doc = "         operation), or the library has not been previously initialized"]
-    #[doc = "         by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_mac_verify_finish(
-        operation: *mut psa_mac_operation_t,
-        mac: *const u8,
-        mac_length: size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Abort a MAC operation."]
-    #[doc = ""]
-    #[doc = " Aborting an operation frees all associated resources except for the"]
-    #[doc = " \\p operation structure itself. Once aborted, the operation object"]
-    #[doc = " can be reused for another operation by calling"]
-    #[doc = " psa_mac_sign_setup() or psa_mac_verify_setup() again."]
-    #[doc = ""]
-    #[doc = " You may call this function any time after the operation object has"]
-    #[doc = " been initialized by one of the methods described in #psa_mac_operation_t."]
-    #[doc = ""]
-    #[doc = " In particular, calling psa_mac_abort() after the operation has been"]
-    #[doc = " terminated by a call to psa_mac_abort(), psa_mac_sign_finish() or"]
-    #[doc = " psa_mac_verify_finish() is safe and has no effect."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation Initialized MAC operation."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_mac_abort(operation: *mut psa_mac_operation_t) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Encrypt a message using a symmetric cipher."]
-    #[doc = ""]
-    #[doc = " This function encrypts a message with a random IV (initialization"]
-    #[doc = " vector). Use the multipart operation interface with a"]
-    #[doc = " #psa_cipher_operation_t object to provide other forms of IV."]
-    #[doc = ""]
-    #[doc = " \\param key                   Identifier of the key to use for the operation."]
-    #[doc = "                              It must allow the usage #PSA_KEY_USAGE_ENCRYPT."]
-    #[doc = " \\param alg                   The cipher algorithm to compute"]
-    #[doc = "                              (\\c PSA_ALG_XXX value such that"]
-    #[doc = "                              #PSA_ALG_IS_CIPHER(\\p alg) is true)."]
-    #[doc = " \\param[in] input             Buffer containing the message to encrypt."]
-    #[doc = " \\param input_length          Size of the \\p input buffer in bytes."]
-    #[doc = " \\param[out] output           Buffer where the output is to be written."]
-    #[doc = "                              The output contains the IV followed by"]
-    #[doc = "                              the ciphertext proper."]
-    #[doc = " \\param output_size           Size of the \\p output buffer in bytes."]
-    #[doc = " \\param[out] output_length    On success, the number of bytes"]
-    #[doc = "                              that make up the output."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_HANDLE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_NOT_PERMITTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT"]
-    #[doc = "         \\p key is not compatible with \\p alg."]
-    #[doc = " \\retval #PSA_ERROR_NOT_SUPPORTED"]
-    #[doc = "         \\p alg is not supported or is not a cipher algorithm."]
-    #[doc = " \\retval #PSA_ERROR_BUFFER_TOO_SMALL \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_cipher_encrypt(
-        key: mbedtls_svc_key_id_t,
-        alg: psa_algorithm_t,
-        input: *const u8,
-        input_length: size_t,
-        output: *mut u8,
-        output_size: size_t,
-        output_length: *mut size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Decrypt a message using a symmetric cipher."]
-    #[doc = ""]
-    #[doc = " This function decrypts a message encrypted with a symmetric cipher."]
-    #[doc = ""]
-    #[doc = " \\param key                   Identifier of the key to use for the operation."]
-    #[doc = "                              It must remain valid until the operation"]
-    #[doc = "                              terminates. It must allow the usage"]
-    #[doc = "                              #PSA_KEY_USAGE_DECRYPT."]
-    #[doc = " \\param alg                   The cipher algorithm to compute"]
-    #[doc = "                              (\\c PSA_ALG_XXX value such that"]
-    #[doc = "                              #PSA_ALG_IS_CIPHER(\\p alg) is true)."]
-    #[doc = " \\param[in] input             Buffer containing the message to decrypt."]
-    #[doc = "                              This consists of the IV followed by the"]
-    #[doc = "                              ciphertext proper."]
-    #[doc = " \\param input_length          Size of the \\p input buffer in bytes."]
-    #[doc = " \\param[out] output           Buffer where the plaintext is to be written."]
-    #[doc = " \\param output_size           Size of the \\p output buffer in bytes."]
-    #[doc = " \\param[out] output_length    On success, the number of bytes"]
-    #[doc = "                              that make up the output."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_HANDLE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_NOT_PERMITTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT"]
-    #[doc = "         \\p key is not compatible with \\p alg."]
-    #[doc = " \\retval #PSA_ERROR_NOT_SUPPORTED"]
-    #[doc = "         \\p alg is not supported or is not a cipher algorithm."]
-    #[doc = " \\retval #PSA_ERROR_BUFFER_TOO_SMALL \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_cipher_decrypt(
-        key: mbedtls_svc_key_id_t,
-        alg: psa_algorithm_t,
-        input: *const u8,
-        input_length: size_t,
-        output: *mut u8,
-        output_size: size_t,
-        output_length: *mut size_t,
-    ) -> psa_status_t;
-}
-#[doc = " The type of the state data structure for multipart cipher operations."]
-#[doc = ""]
-#[doc = " Before calling any function on a cipher operation object, the application"]
-#[doc = " must initialize it by any of the following means:"]
-#[doc = " - Set the structure to all-bits-zero, for example:"]
-#[doc = "   \\code"]
-#[doc = "   psa_cipher_operation_t operation;"]
-#[doc = "   memset(&operation, 0, sizeof(operation));"]
-#[doc = "   \\endcode"]
-#[doc = " - Initialize the structure to logical zero values, for example:"]
-#[doc = "   \\code"]
-#[doc = "   psa_cipher_operation_t operation = {0};"]
-#[doc = "   \\endcode"]
-#[doc = " - Initialize the structure to the initializer #PSA_CIPHER_OPERATION_INIT,"]
-#[doc = "   for example:"]
-#[doc = "   \\code"]
-#[doc = "   psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;"]
-#[doc = "   \\endcode"]
-#[doc = " - Assign the result of the function psa_cipher_operation_init()"]
-#[doc = "   to the structure, for example:"]
-#[doc = "   \\code"]
-#[doc = "   psa_cipher_operation_t operation;"]
-#[doc = "   operation = psa_cipher_operation_init();"]
-#[doc = "   \\endcode"]
-#[doc = ""]
-#[doc = " This is an implementation-defined \\c struct. Applications should not"]
-#[doc = " make any assumptions about the content of this structure."]
-#[doc = " Implementation details can change in future versions without notice."]
-pub type psa_cipher_operation_t = psa_cipher_operation_s;
-extern "C" {
-    #[doc = " Set the key for a multipart symmetric encryption operation."]
-    #[doc = ""]
-    #[doc = " The sequence of operations to encrypt a message with a symmetric cipher"]
-    #[doc = " is as follows:"]
-    #[doc = " -# Allocate an operation object which will be passed to all the functions"]
-    #[doc = "    listed here."]
-    #[doc = " -# Initialize the operation object with one of the methods described in the"]
-    #[doc = "    documentation for #psa_cipher_operation_t, e.g."]
-    #[doc = "    #PSA_CIPHER_OPERATION_INIT."]
-    #[doc = " -# Call psa_cipher_encrypt_setup() to specify the algorithm and key."]
-    #[doc = " -# Call either psa_cipher_generate_iv() or psa_cipher_set_iv() to"]
-    #[doc = "    generate or set the IV (initialization vector). You should use"]
-    #[doc = "    psa_cipher_generate_iv() unless the protocol you are implementing"]
-    #[doc = "    requires a specific IV value."]
-    #[doc = " -# Call psa_cipher_update() zero, one or more times, passing a fragment"]
-    #[doc = "    of the message each time."]
-    #[doc = " -# Call psa_cipher_finish()."]
-    #[doc = ""]
-    #[doc = " If an error occurs at any step after a call to psa_cipher_encrypt_setup(),"]
-    #[doc = " the operation will need to be reset by a call to psa_cipher_abort(). The"]
-    #[doc = " application may call psa_cipher_abort() at any time after the operation"]
-    #[doc = " has been initialized."]
-    #[doc = ""]
-    #[doc = " After a successful call to psa_cipher_encrypt_setup(), the application must"]
-    #[doc = " eventually terminate the operation. The following events terminate an"]
-    #[doc = " operation:"]
-    #[doc = " - A successful call to psa_cipher_finish()."]
-    #[doc = " - A call to psa_cipher_abort()."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation     The operation object to set up. It must have"]
-    #[doc = "                              been initialized as per the documentation for"]
-    #[doc = "                              #psa_cipher_operation_t and not yet in use."]
-    #[doc = " \\param key                   Identifier of the key to use for the operation."]
-    #[doc = "                              It must remain valid until the operation"]
-    #[doc = "                              terminates. It must allow the usage"]
-    #[doc = "                              #PSA_KEY_USAGE_ENCRYPT."]
-    #[doc = " \\param alg                   The cipher algorithm to compute"]
-    #[doc = "                              (\\c PSA_ALG_XXX value such that"]
-    #[doc = "                              #PSA_ALG_IS_CIPHER(\\p alg) is true)."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_HANDLE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_NOT_PERMITTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT"]
-    #[doc = "         \\p key is not compatible with \\p alg."]
-    #[doc = " \\retval #PSA_ERROR_NOT_SUPPORTED"]
-    #[doc = "         \\p alg is not supported or is not a cipher algorithm."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The operation state is not valid (it must be inactive), or"]
-    #[doc = "         the library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_cipher_encrypt_setup(
-        operation: *mut psa_cipher_operation_t,
-        key: mbedtls_svc_key_id_t,
-        alg: psa_algorithm_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Set the key for a multipart symmetric decryption operation."]
-    #[doc = ""]
-    #[doc = " The sequence of operations to decrypt a message with a symmetric cipher"]
-    #[doc = " is as follows:"]
-    #[doc = " -# Allocate an operation object which will be passed to all the functions"]
-    #[doc = "    listed here."]
-    #[doc = " -# Initialize the operation object with one of the methods described in the"]
-    #[doc = "    documentation for #psa_cipher_operation_t, e.g."]
-    #[doc = "    #PSA_CIPHER_OPERATION_INIT."]
-    #[doc = " -# Call psa_cipher_decrypt_setup() to specify the algorithm and key."]
-    #[doc = " -# Call psa_cipher_set_iv() with the IV (initialization vector) for the"]
-    #[doc = "    decryption. If the IV is prepended to the ciphertext, you can call"]
-    #[doc = "    psa_cipher_update() on a buffer containing the IV followed by the"]
-    #[doc = "    beginning of the message."]
-    #[doc = " -# Call psa_cipher_update() zero, one or more times, passing a fragment"]
-    #[doc = "    of the message each time."]
-    #[doc = " -# Call psa_cipher_finish()."]
-    #[doc = ""]
-    #[doc = " If an error occurs at any step after a call to psa_cipher_decrypt_setup(),"]
-    #[doc = " the operation will need to be reset by a call to psa_cipher_abort(). The"]
-    #[doc = " application may call psa_cipher_abort() at any time after the operation"]
-    #[doc = " has been initialized."]
-    #[doc = ""]
-    #[doc = " After a successful call to psa_cipher_decrypt_setup(), the application must"]
-    #[doc = " eventually terminate the operation. The following events terminate an"]
-    #[doc = " operation:"]
-    #[doc = " - A successful call to psa_cipher_finish()."]
-    #[doc = " - A call to psa_cipher_abort()."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation     The operation object to set up. It must have"]
-    #[doc = "                              been initialized as per the documentation for"]
-    #[doc = "                              #psa_cipher_operation_t and not yet in use."]
-    #[doc = " \\param key                   Identifier of the key to use for the operation."]
-    #[doc = "                              It must remain valid until the operation"]
-    #[doc = "                              terminates. It must allow the usage"]
-    #[doc = "                              #PSA_KEY_USAGE_DECRYPT."]
-    #[doc = " \\param alg                   The cipher algorithm to compute"]
-    #[doc = "                              (\\c PSA_ALG_XXX value such that"]
-    #[doc = "                              #PSA_ALG_IS_CIPHER(\\p alg) is true)."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_HANDLE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_NOT_PERMITTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT"]
-    #[doc = "         \\p key is not compatible with \\p alg."]
-    #[doc = " \\retval #PSA_ERROR_NOT_SUPPORTED"]
-    #[doc = "         \\p alg is not supported or is not a cipher algorithm."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The operation state is not valid (it must be inactive), or"]
-    #[doc = "         the library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_cipher_decrypt_setup(
-        operation: *mut psa_cipher_operation_t,
-        key: mbedtls_svc_key_id_t,
-        alg: psa_algorithm_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Generate an IV for a symmetric encryption operation."]
-    #[doc = ""]
-    #[doc = " This function generates a random IV (initialization vector), nonce"]
-    #[doc = " or initial counter value for the encryption operation as appropriate"]
-    #[doc = " for the chosen algorithm, key type and key size."]
-    #[doc = ""]
-    #[doc = " The application must call psa_cipher_encrypt_setup() before"]
-    #[doc = " calling this function."]
-    #[doc = ""]
-    #[doc = " If this function returns an error status, the operation enters an error"]
-    #[doc = " state and must be aborted by calling psa_cipher_abort()."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation     Active cipher operation."]
-    #[doc = " \\param[out] iv               Buffer where the generated IV is to be written."]
-    #[doc = " \\param iv_size               Size of the \\p iv buffer in bytes."]
-    #[doc = " \\param[out] iv_length        On success, the number of bytes of the"]
-    #[doc = "                              generated IV."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_BUFFER_TOO_SMALL"]
-    #[doc = "         The size of the \\p iv buffer is too small."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The operation state is not valid (it must be active, with no IV set),"]
-    #[doc = "         or the library has not been previously initialized"]
-    #[doc = "         by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_cipher_generate_iv(
-        operation: *mut psa_cipher_operation_t,
-        iv: *mut u8,
-        iv_size: size_t,
-        iv_length: *mut size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Set the IV for a symmetric encryption or decryption operation."]
-    #[doc = ""]
-    #[doc = " This function sets the IV (initialization vector), nonce"]
-    #[doc = " or initial counter value for the encryption or decryption operation."]
-    #[doc = ""]
-    #[doc = " The application must call psa_cipher_encrypt_setup() before"]
-    #[doc = " calling this function."]
-    #[doc = ""]
-    #[doc = " If this function returns an error status, the operation enters an error"]
-    #[doc = " state and must be aborted by calling psa_cipher_abort()."]
-    #[doc = ""]
-    #[doc = " \\note When encrypting, applications should use psa_cipher_generate_iv()"]
-    #[doc = " instead of this function, unless implementing a protocol that requires"]
-    #[doc = " a non-random IV."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation     Active cipher operation."]
-    #[doc = " \\param[in] iv                Buffer containing the IV to use."]
-    #[doc = " \\param iv_length             Size of the IV in bytes."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT"]
-    #[doc = "         The size of \\p iv is not acceptable for the chosen algorithm,"]
-    #[doc = "         or the chosen algorithm does not use an IV."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The operation state is not valid (it must be an active cipher"]
-    #[doc = "         encrypt operation, with no IV set), or the library has not been"]
-    #[doc = "         previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_cipher_set_iv(
-        operation: *mut psa_cipher_operation_t,
-        iv: *const u8,
-        iv_length: size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Encrypt or decrypt a message fragment in an active cipher operation."]
-    #[doc = ""]
-    #[doc = " Before calling this function, you must:"]
-    #[doc = " 1. Call either psa_cipher_encrypt_setup() or psa_cipher_decrypt_setup()."]
-    #[doc = "    The choice of setup function determines whether this function"]
-    #[doc = "    encrypts or decrypts its input."]
-    #[doc = " 2. If the algorithm requires an IV, call psa_cipher_generate_iv()"]
-    #[doc = "    (recommended when encrypting) or psa_cipher_set_iv()."]
-    #[doc = ""]
-    #[doc = " If this function returns an error status, the operation enters an error"]
-    #[doc = " state and must be aborted by calling psa_cipher_abort()."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation     Active cipher operation."]
-    #[doc = " \\param[in] input             Buffer containing the message fragment to"]
-    #[doc = "                              encrypt or decrypt."]
-    #[doc = " \\param input_length          Size of the \\p input buffer in bytes."]
-    #[doc = " \\param[out] output           Buffer where the output is to be written."]
-    #[doc = " \\param output_size           Size of the \\p output buffer in bytes."]
-    #[doc = " \\param[out] output_length    On success, the number of bytes"]
-    #[doc = "                              that make up the returned output."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_BUFFER_TOO_SMALL"]
-    #[doc = "         The size of the \\p output buffer is too small."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The operation state is not valid (it must be active, with an IV set"]
-    #[doc = "         if required for the algorithm), or the library has not been"]
-    #[doc = "         previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_cipher_update(
-        operation: *mut psa_cipher_operation_t,
-        input: *const u8,
-        input_length: size_t,
-        output: *mut u8,
-        output_size: size_t,
-        output_length: *mut size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Finish encrypting or decrypting a message in a cipher operation."]
-    #[doc = ""]
-    #[doc = " The application must call psa_cipher_encrypt_setup() or"]
-    #[doc = " psa_cipher_decrypt_setup() before calling this function. The choice"]
-    #[doc = " of setup function determines whether this function encrypts or"]
-    #[doc = " decrypts its input."]
-    #[doc = ""]
-    #[doc = " This function finishes the encryption or decryption of the message"]
-    #[doc = " formed by concatenating the inputs passed to preceding calls to"]
-    #[doc = " psa_cipher_update()."]
-    #[doc = ""]
-    #[doc = " When this function returns successfully, the operation becomes inactive."]
-    #[doc = " If this function returns an error status, the operation enters an error"]
-    #[doc = " state and must be aborted by calling psa_cipher_abort()."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation     Active cipher operation."]
-    #[doc = " \\param[out] output           Buffer where the output is to be written."]
-    #[doc = " \\param output_size           Size of the \\p output buffer in bytes."]
-    #[doc = " \\param[out] output_length    On success, the number of bytes"]
-    #[doc = "                              that make up the returned output."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT"]
-    #[doc = "         The total input size passed to this operation is not valid for"]
-    #[doc = "         this particular algorithm. For example, the algorithm is a based"]
-    #[doc = "         on block cipher and requires a whole number of blocks, but the"]
-    #[doc = "         total input size is not a multiple of the block size."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_PADDING"]
-    #[doc = "         This is a decryption operation for an algorithm that includes"]
-    #[doc = "         padding, and the ciphertext does not contain valid padding."]
-    #[doc = " \\retval #PSA_ERROR_BUFFER_TOO_SMALL"]
-    #[doc = "         The size of the \\p output buffer is too small."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The operation state is not valid (it must be active, with an IV set"]
-    #[doc = "         if required for the algorithm), or the library has not been"]
-    #[doc = "         previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_cipher_finish(
-        operation: *mut psa_cipher_operation_t,
-        output: *mut u8,
-        output_size: size_t,
-        output_length: *mut size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Abort a cipher operation."]
-    #[doc = ""]
-    #[doc = " Aborting an operation frees all associated resources except for the"]
-    #[doc = " \\p operation structure itself. Once aborted, the operation object"]
-    #[doc = " can be reused for another operation by calling"]
-    #[doc = " psa_cipher_encrypt_setup() or psa_cipher_decrypt_setup() again."]
-    #[doc = ""]
-    #[doc = " You may call this function any time after the operation object has"]
-    #[doc = " been initialized as described in #psa_cipher_operation_t."]
-    #[doc = ""]
-    #[doc = " In particular, calling psa_cipher_abort() after the operation has been"]
-    #[doc = " terminated by a call to psa_cipher_abort() or psa_cipher_finish()"]
-    #[doc = " is safe and has no effect."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation     Initialized cipher operation."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_cipher_abort(operation: *mut psa_cipher_operation_t) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Process an authenticated encryption operation."]
-    #[doc = ""]
-    #[doc = " \\param key                     Identifier of the key to use for the"]
-    #[doc = "                                operation. It must allow the usage"]
-    #[doc = "                                #PSA_KEY_USAGE_ENCRYPT."]
-    #[doc = " \\param alg                     The AEAD algorithm to compute"]
-    #[doc = "                                (\\c PSA_ALG_XXX value such that"]
-    #[doc = "                                #PSA_ALG_IS_AEAD(\\p alg) is true)."]
-    #[doc = " \\param[in] nonce               Nonce or IV to use."]
-    #[doc = " \\param nonce_length            Size of the \\p nonce buffer in bytes."]
-    #[doc = " \\param[in] additional_data     Additional data that will be authenticated"]
-    #[doc = "                                but not encrypted."]
-    #[doc = " \\param additional_data_length  Size of \\p additional_data in bytes."]
-    #[doc = " \\param[in] plaintext           Data that will be authenticated and"]
-    #[doc = "                                encrypted."]
-    #[doc = " \\param plaintext_length        Size of \\p plaintext in bytes."]
-    #[doc = " \\param[out] ciphertext         Output buffer for the authenticated and"]
-    #[doc = "                                encrypted data. The additional data is not"]
-    #[doc = "                                part of this output. For algorithms where the"]
-    #[doc = "                                encrypted data and the authentication tag"]
-    #[doc = "                                are defined as separate outputs, the"]
-    #[doc = "                                authentication tag is appended to the"]
-    #[doc = "                                encrypted data."]
-    #[doc = " \\param ciphertext_size         Size of the \\p ciphertext buffer in bytes."]
-    #[doc = "                                This must be appropriate for the selected"]
-    #[doc = "                                algorithm and key:"]
-    #[doc = "                                - A sufficient output size is"]
-    #[doc = "                                  #PSA_AEAD_ENCRYPT_OUTPUT_SIZE(\\c key_type,"]
-    #[doc = "                                  \\p alg, \\p plaintext_length) where"]
-    #[doc = "                                  \\c key_type is the type of \\p key."]
-    #[doc = "                                - #PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(\\p"]
-    #[doc = "                                  plaintext_length) evaluates to the maximum"]
-    #[doc = "                                  ciphertext size of any supported AEAD"]
-    #[doc = "                                  encryption."]
-    #[doc = " \\param[out] ciphertext_length  On success, the size of the output"]
-    #[doc = "                                in the \\p ciphertext buffer."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_HANDLE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_NOT_PERMITTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT"]
-    #[doc = "         \\p key is not compatible with \\p alg."]
-    #[doc = " \\retval #PSA_ERROR_NOT_SUPPORTED"]
-    #[doc = "         \\p alg is not supported or is not an AEAD algorithm."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BUFFER_TOO_SMALL"]
-    #[doc = "         \\p ciphertext_size is too small."]
-    #[doc = "         #PSA_AEAD_ENCRYPT_OUTPUT_SIZE(\\c key_type, \\p alg,"]
-    #[doc = "         \\p plaintext_length) or"]
-    #[doc = "         #PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(\\p plaintext_length) can be used to"]
-    #[doc = "         determine the required buffer size."]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_aead_encrypt(
-        key: mbedtls_svc_key_id_t,
-        alg: psa_algorithm_t,
-        nonce: *const u8,
-        nonce_length: size_t,
-        additional_data: *const u8,
-        additional_data_length: size_t,
-        plaintext: *const u8,
-        plaintext_length: size_t,
-        ciphertext: *mut u8,
-        ciphertext_size: size_t,
-        ciphertext_length: *mut size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Process an authenticated decryption operation."]
-    #[doc = ""]
-    #[doc = " \\param key                     Identifier of the key to use for the"]
-    #[doc = "                                operation. It must allow the usage"]
-    #[doc = "                                #PSA_KEY_USAGE_DECRYPT."]
-    #[doc = " \\param alg                     The AEAD algorithm to compute"]
-    #[doc = "                                (\\c PSA_ALG_XXX value such that"]
-    #[doc = "                                #PSA_ALG_IS_AEAD(\\p alg) is true)."]
-    #[doc = " \\param[in] nonce               Nonce or IV to use."]
-    #[doc = " \\param nonce_length            Size of the \\p nonce buffer in bytes."]
-    #[doc = " \\param[in] additional_data     Additional data that has been authenticated"]
-    #[doc = "                                but not encrypted."]
-    #[doc = " \\param additional_data_length  Size of \\p additional_data in bytes."]
-    #[doc = " \\param[in] ciphertext          Data that has been authenticated and"]
-    #[doc = "                                encrypted. For algorithms where the"]
-    #[doc = "                                encrypted data and the authentication tag"]
-    #[doc = "                                are defined as separate inputs, the buffer"]
-    #[doc = "                                must contain the encrypted data followed"]
-    #[doc = "                                by the authentication tag."]
-    #[doc = " \\param ciphertext_length       Size of \\p ciphertext in bytes."]
-    #[doc = " \\param[out] plaintext          Output buffer for the decrypted data."]
-    #[doc = " \\param plaintext_size          Size of the \\p plaintext buffer in bytes."]
-    #[doc = "                                This must be appropriate for the selected"]
-    #[doc = "                                algorithm and key:"]
-    #[doc = "                                - A sufficient output size is"]
-    #[doc = "                                  #PSA_AEAD_DECRYPT_OUTPUT_SIZE(\\c key_type,"]
-    #[doc = "                                  \\p alg, \\p ciphertext_length) where"]
-    #[doc = "                                  \\c key_type is the type of \\p key."]
-    #[doc = "                                - #PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(\\p"]
-    #[doc = "                                  ciphertext_length) evaluates to the maximum"]
-    #[doc = "                                  plaintext size of any supported AEAD"]
-    #[doc = "                                  decryption."]
-    #[doc = " \\param[out] plaintext_length   On success, the size of the output"]
-    #[doc = "                                in the \\p plaintext buffer."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_HANDLE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INVALID_SIGNATURE"]
-    #[doc = "         The ciphertext is not authentic."]
-    #[doc = " \\retval #PSA_ERROR_NOT_PERMITTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT"]
-    #[doc = "         \\p key is not compatible with \\p alg."]
-    #[doc = " \\retval #PSA_ERROR_NOT_SUPPORTED"]
-    #[doc = "         \\p alg is not supported or is not an AEAD algorithm."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BUFFER_TOO_SMALL"]
-    #[doc = "         \\p plaintext_size is too small."]
-    #[doc = "         #PSA_AEAD_DECRYPT_OUTPUT_SIZE(\\c key_type, \\p alg,"]
-    #[doc = "         \\p ciphertext_length) or"]
-    #[doc = "         #PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(\\p ciphertext_length) can be used"]
-    #[doc = "         to determine the required buffer size."]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_aead_decrypt(
-        key: mbedtls_svc_key_id_t,
-        alg: psa_algorithm_t,
-        nonce: *const u8,
-        nonce_length: size_t,
-        additional_data: *const u8,
-        additional_data_length: size_t,
-        ciphertext: *const u8,
-        ciphertext_length: size_t,
-        plaintext: *mut u8,
-        plaintext_size: size_t,
-        plaintext_length: *mut size_t,
-    ) -> psa_status_t;
-}
-#[doc = " The type of the state data structure for multipart AEAD operations."]
-#[doc = ""]
-#[doc = " Before calling any function on an AEAD operation object, the application"]
-#[doc = " must initialize it by any of the following means:"]
-#[doc = " - Set the structure to all-bits-zero, for example:"]
-#[doc = "   \\code"]
-#[doc = "   psa_aead_operation_t operation;"]
-#[doc = "   memset(&operation, 0, sizeof(operation));"]
-#[doc = "   \\endcode"]
-#[doc = " - Initialize the structure to logical zero values, for example:"]
-#[doc = "   \\code"]
-#[doc = "   psa_aead_operation_t operation = {0};"]
-#[doc = "   \\endcode"]
-#[doc = " - Initialize the structure to the initializer #PSA_AEAD_OPERATION_INIT,"]
-#[doc = "   for example:"]
-#[doc = "   \\code"]
-#[doc = "   psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;"]
-#[doc = "   \\endcode"]
-#[doc = " - Assign the result of the function psa_aead_operation_init()"]
-#[doc = "   to the structure, for example:"]
-#[doc = "   \\code"]
-#[doc = "   psa_aead_operation_t operation;"]
-#[doc = "   operation = psa_aead_operation_init();"]
-#[doc = "   \\endcode"]
-#[doc = ""]
-#[doc = " This is an implementation-defined \\c struct. Applications should not"]
-#[doc = " make any assumptions about the content of this structure."]
-#[doc = " Implementation details can change in future versions without notice."]
-pub type psa_aead_operation_t = psa_aead_operation_s;
-extern "C" {
-    #[doc = " Set the key for a multipart authenticated encryption operation."]
-    #[doc = ""]
-    #[doc = " The sequence of operations to encrypt a message with authentication"]
-    #[doc = " is as follows:"]
-    #[doc = " -# Allocate an operation object which will be passed to all the functions"]
-    #[doc = "    listed here."]
-    #[doc = " -# Initialize the operation object with one of the methods described in the"]
-    #[doc = "    documentation for #psa_aead_operation_t, e.g."]
-    #[doc = "    #PSA_AEAD_OPERATION_INIT."]
-    #[doc = " -# Call psa_aead_encrypt_setup() to specify the algorithm and key."]
-    #[doc = " -# If needed, call psa_aead_set_lengths() to specify the length of the"]
-    #[doc = "    inputs to the subsequent calls to psa_aead_update_ad() and"]
-    #[doc = "    psa_aead_update(). See the documentation of psa_aead_set_lengths()"]
-    #[doc = "    for details."]
-    #[doc = " -# Call either psa_aead_generate_nonce() or psa_aead_set_nonce() to"]
-    #[doc = "    generate or set the nonce. You should use"]
-    #[doc = "    psa_aead_generate_nonce() unless the protocol you are implementing"]
-    #[doc = "    requires a specific nonce value."]
-    #[doc = " -# Call psa_aead_update_ad() zero, one or more times, passing a fragment"]
-    #[doc = "    of the non-encrypted additional authenticated data each time."]
-    #[doc = " -# Call psa_aead_update() zero, one or more times, passing a fragment"]
-    #[doc = "    of the message to encrypt each time."]
-    #[doc = " -# Call psa_aead_finish()."]
-    #[doc = ""]
-    #[doc = " If an error occurs at any step after a call to psa_aead_encrypt_setup(),"]
-    #[doc = " the operation will need to be reset by a call to psa_aead_abort(). The"]
-    #[doc = " application may call psa_aead_abort() at any time after the operation"]
-    #[doc = " has been initialized."]
-    #[doc = ""]
-    #[doc = " After a successful call to psa_aead_encrypt_setup(), the application must"]
-    #[doc = " eventually terminate the operation. The following events terminate an"]
-    #[doc = " operation:"]
-    #[doc = " - A successful call to psa_aead_finish()."]
-    #[doc = " - A call to psa_aead_abort()."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation     The operation object to set up. It must have"]
-    #[doc = "                              been initialized as per the documentation for"]
-    #[doc = "                              #psa_aead_operation_t and not yet in use."]
-    #[doc = " \\param key                   Identifier of the key to use for the operation."]
-    #[doc = "                              It must remain valid until the operation"]
-    #[doc = "                              terminates. It must allow the usage"]
-    #[doc = "                              #PSA_KEY_USAGE_ENCRYPT."]
-    #[doc = " \\param alg                   The AEAD algorithm to compute"]
-    #[doc = "                              (\\c PSA_ALG_XXX value such that"]
-    #[doc = "                              #PSA_ALG_IS_AEAD(\\p alg) is true)."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The operation state is not valid (it must be inactive), or"]
-    #[doc = "         the library has not been previously initialized by psa_crypto_init()."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_HANDLE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_NOT_PERMITTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT"]
-    #[doc = "         \\p key is not compatible with \\p alg."]
-    #[doc = " \\retval #PSA_ERROR_NOT_SUPPORTED"]
-    #[doc = "         \\p alg is not supported or is not an AEAD algorithm."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE"]
-    #[doc = "         The library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_aead_encrypt_setup(
-        operation: *mut psa_aead_operation_t,
-        key: mbedtls_svc_key_id_t,
-        alg: psa_algorithm_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Set the key for a multipart authenticated decryption operation."]
-    #[doc = ""]
-    #[doc = " The sequence of operations to decrypt a message with authentication"]
-    #[doc = " is as follows:"]
-    #[doc = " -# Allocate an operation object which will be passed to all the functions"]
-    #[doc = "    listed here."]
-    #[doc = " -# Initialize the operation object with one of the methods described in the"]
-    #[doc = "    documentation for #psa_aead_operation_t, e.g."]
-    #[doc = "    #PSA_AEAD_OPERATION_INIT."]
-    #[doc = " -# Call psa_aead_decrypt_setup() to specify the algorithm and key."]
-    #[doc = " -# If needed, call psa_aead_set_lengths() to specify the length of the"]
-    #[doc = "    inputs to the subsequent calls to psa_aead_update_ad() and"]
-    #[doc = "    psa_aead_update(). See the documentation of psa_aead_set_lengths()"]
-    #[doc = "    for details."]
-    #[doc = " -# Call psa_aead_set_nonce() with the nonce for the decryption."]
-    #[doc = " -# Call psa_aead_update_ad() zero, one or more times, passing a fragment"]
-    #[doc = "    of the non-encrypted additional authenticated data each time."]
-    #[doc = " -# Call psa_aead_update() zero, one or more times, passing a fragment"]
-    #[doc = "    of the ciphertext to decrypt each time."]
-    #[doc = " -# Call psa_aead_verify()."]
-    #[doc = ""]
-    #[doc = " If an error occurs at any step after a call to psa_aead_decrypt_setup(),"]
-    #[doc = " the operation will need to be reset by a call to psa_aead_abort(). The"]
-    #[doc = " application may call psa_aead_abort() at any time after the operation"]
-    #[doc = " has been initialized."]
-    #[doc = ""]
-    #[doc = " After a successful call to psa_aead_decrypt_setup(), the application must"]
-    #[doc = " eventually terminate the operation. The following events terminate an"]
-    #[doc = " operation:"]
-    #[doc = " - A successful call to psa_aead_verify()."]
-    #[doc = " - A call to psa_aead_abort()."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation     The operation object to set up. It must have"]
-    #[doc = "                              been initialized as per the documentation for"]
-    #[doc = "                              #psa_aead_operation_t and not yet in use."]
-    #[doc = " \\param key                   Identifier of the key to use for the operation."]
-    #[doc = "                              It must remain valid until the operation"]
-    #[doc = "                              terminates. It must allow the usage"]
-    #[doc = "                              #PSA_KEY_USAGE_DECRYPT."]
-    #[doc = " \\param alg                   The AEAD algorithm to compute"]
-    #[doc = "                              (\\c PSA_ALG_XXX value such that"]
-    #[doc = "                              #PSA_ALG_IS_AEAD(\\p alg) is true)."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_HANDLE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_NOT_PERMITTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT"]
-    #[doc = "         \\p key is not compatible with \\p alg."]
-    #[doc = " \\retval #PSA_ERROR_NOT_SUPPORTED"]
-    #[doc = "         \\p alg is not supported or is not an AEAD algorithm."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The operation state is not valid (it must be inactive), or the"]
-    #[doc = "         library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_aead_decrypt_setup(
-        operation: *mut psa_aead_operation_t,
-        key: mbedtls_svc_key_id_t,
-        alg: psa_algorithm_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Generate a random nonce for an authenticated encryption operation."]
-    #[doc = ""]
-    #[doc = " This function generates a random nonce for the authenticated encryption"]
-    #[doc = " operation with an appropriate size for the chosen algorithm, key type"]
-    #[doc = " and key size."]
-    #[doc = ""]
-    #[doc = " The application must call psa_aead_encrypt_setup() before"]
-    #[doc = " calling this function."]
-    #[doc = ""]
-    #[doc = " If this function returns an error status, the operation enters an error"]
-    #[doc = " state and must be aborted by calling psa_aead_abort()."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation     Active AEAD operation."]
-    #[doc = " \\param[out] nonce            Buffer where the generated nonce is to be"]
-    #[doc = "                              written."]
-    #[doc = " \\param nonce_size            Size of the \\p nonce buffer in bytes."]
-    #[doc = " \\param[out] nonce_length     On success, the number of bytes of the"]
-    #[doc = "                              generated nonce."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_BUFFER_TOO_SMALL"]
-    #[doc = "         The size of the \\p nonce buffer is too small."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The operation state is not valid (it must be an active aead encrypt"]
-    #[doc = "         operation, with no nonce set), or the library has not been"]
-    #[doc = "         previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_aead_generate_nonce(
-        operation: *mut psa_aead_operation_t,
-        nonce: *mut u8,
-        nonce_size: size_t,
-        nonce_length: *mut size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Set the nonce for an authenticated encryption or decryption operation."]
-    #[doc = ""]
-    #[doc = " This function sets the nonce for the authenticated"]
-    #[doc = " encryption or decryption operation."]
-    #[doc = ""]
-    #[doc = " The application must call psa_aead_encrypt_setup() or"]
-    #[doc = " psa_aead_decrypt_setup() before calling this function."]
-    #[doc = ""]
-    #[doc = " If this function returns an error status, the operation enters an error"]
-    #[doc = " state and must be aborted by calling psa_aead_abort()."]
-    #[doc = ""]
-    #[doc = " \\note When encrypting, applications should use psa_aead_generate_nonce()"]
-    #[doc = " instead of this function, unless implementing a protocol that requires"]
-    #[doc = " a non-random IV."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation     Active AEAD operation."]
-    #[doc = " \\param[in] nonce             Buffer containing the nonce to use."]
-    #[doc = " \\param nonce_length          Size of the nonce in bytes."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT"]
-    #[doc = "         The size of \\p nonce is not acceptable for the chosen algorithm."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The operation state is not valid (it must be active, with no nonce"]
-    #[doc = "         set), or the library has not been previously initialized"]
-    #[doc = "         by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_aead_set_nonce(
-        operation: *mut psa_aead_operation_t,
-        nonce: *const u8,
-        nonce_length: size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Declare the lengths of the message and additional data for AEAD."]
-    #[doc = ""]
-    #[doc = " The application must call this function before calling"]
-    #[doc = " psa_aead_update_ad() or psa_aead_update() if the algorithm for"]
-    #[doc = " the operation requires it. If the algorithm does not require it,"]
-    #[doc = " calling this function is optional, but if this function is called"]
-    #[doc = " then the implementation must enforce the lengths."]
-    #[doc = ""]
-    #[doc = " You may call this function before or after setting the nonce with"]
-    #[doc = " psa_aead_set_nonce() or psa_aead_generate_nonce()."]
-    #[doc = ""]
-    #[doc = " - For #PSA_ALG_CCM, calling this function is required."]
-    #[doc = " - For the other AEAD algorithms defined in this specification, calling"]
-    #[doc = "   this function is not required."]
-    #[doc = " - For vendor-defined algorithm, refer to the vendor documentation."]
-    #[doc = ""]
-    #[doc = " If this function returns an error status, the operation enters an error"]
-    #[doc = " state and must be aborted by calling psa_aead_abort()."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation     Active AEAD operation."]
-    #[doc = " \\param ad_length             Size of the non-encrypted additional"]
-    #[doc = "                              authenticated data in bytes."]
-    #[doc = " \\param plaintext_length      Size of the plaintext to encrypt in bytes."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT"]
-    #[doc = "         At least one of the lengths is not acceptable for the chosen"]
-    #[doc = "         algorithm."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The operation state is not valid (it must be active, and"]
-    #[doc = "         psa_aead_update_ad() and psa_aead_update() must not have been"]
-    #[doc = "         called yet), or the library has not been previously initialized"]
-    #[doc = "         by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_aead_set_lengths(
-        operation: *mut psa_aead_operation_t,
-        ad_length: size_t,
-        plaintext_length: size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Pass additional data to an active AEAD operation."]
-    #[doc = ""]
-    #[doc = " Additional data is authenticated, but not encrypted."]
-    #[doc = ""]
-    #[doc = " You may call this function multiple times to pass successive fragments"]
-    #[doc = " of the additional data. You may not call this function after passing"]
-    #[doc = " data to encrypt or decrypt with psa_aead_update()."]
-    #[doc = ""]
-    #[doc = " Before calling this function, you must:"]
-    #[doc = " 1. Call either psa_aead_encrypt_setup() or psa_aead_decrypt_setup()."]
-    #[doc = " 2. Set the nonce with psa_aead_generate_nonce() or psa_aead_set_nonce()."]
-    #[doc = ""]
-    #[doc = " If this function returns an error status, the operation enters an error"]
-    #[doc = " state and must be aborted by calling psa_aead_abort()."]
-    #[doc = ""]
-    #[doc = " \\warning When decrypting, until psa_aead_verify() has returned #PSA_SUCCESS,"]
-    #[doc = "          there is no guarantee that the input is valid. Therefore, until"]
-    #[doc = "          you have called psa_aead_verify() and it has returned #PSA_SUCCESS,"]
-    #[doc = "          treat the input as untrusted and prepare to undo any action that"]
-    #[doc = "          depends on the input if psa_aead_verify() returns an error status."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation     Active AEAD operation."]
-    #[doc = " \\param[in] input             Buffer containing the fragment of"]
-    #[doc = "                              additional data."]
-    #[doc = " \\param input_length          Size of the \\p input buffer in bytes."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT"]
-    #[doc = "         The total input length overflows the additional data length that"]
-    #[doc = "         was previously specified with psa_aead_set_lengths()."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The operation state is not valid (it must be active, have a nonce"]
-    #[doc = "         set, have lengths set if required by the algorithm, and"]
-    #[doc = "         psa_aead_update() must not have been called yet), or the library"]
-    #[doc = "         has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_aead_update_ad(
-        operation: *mut psa_aead_operation_t,
-        input: *const u8,
-        input_length: size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Encrypt or decrypt a message fragment in an active AEAD operation."]
-    #[doc = ""]
-    #[doc = " Before calling this function, you must:"]
-    #[doc = " 1. Call either psa_aead_encrypt_setup() or psa_aead_decrypt_setup()."]
-    #[doc = "    The choice of setup function determines whether this function"]
-    #[doc = "    encrypts or decrypts its input."]
-    #[doc = " 2. Set the nonce with psa_aead_generate_nonce() or psa_aead_set_nonce()."]
-    #[doc = " 3. Call psa_aead_update_ad() to pass all the additional data."]
-    #[doc = ""]
-    #[doc = " If this function returns an error status, the operation enters an error"]
-    #[doc = " state and must be aborted by calling psa_aead_abort()."]
-    #[doc = ""]
-    #[doc = " \\warning When decrypting, until psa_aead_verify() has returned #PSA_SUCCESS,"]
-    #[doc = "          there is no guarantee that the input is valid. Therefore, until"]
-    #[doc = "          you have called psa_aead_verify() and it has returned #PSA_SUCCESS:"]
-    #[doc = "          - Do not use the output in any way other than storing it in a"]
-    #[doc = "            confidential location. If you take any action that depends"]
-    #[doc = "            on the tentative decrypted data, this action will need to be"]
-    #[doc = "            undone if the input turns out not to be valid. Furthermore,"]
-    #[doc = "            if an adversary can observe that this action took place"]
-    #[doc = "            (for example through timing), they may be able to use this"]
-    #[doc = "            fact as an oracle to decrypt any message encrypted with the"]
-    #[doc = "            same key."]
-    #[doc = "          - In particular, do not copy the output anywhere but to a"]
-    #[doc = "            memory or storage space that you have exclusive access to."]
-    #[doc = ""]
-    #[doc = " This function does not require the input to be aligned to any"]
-    #[doc = " particular block boundary. If the implementation can only process"]
-    #[doc = " a whole block at a time, it must consume all the input provided, but"]
-    #[doc = " it may delay the end of the corresponding output until a subsequent"]
-    #[doc = " call to psa_aead_update(), psa_aead_finish() or psa_aead_verify()"]
-    #[doc = " provides sufficient input. The amount of data that can be delayed"]
-    #[doc = " in this way is bounded by #PSA_AEAD_UPDATE_OUTPUT_SIZE."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation     Active AEAD operation."]
-    #[doc = " \\param[in] input             Buffer containing the message fragment to"]
-    #[doc = "                              encrypt or decrypt."]
-    #[doc = " \\param input_length          Size of the \\p input buffer in bytes."]
-    #[doc = " \\param[out] output           Buffer where the output is to be written."]
-    #[doc = " \\param output_size           Size of the \\p output buffer in bytes."]
-    #[doc = "                              This must be appropriate for the selected"]
-    #[doc = "                                algorithm and key:"]
-    #[doc = "                                - A sufficient output size is"]
-    #[doc = "                                  #PSA_AEAD_UPDATE_OUTPUT_SIZE(\\c key_type,"]
-    #[doc = "                                  \\c alg, \\p input_length) where"]
-    #[doc = "                                  \\c key_type is the type of key and \\c alg is"]
-    #[doc = "                                  the algorithm that were used to set up the"]
-    #[doc = "                                  operation."]
-    #[doc = "                                - #PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(\\p"]
-    #[doc = "                                  input_length) evaluates to the maximum"]
-    #[doc = "                                  output size of any supported AEAD"]
-    #[doc = "                                  algorithm."]
-    #[doc = " \\param[out] output_length    On success, the number of bytes"]
-    #[doc = "                              that make up the returned output."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_BUFFER_TOO_SMALL"]
-    #[doc = "         The size of the \\p output buffer is too small."]
-    #[doc = "         #PSA_AEAD_UPDATE_OUTPUT_SIZE(\\c key_type, \\c alg, \\p input_length) or"]
-    #[doc = "         #PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(\\p input_length) can be used to"]
-    #[doc = "         determine the required buffer size."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT"]
-    #[doc = "         The total length of input to psa_aead_update_ad() so far is"]
-    #[doc = "         less than the additional data length that was previously"]
-    #[doc = "         specified with psa_aead_set_lengths(), or"]
-    #[doc = "         the total input length overflows the plaintext length that"]
-    #[doc = "         was previously specified with psa_aead_set_lengths()."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The operation state is not valid (it must be active, have a nonce"]
-    #[doc = "         set, and have lengths set if required by the algorithm), or the"]
-    #[doc = "         library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_aead_update(
-        operation: *mut psa_aead_operation_t,
-        input: *const u8,
-        input_length: size_t,
-        output: *mut u8,
-        output_size: size_t,
-        output_length: *mut size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Finish encrypting a message in an AEAD operation."]
-    #[doc = ""]
-    #[doc = " The operation must have been set up with psa_aead_encrypt_setup()."]
-    #[doc = ""]
-    #[doc = " This function finishes the authentication of the additional data"]
-    #[doc = " formed by concatenating the inputs passed to preceding calls to"]
-    #[doc = " psa_aead_update_ad() with the plaintext formed by concatenating the"]
-    #[doc = " inputs passed to preceding calls to psa_aead_update()."]
-    #[doc = ""]
-    #[doc = " This function has two output buffers:"]
-    #[doc = " - \\p ciphertext contains trailing ciphertext that was buffered from"]
-    #[doc = "   preceding calls to psa_aead_update()."]
-    #[doc = " - \\p tag contains the authentication tag."]
-    #[doc = ""]
-    #[doc = " When this function returns successfully, the operation becomes inactive."]
-    #[doc = " If this function returns an error status, the operation enters an error"]
-    #[doc = " state and must be aborted by calling psa_aead_abort()."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation     Active AEAD operation."]
-    #[doc = " \\param[out] ciphertext       Buffer where the last part of the ciphertext"]
-    #[doc = "                              is to be written."]
-    #[doc = " \\param ciphertext_size       Size of the \\p ciphertext buffer in bytes."]
-    #[doc = "                              This must be appropriate for the selected"]
-    #[doc = "                              algorithm and key:"]
-    #[doc = "                              - A sufficient output size is"]
-    #[doc = "                                #PSA_AEAD_FINISH_OUTPUT_SIZE(\\c key_type,"]
-    #[doc = "                                \\c alg) where \\c key_type is the type of key"]
-    #[doc = "                                and \\c alg is the algorithm that were used to"]
-    #[doc = "                                set up the operation."]
-    #[doc = "                              - #PSA_AEAD_FINISH_OUTPUT_MAX_SIZE evaluates to"]
-    #[doc = "                                the maximum output size of any supported AEAD"]
-    #[doc = "                                algorithm."]
-    #[doc = " \\param[out] ciphertext_length On success, the number of bytes of"]
-    #[doc = "                              returned ciphertext."]
-    #[doc = " \\param[out] tag              Buffer where the authentication tag is"]
-    #[doc = "                              to be written."]
-    #[doc = " \\param tag_size              Size of the \\p tag buffer in bytes."]
-    #[doc = "                              This must be appropriate for the selected"]
-    #[doc = "                              algorithm and key:"]
-    #[doc = "                              - The exact tag size is #PSA_AEAD_TAG_LENGTH(\\c"]
-    #[doc = "                                key_type, \\c key_bits, \\c alg) where"]
-    #[doc = "                                \\c key_type and \\c key_bits are the type and"]
-    #[doc = "                                bit-size of the key, and \\c alg is the"]
-    #[doc = "                                algorithm that were used in the call to"]
-    #[doc = "                                psa_aead_encrypt_setup()."]
-    #[doc = "                              - #PSA_AEAD_TAG_MAX_SIZE evaluates to the"]
-    #[doc = "                                maximum tag size of any supported AEAD"]
-    #[doc = "                                algorithm."]
-    #[doc = " \\param[out] tag_length       On success, the number of bytes"]
-    #[doc = "                              that make up the returned tag."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_BUFFER_TOO_SMALL"]
-    #[doc = "         The size of the \\p ciphertext or \\p tag buffer is too small."]
-    #[doc = "         #PSA_AEAD_FINISH_OUTPUT_SIZE(\\c key_type, \\c alg) or"]
-    #[doc = "         #PSA_AEAD_FINISH_OUTPUT_MAX_SIZE can be used to determine the"]
-    #[doc = "         required \\p ciphertext buffer size. #PSA_AEAD_TAG_LENGTH(\\c key_type,"]
-    #[doc = "         \\c key_bits, \\c alg) or #PSA_AEAD_TAG_MAX_SIZE can be used to"]
-    #[doc = "         determine the required \\p tag buffer size."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT"]
-    #[doc = "         The total length of input to psa_aead_update_ad() so far is"]
-    #[doc = "         less than the additional data length that was previously"]
-    #[doc = "         specified with psa_aead_set_lengths(), or"]
-    #[doc = "         the total length of input to psa_aead_update() so far is"]
-    #[doc = "         less than the plaintext length that was previously"]
-    #[doc = "         specified with psa_aead_set_lengths()."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The operation state is not valid (it must be an active encryption"]
-    #[doc = "         operation with a nonce set), or the library has not been previously"]
-    #[doc = "         initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_aead_finish(
-        operation: *mut psa_aead_operation_t,
-        ciphertext: *mut u8,
-        ciphertext_size: size_t,
-        ciphertext_length: *mut size_t,
-        tag: *mut u8,
-        tag_size: size_t,
-        tag_length: *mut size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Finish authenticating and decrypting a message in an AEAD operation."]
-    #[doc = ""]
-    #[doc = " The operation must have been set up with psa_aead_decrypt_setup()."]
-    #[doc = ""]
-    #[doc = " This function finishes the authenticated decryption of the message"]
-    #[doc = " components:"]
-    #[doc = ""]
-    #[doc = " -  The additional data consisting of the concatenation of the inputs"]
-    #[doc = "    passed to preceding calls to psa_aead_update_ad()."]
-    #[doc = " -  The ciphertext consisting of the concatenation of the inputs passed to"]
-    #[doc = "    preceding calls to psa_aead_update()."]
-    #[doc = " -  The tag passed to this function call."]
-    #[doc = ""]
-    #[doc = " If the authentication tag is correct, this function outputs any remaining"]
-    #[doc = " plaintext and reports success. If the authentication tag is not correct,"]
-    #[doc = " this function returns #PSA_ERROR_INVALID_SIGNATURE."]
-    #[doc = ""]
-    #[doc = " When this function returns successfully, the operation becomes inactive."]
-    #[doc = " If this function returns an error status, the operation enters an error"]
-    #[doc = " state and must be aborted by calling psa_aead_abort()."]
-    #[doc = ""]
-    #[doc = " \\note Implementations shall make the best effort to ensure that the"]
-    #[doc = " comparison between the actual tag and the expected tag is performed"]
-    #[doc = " in constant time."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation     Active AEAD operation."]
-    #[doc = " \\param[out] plaintext        Buffer where the last part of the plaintext"]
-    #[doc = "                              is to be written. This is the remaining data"]
-    #[doc = "                              from previous calls to psa_aead_update()"]
-    #[doc = "                              that could not be processed until the end"]
-    #[doc = "                              of the input."]
-    #[doc = " \\param plaintext_size        Size of the \\p plaintext buffer in bytes."]
-    #[doc = "                              This must be appropriate for the selected algorithm and key:"]
-    #[doc = "                              - A sufficient output size is"]
-    #[doc = "                                #PSA_AEAD_VERIFY_OUTPUT_SIZE(\\c key_type,"]
-    #[doc = "                                \\c alg) where \\c key_type is the type of key"]
-    #[doc = "                                and \\c alg is the algorithm that were used to"]
-    #[doc = "                                set up the operation."]
-    #[doc = "                              - #PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE evaluates to"]
-    #[doc = "                                the maximum output size of any supported AEAD"]
-    #[doc = "                                algorithm."]
-    #[doc = " \\param[out] plaintext_length On success, the number of bytes of"]
-    #[doc = "                              returned plaintext."]
-    #[doc = " \\param[in] tag               Buffer containing the authentication tag."]
-    #[doc = " \\param tag_length            Size of the \\p tag buffer in bytes."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_SIGNATURE"]
-    #[doc = "         The calculations were successful, but the authentication tag is"]
-    #[doc = "         not correct."]
-    #[doc = " \\retval #PSA_ERROR_BUFFER_TOO_SMALL"]
-    #[doc = "         The size of the \\p plaintext buffer is too small."]
-    #[doc = "         #PSA_AEAD_VERIFY_OUTPUT_SIZE(\\c key_type, \\c alg) or"]
-    #[doc = "         #PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE can be used to determine the"]
-    #[doc = "         required buffer size."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT"]
-    #[doc = "         The total length of input to psa_aead_update_ad() so far is"]
-    #[doc = "         less than the additional data length that was previously"]
-    #[doc = "         specified with psa_aead_set_lengths(), or"]
-    #[doc = "         the total length of input to psa_aead_update() so far is"]
-    #[doc = "         less than the plaintext length that was previously"]
-    #[doc = "         specified with psa_aead_set_lengths()."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The operation state is not valid (it must be an active decryption"]
-    #[doc = "         operation with a nonce set), or the library has not been previously"]
-    #[doc = "         initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_aead_verify(
-        operation: *mut psa_aead_operation_t,
-        plaintext: *mut u8,
-        plaintext_size: size_t,
-        plaintext_length: *mut size_t,
-        tag: *const u8,
-        tag_length: size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Abort an AEAD operation."]
-    #[doc = ""]
-    #[doc = " Aborting an operation frees all associated resources except for the"]
-    #[doc = " \\p operation structure itself. Once aborted, the operation object"]
-    #[doc = " can be reused for another operation by calling"]
-    #[doc = " psa_aead_encrypt_setup() or psa_aead_decrypt_setup() again."]
-    #[doc = ""]
-    #[doc = " You may call this function any time after the operation object has"]
-    #[doc = " been initialized as described in #psa_aead_operation_t."]
-    #[doc = ""]
-    #[doc = " In particular, calling psa_aead_abort() after the operation has been"]
-    #[doc = " terminated by a call to psa_aead_abort(), psa_aead_finish() or"]
-    #[doc = " psa_aead_verify() is safe and has no effect."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation     Initialized AEAD operation."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_aead_abort(operation: *mut psa_aead_operation_t) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " \\brief Sign a message with a private key. For hash-and-sign algorithms,"]
-    #[doc = "        this includes the hashing step."]
-    #[doc = ""]
-    #[doc = " \\note To perform a multi-part hash-and-sign signature algorithm, first use"]
-    #[doc = "       a multi-part hash operation and then pass the resulting hash to"]
-    #[doc = "       psa_sign_hash(). PSA_ALG_GET_HASH(\\p alg) can be used to determine the"]
-    #[doc = "       hash algorithm to use."]
-    #[doc = ""]
-    #[doc = " \\param[in]  key              Identifier of the key to use for the operation."]
-    #[doc = "                              It must be an asymmetric key pair. The key must"]
-    #[doc = "                              allow the usage #PSA_KEY_USAGE_SIGN_MESSAGE."]
-    #[doc = " \\param[in]  alg              An asymmetric signature algorithm (PSA_ALG_XXX"]
-    #[doc = "                              value such that #PSA_ALG_IS_SIGN_MESSAGE(\\p alg)"]
-    #[doc = "                              is true), that is compatible with the type of"]
-    #[doc = "                              \\p key."]
-    #[doc = " \\param[in]  input            The input message to sign."]
-    #[doc = " \\param[in]  input_length     Size of the \\p input buffer in bytes."]
-    #[doc = " \\param[out] signature        Buffer where the signature is to be written."]
-    #[doc = " \\param[in]  signature_size   Size of the \\p signature buffer in bytes. This"]
-    #[doc = "                              must be appropriate for the selected"]
-    #[doc = "                              algorithm and key:"]
-    #[doc = "                              - The required signature size is"]
-    #[doc = "                                #PSA_SIGN_OUTPUT_SIZE(\\c key_type, \\c key_bits, \\p alg)"]
-    #[doc = "                                where \\c key_type and \\c key_bits are the type and"]
-    #[doc = "                                bit-size respectively of key."]
-    #[doc = "                              - #PSA_SIGNATURE_MAX_SIZE evaluates to the"]
-    #[doc = "                                maximum signature size of any supported"]
-    #[doc = "                                signature algorithm."]
-    #[doc = " \\param[out] signature_length On success, the number of bytes that make up"]
-    #[doc = "                              the returned signature value."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INVALID_HANDLE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_NOT_PERMITTED"]
-    #[doc = "         The key does not have the #PSA_KEY_USAGE_SIGN_MESSAGE flag,"]
-    #[doc = "         or it does not permit the requested algorithm."]
-    #[doc = " \\retval #PSA_ERROR_BUFFER_TOO_SMALL"]
-    #[doc = "         The size of the \\p signature buffer is too small. You can"]
-    #[doc = "         determine a sufficient buffer size by calling"]
-    #[doc = "         #PSA_SIGN_OUTPUT_SIZE(\\c key_type, \\c key_bits, \\p alg)"]
-    #[doc = "         where \\c key_type and \\c key_bits are the type and bit-size"]
-    #[doc = "         respectively of \\p key."]
-    #[doc = " \\retval #PSA_ERROR_NOT_SUPPORTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_DATA_CORRUPT \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_DATA_INVALID \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_ENTROPY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_sign_message(
-        key: mbedtls_svc_key_id_t,
-        alg: psa_algorithm_t,
-        input: *const u8,
-        input_length: size_t,
-        signature: *mut u8,
-        signature_size: size_t,
-        signature_length: *mut size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " \\brief Verify the signature of a message with a public key, using"]
-    #[doc = "         a hash-and-sign verification algorithm."]
-    #[doc = ""]
-    #[doc = " \\note To perform a multi-part hash-and-sign signature verification"]
-    #[doc = "       algorithm, first use a multi-part hash operation to hash the message"]
-    #[doc = "       and then pass the resulting hash to psa_verify_hash()."]
-    #[doc = "       PSA_ALG_GET_HASH(\\p alg) can be used to determine the hash algorithm"]
-    #[doc = "       to use."]
-    #[doc = ""]
-    #[doc = " \\param[in]  key              Identifier of the key to use for the operation."]
-    #[doc = "                              It must be a public key or an asymmetric key"]
-    #[doc = "                              pair. The key must allow the usage"]
-    #[doc = "                              #PSA_KEY_USAGE_VERIFY_MESSAGE."]
-    #[doc = " \\param[in]  alg              An asymmetric signature algorithm (PSA_ALG_XXX"]
-    #[doc = "                              value such that #PSA_ALG_IS_SIGN_MESSAGE(\\p alg)"]
-    #[doc = "                              is true), that is compatible with the type of"]
-    #[doc = "                              \\p key."]
-    #[doc = " \\param[in]  input            The message whose signature is to be verified."]
-    #[doc = " \\param[in]  input_length     Size of the \\p input buffer in bytes."]
-    #[doc = " \\param[out] signature        Buffer containing the signature to verify."]
-    #[doc = " \\param[in]  signature_length Size of the \\p signature buffer in bytes."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INVALID_HANDLE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_NOT_PERMITTED"]
-    #[doc = "         The key does not have the #PSA_KEY_USAGE_SIGN_MESSAGE flag,"]
-    #[doc = "         or it does not permit the requested algorithm."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_SIGNATURE"]
-    #[doc = "         The calculation was performed successfully, but the passed signature"]
-    #[doc = "         is not a valid signature."]
-    #[doc = " \\retval #PSA_ERROR_NOT_SUPPORTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_DATA_CORRUPT \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_DATA_INVALID \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_verify_message(
-        key: mbedtls_svc_key_id_t,
-        alg: psa_algorithm_t,
-        input: *const u8,
-        input_length: size_t,
-        signature: *const u8,
-        signature_length: size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " \\brief Sign a hash or short message with a private key."]
-    #[doc = ""]
-    #[doc = " Note that to perform a hash-and-sign signature algorithm, you must"]
-    #[doc = " first calculate the hash by calling psa_hash_setup(), psa_hash_update()"]
-    #[doc = " and psa_hash_finish(), or alternatively by calling psa_hash_compute()."]
-    #[doc = " Then pass the resulting hash as the \\p hash"]
-    #[doc = " parameter to this function. You can use #PSA_ALG_SIGN_GET_HASH(\\p alg)"]
-    #[doc = " to determine the hash algorithm to use."]
-    #[doc = ""]
-    #[doc = " \\param key                   Identifier of the key to use for the operation."]
-    #[doc = "                              It must be an asymmetric key pair. The key must"]
-    #[doc = "                              allow the usage #PSA_KEY_USAGE_SIGN_HASH."]
-    #[doc = " \\param alg                   A signature algorithm (PSA_ALG_XXX"]
-    #[doc = "                              value such that #PSA_ALG_IS_SIGN_HASH(\\p alg)"]
-    #[doc = "                              is true), that is compatible with"]
-    #[doc = "                              the type of \\p key."]
-    #[doc = " \\param[in] hash              The hash or message to sign."]
-    #[doc = " \\param hash_length           Size of the \\p hash buffer in bytes."]
-    #[doc = " \\param[out] signature        Buffer where the signature is to be written."]
-    #[doc = " \\param signature_size        Size of the \\p signature buffer in bytes."]
-    #[doc = " \\param[out] signature_length On success, the number of bytes"]
-    #[doc = "                              that make up the returned signature value."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INVALID_HANDLE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_NOT_PERMITTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BUFFER_TOO_SMALL"]
-    #[doc = "         The size of the \\p signature buffer is too small. You can"]
-    #[doc = "         determine a sufficient buffer size by calling"]
-    #[doc = "         #PSA_SIGN_OUTPUT_SIZE(\\c key_type, \\c key_bits, \\p alg)"]
-    #[doc = "         where \\c key_type and \\c key_bits are the type and bit-size"]
-    #[doc = "         respectively of \\p key."]
-    #[doc = " \\retval #PSA_ERROR_NOT_SUPPORTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_ENTROPY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_sign_hash(
-        key: mbedtls_svc_key_id_t,
-        alg: psa_algorithm_t,
-        hash: *const u8,
-        hash_length: size_t,
-        signature: *mut u8,
-        signature_size: size_t,
-        signature_length: *mut size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " \\brief Verify the signature of a hash or short message using a public key."]
-    #[doc = ""]
-    #[doc = " Note that to perform a hash-and-sign signature algorithm, you must"]
-    #[doc = " first calculate the hash by calling psa_hash_setup(), psa_hash_update()"]
-    #[doc = " and psa_hash_finish(), or alternatively by calling psa_hash_compute()."]
-    #[doc = " Then pass the resulting hash as the \\p hash"]
-    #[doc = " parameter to this function. You can use #PSA_ALG_SIGN_GET_HASH(\\p alg)"]
-    #[doc = " to determine the hash algorithm to use."]
-    #[doc = ""]
-    #[doc = " \\param key               Identifier of the key to use for the operation. It"]
-    #[doc = "                          must be a public key or an asymmetric key pair. The"]
-    #[doc = "                          key must allow the usage"]
-    #[doc = "                          #PSA_KEY_USAGE_VERIFY_HASH."]
-    #[doc = " \\param alg               A signature algorithm (PSA_ALG_XXX"]
-    #[doc = "                          value such that #PSA_ALG_IS_SIGN_HASH(\\p alg)"]
-    #[doc = "                          is true), that is compatible with"]
-    #[doc = "                          the type of \\p key."]
-    #[doc = " \\param[in] hash          The hash or message whose signature is to be"]
-    #[doc = "                          verified."]
-    #[doc = " \\param hash_length       Size of the \\p hash buffer in bytes."]
-    #[doc = " \\param[in] signature     Buffer containing the signature to verify."]
-    #[doc = " \\param signature_length  Size of the \\p signature buffer in bytes."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         The signature is valid."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_HANDLE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_NOT_PERMITTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INVALID_SIGNATURE"]
-    #[doc = "         The calculation was performed successfully, but the passed"]
-    #[doc = "         signature is not a valid signature."]
-    #[doc = " \\retval #PSA_ERROR_NOT_SUPPORTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_verify_hash(
-        key: mbedtls_svc_key_id_t,
-        alg: psa_algorithm_t,
-        hash: *const u8,
-        hash_length: size_t,
-        signature: *const u8,
-        signature_length: size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " \\brief Encrypt a short message with a public key."]
-    #[doc = ""]
-    #[doc = " \\param key                   Identifier of the key to use for the operation."]
-    #[doc = "                              It must be a public key or an asymmetric key"]
-    #[doc = "                              pair. It must allow the usage"]
-    #[doc = "                              #PSA_KEY_USAGE_ENCRYPT."]
-    #[doc = " \\param alg                   An asymmetric encryption algorithm that is"]
-    #[doc = "                              compatible with the type of \\p key."]
-    #[doc = " \\param[in] input             The message to encrypt."]
-    #[doc = " \\param input_length          Size of the \\p input buffer in bytes."]
-    #[doc = " \\param[in] salt              A salt or label, if supported by the"]
-    #[doc = "                              encryption algorithm."]
-    #[doc = "                              If the algorithm does not support a"]
-    #[doc = "                              salt, pass \\c NULL."]
-    #[doc = "                              If the algorithm supports an optional"]
-    #[doc = "                              salt and you do not want to pass a salt,"]
-    #[doc = "                              pass \\c NULL."]
-    #[doc = ""]
-    #[doc = "                              - For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is"]
-    #[doc = "                                supported."]
-    #[doc = " \\param salt_length           Size of the \\p salt buffer in bytes."]
-    #[doc = "                              If \\p salt is \\c NULL, pass 0."]
-    #[doc = " \\param[out] output           Buffer where the encrypted message is to"]
-    #[doc = "                              be written."]
-    #[doc = " \\param output_size           Size of the \\p output buffer in bytes."]
-    #[doc = " \\param[out] output_length    On success, the number of bytes"]
-    #[doc = "                              that make up the returned output."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INVALID_HANDLE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_NOT_PERMITTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BUFFER_TOO_SMALL"]
-    #[doc = "         The size of the \\p output buffer is too small. You can"]
-    #[doc = "         determine a sufficient buffer size by calling"]
-    #[doc = "         #PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(\\c key_type, \\c key_bits, \\p alg)"]
-    #[doc = "         where \\c key_type and \\c key_bits are the type and bit-size"]
-    #[doc = "         respectively of \\p key."]
-    #[doc = " \\retval #PSA_ERROR_NOT_SUPPORTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_ENTROPY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_asymmetric_encrypt(
-        key: mbedtls_svc_key_id_t,
-        alg: psa_algorithm_t,
-        input: *const u8,
-        input_length: size_t,
-        salt: *const u8,
-        salt_length: size_t,
-        output: *mut u8,
-        output_size: size_t,
-        output_length: *mut size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " \\brief Decrypt a short message with a private key."]
-    #[doc = ""]
-    #[doc = " \\param key                   Identifier of the key to use for the operation."]
-    #[doc = "                              It must be an asymmetric key pair. It must"]
-    #[doc = "                              allow the usage #PSA_KEY_USAGE_DECRYPT."]
-    #[doc = " \\param alg                   An asymmetric encryption algorithm that is"]
-    #[doc = "                              compatible with the type of \\p key."]
-    #[doc = " \\param[in] input             The message to decrypt."]
-    #[doc = " \\param input_length          Size of the \\p input buffer in bytes."]
-    #[doc = " \\param[in] salt              A salt or label, if supported by the"]
-    #[doc = "                              encryption algorithm."]
-    #[doc = "                              If the algorithm does not support a"]
-    #[doc = "                              salt, pass \\c NULL."]
-    #[doc = "                              If the algorithm supports an optional"]
-    #[doc = "                              salt and you do not want to pass a salt,"]
-    #[doc = "                              pass \\c NULL."]
-    #[doc = ""]
-    #[doc = "                              - For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is"]
-    #[doc = "                                supported."]
-    #[doc = " \\param salt_length           Size of the \\p salt buffer in bytes."]
-    #[doc = "                              If \\p salt is \\c NULL, pass 0."]
-    #[doc = " \\param[out] output           Buffer where the decrypted message is to"]
-    #[doc = "                              be written."]
-    #[doc = " \\param output_size           Size of the \\c output buffer in bytes."]
-    #[doc = " \\param[out] output_length    On success, the number of bytes"]
-    #[doc = "                              that make up the returned output."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INVALID_HANDLE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_NOT_PERMITTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BUFFER_TOO_SMALL"]
-    #[doc = "         The size of the \\p output buffer is too small. You can"]
-    #[doc = "         determine a sufficient buffer size by calling"]
-    #[doc = "         #PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(\\c key_type, \\c key_bits, \\p alg)"]
-    #[doc = "         where \\c key_type and \\c key_bits are the type and bit-size"]
-    #[doc = "         respectively of \\p key."]
-    #[doc = " \\retval #PSA_ERROR_NOT_SUPPORTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_ENTROPY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INVALID_PADDING \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_asymmetric_decrypt(
-        key: mbedtls_svc_key_id_t,
-        alg: psa_algorithm_t,
-        input: *const u8,
-        input_length: size_t,
-        salt: *const u8,
-        salt_length: size_t,
-        output: *mut u8,
-        output_size: size_t,
-        output_length: *mut size_t,
-    ) -> psa_status_t;
-}
-#[doc = " The type of the state data structure for key derivation operations."]
-#[doc = ""]
-#[doc = " Before calling any function on a key derivation operation object, the"]
-#[doc = " application must initialize it by any of the following means:"]
-#[doc = " - Set the structure to all-bits-zero, for example:"]
-#[doc = "   \\code"]
-#[doc = "   psa_key_derivation_operation_t operation;"]
-#[doc = "   memset(&operation, 0, sizeof(operation));"]
-#[doc = "   \\endcode"]
-#[doc = " - Initialize the structure to logical zero values, for example:"]
-#[doc = "   \\code"]
-#[doc = "   psa_key_derivation_operation_t operation = {0};"]
-#[doc = "   \\endcode"]
-#[doc = " - Initialize the structure to the initializer #PSA_KEY_DERIVATION_OPERATION_INIT,"]
-#[doc = "   for example:"]
-#[doc = "   \\code"]
-#[doc = "   psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;"]
-#[doc = "   \\endcode"]
-#[doc = " - Assign the result of the function psa_key_derivation_operation_init()"]
-#[doc = "   to the structure, for example:"]
-#[doc = "   \\code"]
-#[doc = "   psa_key_derivation_operation_t operation;"]
-#[doc = "   operation = psa_key_derivation_operation_init();"]
-#[doc = "   \\endcode"]
-#[doc = ""]
-#[doc = " This is an implementation-defined \\c struct. Applications should not"]
-#[doc = " make any assumptions about the content of this structure."]
-#[doc = " Implementation details can change in future versions without notice."]
-pub type psa_key_derivation_operation_t = psa_key_derivation_s;
-extern "C" {
-    #[doc = " Set up a key derivation operation."]
-    #[doc = ""]
-    #[doc = " A key derivation algorithm takes some inputs and uses them to generate"]
-    #[doc = " a byte stream in a deterministic way."]
-    #[doc = " This byte stream can be used to produce keys and other"]
-    #[doc = " cryptographic material."]
-    #[doc = ""]
-    #[doc = " To derive a key:"]
-    #[doc = " -# Start with an initialized object of type #psa_key_derivation_operation_t."]
-    #[doc = " -# Call psa_key_derivation_setup() to select the algorithm."]
-    #[doc = " -# Provide the inputs for the key derivation by calling"]
-    #[doc = "    psa_key_derivation_input_bytes() or psa_key_derivation_input_key()"]
-    #[doc = "    as appropriate. Which inputs are needed, in what order, and whether"]
-    #[doc = "    they may be keys and if so of what type depends on the algorithm."]
-    #[doc = " -# Optionally set the operation's maximum capacity with"]
-    #[doc = "    psa_key_derivation_set_capacity(). You may do this before, in the middle"]
-    #[doc = "    of or after providing inputs. For some algorithms, this step is mandatory"]
-    #[doc = "    because the output depends on the maximum capacity."]
-    #[doc = " -# To derive a key, call psa_key_derivation_output_key()."]
-    #[doc = "    To derive a byte string for a different purpose, call"]
-    #[doc = "    psa_key_derivation_output_bytes()."]
-    #[doc = "    Successive calls to these functions use successive output bytes"]
-    #[doc = "    calculated by the key derivation algorithm."]
-    #[doc = " -# Clean up the key derivation operation object with"]
-    #[doc = "    psa_key_derivation_abort()."]
-    #[doc = ""]
-    #[doc = " If this function returns an error, the key derivation operation object is"]
-    #[doc = " not changed."]
-    #[doc = ""]
-    #[doc = " If an error occurs at any step after a call to psa_key_derivation_setup(),"]
-    #[doc = " the operation will need to be reset by a call to psa_key_derivation_abort()."]
-    #[doc = ""]
-    #[doc = " Implementations must reject an attempt to derive a key of size 0."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation       The key derivation operation object"]
-    #[doc = "                                to set up. It must"]
-    #[doc = "                                have been initialized but not set up yet."]
-    #[doc = " \\param alg                     The key derivation algorithm to compute"]
-    #[doc = "                                (\\c PSA_ALG_XXX value such that"]
-    #[doc = "                                #PSA_ALG_IS_KEY_DERIVATION(\\p alg) is true)."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT"]
-    #[doc = "         \\c alg is not a key derivation algorithm."]
-    #[doc = " \\retval #PSA_ERROR_NOT_SUPPORTED"]
-    #[doc = "         \\c alg is not supported or is not a key derivation algorithm."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The operation state is not valid (it must be inactive), or"]
-    #[doc = "         the library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_key_derivation_setup(
-        operation: *mut psa_key_derivation_operation_t,
-        alg: psa_algorithm_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Retrieve the current capacity of a key derivation operation."]
-    #[doc = ""]
-    #[doc = " The capacity of a key derivation is the maximum number of bytes that it can"]
-    #[doc = " return. When you get *N* bytes of output from a key derivation operation,"]
-    #[doc = " this reduces its capacity by *N*."]
-    #[doc = ""]
-    #[doc = " \\param[in] operation     The operation to query."]
-    #[doc = " \\param[out] capacity     On success, the capacity of the operation."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The operation state is not valid (it must be active), or"]
-    #[doc = "         the library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_key_derivation_get_capacity(
-        operation: *const psa_key_derivation_operation_t,
-        capacity: *mut size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Set the maximum capacity of a key derivation operation."]
-    #[doc = ""]
-    #[doc = " The capacity of a key derivation operation is the maximum number of bytes"]
-    #[doc = " that the key derivation operation can return from this point onwards."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation The key derivation operation object to modify."]
-    #[doc = " \\param capacity          The new capacity of the operation."]
-    #[doc = "                          It must be less or equal to the operation's"]
-    #[doc = "                          current capacity."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT"]
-    #[doc = "         \\p capacity is larger than the operation's current capacity."]
-    #[doc = "         In this case, the operation object remains valid and its capacity"]
-    #[doc = "         remains unchanged."]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The operation state is not valid (it must be active), or the"]
-    #[doc = "         library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_key_derivation_set_capacity(
-        operation: *mut psa_key_derivation_operation_t,
-        capacity: size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Provide an input for key derivation or key agreement."]
-    #[doc = ""]
-    #[doc = " Which inputs are required and in what order depends on the algorithm."]
-    #[doc = " Refer to the documentation of each key derivation or key agreement"]
-    #[doc = " algorithm for information."]
-    #[doc = ""]
-    #[doc = " This function passes direct inputs, which is usually correct for"]
-    #[doc = " non-secret inputs. To pass a secret input, which should be in a key"]
-    #[doc = " object, call psa_key_derivation_input_key() instead of this function."]
-    #[doc = " Refer to the documentation of individual step types"]
-    #[doc = " (`PSA_KEY_DERIVATION_INPUT_xxx` values of type ::psa_key_derivation_step_t)"]
-    #[doc = " for more information."]
-    #[doc = ""]
-    #[doc = " If this function returns an error status, the operation enters an error"]
-    #[doc = " state and must be aborted by calling psa_key_derivation_abort()."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation       The key derivation operation object to use."]
-    #[doc = "                                It must have been set up with"]
-    #[doc = "                                psa_key_derivation_setup() and must not"]
-    #[doc = "                                have produced any output yet."]
-    #[doc = " \\param step                    Which step the input data is for."]
-    #[doc = " \\param[in] data                Input data to use."]
-    #[doc = " \\param data_length             Size of the \\p data buffer in bytes."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT"]
-    #[doc = "         \\c step is not compatible with the operation's algorithm, or"]
-    #[doc = "         \\c step does not allow direct inputs."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The operation state is not valid for this input \\p step, or"]
-    #[doc = "         the library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_key_derivation_input_bytes(
-        operation: *mut psa_key_derivation_operation_t,
-        step: psa_key_derivation_step_t,
-        data: *const u8,
-        data_length: size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Provide a numeric input for key derivation or key agreement."]
-    #[doc = ""]
-    #[doc = " Which inputs are required and in what order depends on the algorithm."]
-    #[doc = " However, when an algorithm requires a particular order, numeric inputs"]
-    #[doc = " usually come first as they tend to be configuration parameters."]
-    #[doc = " Refer to the documentation of each key derivation or key agreement"]
-    #[doc = " algorithm for information."]
-    #[doc = ""]
-    #[doc = " This function is used for inputs which are fixed-size non-negative"]
-    #[doc = " integers."]
-    #[doc = ""]
-    #[doc = " If this function returns an error status, the operation enters an error"]
-    #[doc = " state and must be aborted by calling psa_key_derivation_abort()."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation       The key derivation operation object to use."]
-    #[doc = "                                It must have been set up with"]
-    #[doc = "                                psa_key_derivation_setup() and must not"]
-    #[doc = "                                have produced any output yet."]
-    #[doc = " \\param step                    Which step the input data is for."]
-    #[doc = " \\param[in] value               The value of the numeric input."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT"]
-    #[doc = "         \\c step is not compatible with the operation's algorithm, or"]
-    #[doc = "         \\c step does not allow numeric inputs."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The operation state is not valid for this input \\p step, or"]
-    #[doc = "         the library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_key_derivation_input_integer(
-        operation: *mut psa_key_derivation_operation_t,
-        step: psa_key_derivation_step_t,
-        value: u64,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Provide an input for key derivation in the form of a key."]
-    #[doc = ""]
-    #[doc = " Which inputs are required and in what order depends on the algorithm."]
-    #[doc = " Refer to the documentation of each key derivation or key agreement"]
-    #[doc = " algorithm for information."]
-    #[doc = ""]
-    #[doc = " This function obtains input from a key object, which is usually correct for"]
-    #[doc = " secret inputs or for non-secret personalization strings kept in the key"]
-    #[doc = " store. To pass a non-secret parameter which is not in the key store,"]
-    #[doc = " call psa_key_derivation_input_bytes() instead of this function."]
-    #[doc = " Refer to the documentation of individual step types"]
-    #[doc = " (`PSA_KEY_DERIVATION_INPUT_xxx` values of type ::psa_key_derivation_step_t)"]
-    #[doc = " for more information."]
-    #[doc = ""]
-    #[doc = " If this function returns an error status, the operation enters an error"]
-    #[doc = " state and must be aborted by calling psa_key_derivation_abort()."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation       The key derivation operation object to use."]
-    #[doc = "                                It must have been set up with"]
-    #[doc = "                                psa_key_derivation_setup() and must not"]
-    #[doc = "                                have produced any output yet."]
-    #[doc = " \\param step                    Which step the input data is for."]
-    #[doc = " \\param key                     Identifier of the key. It must have an"]
-    #[doc = "                                appropriate type for step and must allow the"]
-    #[doc = "                                usage #PSA_KEY_USAGE_DERIVE or"]
-    #[doc = "                                #PSA_KEY_USAGE_VERIFY_DERIVATION (see note)"]
-    #[doc = "                                and the algorithm used by the operation."]
-    #[doc = ""]
-    #[doc = " \\note Once all inputs steps are completed, the operations will allow:"]
-    #[doc = " - psa_key_derivation_output_bytes() if each input was either a direct input"]
-    #[doc = "   or  a key with #PSA_KEY_USAGE_DERIVE set;"]
-    #[doc = " - psa_key_derivation_output_key() if the input for step"]
-    #[doc = "   #PSA_KEY_DERIVATION_INPUT_SECRET or #PSA_KEY_DERIVATION_INPUT_PASSWORD"]
-    #[doc = "   was from a key slot with #PSA_KEY_USAGE_DERIVE and each other input was"]
-    #[doc = "   either a direct input or a key with #PSA_KEY_USAGE_DERIVE set;"]
-    #[doc = " - psa_key_derivation_verify_bytes() if each input was either a direct input"]
-    #[doc = "   or  a key with #PSA_KEY_USAGE_VERIFY_DERIVATION set;"]
-    #[doc = " - psa_key_derivation_verify_key() under the same conditions as"]
-    #[doc = "   psa_key_derivation_verify_bytes()."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_HANDLE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_NOT_PERMITTED"]
-    #[doc = "         The key allows neither #PSA_KEY_USAGE_DERIVE nor"]
-    #[doc = "         #PSA_KEY_USAGE_VERIFY_DERIVATION, or it doesn't allow this"]
-    #[doc = "         algorithm."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT"]
-    #[doc = "         \\c step is not compatible with the operation's algorithm, or"]
-    #[doc = "         \\c step does not allow key inputs of the given type"]
-    #[doc = "         or does not allow key inputs at all."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The operation state is not valid for this input \\p step, or"]
-    #[doc = "         the library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_key_derivation_input_key(
-        operation: *mut psa_key_derivation_operation_t,
-        step: psa_key_derivation_step_t,
-        key: mbedtls_svc_key_id_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Perform a key agreement and use the shared secret as input to a key"]
-    #[doc = " derivation."]
-    #[doc = ""]
-    #[doc = " A key agreement algorithm takes two inputs: a private key \\p private_key"]
-    #[doc = " a public key \\p peer_key."]
-    #[doc = " The result of this function is passed as input to a key derivation."]
-    #[doc = " The output of this key derivation can be extracted by reading from the"]
-    #[doc = " resulting operation to produce keys and other cryptographic material."]
-    #[doc = ""]
-    #[doc = " If this function returns an error status, the operation enters an error"]
-    #[doc = " state and must be aborted by calling psa_key_derivation_abort()."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation       The key derivation operation object to use."]
-    #[doc = "                                It must have been set up with"]
-    #[doc = "                                psa_key_derivation_setup() with a"]
-    #[doc = "                                key agreement and derivation algorithm"]
-    #[doc = "                                \\c alg (\\c PSA_ALG_XXX value such that"]
-    #[doc = "                                #PSA_ALG_IS_KEY_AGREEMENT(\\c alg) is true"]
-    #[doc = "                                and #PSA_ALG_IS_RAW_KEY_AGREEMENT(\\c alg)"]
-    #[doc = "                                is false)."]
-    #[doc = "                                The operation must be ready for an"]
-    #[doc = "                                input of the type given by \\p step."]
-    #[doc = " \\param step                    Which step the input data is for."]
-    #[doc = " \\param private_key             Identifier of the private key to use. It must"]
-    #[doc = "                                allow the usage #PSA_KEY_USAGE_DERIVE."]
-    #[doc = " \\param[in] peer_key      Public key of the peer. The peer key must be in the"]
-    #[doc = "                          same format that psa_import_key() accepts for the"]
-    #[doc = "                          public key type corresponding to the type of"]
-    #[doc = "                          private_key. That is, this function performs the"]
-    #[doc = "                          equivalent of"]
-    #[doc = "                          #psa_import_key(...,"]
-    #[doc = "                          `peer_key`, `peer_key_length`) where"]
-    #[doc = "                          with key attributes indicating the public key"]
-    #[doc = "                          type corresponding to the type of `private_key`."]
-    #[doc = "                          For example, for EC keys, this means that peer_key"]
-    #[doc = "                          is interpreted as a point on the curve that the"]
-    #[doc = "                          private key is on. The standard formats for public"]
-    #[doc = "                          keys are documented in the documentation of"]
-    #[doc = "                          psa_export_public_key()."]
-    #[doc = " \\param peer_key_length         Size of \\p peer_key in bytes."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_HANDLE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_NOT_PERMITTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT"]
-    #[doc = "         \\c private_key is not compatible with \\c alg,"]
-    #[doc = "         or \\p peer_key is not valid for \\c alg or not compatible with"]
-    #[doc = "         \\c private_key, or \\c step does not allow an input resulting"]
-    #[doc = "         from a key agreement."]
-    #[doc = " \\retval #PSA_ERROR_NOT_SUPPORTED"]
-    #[doc = "         \\c alg is not supported or is not a key derivation algorithm."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The operation state is not valid for this key agreement \\p step,"]
-    #[doc = "         or the library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_key_derivation_key_agreement(
-        operation: *mut psa_key_derivation_operation_t,
-        step: psa_key_derivation_step_t,
-        private_key: mbedtls_svc_key_id_t,
-        peer_key: *const u8,
-        peer_key_length: size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Read some data from a key derivation operation."]
-    #[doc = ""]
-    #[doc = " This function calculates output bytes from a key derivation algorithm and"]
-    #[doc = " return those bytes."]
-    #[doc = " If you view the key derivation's output as a stream of bytes, this"]
-    #[doc = " function destructively reads the requested number of bytes from the"]
-    #[doc = " stream."]
-    #[doc = " The operation's capacity decreases by the number of bytes read."]
-    #[doc = ""]
-    #[doc = " If this function returns an error status other than"]
-    #[doc = " #PSA_ERROR_INSUFFICIENT_DATA, the operation enters an error"]
-    #[doc = " state and must be aborted by calling psa_key_derivation_abort()."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation The key derivation operation object to read from."]
-    #[doc = " \\param[out] output       Buffer where the output will be written."]
-    #[doc = " \\param output_length     Number of bytes to output."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_NOT_PERMITTED"]
-    #[doc = "         One of the inputs was a key whose policy didn't allow"]
-    #[doc = "         #PSA_KEY_USAGE_DERIVE."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_DATA"]
-    #[doc = "                          The operation's capacity was less than"]
-    #[doc = "                          \\p output_length bytes. Note that in this case,"]
-    #[doc = "                          no output is written to the output buffer."]
-    #[doc = "                          The operation's capacity is set to 0, thus"]
-    #[doc = "                          subsequent calls to this function will not"]
-    #[doc = "                          succeed, even with a smaller output buffer."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The operation state is not valid (it must be active and completed"]
-    #[doc = "         all required input steps), or the library has not been previously"]
-    #[doc = "         initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_key_derivation_output_bytes(
-        operation: *mut psa_key_derivation_operation_t,
-        output: *mut u8,
-        output_length: size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Derive a key from an ongoing key derivation operation."]
-    #[doc = ""]
-    #[doc = " This function calculates output bytes from a key derivation algorithm"]
-    #[doc = " and uses those bytes to generate a key deterministically."]
-    #[doc = " The key's location, usage policy, type and size are taken from"]
-    #[doc = " \\p attributes."]
-    #[doc = ""]
-    #[doc = " If you view the key derivation's output as a stream of bytes, this"]
-    #[doc = " function destructively reads as many bytes as required from the"]
-    #[doc = " stream."]
-    #[doc = " The operation's capacity decreases by the number of bytes read."]
-    #[doc = ""]
-    #[doc = " If this function returns an error status other than"]
-    #[doc = " #PSA_ERROR_INSUFFICIENT_DATA, the operation enters an error"]
-    #[doc = " state and must be aborted by calling psa_key_derivation_abort()."]
-    #[doc = ""]
-    #[doc = " How much output is produced and consumed from the operation, and how"]
-    #[doc = " the key is derived, depends on the key type and on the key size"]
-    #[doc = " (denoted \\c bits below):"]
-    #[doc = ""]
-    #[doc = " - For key types for which the key is an arbitrary sequence of bytes"]
-    #[doc = "   of a given size, this function is functionally equivalent to"]
-    #[doc = "   calling #psa_key_derivation_output_bytes"]
-    #[doc = "   and passing the resulting output to #psa_import_key."]
-    #[doc = "   However, this function has a security benefit:"]
-    #[doc = "   if the implementation provides an isolation boundary then"]
-    #[doc = "   the key material is not exposed outside the isolation boundary."]
-    #[doc = "   As a consequence, for these key types, this function always consumes"]
-    #[doc = "   exactly (\\c bits / 8) bytes from the operation."]
-    #[doc = "   The following key types defined in this specification follow this scheme:"]
-    #[doc = ""]
-    #[doc = "     - #PSA_KEY_TYPE_AES;"]
-    #[doc = "     - #PSA_KEY_TYPE_ARIA;"]
-    #[doc = "     - #PSA_KEY_TYPE_CAMELLIA;"]
-    #[doc = "     - #PSA_KEY_TYPE_DERIVE;"]
-    #[doc = "     - #PSA_KEY_TYPE_HMAC;"]
-    #[doc = "     - #PSA_KEY_TYPE_PASSWORD_HASH."]
-    #[doc = ""]
-    #[doc = " - For ECC keys on a Montgomery elliptic curve"]
-    #[doc = "   (#PSA_KEY_TYPE_ECC_KEY_PAIR(\\c curve) where \\c curve designates a"]
-    #[doc = "   Montgomery curve), this function always draws a byte string whose"]
-    #[doc = "   length is determined by the curve, and sets the mandatory bits"]
-    #[doc = "   accordingly. That is:"]
-    #[doc = ""]
-    #[doc = "     - Curve25519 (#PSA_ECC_FAMILY_MONTGOMERY, 255 bits): draw a 32-byte"]
-    #[doc = "       string and process it as specified in RFC 7748 &sect;5."]
-    #[doc = "     - Curve448 (#PSA_ECC_FAMILY_MONTGOMERY, 448 bits): draw a 56-byte"]
-    #[doc = "       string and process it as specified in RFC 7748 &sect;5."]
-    #[doc = ""]
-    #[doc = " - For key types for which the key is represented by a single sequence of"]
-    #[doc = "   \\c bits bits with constraints as to which bit sequences are acceptable,"]
-    #[doc = "   this function draws a byte string of length (\\c bits / 8) bytes rounded"]
-    #[doc = "   up to the nearest whole number of bytes. If the resulting byte string"]
-    #[doc = "   is acceptable, it becomes the key, otherwise the drawn bytes are discarded."]
-    #[doc = "   This process is repeated until an acceptable byte string is drawn."]
-    #[doc = "   The byte string drawn from the operation is interpreted as specified"]
-    #[doc = "   for the output produced by psa_export_key()."]
-    #[doc = "   The following key types defined in this specification follow this scheme:"]
-    #[doc = ""]
-    #[doc = "     - #PSA_KEY_TYPE_DES."]
-    #[doc = "       Force-set the parity bits, but discard forbidden weak keys."]
-    #[doc = "       For 2-key and 3-key triple-DES, the three keys are generated"]
-    #[doc = "       successively (for example, for 3-key triple-DES,"]
-    #[doc = "       if the first 8 bytes specify a weak key and the next 8 bytes do not,"]
-    #[doc = "       discard the first 8 bytes, use the next 8 bytes as the first key,"]
-    #[doc = "       and continue reading output from the operation to derive the other"]
-    #[doc = "       two keys)."]
-    #[doc = "     - Finite-field Diffie-Hellman keys (#PSA_KEY_TYPE_DH_KEY_PAIR(\\c group)"]
-    #[doc = "       where \\c group designates any Diffie-Hellman group) and"]
-    #[doc = "       ECC keys on a Weierstrass elliptic curve"]
-    #[doc = "       (#PSA_KEY_TYPE_ECC_KEY_PAIR(\\c curve) where \\c curve designates a"]
-    #[doc = "       Weierstrass curve)."]
-    #[doc = "       For these key types, interpret the byte string as integer"]
-    #[doc = "       in big-endian order. Discard it if it is not in the range"]
-    #[doc = "       [0, *N* - 2] where *N* is the boundary of the private key domain"]
-    #[doc = "       (the prime *p* for Diffie-Hellman, the subprime *q* for DSA,"]
-    #[doc = "       or the order of the curve's base point for ECC)."]
-    #[doc = "       Add 1 to the resulting integer and use this as the private key *x*."]
-    #[doc = "       This method allows compliance to NIST standards, specifically"]
-    #[doc = "       the methods titled \"key-pair generation by testing candidates\""]
-    #[doc = "       in NIST SP 800-56A &sect;5.6.1.1.4 for Diffie-Hellman,"]
-    #[doc = "       in FIPS 186-4 &sect;B.1.2 for DSA, and"]
-    #[doc = "       in NIST SP 800-56A &sect;5.6.1.2.2 or"]
-    #[doc = "       FIPS 186-4 &sect;B.4.2 for elliptic curve keys."]
-    #[doc = ""]
-    #[doc = " - For other key types, including #PSA_KEY_TYPE_RSA_KEY_PAIR,"]
-    #[doc = "   the way in which the operation output is consumed is"]
-    #[doc = "   implementation-defined."]
-    #[doc = ""]
-    #[doc = " In all cases, the data that is read is discarded from the operation."]
-    #[doc = " The operation's capacity is decreased by the number of bytes read."]
-    #[doc = ""]
-    #[doc = " For algorithms that take an input step #PSA_KEY_DERIVATION_INPUT_SECRET,"]
-    #[doc = " the input to that step must be provided with psa_key_derivation_input_key()."]
-    #[doc = " Future versions of this specification may include additional restrictions"]
-    #[doc = " on the derived key based on the attributes and strength of the secret key."]
-    #[doc = ""]
-    #[doc = " \\param[in] attributes    The attributes for the new key."]
-    #[doc = "                          If the key type to be created is"]
-    #[doc = "                          #PSA_KEY_TYPE_PASSWORD_HASH then the algorithm in"]
-    #[doc = "                          the policy must be the same as in the current"]
-    #[doc = "                          operation."]
-    #[doc = " \\param[in,out] operation The key derivation operation object to read from."]
-    #[doc = " \\param[out] key          On success, an identifier for the newly created"]
-    #[doc = "                          key. For persistent keys, this is the key"]
-    #[doc = "                          identifier defined in \\p attributes."]
-    #[doc = "                          \\c 0 on failure."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = "         If the key is persistent, the key material and the key's metadata"]
-    #[doc = "         have been saved to persistent storage."]
-    #[doc = " \\retval #PSA_ERROR_ALREADY_EXISTS"]
-    #[doc = "         This is an attempt to create a persistent key, and there is"]
-    #[doc = "         already a persistent key with the given identifier."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_DATA"]
-    #[doc = "         There was not enough data to create the desired key."]
-    #[doc = "         Note that in this case, no output is written to the output buffer."]
-    #[doc = "         The operation's capacity is set to 0, thus subsequent calls to"]
-    #[doc = "         this function will not succeed, even with a smaller output buffer."]
-    #[doc = " \\retval #PSA_ERROR_NOT_SUPPORTED"]
-    #[doc = "         The key type or key size is not supported, either by the"]
-    #[doc = "         implementation in general or in this particular location."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT"]
-    #[doc = "         The provided key attributes are not valid for the operation."]
-    #[doc = " \\retval #PSA_ERROR_NOT_PERMITTED"]
-    #[doc = "         The #PSA_KEY_DERIVATION_INPUT_SECRET or"]
-    #[doc = "         #PSA_KEY_DERIVATION_INPUT_PASSWORD input was not provided through a"]
-    #[doc = "         key; or one of the inputs was a key whose policy didn't allow"]
-    #[doc = "         #PSA_KEY_USAGE_DERIVE."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_STORAGE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_DATA_INVALID \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_DATA_CORRUPT \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The operation state is not valid (it must be active and completed"]
-    #[doc = "         all required input steps), or the library has not been previously"]
-    #[doc = "         initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_key_derivation_output_key(
-        attributes: *const psa_key_attributes_t,
-        operation: *mut psa_key_derivation_operation_t,
-        key: *mut mbedtls_svc_key_id_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Compare output data from a key derivation operation to an expected value."]
-    #[doc = ""]
-    #[doc = " This function calculates output bytes from a key derivation algorithm and"]
-    #[doc = " compares those bytes to an expected value in constant time."]
-    #[doc = " If you view the key derivation's output as a stream of bytes, this"]
-    #[doc = " function destructively reads the expected number of bytes from the"]
-    #[doc = " stream before comparing them."]
-    #[doc = " The operation's capacity decreases by the number of bytes read."]
-    #[doc = ""]
-    #[doc = " This is functionally equivalent to the following code:"]
-    #[doc = " \\code"]
-    #[doc = " psa_key_derivation_output_bytes(operation, tmp, output_length);"]
-    #[doc = " if (memcmp(output, tmp, output_length) != 0)"]
-    #[doc = "     return PSA_ERROR_INVALID_SIGNATURE;"]
-    #[doc = " \\endcode"]
-    #[doc = " except (1) it works even if the key's policy does not allow outputting the"]
-    #[doc = " bytes, and (2) the comparison will be done in constant time."]
-    #[doc = ""]
-    #[doc = " If this function returns an error status other than"]
-    #[doc = " #PSA_ERROR_INSUFFICIENT_DATA or #PSA_ERROR_INVALID_SIGNATURE,"]
-    #[doc = " the operation enters an error state and must be aborted by calling"]
-    #[doc = " psa_key_derivation_abort()."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation The key derivation operation object to read from."]
-    #[doc = " \\param[in] expected_output Buffer containing the expected derivation output."]
-    #[doc = " \\param output_length     Length of the expected output; this is also the"]
-    #[doc = "                          number of bytes that will be read."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INVALID_SIGNATURE"]
-    #[doc = "         The output was read successfully, but it differs from the expected"]
-    #[doc = "         output."]
-    #[doc = " \\retval #PSA_ERROR_NOT_PERMITTED"]
-    #[doc = "         One of the inputs was a key whose policy didn't allow"]
-    #[doc = "         #PSA_KEY_USAGE_VERIFY_DERIVATION."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_DATA"]
-    #[doc = "                          The operation's capacity was less than"]
-    #[doc = "                          \\p output_length bytes. Note that in this case,"]
-    #[doc = "                          the operation's capacity is set to 0, thus"]
-    #[doc = "                          subsequent calls to this function will not"]
-    #[doc = "                          succeed, even with a smaller expected output."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The operation state is not valid (it must be active and completed"]
-    #[doc = "         all required input steps), or the library has not been previously"]
-    #[doc = "         initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_key_derivation_verify_bytes(
-        operation: *mut psa_key_derivation_operation_t,
-        expected_output: *const u8,
-        output_length: size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Compare output data from a key derivation operation to an expected value"]
-    #[doc = " stored in a key object."]
-    #[doc = ""]
-    #[doc = " This function calculates output bytes from a key derivation algorithm and"]
-    #[doc = " compares those bytes to an expected value, provided as key of type"]
-    #[doc = " #PSA_KEY_TYPE_PASSWORD_HASH."]
-    #[doc = " If you view the key derivation's output as a stream of bytes, this"]
-    #[doc = " function destructively reads the number of bytes corresponding to the"]
-    #[doc = " length of the expected value from the stream before comparing them."]
-    #[doc = " The operation's capacity decreases by the number of bytes read."]
-    #[doc = ""]
-    #[doc = " This is functionally equivalent to exporting the key and calling"]
-    #[doc = " psa_key_derivation_verify_bytes() on the result, except that it"]
-    #[doc = " works even if the key cannot be exported."]
-    #[doc = ""]
-    #[doc = " If this function returns an error status other than"]
-    #[doc = " #PSA_ERROR_INSUFFICIENT_DATA or #PSA_ERROR_INVALID_SIGNATURE,"]
-    #[doc = " the operation enters an error state and must be aborted by calling"]
-    #[doc = " psa_key_derivation_abort()."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation The key derivation operation object to read from."]
-    #[doc = " \\param[in] expected      A key of type #PSA_KEY_TYPE_PASSWORD_HASH"]
-    #[doc = "                          containing the expected output. Its policy must"]
-    #[doc = "                          include the #PSA_KEY_USAGE_VERIFY_DERIVATION flag"]
-    #[doc = "                          and the permitted algorithm must match the"]
-    #[doc = "                          operation. The value of this key was likely"]
-    #[doc = "                          computed by a previous call to"]
-    #[doc = "                          psa_key_derivation_output_key()."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INVALID_SIGNATURE"]
-    #[doc = "         The output was read successfully, but if differs from the expected"]
-    #[doc = "         output."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_HANDLE"]
-    #[doc = "         The key passed as the expected value does not exist."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT"]
-    #[doc = "         The key passed as the expected value has an invalid type."]
-    #[doc = " \\retval #PSA_ERROR_NOT_PERMITTED"]
-    #[doc = "         The key passed as the expected value does not allow this usage or"]
-    #[doc = "         this algorithm; or one of the inputs was a key whose policy didn't"]
-    #[doc = "         allow #PSA_KEY_USAGE_VERIFY_DERIVATION."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_DATA"]
-    #[doc = "                          The operation's capacity was less than"]
-    #[doc = "                          the length of the expected value. In this case,"]
-    #[doc = "                          the operation's capacity is set to 0, thus"]
-    #[doc = "                          subsequent calls to this function will not"]
-    #[doc = "                          succeed, even with a smaller expected output."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The operation state is not valid (it must be active and completed"]
-    #[doc = "         all required input steps), or the library has not been previously"]
-    #[doc = "         initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_key_derivation_verify_key(
-        operation: *mut psa_key_derivation_operation_t,
-        expected: psa_key_id_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Abort a key derivation operation."]
-    #[doc = ""]
-    #[doc = " Aborting an operation frees all associated resources except for the \\c"]
-    #[doc = " operation structure itself. Once aborted, the operation object can be reused"]
-    #[doc = " for another operation by calling psa_key_derivation_setup() again."]
-    #[doc = ""]
-    #[doc = " This function may be called at any time after the operation"]
-    #[doc = " object has been initialized as described in #psa_key_derivation_operation_t."]
-    #[doc = ""]
-    #[doc = " In particular, it is valid to call psa_key_derivation_abort() twice, or to"]
-    #[doc = " call psa_key_derivation_abort() on an operation that has not been set up."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation    The operation to abort."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_key_derivation_abort(operation: *mut psa_key_derivation_operation_t)
-        -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Perform a key agreement and return the raw shared secret."]
-    #[doc = ""]
-    #[doc = " \\warning The raw result of a key agreement algorithm such as finite-field"]
-    #[doc = " Diffie-Hellman or elliptic curve Diffie-Hellman has biases and should"]
-    #[doc = " not be used directly as key material. It should instead be passed as"]
-    #[doc = " input to a key derivation algorithm. To chain a key agreement with"]
-    #[doc = " a key derivation, use psa_key_derivation_key_agreement() and other"]
-    #[doc = " functions from the key derivation interface."]
-    #[doc = ""]
-    #[doc = " \\param alg                     The key agreement algorithm to compute"]
-    #[doc = "                                (\\c PSA_ALG_XXX value such that"]
-    #[doc = "                                #PSA_ALG_IS_RAW_KEY_AGREEMENT(\\p alg)"]
-    #[doc = "                                is true)."]
-    #[doc = " \\param private_key             Identifier of the private key to use. It must"]
-    #[doc = "                                allow the usage #PSA_KEY_USAGE_DERIVE."]
-    #[doc = " \\param[in] peer_key            Public key of the peer. It must be"]
-    #[doc = "                                in the same format that psa_import_key()"]
-    #[doc = "                                accepts. The standard formats for public"]
-    #[doc = "                                keys are documented in the documentation"]
-    #[doc = "                                of psa_export_public_key()."]
-    #[doc = " \\param peer_key_length         Size of \\p peer_key in bytes."]
-    #[doc = " \\param[out] output             Buffer where the decrypted message is to"]
-    #[doc = "                                be written."]
-    #[doc = " \\param output_size             Size of the \\c output buffer in bytes."]
-    #[doc = " \\param[out] output_length      On success, the number of bytes"]
-    #[doc = "                                that make up the returned output."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_HANDLE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_NOT_PERMITTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT"]
-    #[doc = "         \\p alg is not a key agreement algorithm, or"]
-    #[doc = "         \\p private_key is not compatible with \\p alg,"]
-    #[doc = "         or \\p peer_key is not valid for \\p alg or not compatible with"]
-    #[doc = "         \\p private_key."]
-    #[doc = " \\retval #PSA_ERROR_BUFFER_TOO_SMALL"]
-    #[doc = "         \\p output_size is too small"]
-    #[doc = " \\retval #PSA_ERROR_NOT_SUPPORTED"]
-    #[doc = "         \\p alg is not a supported key agreement algorithm."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_raw_key_agreement(
-        alg: psa_algorithm_t,
-        private_key: mbedtls_svc_key_id_t,
-        peer_key: *const u8,
-        peer_key_length: size_t,
-        output: *mut u8,
-        output_size: size_t,
-        output_length: *mut size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " \\brief Generate random bytes."]
-    #[doc = ""]
-    #[doc = " \\warning This function **can** fail! Callers MUST check the return status"]
-    #[doc = "          and MUST NOT use the content of the output buffer if the return"]
-    #[doc = "          status is not #PSA_SUCCESS."]
-    #[doc = ""]
-    #[doc = " \\note    To generate a key, use psa_generate_key() instead."]
-    #[doc = ""]
-    #[doc = " \\param[out] output       Output buffer for the generated data."]
-    #[doc = " \\param output_size       Number of bytes to generate and output."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_NOT_SUPPORTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_ENTROPY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_generate_random(output: *mut u8, output_size: size_t) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " \\brief Generate a key or key pair."]
-    #[doc = ""]
-    #[doc = " The key is generated randomly."]
-    #[doc = " Its location, usage policy, type and size are taken from \\p attributes."]
-    #[doc = ""]
-    #[doc = " Implementations must reject an attempt to generate a key of size 0."]
-    #[doc = ""]
-    #[doc = " The following type-specific considerations apply:"]
-    #[doc = " - For RSA keys (#PSA_KEY_TYPE_RSA_KEY_PAIR),"]
-    #[doc = "   the public exponent is 65537."]
-    #[doc = "   The modulus is a product of two probabilistic primes"]
-    #[doc = "   between 2^{n-1} and 2^n where n is the bit size specified in the"]
-    #[doc = "   attributes."]
-    #[doc = ""]
-    #[doc = " \\param[in] attributes    The attributes for the new key."]
-    #[doc = " \\param[out] key          On success, an identifier for the newly created"]
-    #[doc = "                          key. For persistent keys, this is the key"]
-    #[doc = "                          identifier defined in \\p attributes."]
-    #[doc = "                          \\c 0 on failure."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = "         If the key is persistent, the key material and the key's metadata"]
-    #[doc = "         have been saved to persistent storage."]
-    #[doc = " \\retval #PSA_ERROR_ALREADY_EXISTS"]
-    #[doc = "         This is an attempt to create a persistent key, and there is"]
-    #[doc = "         already a persistent key with the given identifier."]
-    #[doc = " \\retval #PSA_ERROR_NOT_SUPPORTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_ENTROPY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_STORAGE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_DATA_INVALID \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_DATA_CORRUPT \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_generate_key(
-        attributes: *const psa_key_attributes_t,
-        key: *mut mbedtls_svc_key_id_t,
-    ) -> psa_status_t;
-}
-#[doc = " \\brief The context for PSA interruptible hash signing."]
-pub type psa_sign_hash_interruptible_operation_t = psa_sign_hash_interruptible_operation_s;
-#[doc = " \\brief The context for PSA interruptible hash verification."]
-pub type psa_verify_hash_interruptible_operation_t = psa_verify_hash_interruptible_operation_s;
-extern "C" {
-    #[doc = " \\brief                       Set the maximum number of ops allowed to be"]
-    #[doc = "                              executed by an interruptible function in a"]
-    #[doc = "                              single call."]
-    #[doc = ""]
-    #[doc = " \\warning                     This is a beta API, and thus subject to change"]
-    #[doc = "                              at any point. It is not bound by the usual"]
-    #[doc = "                              interface stability promises."]
-    #[doc = ""]
-    #[doc = " \\note                        The time taken to execute a single op is"]
-    #[doc = "                              implementation specific and depends on"]
-    #[doc = "                              software, hardware, the algorithm, key type and"]
-    #[doc = "                              curve chosen. Even within a single operation,"]
-    #[doc = "                              successive ops can take differing amounts of"]
-    #[doc = "                              time. The only guarantee is that lower values"]
-    #[doc = "                              for \\p max_ops means functions will block for a"]
-    #[doc = "                              lesser maximum amount of time. The functions"]
-    #[doc = "                              \\c psa_sign_interruptible_get_num_ops() and"]
-    #[doc = "                              \\c psa_verify_interruptible_get_num_ops() are"]
-    #[doc = "                              provided to help with tuning this value."]
-    #[doc = ""]
-    #[doc = " \\note                        This value defaults to"]
-    #[doc = "                              #PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED, which"]
-    #[doc = "                              means the whole operation will be done in one"]
-    #[doc = "                              go, regardless of the number of ops required."]
-    #[doc = ""]
-    #[doc = " \\note                        If more ops are needed to complete a"]
-    #[doc = "                              computation, #PSA_OPERATION_INCOMPLETE will be"]
-    #[doc = "                              returned by the function performing the"]
-    #[doc = "                              computation. It is then the caller's"]
-    #[doc = "                              responsibility to either call again with the"]
-    #[doc = "                              same operation context until it returns 0 or an"]
-    #[doc = "                              error code; or to call the relevant abort"]
-    #[doc = "                              function if the answer is no longer required."]
-    #[doc = ""]
-    #[doc = " \\note                        The interpretation of \\p max_ops is also"]
-    #[doc = "                              implementation defined. On a hard real time"]
-    #[doc = "                              system, this can indicate a hard deadline, as a"]
-    #[doc = "                              real-time system needs a guarantee of not"]
-    #[doc = "                              spending more than X time, however care must be"]
-    #[doc = "                              taken in such an implementation to avoid the"]
-    #[doc = "                              situation whereby calls just return, not being"]
-    #[doc = "                              able to do any actual work within the allotted"]
-    #[doc = "                              time.  On a non-real-time system, the"]
-    #[doc = "                              implementation can be more relaxed, but again"]
-    #[doc = "                              whether this number should be interpreted as as"]
-    #[doc = "                              hard or soft limit or even whether a less than"]
-    #[doc = "                              or equals as regards to ops executed in a"]
-    #[doc = "                              single call is implementation defined."]
-    #[doc = ""]
-    #[doc = " \\note                        For keys in local storage when no accelerator"]
-    #[doc = "                              driver applies, please see also the"]
-    #[doc = "                              documentation for \\c mbedtls_ecp_set_max_ops(),"]
-    #[doc = "                              which is the internal implementation in these"]
-    #[doc = "                              cases."]
-    #[doc = ""]
-    #[doc = " \\warning                     With implementations that interpret this number"]
-    #[doc = "                              as a hard limit, setting this number too small"]
-    #[doc = "                              may result in an infinite loop, whereby each"]
-    #[doc = "                              call results in immediate return with no ops"]
-    #[doc = "                              done (as there is not enough time to execute"]
-    #[doc = "                              any), and thus no result will ever be achieved."]
-    #[doc = ""]
-    #[doc = " \\note                        This only applies to functions whose"]
-    #[doc = "                              documentation mentions they may return"]
-    #[doc = "                              #PSA_OPERATION_INCOMPLETE."]
-    #[doc = ""]
-    #[doc = " \\param max_ops               The maximum number of ops to be executed in a"]
-    #[doc = "                              single call. This can be a number from 0 to"]
-    #[doc = "                              #PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED, where 0"]
-    #[doc = "                              is the least amount of work done per call."]
-    pub fn psa_interruptible_set_max_ops(max_ops: u32);
-}
-extern "C" {
-    #[doc = " \\brief                       Get the maximum number of ops allowed to be"]
-    #[doc = "                              executed by an interruptible function in a"]
-    #[doc = "                              single call. This will return the last"]
-    #[doc = "                              value set by"]
-    #[doc = "                              \\c psa_interruptible_set_max_ops() or"]
-    #[doc = "                              #PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED if"]
-    #[doc = "                              that function has never been called."]
-    #[doc = ""]
-    #[doc = " \\warning                     This is a beta API, and thus subject to change"]
-    #[doc = "                              at any point. It is not bound by the usual"]
-    #[doc = "                              interface stability promises."]
-    #[doc = ""]
-    #[doc = " \\return                      Maximum number of ops allowed to be"]
-    #[doc = "                              executed by an interruptible function in a"]
-    #[doc = "                              single call."]
-    pub fn psa_interruptible_get_max_ops() -> u32;
-}
-extern "C" {
-    #[doc = " \\brief                       Get the number of ops that a hash signing"]
-    #[doc = "                              operation has taken so far. If the operation"]
-    #[doc = "                              has completed, then this will represent the"]
-    #[doc = "                              number of ops required for the entire"]
-    #[doc = "                              operation. After initialization or calling"]
-    #[doc = "                              \\c psa_sign_hash_interruptible_abort() on"]
-    #[doc = "                              the operation, a value of 0 will be returned."]
-    #[doc = ""]
-    #[doc = " \\note                        This interface is guaranteed re-entrant and"]
-    #[doc = "                              thus may be called from driver code."]
-    #[doc = ""]
-    #[doc = " \\warning                     This is a beta API, and thus subject to change"]
-    #[doc = "                              at any point. It is not bound by the usual"]
-    #[doc = "                              interface stability promises."]
-    #[doc = ""]
-    #[doc = "                              This is a helper provided to help you tune the"]
-    #[doc = "                              value passed to \\c"]
-    #[doc = "                              psa_interruptible_set_max_ops()."]
-    #[doc = ""]
-    #[doc = " \\param operation             The \\c psa_sign_hash_interruptible_operation_t"]
-    #[doc = "                              to use. This must be initialized first."]
-    #[doc = ""]
-    #[doc = " \\return                      Number of ops that the operation has taken so"]
-    #[doc = "                              far."]
-    pub fn psa_sign_hash_get_num_ops(
-        operation: *const psa_sign_hash_interruptible_operation_t,
-    ) -> u32;
-}
-extern "C" {
-    #[doc = " \\brief                       Get the number of ops that a hash verification"]
-    #[doc = "                              operation has taken so far. If the operation"]
-    #[doc = "                              has completed, then this will represent the"]
-    #[doc = "                              number of ops required for the entire"]
-    #[doc = "                              operation. After initialization or calling \\c"]
-    #[doc = "                              psa_verify_hash_interruptible_abort() on the"]
-    #[doc = "                              operation, a value of 0 will be returned."]
-    #[doc = ""]
-    #[doc = " \\warning                     This is a beta API, and thus subject to change"]
-    #[doc = "                              at any point. It is not bound by the usual"]
-    #[doc = "                              interface stability promises."]
-    #[doc = ""]
-    #[doc = "                              This is a helper provided to help you tune the"]
-    #[doc = "                              value passed to \\c"]
-    #[doc = "                              psa_interruptible_set_max_ops()."]
-    #[doc = ""]
-    #[doc = " \\param operation             The \\c"]
-    #[doc = "                              psa_verify_hash_interruptible_operation_t to"]
-    #[doc = "                              use. This must be initialized first."]
-    #[doc = ""]
-    #[doc = " \\return                      Number of ops that the operation has taken so"]
-    #[doc = "                              far."]
-    pub fn psa_verify_hash_get_num_ops(
-        operation: *const psa_verify_hash_interruptible_operation_t,
-    ) -> u32;
-}
-extern "C" {
-    #[doc = " \\brief                       Start signing a hash or short message with a"]
-    #[doc = "                              private key, in an interruptible manner."]
-    #[doc = ""]
-    #[doc = " \\see                         \\c psa_sign_hash_complete()"]
-    #[doc = ""]
-    #[doc = " \\warning                     This is a beta API, and thus subject to change"]
-    #[doc = "                              at any point. It is not bound by the usual"]
-    #[doc = "                              interface stability promises."]
-    #[doc = ""]
-    #[doc = " \\note                        This function combined with \\c"]
-    #[doc = "                              psa_sign_hash_complete() is equivalent to"]
-    #[doc = "                              \\c psa_sign_hash() but"]
-    #[doc = "                              \\c psa_sign_hash_complete() can return early and"]
-    #[doc = "                              resume according to the limit set with \\c"]
-    #[doc = "                              psa_interruptible_set_max_ops() to reduce the"]
-    #[doc = "                              maximum time spent in a function call."]
-    #[doc = ""]
-    #[doc = " \\note                        Users should call \\c psa_sign_hash_complete()"]
-    #[doc = "                              repeatedly on the same context after a"]
-    #[doc = "                              successful call to this function until \\c"]
-    #[doc = "                              psa_sign_hash_complete() either returns 0 or an"]
-    #[doc = "                              error. \\c psa_sign_hash_complete() will return"]
-    #[doc = "                              #PSA_OPERATION_INCOMPLETE if there is more work"]
-    #[doc = "                              to do. Alternatively users can call"]
-    #[doc = "                              \\c psa_sign_hash_abort() at any point if they no"]
-    #[doc = "                              longer want the result."]
-    #[doc = ""]
-    #[doc = " \\note                        If this function returns an error status, the"]
-    #[doc = "                              operation enters an error state and must be"]
-    #[doc = "                              aborted by calling \\c psa_sign_hash_abort()."]
-    #[doc = ""]
-    #[doc = " \\param[in, out] operation    The \\c psa_sign_hash_interruptible_operation_t"]
-    #[doc = "                              to use. This must be initialized first."]
-    #[doc = ""]
-    #[doc = " \\param key                   Identifier of the key to use for the operation."]
-    #[doc = "                              It must be an asymmetric key pair. The key must"]
-    #[doc = "                              allow the usage #PSA_KEY_USAGE_SIGN_HASH."]
-    #[doc = " \\param alg                   A signature algorithm (\\c PSA_ALG_XXX"]
-    #[doc = "                              value such that #PSA_ALG_IS_SIGN_HASH(\\p alg)"]
-    #[doc = "                              is true), that is compatible with"]
-    #[doc = "                              the type of \\p key."]
-    #[doc = " \\param[in] hash              The hash or message to sign."]
-    #[doc = " \\param hash_length           Size of the \\p hash buffer in bytes."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         The operation started successfully - call \\c psa_sign_hash_complete()"]
-    #[doc = "         with the same context to complete the operation"]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_ERROR_INVALID_HANDLE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_NOT_PERMITTED"]
-    #[doc = "         The key does not have the #PSA_KEY_USAGE_SIGN_HASH flag, or it does"]
-    #[doc = "         not permit the requested algorithm."]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         An operation has previously been started on this context, and is"]
-    #[doc = "         still in progress."]
-    #[doc = " \\retval #PSA_ERROR_NOT_SUPPORTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_DATA_CORRUPT \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_DATA_INVALID \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_ENTROPY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_sign_hash_start(
-        operation: *mut psa_sign_hash_interruptible_operation_t,
-        key: mbedtls_svc_key_id_t,
-        alg: psa_algorithm_t,
-        hash: *const u8,
-        hash_length: size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " \\brief                       Continue and eventually complete the action of"]
-    #[doc = "                              signing a hash or short message with a private"]
-    #[doc = "                              key, in an interruptible manner."]
-    #[doc = ""]
-    #[doc = " \\see                         \\c psa_sign_hash_start()"]
-    #[doc = ""]
-    #[doc = " \\warning                     This is a beta API, and thus subject to change"]
-    #[doc = "                              at any point. It is not bound by the usual"]
-    #[doc = "                              interface stability promises."]
-    #[doc = ""]
-    #[doc = " \\note                        This function combined with \\c"]
-    #[doc = "                              psa_sign_hash_start() is equivalent to"]
-    #[doc = "                              \\c psa_sign_hash() but this function can return"]
-    #[doc = "                              early and resume according to the limit set with"]
-    #[doc = "                              \\c psa_interruptible_set_max_ops() to reduce the"]
-    #[doc = "                              maximum time spent in a function call."]
-    #[doc = ""]
-    #[doc = " \\note                        Users should call this function on the same"]
-    #[doc = "                              operation object repeatedly until it either"]
-    #[doc = "                              returns 0 or an error. This function will return"]
-    #[doc = "                              #PSA_OPERATION_INCOMPLETE if there is more work"]
-    #[doc = "                              to do. Alternatively users can call"]
-    #[doc = "                              \\c psa_sign_hash_abort() at any point if they no"]
-    #[doc = "                              longer want the result."]
-    #[doc = ""]
-    #[doc = " \\note                        When this function returns successfully, the"]
-    #[doc = "                              operation becomes inactive. If this function"]
-    #[doc = "                              returns an error status, the operation enters an"]
-    #[doc = "                              error state and must be aborted by calling"]
-    #[doc = "                              \\c psa_sign_hash_abort()."]
-    #[doc = ""]
-    #[doc = " \\param[in, out] operation    The \\c psa_sign_hash_interruptible_operation_t"]
-    #[doc = "                              to use. This must be initialized first, and have"]
-    #[doc = "                              had \\c psa_sign_hash_start() called with it"]
-    #[doc = "                              first."]
-    #[doc = ""]
-    #[doc = " \\param[out] signature        Buffer where the signature is to be written."]
-    #[doc = " \\param signature_size        Size of the \\p signature buffer in bytes. This"]
-    #[doc = "                              must be appropriate for the selected"]
-    #[doc = "                              algorithm and key:"]
-    #[doc = "                              - The required signature size is"]
-    #[doc = "                                #PSA_SIGN_OUTPUT_SIZE(\\c key_type, \\c"]
-    #[doc = "                                key_bits, \\c alg) where \\c key_type and \\c"]
-    #[doc = "                                key_bits are the type and bit-size"]
-    #[doc = "                                respectively of key."]
-    #[doc = "                              - #PSA_SIGNATURE_MAX_SIZE evaluates to the"]
-    #[doc = "                                maximum signature size of any supported"]
-    #[doc = "                                signature algorithm."]
-    #[doc = " \\param[out] signature_length On success, the number of bytes that make up"]
-    #[doc = "                              the returned signature value."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Operation completed successfully"]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_OPERATION_INCOMPLETE"]
-    #[doc = "         Operation was interrupted due to the setting of \\c"]
-    #[doc = "         psa_interruptible_set_max_ops(). There is still work to be done."]
-    #[doc = "         Call this function again with the same operation object."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_ERROR_BUFFER_TOO_SMALL"]
-    #[doc = "         The size of the \\p signature buffer is too small. You can"]
-    #[doc = "         determine a sufficient buffer size by calling"]
-    #[doc = "         #PSA_SIGN_OUTPUT_SIZE(\\c key_type, \\c key_bits, \\p alg)"]
-    #[doc = "         where \\c key_type and \\c key_bits are the type and bit-size"]
-    #[doc = "         respectively of \\p key."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         An operation was not previously started on this context via"]
-    #[doc = "         \\c psa_sign_hash_start()."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_ERROR_NOT_SUPPORTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_DATA_CORRUPT \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_DATA_INVALID \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_ENTROPY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The library has either not been previously initialized by"]
-    #[doc = "         psa_crypto_init() or you did not previously call"]
-    #[doc = "         psa_sign_hash_start() with this operation object. It is"]
-    #[doc = "         implementation-dependent whether a failure to initialize results in"]
-    #[doc = "         this error code."]
-    pub fn psa_sign_hash_complete(
-        operation: *mut psa_sign_hash_interruptible_operation_t,
-        signature: *mut u8,
-        signature_size: size_t,
-        signature_length: *mut size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " \\brief                       Abort a sign hash operation."]
-    #[doc = ""]
-    #[doc = " \\warning                     This is a beta API, and thus subject to change"]
-    #[doc = "                              at any point. It is not bound by the usual"]
-    #[doc = "                              interface stability promises."]
-    #[doc = ""]
-    #[doc = " \\note                        This function is the only function that clears"]
-    #[doc = "                              the number of ops completed as part of the"]
-    #[doc = "                              operation. Please ensure you copy this value via"]
-    #[doc = "                              \\c psa_sign_hash_get_num_ops() if required"]
-    #[doc = "                              before calling."]
-    #[doc = ""]
-    #[doc = " \\note                        Aborting an operation frees all associated"]
-    #[doc = "                              resources except for the \\p operation structure"]
-    #[doc = "                              itself. Once aborted, the operation object can"]
-    #[doc = "                              be reused for another operation by calling \\c"]
-    #[doc = "                              psa_sign_hash_start() again."]
-    #[doc = ""]
-    #[doc = " \\note                        You may call this function any time after the"]
-    #[doc = "                              operation object has been initialized. In"]
-    #[doc = "                              particular, calling \\c psa_sign_hash_abort()"]
-    #[doc = "                              after the operation has already been terminated"]
-    #[doc = "                              by a call to \\c psa_sign_hash_abort() or"]
-    #[doc = "                              psa_sign_hash_complete() is safe."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation     Initialized sign hash operation."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         The operation was aborted successfully."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_ERROR_NOT_SUPPORTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_sign_hash_abort(
-        operation: *mut psa_sign_hash_interruptible_operation_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " \\brief                       Start reading and verifying a hash or short"]
-    #[doc = "                              message, in an interruptible manner."]
-    #[doc = ""]
-    #[doc = " \\see                         \\c psa_verify_hash_complete()"]
-    #[doc = ""]
-    #[doc = " \\warning                     This is a beta API, and thus subject to change"]
-    #[doc = "                              at any point. It is not bound by the usual"]
-    #[doc = "                              interface stability promises."]
-    #[doc = ""]
-    #[doc = " \\note                        This function combined with \\c"]
-    #[doc = "                              psa_verify_hash_complete() is equivalent to"]
-    #[doc = "                              \\c psa_verify_hash() but \\c"]
-    #[doc = "                              psa_verify_hash_complete() can return early and"]
-    #[doc = "                              resume according to the limit set with \\c"]
-    #[doc = "                              psa_interruptible_set_max_ops() to reduce the"]
-    #[doc = "                              maximum time spent in a function."]
-    #[doc = ""]
-    #[doc = " \\note                        Users should call \\c psa_verify_hash_complete()"]
-    #[doc = "                              repeatedly on the same operation object after a"]
-    #[doc = "                              successful call to this function until \\c"]
-    #[doc = "                              psa_verify_hash_complete() either returns 0 or"]
-    #[doc = "                              an error. \\c psa_verify_hash_complete() will"]
-    #[doc = "                              return #PSA_OPERATION_INCOMPLETE if there is"]
-    #[doc = "                              more work to do. Alternatively users can call"]
-    #[doc = "                              \\c psa_verify_hash_abort() at any point if they"]
-    #[doc = "                              no longer want the result."]
-    #[doc = ""]
-    #[doc = " \\note                        If this function returns an error status, the"]
-    #[doc = "                              operation enters an error state and must be"]
-    #[doc = "                              aborted by calling \\c psa_verify_hash_abort()."]
-    #[doc = ""]
-    #[doc = " \\param[in, out] operation    The \\c psa_verify_hash_interruptible_operation_t"]
-    #[doc = "                              to use. This must be initialized first."]
-    #[doc = ""]
-    #[doc = " \\param key                   Identifier of the key to use for the operation."]
-    #[doc = "                              The key must allow the usage"]
-    #[doc = "                              #PSA_KEY_USAGE_VERIFY_HASH."]
-    #[doc = " \\param alg                   A signature algorithm (\\c PSA_ALG_XXX"]
-    #[doc = "                              value such that #PSA_ALG_IS_SIGN_HASH(\\p alg)"]
-    #[doc = "                              is true), that is compatible with"]
-    #[doc = "                              the type of \\p key."]
-    #[doc = " \\param[in] hash              The hash whose signature is to be verified."]
-    #[doc = " \\param hash_length           Size of the \\p hash buffer in bytes."]
-    #[doc = " \\param[in] signature         Buffer containing the signature to verify."]
-    #[doc = " \\param signature_length      Size of the \\p signature buffer in bytes."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         The operation started successfully - please call \\c"]
-    #[doc = "         psa_verify_hash_complete() with the same context to complete the"]
-    #[doc = "         operation."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         Another operation has already been started on this context, and is"]
-    #[doc = "         still in progress."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_ERROR_NOT_PERMITTED"]
-    #[doc = "         The key does not have the #PSA_KEY_USAGE_VERIFY_HASH flag, or it does"]
-    #[doc = "         not permit the requested algorithm."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_ERROR_NOT_SUPPORTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval PSA_ERROR_DATA_CORRUPT \\emptydescription"]
-    #[doc = " \\retval PSA_ERROR_DATA_INVALID \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_verify_hash_start(
-        operation: *mut psa_verify_hash_interruptible_operation_t,
-        key: mbedtls_svc_key_id_t,
-        alg: psa_algorithm_t,
-        hash: *const u8,
-        hash_length: size_t,
-        signature: *const u8,
-        signature_length: size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " \\brief                       Continue and eventually complete the action of"]
-    #[doc = "                              reading and verifying a hash or short message"]
-    #[doc = "                              signed with a private key, in an interruptible"]
-    #[doc = "                              manner."]
-    #[doc = ""]
-    #[doc = " \\see                         \\c psa_verify_hash_start()"]
-    #[doc = ""]
-    #[doc = " \\warning                     This is a beta API, and thus subject to change"]
-    #[doc = "                              at any point. It is not bound by the usual"]
-    #[doc = "                              interface stability promises."]
-    #[doc = ""]
-    #[doc = " \\note                        This function combined with \\c"]
-    #[doc = "                              psa_verify_hash_start() is equivalent to"]
-    #[doc = "                              \\c psa_verify_hash() but this function can"]
-    #[doc = "                              return early and resume according to the limit"]
-    #[doc = "                              set with \\c psa_interruptible_set_max_ops() to"]
-    #[doc = "                              reduce the maximum time spent in a function"]
-    #[doc = "                              call."]
-    #[doc = ""]
-    #[doc = " \\note                        Users should call this function on the same"]
-    #[doc = "                              operation object repeatedly until it either"]
-    #[doc = "                              returns 0 or an error. This function will return"]
-    #[doc = "                              #PSA_OPERATION_INCOMPLETE if there is more work"]
-    #[doc = "                              to do. Alternatively users can call"]
-    #[doc = "                              \\c psa_verify_hash_abort() at any point if they"]
-    #[doc = "                              no longer want the result."]
-    #[doc = ""]
-    #[doc = " \\note                        When this function returns successfully, the"]
-    #[doc = "                              operation becomes inactive. If this function"]
-    #[doc = "                              returns an error status, the operation enters an"]
-    #[doc = "                              error state and must be aborted by calling"]
-    #[doc = "                              \\c psa_verify_hash_abort()."]
-    #[doc = ""]
-    #[doc = " \\param[in, out] operation    The \\c psa_verify_hash_interruptible_operation_t"]
-    #[doc = "                              to use. This must be initialized first, and have"]
-    #[doc = "                              had \\c psa_verify_hash_start() called with it"]
-    #[doc = "                              first."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Operation completed successfully, and the passed signature is valid."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_OPERATION_INCOMPLETE"]
-    #[doc = "         Operation was interrupted due to the setting of \\c"]
-    #[doc = "         psa_interruptible_set_max_ops(). There is still work to be done."]
-    #[doc = "         Call this function again with the same operation object."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_ERROR_INVALID_HANDLE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INVALID_SIGNATURE"]
-    #[doc = "         The calculation was performed successfully, but the passed"]
-    #[doc = "         signature is not a valid signature."]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         An operation was not previously started on this context via"]
-    #[doc = "         \\c psa_verify_hash_start()."]
-    #[doc = " \\retval #PSA_ERROR_NOT_SUPPORTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_DATA_CORRUPT \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_DATA_INVALID \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_ENTROPY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The library has either not been previously initialized by"]
-    #[doc = "         psa_crypto_init() or you did not previously call"]
-    #[doc = "         psa_verify_hash_start() on this object. It is"]
-    #[doc = "         implementation-dependent whether a failure to initialize results in"]
-    #[doc = "         this error code."]
-    pub fn psa_verify_hash_complete(
-        operation: *mut psa_verify_hash_interruptible_operation_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " \\brief                     Abort a verify hash operation."]
-    #[doc = ""]
-    #[doc = " \\warning                   This is a beta API, and thus subject to change at"]
-    #[doc = "                            any point. It is not bound by the usual interface"]
-    #[doc = "                            stability promises."]
-    #[doc = ""]
-    #[doc = " \\note                      This function is the only function that clears the"]
-    #[doc = "                            number of ops completed as part of the operation."]
-    #[doc = "                            Please ensure you copy this value via"]
-    #[doc = "                            \\c psa_verify_hash_get_num_ops() if required"]
-    #[doc = "                            before calling."]
-    #[doc = ""]
-    #[doc = " \\note                      Aborting an operation frees all associated"]
-    #[doc = "                            resources except for the operation structure"]
-    #[doc = "                            itself. Once aborted, the operation object can be"]
-    #[doc = "                            reused for another operation by calling \\c"]
-    #[doc = "                            psa_verify_hash_start() again."]
-    #[doc = ""]
-    #[doc = " \\note                      You may call this function any time after the"]
-    #[doc = "                            operation object has been initialized."]
-    #[doc = "                            In particular, calling \\c psa_verify_hash_abort()"]
-    #[doc = "                            after the operation has already been terminated by"]
-    #[doc = "                            a call to \\c psa_verify_hash_abort() or"]
-    #[doc = "                            psa_verify_hash_complete() is safe."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation   Initialized verify hash operation."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         The operation was aborted successfully."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_ERROR_NOT_SUPPORTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_verify_hash_abort(
-        operation: *mut psa_verify_hash_interruptible_operation_t,
-    ) -> psa_status_t;
-}
-#[doc = " The CMAC context structure."]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_cmac_context_t {
-    pub private_state: [crate::c_types::c_uchar; 16usize],
-    pub private_unprocessed_block: [crate::c_types::c_uchar; 16usize],
-    pub private_unprocessed_len: size_t,
-}
-extern "C" {
-    #[doc = " \\brief               This function starts a new CMAC computation"]
-    #[doc = "                      by setting the CMAC key, and preparing to authenticate"]
-    #[doc = "                      the input data."]
-    #[doc = "                      It must be called with an initialized cipher context."]
-    #[doc = ""]
-    #[doc = "                      Once this function has completed, data can be supplied"]
-    #[doc = "                      to the CMAC computation by calling"]
-    #[doc = "                      mbedtls_cipher_cmac_update()."]
-    #[doc = ""]
-    #[doc = "                      To start a CMAC computation using the same key as a previous"]
-    #[doc = "                      CMAC computation, use mbedtls_cipher_cmac_finish()."]
-    #[doc = ""]
-    #[doc = " \\note                When the CMAC implementation is supplied by an alternate"]
-    #[doc = "                      implementation (through #MBEDTLS_CMAC_ALT), some ciphers"]
-    #[doc = "                      may not be supported by that implementation, and thus"]
-    #[doc = "                      return an error. Alternate implementations must support"]
-    #[doc = "                      AES-128 and AES-256, and may support AES-192 and 3DES."]
-    #[doc = ""]
-    #[doc = " \\param ctx           The cipher context used for the CMAC operation, initialized"]
-    #[doc = "                      as one of the following types: MBEDTLS_CIPHER_AES_128_ECB,"]
-    #[doc = "                      MBEDTLS_CIPHER_AES_192_ECB, MBEDTLS_CIPHER_AES_256_ECB,"]
-    #[doc = "                      or MBEDTLS_CIPHER_DES_EDE3_ECB."]
-    #[doc = " \\param key           The CMAC key."]
-    #[doc = " \\param keybits       The length of the CMAC key in bits."]
-    #[doc = "                      Must be supported by the cipher."]
-    #[doc = ""]
-    #[doc = " \\return              \\c 0 on success."]
-    #[doc = " \\return              A cipher-specific error code on failure."]
-    pub fn mbedtls_cipher_cmac_starts(
-        ctx: *mut mbedtls_cipher_context_t,
-        key: *const crate::c_types::c_uchar,
-        keybits: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief               This function feeds an input buffer into an ongoing CMAC"]
-    #[doc = "                      computation."]
-    #[doc = ""]
-    #[doc = "                      The CMAC computation must have previously been started"]
-    #[doc = "                      by calling mbedtls_cipher_cmac_starts() or"]
-    #[doc = "                      mbedtls_cipher_cmac_reset()."]
-    #[doc = ""]
-    #[doc = "                      Call this function as many times as needed to input the"]
-    #[doc = "                      data to be authenticated."]
-    #[doc = "                      Once all of the required data has been input,"]
-    #[doc = "                      call mbedtls_cipher_cmac_finish() to obtain the result"]
-    #[doc = "                      of the CMAC operation."]
-    #[doc = ""]
-    #[doc = " \\param ctx           The cipher context used for the CMAC operation."]
-    #[doc = " \\param input         The buffer holding the input data."]
-    #[doc = " \\param ilen          The length of the input data."]
-    #[doc = ""]
-    #[doc = " \\return             \\c 0 on success."]
-    #[doc = " \\return             #MBEDTLS_ERR_MD_BAD_INPUT_DATA"]
-    #[doc = "                     if parameter verification fails."]
-    pub fn mbedtls_cipher_cmac_update(
-        ctx: *mut mbedtls_cipher_context_t,
-        input: *const crate::c_types::c_uchar,
-        ilen: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief               This function finishes an ongoing CMAC operation, and"]
-    #[doc = "                      writes the result to the output buffer."]
-    #[doc = ""]
-    #[doc = "                      It should be followed either by"]
-    #[doc = "                      mbedtls_cipher_cmac_reset(), which starts another CMAC"]
-    #[doc = "                      operation with the same key, or mbedtls_cipher_free(),"]
-    #[doc = "                      which clears the cipher context."]
-    #[doc = ""]
-    #[doc = " \\param ctx           The cipher context used for the CMAC operation."]
-    #[doc = " \\param output        The output buffer for the CMAC checksum result."]
-    #[doc = ""]
-    #[doc = " \\return              \\c 0 on success."]
-    #[doc = " \\return              #MBEDTLS_ERR_MD_BAD_INPUT_DATA"]
-    #[doc = "                      if parameter verification fails."]
-    pub fn mbedtls_cipher_cmac_finish(
-        ctx: *mut mbedtls_cipher_context_t,
-        output: *mut crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief               This function starts a new CMAC operation with the same"]
-    #[doc = "                      key as the previous one."]
-    #[doc = ""]
-    #[doc = "                      It should be called after finishing the previous CMAC"]
-    #[doc = "                      operation with mbedtls_cipher_cmac_finish()."]
-    #[doc = "                      After calling this function,"]
-    #[doc = "                      call mbedtls_cipher_cmac_update() to supply the new"]
-    #[doc = "                      CMAC operation with data."]
-    #[doc = ""]
-    #[doc = " \\param ctx           The cipher context used for the CMAC operation."]
-    #[doc = ""]
-    #[doc = " \\return              \\c 0 on success."]
-    #[doc = " \\return              #MBEDTLS_ERR_MD_BAD_INPUT_DATA"]
-    #[doc = "                      if parameter verification fails."]
-    pub fn mbedtls_cipher_cmac_reset(ctx: *mut mbedtls_cipher_context_t) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief               This function calculates the full generic CMAC"]
-    #[doc = "                      on the input buffer with the provided key."]
-    #[doc = ""]
-    #[doc = "                      The function allocates the context, performs the"]
-    #[doc = "                      calculation, and frees the context."]
-    #[doc = ""]
-    #[doc = "                      The CMAC result is calculated as"]
-    #[doc = "                      output = generic CMAC(cmac key, input buffer)."]
-    #[doc = ""]
-    #[doc = " \\note                When the CMAC implementation is supplied by an alternate"]
-    #[doc = "                      implementation (through #MBEDTLS_CMAC_ALT), some ciphers"]
-    #[doc = "                      may not be supported by that implementation, and thus"]
-    #[doc = "                      return an error. Alternate implementations must support"]
-    #[doc = "                      AES-128 and AES-256, and may support AES-192 and 3DES."]
-    #[doc = ""]
-    #[doc = " \\param cipher_info   The cipher information."]
-    #[doc = " \\param key           The CMAC key."]
-    #[doc = " \\param keylen        The length of the CMAC key in bits."]
-    #[doc = " \\param input         The buffer holding the input data."]
-    #[doc = " \\param ilen          The length of the input data."]
-    #[doc = " \\param output        The buffer for the generic CMAC result."]
-    #[doc = ""]
-    #[doc = " \\return              \\c 0 on success."]
-    #[doc = " \\return              #MBEDTLS_ERR_MD_BAD_INPUT_DATA"]
-    #[doc = "                      if parameter verification fails."]
-    pub fn mbedtls_cipher_cmac(
-        cipher_info: *const mbedtls_cipher_info_t,
-        key: *const crate::c_types::c_uchar,
-        keylen: size_t,
-        input: *const crate::c_types::c_uchar,
-        ilen: size_t,
-        output: *mut crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function implements the AES-CMAC-PRF-128 pseudorandom"]
-    #[doc = "                  function, as defined in"]
-    #[doc = "                  <em>RFC-4615: The Advanced Encryption Standard-Cipher-based"]
-    #[doc = "                  Message Authentication Code-Pseudo-Random Function-128"]
-    #[doc = "                  (AES-CMAC-PRF-128) Algorithm for the Internet Key"]
-    #[doc = "                  Exchange Protocol (IKE).</em>"]
-    #[doc = ""]
-    #[doc = " \\param key       The key to use."]
-    #[doc = " \\param key_len   The key length in Bytes."]
-    #[doc = " \\param input     The buffer holding the input data."]
-    #[doc = " \\param in_len    The length of the input data in Bytes."]
-    #[doc = " \\param output    The buffer holding the generated 16 Bytes of"]
-    #[doc = "                  pseudorandom output."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    pub fn mbedtls_aes_cmac_prf_128(
-        key: *const crate::c_types::c_uchar,
-        key_len: size_t,
-        input: *const crate::c_types::c_uchar,
-        in_len: size_t,
-        output: *mut crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          The CMAC checkup routine."]
-    #[doc = ""]
-    #[doc = " \\note           In case the CMAC routines are provided by an alternative"]
-    #[doc = "                 implementation (i.e. #MBEDTLS_CMAC_ALT is defined), the"]
-    #[doc = "                 checkup routine will succeed even if the implementation does"]
-    #[doc = "                 not support the less widely used AES-192 or 3DES primitives."]
-    #[doc = "                 The self-test requires at least AES-128 and AES-256 to be"]
-    #[doc = "                 supported by the underlying implementation."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         \\c 1 on failure."]
-    pub fn mbedtls_cmac_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
-}
-#[doc = " \\brief          The GCM context structure."]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_gcm_context {
-    pub private_cipher_ctx: mbedtls_cipher_context_t,
-    pub private_HL: [u64; 16usize],
-    pub private_HH: [u64; 16usize],
-    pub private_len: u64,
-    pub private_add_len: u64,
-    pub private_base_ectr: [crate::c_types::c_uchar; 16usize],
-    pub private_y: [crate::c_types::c_uchar; 16usize],
-    pub private_buf: [crate::c_types::c_uchar; 16usize],
-    pub private_mode: crate::c_types::c_int,
-}
-extern "C" {
-    #[doc = " \\brief           This function initializes the specified GCM context,"]
-    #[doc = "                  to make references valid, and prepares the context"]
-    #[doc = "                  for mbedtls_gcm_setkey() or mbedtls_gcm_free()."]
-    #[doc = ""]
-    #[doc = "                  The function does not bind the GCM context to a particular"]
-    #[doc = "                  cipher, nor set the key. For this purpose, use"]
-    #[doc = "                  mbedtls_gcm_setkey()."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The GCM context to initialize. This must not be \\c NULL."]
-    pub fn mbedtls_gcm_init(ctx: *mut mbedtls_gcm_context);
-}
-extern "C" {
-    #[doc = " \\brief           This function associates a GCM context with a"]
-    #[doc = "                  cipher algorithm and a key."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The GCM context. This must be initialized."]
-    #[doc = " \\param cipher    The 128-bit block cipher to use."]
-    #[doc = " \\param key       The encryption key. This must be a readable buffer of at"]
-    #[doc = "                  least \\p keybits bits."]
-    #[doc = " \\param keybits   The key size in bits. Valid options are:"]
-    #[doc = "                  <ul><li>128 bits</li>"]
-    #[doc = "                  <li>192 bits</li>"]
-    #[doc = "                  <li>256 bits</li></ul>"]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          A cipher-specific error code on failure."]
-    pub fn mbedtls_gcm_setkey(
-        ctx: *mut mbedtls_gcm_context,
-        cipher: mbedtls_cipher_id_t,
-        key: *const crate::c_types::c_uchar,
-        keybits: crate::c_types::c_uint,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function performs GCM encryption or decryption of a buffer."]
-    #[doc = ""]
-    #[doc = " \\note            For encryption, the output buffer can be the same as the"]
-    #[doc = "                  input buffer. For decryption, the output buffer cannot be"]
-    #[doc = "                  the same as input buffer. If the buffers overlap, the output"]
-    #[doc = "                  buffer must trail at least 8 Bytes behind the input buffer."]
-    #[doc = ""]
-    #[doc = " \\warning         When this function performs a decryption, it outputs the"]
-    #[doc = "                  authentication tag and does not verify that the data is"]
-    #[doc = "                  authentic. You should use this function to perform encryption"]
-    #[doc = "                  only. For decryption, use mbedtls_gcm_auth_decrypt() instead."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The GCM context to use for encryption or decryption. This"]
-    #[doc = "                  must be initialized."]
-    #[doc = " \\param mode      The operation to perform:"]
-    #[doc = "                  - #MBEDTLS_GCM_ENCRYPT to perform authenticated encryption."]
-    #[doc = "                    The ciphertext is written to \\p output and the"]
-    #[doc = "                    authentication tag is written to \\p tag."]
-    #[doc = "                  - #MBEDTLS_GCM_DECRYPT to perform decryption."]
-    #[doc = "                    The plaintext is written to \\p output and the"]
-    #[doc = "                    authentication tag is written to \\p tag."]
-    #[doc = "                    Note that this mode is not recommended, because it does"]
-    #[doc = "                    not verify the authenticity of the data. For this reason,"]
-    #[doc = "                    you should use mbedtls_gcm_auth_decrypt() instead of"]
-    #[doc = "                    calling this function in decryption mode."]
-    #[doc = " \\param length    The length of the input data, which is equal to the length"]
-    #[doc = "                  of the output data."]
-    #[doc = " \\param iv        The initialization vector. This must be a readable buffer of"]
-    #[doc = "                  at least \\p iv_len Bytes."]
-    #[doc = " \\param iv_len    The length of the IV."]
-    #[doc = " \\param add       The buffer holding the additional data. This must be of at"]
-    #[doc = "                  least that size in Bytes."]
-    #[doc = " \\param add_len   The length of the additional data."]
-    #[doc = " \\param input     The buffer holding the input data. If \\p length is greater"]
-    #[doc = "                  than zero, this must be a readable buffer of at least that"]
-    #[doc = "                  size in Bytes."]
-    #[doc = " \\param output    The buffer for holding the output data. If \\p length is greater"]
-    #[doc = "                  than zero, this must be a writable buffer of at least that"]
-    #[doc = "                  size in Bytes."]
-    #[doc = " \\param tag_len   The length of the tag to generate."]
-    #[doc = " \\param tag       The buffer for holding the tag. This must be a writable"]
-    #[doc = "                  buffer of at least \\p tag_len Bytes."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 if the encryption or decryption was performed"]
-    #[doc = "                  successfully. Note that in #MBEDTLS_GCM_DECRYPT mode,"]
-    #[doc = "                  this does not indicate that the data is authentic."]
-    #[doc = " \\return          #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths or pointers are"]
-    #[doc = "                  not valid or a cipher-specific error code if the encryption"]
-    #[doc = "                  or decryption failed."]
-    pub fn mbedtls_gcm_crypt_and_tag(
-        ctx: *mut mbedtls_gcm_context,
-        mode: crate::c_types::c_int,
-        length: size_t,
-        iv: *const crate::c_types::c_uchar,
-        iv_len: size_t,
-        add: *const crate::c_types::c_uchar,
-        add_len: size_t,
-        input: *const crate::c_types::c_uchar,
-        output: *mut crate::c_types::c_uchar,
-        tag_len: size_t,
-        tag: *mut crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function performs a GCM authenticated decryption of a"]
-    #[doc = "                  buffer."]
-    #[doc = ""]
-    #[doc = " \\note            For decryption, the output buffer cannot be the same as"]
-    #[doc = "                  input buffer. If the buffers overlap, the output buffer"]
-    #[doc = "                  must trail at least 8 Bytes behind the input buffer."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The GCM context. This must be initialized."]
-    #[doc = " \\param length    The length of the ciphertext to decrypt, which is also"]
-    #[doc = "                  the length of the decrypted plaintext."]
-    #[doc = " \\param iv        The initialization vector. This must be a readable buffer"]
-    #[doc = "                  of at least \\p iv_len Bytes."]
-    #[doc = " \\param iv_len    The length of the IV."]
-    #[doc = " \\param add       The buffer holding the additional data. This must be of at"]
-    #[doc = "                  least that size in Bytes."]
-    #[doc = " \\param add_len   The length of the additional data."]
-    #[doc = " \\param tag       The buffer holding the tag to verify. This must be a"]
-    #[doc = "                  readable buffer of at least \\p tag_len Bytes."]
-    #[doc = " \\param tag_len   The length of the tag to verify."]
-    #[doc = " \\param input     The buffer holding the ciphertext. If \\p length is greater"]
-    #[doc = "                  than zero, this must be a readable buffer of at least that"]
-    #[doc = "                  size."]
-    #[doc = " \\param output    The buffer for holding the decrypted plaintext. If \\p length"]
-    #[doc = "                  is greater than zero, this must be a writable buffer of at"]
-    #[doc = "                  least that size."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 if successful and authenticated."]
-    #[doc = " \\return          #MBEDTLS_ERR_GCM_AUTH_FAILED if the tag does not match."]
-    #[doc = " \\return          #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths or pointers are"]
-    #[doc = "                  not valid or a cipher-specific error code if the decryption"]
-    #[doc = "                  failed."]
-    pub fn mbedtls_gcm_auth_decrypt(
-        ctx: *mut mbedtls_gcm_context,
-        length: size_t,
-        iv: *const crate::c_types::c_uchar,
-        iv_len: size_t,
-        add: *const crate::c_types::c_uchar,
-        add_len: size_t,
-        tag: *const crate::c_types::c_uchar,
-        tag_len: size_t,
-        input: *const crate::c_types::c_uchar,
-        output: *mut crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function starts a GCM encryption or decryption"]
-    #[doc = "                  operation."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The GCM context. This must be initialized."]
-    #[doc = " \\param mode      The operation to perform: #MBEDTLS_GCM_ENCRYPT or"]
-    #[doc = "                  #MBEDTLS_GCM_DECRYPT."]
-    #[doc = " \\param iv        The initialization vector. This must be a readable buffer of"]
-    #[doc = "                  at least \\p iv_len Bytes."]
-    #[doc = " \\param iv_len    The length of the IV."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    pub fn mbedtls_gcm_starts(
-        ctx: *mut mbedtls_gcm_context,
-        mode: crate::c_types::c_int,
-        iv: *const crate::c_types::c_uchar,
-        iv_len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function feeds an input buffer as associated data"]
-    #[doc = "                  (authenticated but not encrypted data) in a GCM"]
-    #[doc = "                  encryption or decryption operation."]
-    #[doc = ""]
-    #[doc = "                  Call this function after mbedtls_gcm_starts() to pass"]
-    #[doc = "                  the associated data. If the associated data is empty,"]
-    #[doc = "                  you do not need to call this function. You may not"]
-    #[doc = "                  call this function after calling mbedtls_cipher_update()."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The GCM context. This must have been started with"]
-    #[doc = "                  mbedtls_gcm_starts() and must not have yet received"]
-    #[doc = "                  any input with mbedtls_gcm_update()."]
-    #[doc = " \\param add       The buffer holding the additional data, or \\c NULL"]
-    #[doc = "                  if \\p add_len is \\c 0."]
-    #[doc = " \\param add_len   The length of the additional data. If \\c 0,"]
-    #[doc = "                  \\p add may be \\c NULL."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    pub fn mbedtls_gcm_update_ad(
-        ctx: *mut mbedtls_gcm_context,
-        add: *const crate::c_types::c_uchar,
-        add_len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function feeds an input buffer into an ongoing GCM"]
-    #[doc = "                  encryption or decryption operation."]
-    #[doc = ""]
-    #[doc = "                  You may call this function zero, one or more times"]
-    #[doc = "                  to pass successive parts of the input: the plaintext to"]
-    #[doc = "                  encrypt, or the ciphertext (not including the tag) to"]
-    #[doc = "                  decrypt. After the last part of the input, call"]
-    #[doc = "                  mbedtls_gcm_finish()."]
-    #[doc = ""]
-    #[doc = "                  This function may produce output in one of the following"]
-    #[doc = "                  ways:"]
-    #[doc = "                  - Immediate output: the output length is always equal"]
-    #[doc = "                    to the input length."]
-    #[doc = "                  - Buffered output: the output consists of a whole number"]
-    #[doc = "                    of 16-byte blocks. If the total input length so far"]
-    #[doc = "                    (not including associated data) is 16 \\* *B* + *A*"]
-    #[doc = "                    with *A* < 16 then the total output length is 16 \\* *B*."]
-    #[doc = ""]
-    #[doc = "                  In particular:"]
-    #[doc = "                  - It is always correct to call this function with"]
-    #[doc = "                    \\p output_size >= \\p input_length + 15."]
-    #[doc = "                  - If \\p input_length is a multiple of 16 for all the calls"]
-    #[doc = "                    to this function during an operation, then it is"]
-    #[doc = "                    correct to use \\p output_size = \\p input_length."]
-    #[doc = ""]
-    #[doc = " \\note            For decryption, the output buffer cannot be the same as"]
-    #[doc = "                  input buffer. If the buffers overlap, the output buffer"]
-    #[doc = "                  must trail at least 8 Bytes behind the input buffer."]
-    #[doc = ""]
-    #[doc = " \\param ctx           The GCM context. This must be initialized."]
-    #[doc = " \\param input         The buffer holding the input data. If \\p input_length"]
-    #[doc = "                      is greater than zero, this must be a readable buffer"]
-    #[doc = "                      of at least \\p input_length bytes."]
-    #[doc = " \\param input_length  The length of the input data in bytes."]
-    #[doc = " \\param output        The buffer for the output data. If \\p output_size"]
-    #[doc = "                      is greater than zero, this must be a writable buffer of"]
-    #[doc = "                      of at least \\p output_size bytes."]
-    #[doc = " \\param output_size   The size of the output buffer in bytes."]
-    #[doc = "                      See the function description regarding the output size."]
-    #[doc = " \\param output_length On success, \\p *output_length contains the actual"]
-    #[doc = "                      length of the output written in \\p output."]
-    #[doc = "                      On failure, the content of \\p *output_length is"]
-    #[doc = "                      unspecified."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         #MBEDTLS_ERR_GCM_BAD_INPUT on failure:"]
-    #[doc = "                 total input length too long,"]
-    #[doc = "                 unsupported input/output buffer overlap detected,"]
-    #[doc = "                 or \\p output_size too small."]
-    pub fn mbedtls_gcm_update(
-        ctx: *mut mbedtls_gcm_context,
-        input: *const crate::c_types::c_uchar,
-        input_length: size_t,
-        output: *mut crate::c_types::c_uchar,
-        output_size: size_t,
-        output_length: *mut size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function finishes the GCM operation and generates"]
-    #[doc = "                  the authentication tag."]
-    #[doc = ""]
-    #[doc = "                  It wraps up the GCM stream, and generates the"]
-    #[doc = "                  tag. The tag can have a maximum length of 16 Bytes."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The GCM context. This must be initialized."]
-    #[doc = " \\param tag       The buffer for holding the tag. This must be a writable"]
-    #[doc = "                  buffer of at least \\p tag_len Bytes."]
-    #[doc = " \\param tag_len   The length of the tag to generate. This must be at least"]
-    #[doc = "                  four."]
-    #[doc = " \\param output    The buffer for the final output."]
-    #[doc = "                  If \\p output_size is nonzero, this must be a writable"]
-    #[doc = "                  buffer of at least \\p output_size bytes."]
-    #[doc = " \\param output_size  The size of the \\p output buffer in bytes."]
-    #[doc = "                  This must be large enough for the output that"]
-    #[doc = "                  mbedtls_gcm_update() has not produced. In particular:"]
-    #[doc = "                  - If mbedtls_gcm_update() produces immediate output,"]
-    #[doc = "                    or if the total input size is a multiple of \\c 16,"]
-    #[doc = "                    then mbedtls_gcm_finish() never produces any output,"]
-    #[doc = "                    so \\p output_size can be \\c 0."]
-    #[doc = "                  - \\p output_size never needs to be more than \\c 15."]
-    #[doc = " \\param output_length On success, \\p *output_length contains the actual"]
-    #[doc = "                      length of the output written in \\p output."]
-    #[doc = "                      On failure, the content of \\p *output_length is"]
-    #[doc = "                      unspecified."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          #MBEDTLS_ERR_GCM_BAD_INPUT on failure:"]
-    #[doc = "                  invalid value of \\p tag_len,"]
-    #[doc = "                  or \\p output_size too small."]
-    pub fn mbedtls_gcm_finish(
-        ctx: *mut mbedtls_gcm_context,
-        output: *mut crate::c_types::c_uchar,
-        output_size: size_t,
-        output_length: *mut size_t,
-        tag: *mut crate::c_types::c_uchar,
-        tag_len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function clears a GCM context and the underlying"]
-    #[doc = "                  cipher sub-context."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The GCM context to clear. If this is \\c NULL, the call has"]
-    #[doc = "                  no effect. Otherwise, this must be initialized."]
-    pub fn mbedtls_gcm_free(ctx: *mut mbedtls_gcm_context);
-}
-extern "C" {
-    #[doc = " \\brief          The GCM checkup routine."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         \\c 1 on failure."]
-    pub fn mbedtls_gcm_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
-}
-#[doc = " \\brief    The CCM context-type definition. The CCM context is passed"]
-#[doc = "           to the APIs called."]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_ccm_context {
-    pub private_y: [crate::c_types::c_uchar; 16usize],
-    pub private_ctr: [crate::c_types::c_uchar; 16usize],
-    pub private_cipher_ctx: mbedtls_cipher_context_t,
-    pub private_plaintext_len: size_t,
-    pub private_add_len: size_t,
-    pub private_tag_len: size_t,
-    pub private_processed: size_t,
-    pub private_q: crate::c_types::c_uchar,
-    pub private_mode: crate::c_types::c_uchar,
-    pub private_state: crate::c_types::c_int,
-}
-extern "C" {
-    #[doc = " \\brief           This function initializes the specified CCM context,"]
-    #[doc = "                  to make references valid, and prepare the context"]
-    #[doc = "                  for mbedtls_ccm_setkey() or mbedtls_ccm_free()."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The CCM context to initialize. This must not be \\c NULL."]
-    pub fn mbedtls_ccm_init(ctx: *mut mbedtls_ccm_context);
-}
-extern "C" {
-    #[doc = " \\brief           This function initializes the CCM context set in the"]
-    #[doc = "                  \\p ctx parameter and sets the encryption key."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The CCM context to initialize. This must be an initialized"]
-    #[doc = "                  context."]
-    #[doc = " \\param cipher    The 128-bit block cipher to use."]
-    #[doc = " \\param key       The encryption key. This must not be \\c NULL."]
-    #[doc = " \\param keybits   The key size in bits. This must be acceptable by the cipher."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          A CCM or cipher-specific error code on failure."]
-    pub fn mbedtls_ccm_setkey(
-        ctx: *mut mbedtls_ccm_context,
-        cipher: mbedtls_cipher_id_t,
-        key: *const crate::c_types::c_uchar,
-        keybits: crate::c_types::c_uint,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief   This function releases and clears the specified CCM context"]
-    #[doc = "          and underlying cipher sub-context."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The CCM context to clear. If this is \\c NULL, the function"]
-    #[doc = "                  has no effect. Otherwise, this must be initialized."]
-    pub fn mbedtls_ccm_free(ctx: *mut mbedtls_ccm_context);
-}
-extern "C" {
-    #[doc = " \\brief           This function encrypts a buffer using CCM."]
-    #[doc = ""]
-    #[doc = " \\note            The tag is written to a separate buffer. To concatenate"]
-    #[doc = "                  the \\p tag with the \\p output, as done in <em>RFC-3610:"]
-    #[doc = "                  Counter with CBC-MAC (CCM)</em>, use"]
-    #[doc = "                  \\p tag = \\p output + \\p length, and make sure that the"]
-    #[doc = "                  output buffer is at least \\p length + \\p tag_len wide."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The CCM context to use for encryption. This must be"]
-    #[doc = "                  initialized and bound to a key."]
-    #[doc = " \\param length    The length of the input data in Bytes."]
-    #[doc = " \\param iv        The initialization vector (nonce). This must be a readable"]
-    #[doc = "                  buffer of at least \\p iv_len Bytes."]
-    #[doc = " \\param iv_len    The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,"]
-    #[doc = "                  or 13. The length L of the message length field is"]
-    #[doc = "                  15 - \\p iv_len."]
-    #[doc = " \\param ad        The additional data field. If \\p ad_len is greater than"]
-    #[doc = "                  zero, \\p ad must be a readable buffer of at least that"]
-    #[doc = "                  length."]
-    #[doc = " \\param ad_len    The length of additional data in Bytes."]
-    #[doc = "                  This must be less than `2^16 - 2^8`."]
-    #[doc = " \\param input     The buffer holding the input data. If \\p length is greater"]
-    #[doc = "                  than zero, \\p input must be a readable buffer of at least"]
-    #[doc = "                  that length."]
-    #[doc = " \\param output    The buffer holding the output data. If \\p length is greater"]
-    #[doc = "                  than zero, \\p output must be a writable buffer of at least"]
-    #[doc = "                  that length."]
-    #[doc = " \\param tag       The buffer holding the authentication field. This must be a"]
-    #[doc = "                  writable buffer of at least \\p tag_len Bytes."]
-    #[doc = " \\param tag_len   The length of the authentication field to generate in Bytes:"]
-    #[doc = "                  4, 6, 8, 10, 12, 14 or 16."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          A CCM or cipher-specific error code on failure."]
-    pub fn mbedtls_ccm_encrypt_and_tag(
-        ctx: *mut mbedtls_ccm_context,
-        length: size_t,
-        iv: *const crate::c_types::c_uchar,
-        iv_len: size_t,
-        ad: *const crate::c_types::c_uchar,
-        ad_len: size_t,
-        input: *const crate::c_types::c_uchar,
-        output: *mut crate::c_types::c_uchar,
-        tag: *mut crate::c_types::c_uchar,
-        tag_len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function encrypts a buffer using CCM*."]
-    #[doc = ""]
-    #[doc = " \\note            The tag is written to a separate buffer. To concatenate"]
-    #[doc = "                  the \\p tag with the \\p output, as done in <em>RFC-3610:"]
-    #[doc = "                  Counter with CBC-MAC (CCM)</em>, use"]
-    #[doc = "                  \\p tag = \\p output + \\p length, and make sure that the"]
-    #[doc = "                  output buffer is at least \\p length + \\p tag_len wide."]
-    #[doc = ""]
-    #[doc = " \\note            When using this function in a variable tag length context,"]
-    #[doc = "                  the tag length has to be encoded into the \\p iv passed to"]
-    #[doc = "                  this function."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The CCM context to use for encryption. This must be"]
-    #[doc = "                  initialized and bound to a key."]
-    #[doc = " \\param length    The length of the input data in Bytes."]
-    #[doc = "                  For tag length = 0, input length is ignored."]
-    #[doc = " \\param iv        The initialization vector (nonce). This must be a readable"]
-    #[doc = "                  buffer of at least \\p iv_len Bytes."]
-    #[doc = " \\param iv_len    The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,"]
-    #[doc = "                  or 13. The length L of the message length field is"]
-    #[doc = "                  15 - \\p iv_len."]
-    #[doc = " \\param ad        The additional data field. This must be a readable buffer of"]
-    #[doc = "                  at least \\p ad_len Bytes."]
-    #[doc = " \\param ad_len    The length of additional data in Bytes."]
-    #[doc = "                  This must be less than 2^16 - 2^8."]
-    #[doc = " \\param input     The buffer holding the input data. If \\p length is greater"]
-    #[doc = "                  than zero, \\p input must be a readable buffer of at least"]
-    #[doc = "                  that length."]
-    #[doc = " \\param output    The buffer holding the output data. If \\p length is greater"]
-    #[doc = "                  than zero, \\p output must be a writable buffer of at least"]
-    #[doc = "                  that length."]
-    #[doc = " \\param tag       The buffer holding the authentication field. This must be a"]
-    #[doc = "                  writable buffer of at least \\p tag_len Bytes."]
-    #[doc = " \\param tag_len   The length of the authentication field to generate in Bytes:"]
-    #[doc = "                  0, 4, 6, 8, 10, 12, 14 or 16."]
-    #[doc = ""]
-    #[doc = " \\warning         Passing \\c 0 as \\p tag_len means that the message is no"]
-    #[doc = "                  longer authenticated."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          A CCM or cipher-specific error code on failure."]
-    pub fn mbedtls_ccm_star_encrypt_and_tag(
-        ctx: *mut mbedtls_ccm_context,
-        length: size_t,
-        iv: *const crate::c_types::c_uchar,
-        iv_len: size_t,
-        ad: *const crate::c_types::c_uchar,
-        ad_len: size_t,
-        input: *const crate::c_types::c_uchar,
-        output: *mut crate::c_types::c_uchar,
-        tag: *mut crate::c_types::c_uchar,
-        tag_len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function performs a CCM authenticated decryption of a"]
-    #[doc = "                  buffer."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The CCM context to use for decryption. This must be"]
-    #[doc = "                  initialized and bound to a key."]
-    #[doc = " \\param length    The length of the input data in Bytes."]
-    #[doc = " \\param iv        The initialization vector (nonce). This must be a readable"]
-    #[doc = "                  buffer of at least \\p iv_len Bytes."]
-    #[doc = " \\param iv_len    The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,"]
-    #[doc = "                  or 13. The length L of the message length field is"]
-    #[doc = "                  15 - \\p iv_len."]
-    #[doc = " \\param ad        The additional data field. This must be a readable buffer"]
-    #[doc = "                  of at least that \\p ad_len Bytes.."]
-    #[doc = " \\param ad_len    The length of additional data in Bytes."]
-    #[doc = "                  This must be less than 2^16 - 2^8."]
-    #[doc = " \\param input     The buffer holding the input data. If \\p length is greater"]
-    #[doc = "                  than zero, \\p input must be a readable buffer of at least"]
-    #[doc = "                  that length."]
-    #[doc = " \\param output    The buffer holding the output data. If \\p length is greater"]
-    #[doc = "                  than zero, \\p output must be a writable buffer of at least"]
-    #[doc = "                  that length."]
-    #[doc = " \\param tag       The buffer holding the authentication field. This must be a"]
-    #[doc = "                  readable buffer of at least \\p tag_len Bytes."]
-    #[doc = " \\param tag_len   The length of the authentication field to generate in Bytes:"]
-    #[doc = "                  4, 6, 8, 10, 12, 14 or 16."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success. This indicates that the message is authentic."]
-    #[doc = " \\return          #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match."]
-    #[doc = " \\return          A cipher-specific error code on calculation failure."]
-    pub fn mbedtls_ccm_auth_decrypt(
-        ctx: *mut mbedtls_ccm_context,
-        length: size_t,
-        iv: *const crate::c_types::c_uchar,
-        iv_len: size_t,
-        ad: *const crate::c_types::c_uchar,
-        ad_len: size_t,
-        input: *const crate::c_types::c_uchar,
-        output: *mut crate::c_types::c_uchar,
-        tag: *const crate::c_types::c_uchar,
-        tag_len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function performs a CCM* authenticated decryption of a"]
-    #[doc = "                  buffer."]
-    #[doc = ""]
-    #[doc = " \\note            When using this function in a variable tag length context,"]
-    #[doc = "                  the tag length has to be decoded from \\p iv and passed to"]
-    #[doc = "                  this function as \\p tag_len. (\\p tag needs to be adjusted"]
-    #[doc = "                  accordingly.)"]
-    #[doc = ""]
-    #[doc = " \\param ctx       The CCM context to use for decryption. This must be"]
-    #[doc = "                  initialized and bound to a key."]
-    #[doc = " \\param length    The length of the input data in Bytes."]
-    #[doc = "                  For tag length = 0, input length is ignored."]
-    #[doc = " \\param iv        The initialization vector (nonce). This must be a readable"]
-    #[doc = "                  buffer of at least \\p iv_len Bytes."]
-    #[doc = " \\param iv_len    The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,"]
-    #[doc = "                  or 13. The length L of the message length field is"]
-    #[doc = "                  15 - \\p iv_len."]
-    #[doc = " \\param ad        The additional data field. This must be a readable buffer of"]
-    #[doc = "                  at least that \\p ad_len Bytes."]
-    #[doc = " \\param ad_len    The length of additional data in Bytes."]
-    #[doc = "                  This must be less than 2^16 - 2^8."]
-    #[doc = " \\param input     The buffer holding the input data. If \\p length is greater"]
-    #[doc = "                  than zero, \\p input must be a readable buffer of at least"]
-    #[doc = "                  that length."]
-    #[doc = " \\param output    The buffer holding the output data. If \\p length is greater"]
-    #[doc = "                  than zero, \\p output must be a writable buffer of at least"]
-    #[doc = "                  that length."]
-    #[doc = " \\param tag       The buffer holding the authentication field. This must be a"]
-    #[doc = "                  readable buffer of at least \\p tag_len Bytes."]
-    #[doc = " \\param tag_len   The length of the authentication field in Bytes."]
-    #[doc = "                  0, 4, 6, 8, 10, 12, 14 or 16."]
-    #[doc = ""]
-    #[doc = " \\warning         Passing \\c 0 as \\p tag_len means that the message is nos"]
-    #[doc = "                  longer authenticated."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match."]
-    #[doc = " \\return          A cipher-specific error code on calculation failure."]
-    pub fn mbedtls_ccm_star_auth_decrypt(
-        ctx: *mut mbedtls_ccm_context,
-        length: size_t,
-        iv: *const crate::c_types::c_uchar,
-        iv_len: size_t,
-        ad: *const crate::c_types::c_uchar,
-        ad_len: size_t,
-        input: *const crate::c_types::c_uchar,
-        output: *mut crate::c_types::c_uchar,
-        tag: *const crate::c_types::c_uchar,
-        tag_len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function starts a CCM encryption or decryption"]
-    #[doc = "                  operation."]
-    #[doc = ""]
-    #[doc = "                  This function and mbedtls_ccm_set_lengths() must be called"]
-    #[doc = "                  before calling mbedtls_ccm_update_ad() or"]
-    #[doc = "                  mbedtls_ccm_update(). This function can be called before"]
-    #[doc = "                  or after mbedtls_ccm_set_lengths()."]
-    #[doc = ""]
-    #[doc = " \\note            This function is not implemented in Mbed TLS yet."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The CCM context. This must be initialized."]
-    #[doc = " \\param mode      The operation to perform: #MBEDTLS_CCM_ENCRYPT or"]
-    #[doc = "                  #MBEDTLS_CCM_DECRYPT or #MBEDTLS_CCM_STAR_ENCRYPT or"]
-    #[doc = "                  #MBEDTLS_CCM_STAR_DECRYPT."]
-    #[doc = " \\param iv        The initialization vector. This must be a readable buffer"]
-    #[doc = "                  of at least \\p iv_len Bytes."]
-    #[doc = " \\param iv_len    The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,"]
-    #[doc = "                  or 13. The length L of the message length field is"]
-    #[doc = "                  15 - \\p iv_len."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          #MBEDTLS_ERR_CCM_BAD_INPUT on failure:"]
-    #[doc = "                  \\p ctx is in an invalid state,"]
-    #[doc = "                  \\p mode is invalid,"]
-    #[doc = "                  \\p iv_len is invalid (lower than \\c 7 or greater than"]
-    #[doc = "                  \\c 13)."]
-    pub fn mbedtls_ccm_starts(
-        ctx: *mut mbedtls_ccm_context,
-        mode: crate::c_types::c_int,
-        iv: *const crate::c_types::c_uchar,
-        iv_len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function declares the lengths of the message"]
-    #[doc = "                  and additional data for a CCM encryption or decryption"]
-    #[doc = "                  operation."]
-    #[doc = ""]
-    #[doc = "                  This function and mbedtls_ccm_starts() must be called"]
-    #[doc = "                  before calling mbedtls_ccm_update_ad() or"]
-    #[doc = "                  mbedtls_ccm_update(). This function can be called before"]
-    #[doc = "                  or after mbedtls_ccm_starts()."]
-    #[doc = ""]
-    #[doc = " \\note            This function is not implemented in Mbed TLS yet."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The CCM context. This must be initialized."]
-    #[doc = " \\param total_ad_len   The total length of additional data in bytes."]
-    #[doc = "                       This must be less than `2^16 - 2^8`."]
-    #[doc = " \\param plaintext_len  The length in bytes of the plaintext to encrypt or"]
-    #[doc = "                       result of the decryption (thus not encompassing the"]
-    #[doc = "                       additional data that are not encrypted)."]
-    #[doc = " \\param tag_len   The length of the tag to generate in Bytes:"]
-    #[doc = "                  4, 6, 8, 10, 12, 14 or 16."]
-    #[doc = "                  For CCM*, zero is also valid."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          #MBEDTLS_ERR_CCM_BAD_INPUT on failure:"]
-    #[doc = "                  \\p ctx is in an invalid state,"]
-    #[doc = "                  \\p total_ad_len is greater than \\c 0xFF00."]
-    pub fn mbedtls_ccm_set_lengths(
-        ctx: *mut mbedtls_ccm_context,
-        total_ad_len: size_t,
-        plaintext_len: size_t,
-        tag_len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function feeds an input buffer as associated data"]
-    #[doc = "                  (authenticated but not encrypted data) in a CCM"]
-    #[doc = "                  encryption or decryption operation."]
-    #[doc = ""]
-    #[doc = "                  You may call this function zero, one or more times"]
-    #[doc = "                  to pass successive parts of the additional data. The"]
-    #[doc = "                  lengths \\p ad_len of the data parts should eventually add"]
-    #[doc = "                  up exactly to the total length of additional data"]
-    #[doc = "                  \\c total_ad_len passed to mbedtls_ccm_set_lengths(). You"]
-    #[doc = "                  may not call this function after calling"]
-    #[doc = "                  mbedtls_ccm_update()."]
-    #[doc = ""]
-    #[doc = " \\note            This function is not implemented in Mbed TLS yet."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The CCM context. This must have been started with"]
-    #[doc = "                  mbedtls_ccm_starts(), the lengths of the message and"]
-    #[doc = "                  additional data must have been declared with"]
-    #[doc = "                  mbedtls_ccm_set_lengths() and this must not have yet"]
-    #[doc = "                  received any input with mbedtls_ccm_update()."]
-    #[doc = " \\param ad        The buffer holding the additional data, or \\c NULL"]
-    #[doc = "                  if \\p ad_len is \\c 0."]
-    #[doc = " \\param ad_len    The length of the additional data. If \\c 0,"]
-    #[doc = "                  \\p ad may be \\c NULL."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          #MBEDTLS_ERR_CCM_BAD_INPUT on failure:"]
-    #[doc = "                  \\p ctx is in an invalid state,"]
-    #[doc = "                  total input length too long."]
-    pub fn mbedtls_ccm_update_ad(
-        ctx: *mut mbedtls_ccm_context,
-        ad: *const crate::c_types::c_uchar,
-        ad_len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function feeds an input buffer into an ongoing CCM"]
-    #[doc = "                  encryption or decryption operation."]
-    #[doc = ""]
-    #[doc = "                  You may call this function zero, one or more times"]
-    #[doc = "                  to pass successive parts of the input: the plaintext to"]
-    #[doc = "                  encrypt, or the ciphertext (not including the tag) to"]
-    #[doc = "                  decrypt. After the last part of the input, call"]
-    #[doc = "                  mbedtls_ccm_finish(). The lengths \\p input_len of the"]
-    #[doc = "                  data parts should eventually add up exactly to the"]
-    #[doc = "                  plaintext length \\c plaintext_len passed to"]
-    #[doc = "                  mbedtls_ccm_set_lengths()."]
-    #[doc = ""]
-    #[doc = "                  This function may produce output in one of the following"]
-    #[doc = "                  ways:"]
-    #[doc = "                  - Immediate output: the output length is always equal"]
-    #[doc = "                    to the input length."]
-    #[doc = "                  - Buffered output: except for the last part of input data,"]
-    #[doc = "                    the output consists of a whole number of 16-byte blocks."]
-    #[doc = "                    If the total input length so far (not including"]
-    #[doc = "                    associated data) is 16 \\* *B* + *A* with *A* < 16 then"]
-    #[doc = "                    the total output length is 16 \\* *B*."]
-    #[doc = "                    For the last part of input data, the output length is"]
-    #[doc = "                    equal to the input length plus the number of bytes (*A*)"]
-    #[doc = "                    buffered in the previous call to the function (if any)."]
-    #[doc = "                    The function uses the plaintext length"]
-    #[doc = "                    \\c plaintext_len passed to mbedtls_ccm_set_lengths()"]
-    #[doc = "                    to detect the last part of input data."]
-    #[doc = ""]
-    #[doc = "                  In particular:"]
-    #[doc = "                  - It is always correct to call this function with"]
-    #[doc = "                    \\p output_size >= \\p input_len + 15."]
-    #[doc = "                  - If \\p input_len is a multiple of 16 for all the calls"]
-    #[doc = "                    to this function during an operation (not necessary for"]
-    #[doc = "                    the last one) then it is correct to use \\p output_size"]
-    #[doc = "                    =\\p input_len."]
-    #[doc = ""]
-    #[doc = " \\note            This function is not implemented in Mbed TLS yet."]
-    #[doc = ""]
-    #[doc = " \\param ctx           The CCM context. This must have been started with"]
-    #[doc = "                      mbedtls_ccm_starts() and the lengths of the message and"]
-    #[doc = "                      additional data must have been declared with"]
-    #[doc = "                      mbedtls_ccm_set_lengths()."]
-    #[doc = " \\param input         The buffer holding the input data. If \\p input_len"]
-    #[doc = "                      is greater than zero, this must be a readable buffer"]
-    #[doc = "                      of at least \\p input_len bytes."]
-    #[doc = " \\param input_len     The length of the input data in bytes."]
-    #[doc = " \\param output        The buffer for the output data. If \\p output_size"]
-    #[doc = "                      is greater than zero, this must be a writable buffer of"]
-    #[doc = "                      at least \\p output_size bytes."]
-    #[doc = " \\param output_size   The size of the output buffer in bytes."]
-    #[doc = "                      See the function description regarding the output size."]
-    #[doc = " \\param output_len    On success, \\p *output_len contains the actual"]
-    #[doc = "                      length of the output written in \\p output."]
-    #[doc = "                      On failure, the content of \\p *output_len is"]
-    #[doc = "                      unspecified."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         #MBEDTLS_ERR_CCM_BAD_INPUT on failure:"]
-    #[doc = "                 \\p ctx is in an invalid state,"]
-    #[doc = "                 total input length too long,"]
-    #[doc = "                 or \\p output_size too small."]
-    pub fn mbedtls_ccm_update(
-        ctx: *mut mbedtls_ccm_context,
-        input: *const crate::c_types::c_uchar,
-        input_len: size_t,
-        output: *mut crate::c_types::c_uchar,
-        output_size: size_t,
-        output_len: *mut size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function finishes the CCM operation and generates"]
-    #[doc = "                  the authentication tag."]
-    #[doc = ""]
-    #[doc = "                  It wraps up the CCM stream, and generates the"]
-    #[doc = "                  tag. The tag can have a maximum length of 16 Bytes."]
-    #[doc = ""]
-    #[doc = " \\note            This function is not implemented in Mbed TLS yet."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The CCM context. This must have been started with"]
-    #[doc = "                  mbedtls_ccm_starts() and the lengths of the message and"]
-    #[doc = "                  additional data must have been declared with"]
-    #[doc = "                  mbedtls_ccm_set_lengths()."]
-    #[doc = " \\param tag       The buffer for holding the tag. If \\p tag_len is greater"]
-    #[doc = "                  than zero, this must be a writable buffer of at least \\p"]
-    #[doc = "                  tag_len Bytes."]
-    #[doc = " \\param tag_len   The length of the tag. Must match the tag length passed to"]
-    #[doc = "                  mbedtls_ccm_set_lengths() function."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          #MBEDTLS_ERR_CCM_BAD_INPUT on failure:"]
-    #[doc = "                  \\p ctx is in an invalid state,"]
-    #[doc = "                  invalid value of \\p tag_len,"]
-    #[doc = "                  the total amount of additional data passed to"]
-    #[doc = "                  mbedtls_ccm_update_ad() was lower than the total length of"]
-    #[doc = "                  additional data \\c total_ad_len passed to"]
-    #[doc = "                  mbedtls_ccm_set_lengths(),"]
-    #[doc = "                  the total amount of input data passed to"]
-    #[doc = "                  mbedtls_ccm_update() was lower than the plaintext length"]
-    #[doc = "                  \\c plaintext_len passed to mbedtls_ccm_set_lengths()."]
-    pub fn mbedtls_ccm_finish(
-        ctx: *mut mbedtls_ccm_context,
-        tag: *mut crate::c_types::c_uchar,
-        tag_len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          The CCM checkup routine."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         \\c 1 on failure."]
-    pub fn mbedtls_ccm_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_poly1305_context {
-    pub private_r: [u32; 4usize],
-    pub private_s: [u32; 4usize],
-    pub private_acc: [u32; 5usize],
-    pub private_queue: [u8; 16usize],
-    pub private_queue_len: size_t,
-}
-extern "C" {
-    #[doc = " \\brief           This function initializes the specified Poly1305 context."]
-    #[doc = ""]
-    #[doc = "                  It must be the first API called before using"]
-    #[doc = "                  the context."]
-    #[doc = ""]
-    #[doc = "                  It is usually followed by a call to"]
-    #[doc = "                  \\c mbedtls_poly1305_starts(), then one or more calls to"]
-    #[doc = "                  \\c mbedtls_poly1305_update(), then one call to"]
-    #[doc = "                  \\c mbedtls_poly1305_finish(), then finally"]
-    #[doc = "                  \\c mbedtls_poly1305_free()."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The Poly1305 context to initialize. This must"]
-    #[doc = "                  not be \\c NULL."]
-    pub fn mbedtls_poly1305_init(ctx: *mut mbedtls_poly1305_context);
-}
-extern "C" {
-    #[doc = " \\brief           This function releases and clears the specified"]
-    #[doc = "                  Poly1305 context."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The Poly1305 context to clear. This may be \\c NULL, in which"]
-    #[doc = "                  case this function is a no-op. If it is not \\c NULL, it must"]
-    #[doc = "                  point to an initialized Poly1305 context."]
-    pub fn mbedtls_poly1305_free(ctx: *mut mbedtls_poly1305_context);
-}
-extern "C" {
-    #[doc = " \\brief           This function sets the one-time authentication key."]
-    #[doc = ""]
-    #[doc = " \\warning         The key must be unique and unpredictable for each"]
-    #[doc = "                  invocation of Poly1305."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The Poly1305 context to which the key should be bound."]
-    #[doc = "                  This must be initialized."]
-    #[doc = " \\param key       The buffer containing the \\c 32 Byte (\\c 256 Bit) key."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          A negative error code on failure."]
-    pub fn mbedtls_poly1305_starts(
-        ctx: *mut mbedtls_poly1305_context,
-        key: *const crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This functions feeds an input buffer into an ongoing"]
-    #[doc = "                  Poly1305 computation."]
-    #[doc = ""]
-    #[doc = "                  It is called between \\c mbedtls_cipher_poly1305_starts() and"]
-    #[doc = "                  \\c mbedtls_cipher_poly1305_finish()."]
-    #[doc = "                  It can be called repeatedly to process a stream of data."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The Poly1305 context to use for the Poly1305 operation."]
-    #[doc = "                  This must be initialized and bound to a key."]
-    #[doc = " \\param ilen      The length of the input data in Bytes."]
-    #[doc = "                  Any value is accepted."]
-    #[doc = " \\param input     The buffer holding the input data."]
-    #[doc = "                  This pointer can be \\c NULL if `ilen == 0`."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          A negative error code on failure."]
-    pub fn mbedtls_poly1305_update(
-        ctx: *mut mbedtls_poly1305_context,
-        input: *const crate::c_types::c_uchar,
-        ilen: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function generates the Poly1305 Message"]
-    #[doc = "                  Authentication Code (MAC)."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The Poly1305 context to use for the Poly1305 operation."]
-    #[doc = "                  This must be initialized and bound to a key."]
-    #[doc = " \\param mac       The buffer to where the MAC is written. This must"]
-    #[doc = "                  be a writable buffer of length \\c 16 Bytes."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          A negative error code on failure."]
-    pub fn mbedtls_poly1305_finish(
-        ctx: *mut mbedtls_poly1305_context,
-        mac: *mut crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function calculates the Poly1305 MAC of the input"]
-    #[doc = "                  buffer with the provided key."]
-    #[doc = ""]
-    #[doc = " \\warning         The key must be unique and unpredictable for each"]
-    #[doc = "                  invocation of Poly1305."]
-    #[doc = ""]
-    #[doc = " \\param key       The buffer containing the \\c 32 Byte (\\c 256 Bit) key."]
-    #[doc = " \\param ilen      The length of the input data in Bytes."]
-    #[doc = "                  Any value is accepted."]
-    #[doc = " \\param input     The buffer holding the input data."]
-    #[doc = "                  This pointer can be \\c NULL if `ilen == 0`."]
-    #[doc = " \\param mac       The buffer to where the MAC is written. This must be"]
-    #[doc = "                  a writable buffer of length \\c 16 Bytes."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          A negative error code on failure."]
-    pub fn mbedtls_poly1305_mac(
-        key: *const crate::c_types::c_uchar,
-        input: *const crate::c_types::c_uchar,
-        ilen: size_t,
-        mac: *mut crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           The Poly1305 checkup routine."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          \\c 1 on failure."]
-    pub fn mbedtls_poly1305_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
-}
-#[doc = "< The mode value for performing encryption."]
-pub const mbedtls_chachapoly_mode_t_MBEDTLS_CHACHAPOLY_ENCRYPT: mbedtls_chachapoly_mode_t = 0;
-#[doc = "< The mode value for performing decryption."]
-pub const mbedtls_chachapoly_mode_t_MBEDTLS_CHACHAPOLY_DECRYPT: mbedtls_chachapoly_mode_t = 1;
-pub type mbedtls_chachapoly_mode_t = crate::c_types::c_uint;
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_chacha20_context {
-    pub private_state: [u32; 16usize],
-    pub private_keystream8: [u8; 64usize],
-    pub private_keystream_bytes_used: size_t,
-}
-extern "C" {
-    #[doc = " \\brief           This function initializes the specified ChaCha20 context."]
-    #[doc = ""]
-    #[doc = "                  It must be the first API called before using"]
-    #[doc = "                  the context."]
-    #[doc = ""]
-    #[doc = "                  It is usually followed by calls to"]
-    #[doc = "                  \\c mbedtls_chacha20_setkey() and"]
-    #[doc = "                  \\c mbedtls_chacha20_starts(), then one or more calls to"]
-    #[doc = "                  to \\c mbedtls_chacha20_update(), and finally to"]
-    #[doc = "                  \\c mbedtls_chacha20_free()."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The ChaCha20 context to initialize."]
-    #[doc = "                  This must not be \\c NULL."]
-    pub fn mbedtls_chacha20_init(ctx: *mut mbedtls_chacha20_context);
-}
-extern "C" {
-    #[doc = " \\brief           This function releases and clears the specified"]
-    #[doc = "                  ChaCha20 context."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The ChaCha20 context to clear. This may be \\c NULL,"]
-    #[doc = "                  in which case this function is a no-op. If it is not"]
-    #[doc = "                  \\c NULL, it must point to an initialized context."]
-    #[doc = ""]
-    pub fn mbedtls_chacha20_free(ctx: *mut mbedtls_chacha20_context);
-}
-extern "C" {
-    #[doc = " \\brief           This function sets the encryption/decryption key."]
-    #[doc = ""]
-    #[doc = " \\note            After using this function, you must also call"]
-    #[doc = "                  \\c mbedtls_chacha20_starts() to set a nonce before you"]
-    #[doc = "                  start encrypting/decrypting data with"]
-    #[doc = "                  \\c mbedtls_chacha_update()."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The ChaCha20 context to which the key should be bound."]
-    #[doc = "                  It must be initialized."]
-    #[doc = " \\param key       The encryption/decryption key. This must be \\c 32 Bytes"]
-    #[doc = "                  in length."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or key is NULL."]
-    pub fn mbedtls_chacha20_setkey(
-        ctx: *mut mbedtls_chacha20_context,
-        key: *const crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function sets the nonce and initial counter value."]
-    #[doc = ""]
-    #[doc = " \\note            A ChaCha20 context can be re-used with the same key by"]
-    #[doc = "                  calling this function to change the nonce."]
-    #[doc = ""]
-    #[doc = " \\warning         You must never use the same nonce twice with the same key."]
-    #[doc = "                  This would void any confidentiality guarantees for the"]
-    #[doc = "                  messages encrypted with the same nonce and key."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The ChaCha20 context to which the nonce should be bound."]
-    #[doc = "                  It must be initialized and bound to a key."]
-    #[doc = " \\param nonce     The nonce. This must be \\c 12 Bytes in size."]
-    #[doc = " \\param counter   The initial counter value. This is usually \\c 0."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or nonce is"]
-    #[doc = "                  NULL."]
-    pub fn mbedtls_chacha20_starts(
-        ctx: *mut mbedtls_chacha20_context,
-        nonce: *const crate::c_types::c_uchar,
-        counter: u32,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function encrypts or decrypts data."]
-    #[doc = ""]
-    #[doc = "                  Since ChaCha20 is a stream cipher, the same operation is"]
-    #[doc = "                  used for encrypting and decrypting data."]
-    #[doc = ""]
-    #[doc = " \\note            The \\p input and \\p output pointers must either be equal or"]
-    #[doc = "                  point to non-overlapping buffers."]
-    #[doc = ""]
-    #[doc = " \\note            \\c mbedtls_chacha20_setkey() and"]
-    #[doc = "                  \\c mbedtls_chacha20_starts() must be called at least once"]
-    #[doc = "                  to setup the context before this function can be called."]
-    #[doc = ""]
-    #[doc = " \\note            This function can be called multiple times in a row in"]
-    #[doc = "                  order to encrypt of decrypt data piecewise with the same"]
-    #[doc = "                  key and nonce."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The ChaCha20 context to use for encryption or decryption."]
-    #[doc = "                  It must be initialized and bound to a key and nonce."]
-    #[doc = " \\param size      The length of the input data in Bytes."]
-    #[doc = " \\param input     The buffer holding the input data."]
-    #[doc = "                  This pointer can be \\c NULL if `size == 0`."]
-    #[doc = " \\param output    The buffer holding the output data."]
-    #[doc = "                  This must be able to hold \\p size Bytes."]
-    #[doc = "                  This pointer can be \\c NULL if `size == 0`."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          A negative error code on failure."]
-    pub fn mbedtls_chacha20_update(
-        ctx: *mut mbedtls_chacha20_context,
-        size: size_t,
-        input: *const crate::c_types::c_uchar,
-        output: *mut crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function encrypts or decrypts data with ChaCha20 and"]
-    #[doc = "                  the given key and nonce."]
-    #[doc = ""]
-    #[doc = "                  Since ChaCha20 is a stream cipher, the same operation is"]
-    #[doc = "                  used for encrypting and decrypting data."]
-    #[doc = ""]
-    #[doc = " \\warning         You must never use the same (key, nonce) pair more than"]
-    #[doc = "                  once. This would void any confidentiality guarantees for"]
-    #[doc = "                  the messages encrypted with the same nonce and key."]
-    #[doc = ""]
-    #[doc = " \\note            The \\p input and \\p output pointers must either be equal or"]
-    #[doc = "                  point to non-overlapping buffers."]
-    #[doc = ""]
-    #[doc = " \\param key       The encryption/decryption key."]
-    #[doc = "                  This must be \\c 32 Bytes in length."]
-    #[doc = " \\param nonce     The nonce. This must be \\c 12 Bytes in size."]
-    #[doc = " \\param counter   The initial counter value. This is usually \\c 0."]
-    #[doc = " \\param size      The length of the input data in Bytes."]
-    #[doc = " \\param input     The buffer holding the input data."]
-    #[doc = "                  This pointer can be \\c NULL if `size == 0`."]
-    #[doc = " \\param output    The buffer holding the output data."]
-    #[doc = "                  This must be able to hold \\p size Bytes."]
-    #[doc = "                  This pointer can be \\c NULL if `size == 0`."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          A negative error code on failure."]
-    pub fn mbedtls_chacha20_crypt(
-        key: *const crate::c_types::c_uchar,
-        nonce: *const crate::c_types::c_uchar,
-        counter: u32,
-        size: size_t,
-        input: *const crate::c_types::c_uchar,
-        output: *mut crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           The ChaCha20 checkup routine."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          \\c 1 on failure."]
-    pub fn mbedtls_chacha20_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_chachapoly_context {
-    pub private_chacha20_ctx: mbedtls_chacha20_context,
-    pub private_poly1305_ctx: mbedtls_poly1305_context,
-    pub private_aad_len: u64,
-    pub private_ciphertext_len: u64,
-    pub private_state: crate::c_types::c_int,
-    pub private_mode: mbedtls_chachapoly_mode_t,
-}
-extern "C" {
-    #[doc = " \\brief           This function initializes the specified ChaCha20-Poly1305 context."]
-    #[doc = ""]
-    #[doc = "                  It must be the first API called before using"]
-    #[doc = "                  the context. It must be followed by a call to"]
-    #[doc = "                  \\c mbedtls_chachapoly_setkey() before any operation can be"]
-    #[doc = "                  done, and to \\c mbedtls_chachapoly_free() once all"]
-    #[doc = "                  operations with that context have been finished."]
-    #[doc = ""]
-    #[doc = "                  In order to encrypt or decrypt full messages at once, for"]
-    #[doc = "                  each message you should make a single call to"]
-    #[doc = "                  \\c mbedtls_chachapoly_crypt_and_tag() or"]
-    #[doc = "                  \\c mbedtls_chachapoly_auth_decrypt()."]
-    #[doc = ""]
-    #[doc = "                  In order to encrypt messages piecewise, for each"]
-    #[doc = "                  message you should make a call to"]
-    #[doc = "                  \\c mbedtls_chachapoly_starts(), then 0 or more calls to"]
-    #[doc = "                  \\c mbedtls_chachapoly_update_aad(), then 0 or more calls to"]
-    #[doc = "                  \\c mbedtls_chachapoly_update(), then one call to"]
-    #[doc = "                  \\c mbedtls_chachapoly_finish()."]
-    #[doc = ""]
-    #[doc = " \\warning         Decryption with the piecewise API is discouraged! Always"]
-    #[doc = "                  use \\c mbedtls_chachapoly_auth_decrypt() when possible!"]
-    #[doc = ""]
-    #[doc = "                  If however this is not possible because the data is too"]
-    #[doc = "                  large to fit in memory, you need to:"]
-    #[doc = ""]
-    #[doc = "                  - call \\c mbedtls_chachapoly_starts() and (if needed)"]
-    #[doc = "                  \\c mbedtls_chachapoly_update_aad() as above,"]
-    #[doc = "                  - call \\c mbedtls_chachapoly_update() multiple times and"]
-    #[doc = "                  ensure its output (the plaintext) is NOT used in any other"]
-    #[doc = "                  way than placing it in temporary storage at this point,"]
-    #[doc = "                  - call \\c mbedtls_chachapoly_finish() to compute the"]
-    #[doc = "                  authentication tag and compared it in constant time to the"]
-    #[doc = "                  tag received with the ciphertext."]
-    #[doc = ""]
-    #[doc = "                  If the tags are not equal, you must immediately discard"]
-    #[doc = "                  all previous outputs of \\c mbedtls_chachapoly_update(),"]
-    #[doc = "                  otherwise you can now safely use the plaintext."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The ChachaPoly context to initialize. Must not be \\c NULL."]
-    pub fn mbedtls_chachapoly_init(ctx: *mut mbedtls_chachapoly_context);
-}
-extern "C" {
-    #[doc = " \\brief           This function releases and clears the specified"]
-    #[doc = "                  ChaCha20-Poly1305 context."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The ChachaPoly context to clear. This may be \\c NULL, in which"]
-    #[doc = "                  case this function is a no-op."]
-    pub fn mbedtls_chachapoly_free(ctx: *mut mbedtls_chachapoly_context);
-}
-extern "C" {
-    #[doc = " \\brief           This function sets the ChaCha20-Poly1305"]
-    #[doc = "                  symmetric encryption key."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The ChaCha20-Poly1305 context to which the key should be"]
-    #[doc = "                  bound. This must be initialized."]
-    #[doc = " \\param key       The \\c 256 Bit (\\c 32 Bytes) key."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          A negative error code on failure."]
-    pub fn mbedtls_chachapoly_setkey(
-        ctx: *mut mbedtls_chachapoly_context,
-        key: *const crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function starts a ChaCha20-Poly1305 encryption or"]
-    #[doc = "                  decryption operation."]
-    #[doc = ""]
-    #[doc = " \\warning         You must never use the same nonce twice with the same key."]
-    #[doc = "                  This would void any confidentiality and authenticity"]
-    #[doc = "                  guarantees for the messages encrypted with the same nonce"]
-    #[doc = "                  and key."]
-    #[doc = ""]
-    #[doc = " \\note            If the context is being used for AAD only (no data to"]
-    #[doc = "                  encrypt or decrypt) then \\p mode can be set to any value."]
-    #[doc = ""]
-    #[doc = " \\warning         Decryption with the piecewise API is discouraged, see the"]
-    #[doc = "                  warning on \\c mbedtls_chachapoly_init()."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The ChaCha20-Poly1305 context. This must be initialized"]
-    #[doc = "                  and bound to a key."]
-    #[doc = " \\param nonce     The nonce/IV to use for the message."]
-    #[doc = "                  This must be a readable buffer of length \\c 12 Bytes."]
-    #[doc = " \\param mode      The operation to perform: #MBEDTLS_CHACHAPOLY_ENCRYPT or"]
-    #[doc = "                  #MBEDTLS_CHACHAPOLY_DECRYPT (discouraged, see warning)."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          A negative error code on failure."]
-    pub fn mbedtls_chachapoly_starts(
-        ctx: *mut mbedtls_chachapoly_context,
-        nonce: *const crate::c_types::c_uchar,
-        mode: mbedtls_chachapoly_mode_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function feeds additional data to be authenticated"]
-    #[doc = "                  into an ongoing ChaCha20-Poly1305 operation."]
-    #[doc = ""]
-    #[doc = "                  The Additional Authenticated Data (AAD), also called"]
-    #[doc = "                  Associated Data (AD) is only authenticated but not"]
-    #[doc = "                  encrypted nor included in the encrypted output. It is"]
-    #[doc = "                  usually transmitted separately from the ciphertext or"]
-    #[doc = "                  computed locally by each party."]
-    #[doc = ""]
-    #[doc = " \\note            This function is called before data is encrypted/decrypted."]
-    #[doc = "                  I.e. call this function to process the AAD before calling"]
-    #[doc = "                  \\c mbedtls_chachapoly_update()."]
-    #[doc = ""]
-    #[doc = "                  You may call this function multiple times to process"]
-    #[doc = "                  an arbitrary amount of AAD. It is permitted to call"]
-    #[doc = "                  this function 0 times, if no AAD is used."]
-    #[doc = ""]
-    #[doc = "                  This function cannot be called any more if data has"]
-    #[doc = "                  been processed by \\c mbedtls_chachapoly_update(),"]
-    #[doc = "                  or if the context has been finished."]
-    #[doc = ""]
-    #[doc = " \\warning         Decryption with the piecewise API is discouraged, see the"]
-    #[doc = "                  warning on \\c mbedtls_chachapoly_init()."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The ChaCha20-Poly1305 context. This must be initialized"]
-    #[doc = "                  and bound to a key."]
-    #[doc = " \\param aad_len   The length in Bytes of the AAD. The length has no"]
-    #[doc = "                  restrictions."]
-    #[doc = " \\param aad       Buffer containing the AAD."]
-    #[doc = "                  This pointer can be \\c NULL if `aad_len == 0`."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA"]
-    #[doc = "                  if \\p ctx or \\p aad are NULL."]
-    #[doc = " \\return          #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE"]
-    #[doc = "                  if the operations has not been started or has been"]
-    #[doc = "                  finished, or if the AAD has been finished."]
-    pub fn mbedtls_chachapoly_update_aad(
-        ctx: *mut mbedtls_chachapoly_context,
-        aad: *const crate::c_types::c_uchar,
-        aad_len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Thus function feeds data to be encrypted or decrypted"]
-    #[doc = "                  into an on-going ChaCha20-Poly1305"]
-    #[doc = "                  operation."]
-    #[doc = ""]
-    #[doc = "                  The direction (encryption or decryption) depends on the"]
-    #[doc = "                  mode that was given when calling"]
-    #[doc = "                  \\c mbedtls_chachapoly_starts()."]
-    #[doc = ""]
-    #[doc = "                  You may call this function multiple times to process"]
-    #[doc = "                  an arbitrary amount of data. It is permitted to call"]
-    #[doc = "                  this function 0 times, if no data is to be encrypted"]
-    #[doc = "                  or decrypted."]
-    #[doc = ""]
-    #[doc = " \\warning         Decryption with the piecewise API is discouraged, see the"]
-    #[doc = "                  warning on \\c mbedtls_chachapoly_init()."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The ChaCha20-Poly1305 context to use. This must be initialized."]
-    #[doc = " \\param len       The length (in bytes) of the data to encrypt or decrypt."]
-    #[doc = " \\param input     The buffer containing the data to encrypt or decrypt."]
-    #[doc = "                  This pointer can be \\c NULL if `len == 0`."]
-    #[doc = " \\param output    The buffer to where the encrypted or decrypted data is"]
-    #[doc = "                  written. This must be able to hold \\p len bytes."]
-    #[doc = "                  This pointer can be \\c NULL if `len == 0`."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE"]
-    #[doc = "                  if the operation has not been started or has been"]
-    #[doc = "                  finished."]
-    #[doc = " \\return          Another negative error code on other kinds of failure."]
-    pub fn mbedtls_chachapoly_update(
-        ctx: *mut mbedtls_chachapoly_context,
-        len: size_t,
-        input: *const crate::c_types::c_uchar,
-        output: *mut crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function finished the ChaCha20-Poly1305 operation and"]
-    #[doc = "                  generates the MAC (authentication tag)."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The ChaCha20-Poly1305 context to use. This must be initialized."]
-    #[doc = " \\param mac       The buffer to where the 128-bit (16 bytes) MAC is written."]
-    #[doc = ""]
-    #[doc = " \\warning         Decryption with the piecewise API is discouraged, see the"]
-    #[doc = "                  warning on \\c mbedtls_chachapoly_init()."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE"]
-    #[doc = "                  if the operation has not been started or has been"]
-    #[doc = "                  finished."]
-    #[doc = " \\return          Another negative error code on other kinds of failure."]
-    pub fn mbedtls_chachapoly_finish(
-        ctx: *mut mbedtls_chachapoly_context,
-        mac: *mut crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function performs a complete ChaCha20-Poly1305"]
-    #[doc = "                  authenticated encryption with the previously-set key."]
-    #[doc = ""]
-    #[doc = " \\note            Before using this function, you must set the key with"]
-    #[doc = "                  \\c mbedtls_chachapoly_setkey()."]
-    #[doc = ""]
-    #[doc = " \\warning         You must never use the same nonce twice with the same key."]
-    #[doc = "                  This would void any confidentiality and authenticity"]
-    #[doc = "                  guarantees for the messages encrypted with the same nonce"]
-    #[doc = "                  and key."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The ChaCha20-Poly1305 context to use (holds the key)."]
-    #[doc = "                  This must be initialized."]
-    #[doc = " \\param length    The length (in bytes) of the data to encrypt or decrypt."]
-    #[doc = " \\param nonce     The 96-bit (12 bytes) nonce/IV to use."]
-    #[doc = " \\param aad       The buffer containing the additional authenticated"]
-    #[doc = "                  data (AAD). This pointer can be \\c NULL if `aad_len == 0`."]
-    #[doc = " \\param aad_len   The length (in bytes) of the AAD data to process."]
-    #[doc = " \\param input     The buffer containing the data to encrypt or decrypt."]
-    #[doc = "                  This pointer can be \\c NULL if `ilen == 0`."]
-    #[doc = " \\param output    The buffer to where the encrypted or decrypted data"]
-    #[doc = "                  is written. This pointer can be \\c NULL if `ilen == 0`."]
-    #[doc = " \\param tag       The buffer to where the computed 128-bit (16 bytes) MAC"]
-    #[doc = "                  is written. This must not be \\c NULL."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          A negative error code on failure."]
-    pub fn mbedtls_chachapoly_encrypt_and_tag(
-        ctx: *mut mbedtls_chachapoly_context,
-        length: size_t,
-        nonce: *const crate::c_types::c_uchar,
-        aad: *const crate::c_types::c_uchar,
-        aad_len: size_t,
-        input: *const crate::c_types::c_uchar,
-        output: *mut crate::c_types::c_uchar,
-        tag: *mut crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function performs a complete ChaCha20-Poly1305"]
-    #[doc = "                  authenticated decryption with the previously-set key."]
-    #[doc = ""]
-    #[doc = " \\note            Before using this function, you must set the key with"]
-    #[doc = "                  \\c mbedtls_chachapoly_setkey()."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The ChaCha20-Poly1305 context to use (holds the key)."]
-    #[doc = " \\param length    The length (in Bytes) of the data to decrypt."]
-    #[doc = " \\param nonce     The \\c 96 Bit (\\c 12 bytes) nonce/IV to use."]
-    #[doc = " \\param aad       The buffer containing the additional authenticated data (AAD)."]
-    #[doc = "                  This pointer can be \\c NULL if `aad_len == 0`."]
-    #[doc = " \\param aad_len   The length (in bytes) of the AAD data to process."]
-    #[doc = " \\param tag       The buffer holding the authentication tag."]
-    #[doc = "                  This must be a readable buffer of length \\c 16 Bytes."]
-    #[doc = " \\param input     The buffer containing the data to decrypt."]
-    #[doc = "                  This pointer can be \\c NULL if `ilen == 0`."]
-    #[doc = " \\param output    The buffer to where the decrypted data is written."]
-    #[doc = "                  This pointer can be \\c NULL if `ilen == 0`."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          #MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED"]
-    #[doc = "                  if the data was not authentic."]
-    #[doc = " \\return          Another negative error code on other kinds of failure."]
-    pub fn mbedtls_chachapoly_auth_decrypt(
-        ctx: *mut mbedtls_chachapoly_context,
-        length: size_t,
-        nonce: *const crate::c_types::c_uchar,
-        aad: *const crate::c_types::c_uchar,
-        aad_len: size_t,
-        tag: *const crate::c_types::c_uchar,
-        input: *const crate::c_types::c_uchar,
-        output: *mut crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           The ChaCha20-Poly1305 checkup routine."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          \\c 1 on failure."]
-    pub fn mbedtls_chachapoly_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
-}
-pub const psa_encrypt_or_decrypt_t_PSA_CRYPTO_DRIVER_DECRYPT: psa_encrypt_or_decrypt_t = 0;
-pub const psa_encrypt_or_decrypt_t_PSA_CRYPTO_DRIVER_ENCRYPT: psa_encrypt_or_decrypt_t = 1;
-#[doc = " For encrypt-decrypt functions, whether the operation is an encryption"]
-#[doc = " or a decryption."]
-pub type psa_encrypt_or_decrypt_t = crate::c_types::c_uint;
-#[doc = " \\brief          MD5 context structure"]
-#[doc = ""]
-#[doc = " \\warning        MD5 is considered a weak message digest and its use"]
-#[doc = "                 constitutes a security risk. We recommend considering"]
-#[doc = "                 stronger message digests instead."]
-#[doc = ""]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_md5_context {
-    pub private_total: [u32; 2usize],
-    pub private_state: [u32; 4usize],
-    pub private_buffer: [crate::c_types::c_uchar; 64usize],
-}
-extern "C" {
-    #[doc = " \\brief          Initialize MD5 context"]
-    #[doc = ""]
-    #[doc = " \\param ctx      MD5 context to be initialized"]
-    #[doc = ""]
-    #[doc = " \\warning        MD5 is considered a weak message digest and its use"]
-    #[doc = "                 constitutes a security risk. We recommend considering"]
-    #[doc = "                 stronger message digests instead."]
-    #[doc = ""]
-    pub fn mbedtls_md5_init(ctx: *mut mbedtls_md5_context);
-}
-extern "C" {
-    #[doc = " \\brief          Clear MD5 context"]
-    #[doc = ""]
-    #[doc = " \\param ctx      MD5 context to be cleared"]
-    #[doc = ""]
-    #[doc = " \\warning        MD5 is considered a weak message digest and its use"]
-    #[doc = "                 constitutes a security risk. We recommend considering"]
-    #[doc = "                 stronger message digests instead."]
-    #[doc = ""]
-    pub fn mbedtls_md5_free(ctx: *mut mbedtls_md5_context);
-}
-extern "C" {
-    #[doc = " \\brief          Clone (the state of) an MD5 context"]
-    #[doc = ""]
-    #[doc = " \\param dst      The destination context"]
-    #[doc = " \\param src      The context to be cloned"]
-    #[doc = ""]
-    #[doc = " \\warning        MD5 is considered a weak message digest and its use"]
-    #[doc = "                 constitutes a security risk. We recommend considering"]
-    #[doc = "                 stronger message digests instead."]
-    #[doc = ""]
-    pub fn mbedtls_md5_clone(dst: *mut mbedtls_md5_context, src: *const mbedtls_md5_context);
-}
-extern "C" {
-    #[doc = " \\brief          MD5 context setup"]
-    #[doc = ""]
-    #[doc = " \\param ctx      context to be initialized"]
-    #[doc = ""]
-    #[doc = " \\return         0 if successful"]
-    #[doc = ""]
-    #[doc = " \\warning        MD5 is considered a weak message digest and its use"]
-    #[doc = "                 constitutes a security risk. We recommend considering"]
-    #[doc = "                 stronger message digests instead."]
-    #[doc = ""]
-    pub fn mbedtls_md5_starts(ctx: *mut mbedtls_md5_context) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          MD5 process buffer"]
-    #[doc = ""]
-    #[doc = " \\param ctx      MD5 context"]
-    #[doc = " \\param input    buffer holding the data"]
-    #[doc = " \\param ilen     length of the input data"]
-    #[doc = ""]
-    #[doc = " \\return         0 if successful"]
-    #[doc = ""]
-    #[doc = " \\warning        MD5 is considered a weak message digest and its use"]
-    #[doc = "                 constitutes a security risk. We recommend considering"]
-    #[doc = "                 stronger message digests instead."]
-    #[doc = ""]
-    pub fn mbedtls_md5_update(
-        ctx: *mut mbedtls_md5_context,
-        input: *const crate::c_types::c_uchar,
-        ilen: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          MD5 final digest"]
-    #[doc = ""]
-    #[doc = " \\param ctx      MD5 context"]
-    #[doc = " \\param output   MD5 checksum result"]
-    #[doc = ""]
-    #[doc = " \\return         0 if successful"]
-    #[doc = ""]
-    #[doc = " \\warning        MD5 is considered a weak message digest and its use"]
-    #[doc = "                 constitutes a security risk. We recommend considering"]
-    #[doc = "                 stronger message digests instead."]
-    #[doc = ""]
-    pub fn mbedtls_md5_finish(
-        ctx: *mut mbedtls_md5_context,
-        output: *mut crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          MD5 process data block (internal use only)"]
-    #[doc = ""]
-    #[doc = " \\param ctx      MD5 context"]
-    #[doc = " \\param data     buffer holding one block of data"]
-    #[doc = ""]
-    #[doc = " \\return         0 if successful"]
-    #[doc = ""]
-    #[doc = " \\warning        MD5 is considered a weak message digest and its use"]
-    #[doc = "                 constitutes a security risk. We recommend considering"]
-    #[doc = "                 stronger message digests instead."]
-    #[doc = ""]
-    pub fn mbedtls_internal_md5_process(
-        ctx: *mut mbedtls_md5_context,
-        data: *const crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Output = MD5( input buffer )"]
-    #[doc = ""]
-    #[doc = " \\param input    buffer holding the data"]
-    #[doc = " \\param ilen     length of the input data"]
-    #[doc = " \\param output   MD5 checksum result"]
-    #[doc = ""]
-    #[doc = " \\return         0 if successful"]
-    #[doc = ""]
-    #[doc = " \\warning        MD5 is considered a weak message digest and its use"]
-    #[doc = "                 constitutes a security risk. We recommend considering"]
-    #[doc = "                 stronger message digests instead."]
-    #[doc = ""]
-    pub fn mbedtls_md5(
-        input: *const crate::c_types::c_uchar,
-        ilen: size_t,
-        output: *mut crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Checkup routine"]
-    #[doc = ""]
-    #[doc = " \\return         0 if successful, or 1 if the test failed"]
-    #[doc = ""]
-    #[doc = " \\warning        MD5 is considered a weak message digest and its use"]
-    #[doc = "                 constitutes a security risk. We recommend considering"]
-    #[doc = "                 stronger message digests instead."]
-    #[doc = ""]
-    pub fn mbedtls_md5_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
-}
-#[doc = " \\brief          RIPEMD-160 context structure"]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_ripemd160_context {
-    pub private_total: [u32; 2usize],
-    pub private_state: [u32; 5usize],
-    pub private_buffer: [crate::c_types::c_uchar; 64usize],
-}
-extern "C" {
-    #[doc = " \\brief          Initialize RIPEMD-160 context"]
-    #[doc = ""]
-    #[doc = " \\param ctx      RIPEMD-160 context to be initialized"]
-    pub fn mbedtls_ripemd160_init(ctx: *mut mbedtls_ripemd160_context);
-}
-extern "C" {
-    #[doc = " \\brief          Clear RIPEMD-160 context"]
-    #[doc = ""]
-    #[doc = " \\param ctx      RIPEMD-160 context to be cleared"]
-    pub fn mbedtls_ripemd160_free(ctx: *mut mbedtls_ripemd160_context);
-}
-extern "C" {
-    #[doc = " \\brief          Clone (the state of) a RIPEMD-160 context"]
-    #[doc = ""]
-    #[doc = " \\param dst      The destination context"]
-    #[doc = " \\param src      The context to be cloned"]
-    pub fn mbedtls_ripemd160_clone(
-        dst: *mut mbedtls_ripemd160_context,
-        src: *const mbedtls_ripemd160_context,
-    );
-}
-extern "C" {
-    #[doc = " \\brief          RIPEMD-160 context setup"]
-    #[doc = ""]
-    #[doc = " \\param ctx      context to be initialized"]
-    #[doc = ""]
-    #[doc = " \\return         0 if successful"]
-    pub fn mbedtls_ripemd160_starts(ctx: *mut mbedtls_ripemd160_context) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          RIPEMD-160 process buffer"]
-    #[doc = ""]
-    #[doc = " \\param ctx      RIPEMD-160 context"]
-    #[doc = " \\param input    buffer holding the data"]
-    #[doc = " \\param ilen     length of the input data"]
-    #[doc = ""]
-    #[doc = " \\return         0 if successful"]
-    pub fn mbedtls_ripemd160_update(
-        ctx: *mut mbedtls_ripemd160_context,
-        input: *const crate::c_types::c_uchar,
-        ilen: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          RIPEMD-160 final digest"]
-    #[doc = ""]
-    #[doc = " \\param ctx      RIPEMD-160 context"]
-    #[doc = " \\param output   RIPEMD-160 checksum result"]
-    #[doc = ""]
-    #[doc = " \\return         0 if successful"]
-    pub fn mbedtls_ripemd160_finish(
-        ctx: *mut mbedtls_ripemd160_context,
-        output: *mut crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          RIPEMD-160 process data block (internal use only)"]
-    #[doc = ""]
-    #[doc = " \\param ctx      RIPEMD-160 context"]
-    #[doc = " \\param data     buffer holding one block of data"]
-    #[doc = ""]
-    #[doc = " \\return         0 if successful"]
-    pub fn mbedtls_internal_ripemd160_process(
-        ctx: *mut mbedtls_ripemd160_context,
-        data: *const crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Output = RIPEMD-160( input buffer )"]
-    #[doc = ""]
-    #[doc = " \\param input    buffer holding the data"]
-    #[doc = " \\param ilen     length of the input data"]
-    #[doc = " \\param output   RIPEMD-160 checksum result"]
-    #[doc = ""]
-    #[doc = " \\return         0 if successful"]
-    pub fn mbedtls_ripemd160(
-        input: *const crate::c_types::c_uchar,
-        ilen: size_t,
-        output: *mut crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Checkup routine"]
-    #[doc = ""]
-    #[doc = " \\return         0 if successful, or 1 if the test failed"]
-    pub fn mbedtls_ripemd160_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
-}
-#[doc = " \\brief          The SHA-1 context structure."]
-#[doc = ""]
-#[doc = " \\warning        SHA-1 is considered a weak message digest and its use"]
-#[doc = "                 constitutes a security risk. We recommend considering"]
-#[doc = "                 stronger message digests instead."]
-#[doc = ""]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_sha1_context {
-    pub private_total: [u32; 2usize],
-    pub private_state: [u32; 5usize],
-    pub private_buffer: [crate::c_types::c_uchar; 64usize],
-}
-extern "C" {
-    #[doc = " \\brief          This function initializes a SHA-1 context."]
-    #[doc = ""]
-    #[doc = " \\warning        SHA-1 is considered a weak message digest and its use"]
-    #[doc = "                 constitutes a security risk. We recommend considering"]
-    #[doc = "                 stronger message digests instead."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The SHA-1 context to initialize."]
-    #[doc = "                 This must not be \\c NULL."]
-    #[doc = ""]
-    pub fn mbedtls_sha1_init(ctx: *mut mbedtls_sha1_context);
-}
-extern "C" {
-    #[doc = " \\brief          This function clears a SHA-1 context."]
-    #[doc = ""]
-    #[doc = " \\warning        SHA-1 is considered a weak message digest and its use"]
-    #[doc = "                 constitutes a security risk. We recommend considering"]
-    #[doc = "                 stronger message digests instead."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The SHA-1 context to clear. This may be \\c NULL,"]
-    #[doc = "                 in which case this function does nothing. If it is"]
-    #[doc = "                 not \\c NULL, it must point to an initialized"]
-    #[doc = "                 SHA-1 context."]
-    #[doc = ""]
-    pub fn mbedtls_sha1_free(ctx: *mut mbedtls_sha1_context);
-}
-extern "C" {
-    #[doc = " \\brief          This function clones the state of a SHA-1 context."]
-    #[doc = ""]
-    #[doc = " \\warning        SHA-1 is considered a weak message digest and its use"]
-    #[doc = "                 constitutes a security risk. We recommend considering"]
-    #[doc = "                 stronger message digests instead."]
-    #[doc = ""]
-    #[doc = " \\param dst      The SHA-1 context to clone to. This must be initialized."]
-    #[doc = " \\param src      The SHA-1 context to clone from. This must be initialized."]
-    #[doc = ""]
-    pub fn mbedtls_sha1_clone(dst: *mut mbedtls_sha1_context, src: *const mbedtls_sha1_context);
-}
-extern "C" {
-    #[doc = " \\brief          This function starts a SHA-1 checksum calculation."]
-    #[doc = ""]
-    #[doc = " \\warning        SHA-1 is considered a weak message digest and its use"]
-    #[doc = "                 constitutes a security risk. We recommend considering"]
-    #[doc = "                 stronger message digests instead."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The SHA-1 context to initialize. This must be initialized."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         A negative error code on failure."]
-    #[doc = ""]
-    pub fn mbedtls_sha1_starts(ctx: *mut mbedtls_sha1_context) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function feeds an input buffer into an ongoing SHA-1"]
-    #[doc = "                 checksum calculation."]
-    #[doc = ""]
-    #[doc = " \\warning        SHA-1 is considered a weak message digest and its use"]
-    #[doc = "                 constitutes a security risk. We recommend considering"]
-    #[doc = "                 stronger message digests instead."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The SHA-1 context. This must be initialized"]
-    #[doc = "                 and have a hash operation started."]
-    #[doc = " \\param input    The buffer holding the input data."]
-    #[doc = "                 This must be a readable buffer of length \\p ilen Bytes."]
-    #[doc = " \\param ilen     The length of the input data \\p input in Bytes."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         A negative error code on failure."]
-    pub fn mbedtls_sha1_update(
-        ctx: *mut mbedtls_sha1_context,
-        input: *const crate::c_types::c_uchar,
-        ilen: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function finishes the SHA-1 operation, and writes"]
-    #[doc = "                 the result to the output buffer."]
-    #[doc = ""]
-    #[doc = " \\warning        SHA-1 is considered a weak message digest and its use"]
-    #[doc = "                 constitutes a security risk. We recommend considering"]
-    #[doc = "                 stronger message digests instead."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The SHA-1 context to use. This must be initialized and"]
-    #[doc = "                 have a hash operation started."]
-    #[doc = " \\param output   The SHA-1 checksum result. This must be a writable"]
-    #[doc = "                 buffer of length \\c 20 Bytes."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         A negative error code on failure."]
-    pub fn mbedtls_sha1_finish(
-        ctx: *mut mbedtls_sha1_context,
-        output: *mut crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          SHA-1 process data block (internal use only)."]
-    #[doc = ""]
-    #[doc = " \\warning        SHA-1 is considered a weak message digest and its use"]
-    #[doc = "                 constitutes a security risk. We recommend considering"]
-    #[doc = "                 stronger message digests instead."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The SHA-1 context to use. This must be initialized."]
-    #[doc = " \\param data     The data block being processed. This must be a"]
-    #[doc = "                 readable buffer of length \\c 64 Bytes."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         A negative error code on failure."]
-    #[doc = ""]
-    pub fn mbedtls_internal_sha1_process(
-        ctx: *mut mbedtls_sha1_context,
-        data: *const crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function calculates the SHA-1 checksum of a buffer."]
-    #[doc = ""]
-    #[doc = "                 The function allocates the context, performs the"]
-    #[doc = "                 calculation, and frees the context."]
-    #[doc = ""]
-    #[doc = "                 The SHA-1 result is calculated as"]
-    #[doc = "                 output = SHA-1(input buffer)."]
-    #[doc = ""]
-    #[doc = " \\warning        SHA-1 is considered a weak message digest and its use"]
-    #[doc = "                 constitutes a security risk. We recommend considering"]
-    #[doc = "                 stronger message digests instead."]
-    #[doc = ""]
-    #[doc = " \\param input    The buffer holding the input data."]
-    #[doc = "                 This must be a readable buffer of length \\p ilen Bytes."]
-    #[doc = " \\param ilen     The length of the input data \\p input in Bytes."]
-    #[doc = " \\param output   The SHA-1 checksum result."]
-    #[doc = "                 This must be a writable buffer of length \\c 20 Bytes."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         A negative error code on failure."]
-    #[doc = ""]
-    pub fn mbedtls_sha1(
-        input: *const crate::c_types::c_uchar,
-        ilen: size_t,
-        output: *mut crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          The SHA-1 checkup routine."]
-    #[doc = ""]
-    #[doc = " \\warning        SHA-1 is considered a weak message digest and its use"]
-    #[doc = "                 constitutes a security risk. We recommend considering"]
-    #[doc = "                 stronger message digests instead."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         \\c 1 on failure."]
-    #[doc = ""]
-    pub fn mbedtls_sha1_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
-}
-#[doc = " \\brief          The SHA-256 context structure."]
-#[doc = ""]
-#[doc = "                 The structure is used both for SHA-256 and for SHA-224"]
-#[doc = "                 checksum calculations. The choice between these two is"]
-#[doc = "                 made in the call to mbedtls_sha256_starts()."]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_sha256_context {
-    pub private_total: [u32; 2usize],
-    pub private_state: [u32; 8usize],
-    pub private_buffer: [crate::c_types::c_uchar; 64usize],
-    pub private_is224: crate::c_types::c_int,
-}
-extern "C" {
-    #[doc = " \\brief          This function initializes a SHA-256 context."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The SHA-256 context to initialize. This must not be \\c NULL."]
-    pub fn mbedtls_sha256_init(ctx: *mut mbedtls_sha256_context);
-}
-extern "C" {
-    #[doc = " \\brief          This function clears a SHA-256 context."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The SHA-256 context to clear. This may be \\c NULL, in which"]
-    #[doc = "                 case this function returns immediately. If it is not \\c NULL,"]
-    #[doc = "                 it must point to an initialized SHA-256 context."]
-    pub fn mbedtls_sha256_free(ctx: *mut mbedtls_sha256_context);
-}
-extern "C" {
-    #[doc = " \\brief          This function clones the state of a SHA-256 context."]
-    #[doc = ""]
-    #[doc = " \\param dst      The destination context. This must be initialized."]
-    #[doc = " \\param src      The context to clone. This must be initialized."]
-    pub fn mbedtls_sha256_clone(
-        dst: *mut mbedtls_sha256_context,
-        src: *const mbedtls_sha256_context,
-    );
-}
-extern "C" {
-    #[doc = " \\brief          This function starts a SHA-224 or SHA-256 checksum"]
-    #[doc = "                 calculation."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The context to use. This must be initialized."]
-    #[doc = " \\param is224    This determines which function to use. This must be"]
-    #[doc = "                 either \\c 0 for SHA-256, or \\c 1 for SHA-224."]
-    #[doc = ""]
-    #[doc = " \\note           is224 must be defined accordingly to the enabled"]
-    #[doc = "                 MBEDTLS_SHA224_C/MBEDTLS_SHA256_C symbols otherwise the"]
-    #[doc = "                 function will return #MBEDTLS_ERR_SHA512_BAD_INPUT_DATA."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         A negative error code on failure."]
-    pub fn mbedtls_sha256_starts(
-        ctx: *mut mbedtls_sha256_context,
-        is224: crate::c_types::c_int,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function feeds an input buffer into an ongoing"]
-    #[doc = "                 SHA-256 checksum calculation."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The SHA-256 context. This must be initialized"]
-    #[doc = "                 and have a hash operation started."]
-    #[doc = " \\param input    The buffer holding the data. This must be a readable"]
-    #[doc = "                 buffer of length \\p ilen Bytes."]
-    #[doc = " \\param ilen     The length of the input data in Bytes."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         A negative error code on failure."]
-    pub fn mbedtls_sha256_update(
-        ctx: *mut mbedtls_sha256_context,
-        input: *const crate::c_types::c_uchar,
-        ilen: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function finishes the SHA-256 operation, and writes"]
-    #[doc = "                 the result to the output buffer."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The SHA-256 context. This must be initialized"]
-    #[doc = "                 and have a hash operation started."]
-    #[doc = " \\param output   The SHA-224 or SHA-256 checksum result."]
-    #[doc = "                 This must be a writable buffer of length \\c 32 bytes"]
-    #[doc = "                 for SHA-256, \\c 28 bytes for SHA-224."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         A negative error code on failure."]
-    pub fn mbedtls_sha256_finish(
-        ctx: *mut mbedtls_sha256_context,
-        output: *mut crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function processes a single data block within"]
-    #[doc = "                 the ongoing SHA-256 computation. This function is for"]
-    #[doc = "                 internal use only."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The SHA-256 context. This must be initialized."]
-    #[doc = " \\param data     The buffer holding one block of data. This must"]
-    #[doc = "                 be a readable buffer of length \\c 64 Bytes."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         A negative error code on failure."]
-    pub fn mbedtls_internal_sha256_process(
-        ctx: *mut mbedtls_sha256_context,
-        data: *const crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function calculates the SHA-224 or SHA-256"]
-    #[doc = "                 checksum of a buffer."]
-    #[doc = ""]
-    #[doc = "                 The function allocates the context, performs the"]
-    #[doc = "                 calculation, and frees the context."]
-    #[doc = ""]
-    #[doc = "                 The SHA-256 result is calculated as"]
-    #[doc = "                 output = SHA-256(input buffer)."]
-    #[doc = ""]
-    #[doc = " \\param input    The buffer holding the data. This must be a readable"]
-    #[doc = "                 buffer of length \\p ilen Bytes."]
-    #[doc = " \\param ilen     The length of the input data in Bytes."]
-    #[doc = " \\param output   The SHA-224 or SHA-256 checksum result."]
-    #[doc = "                 This must be a writable buffer of length \\c 32 bytes"]
-    #[doc = "                 for SHA-256, \\c 28 bytes for SHA-224."]
-    #[doc = " \\param is224    Determines which function to use. This must be"]
-    #[doc = "                 either \\c 0 for SHA-256, or \\c 1 for SHA-224."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         A negative error code on failure."]
-    pub fn mbedtls_sha256(
-        input: *const crate::c_types::c_uchar,
-        ilen: size_t,
-        output: *mut crate::c_types::c_uchar,
-        is224: crate::c_types::c_int,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          The SHA-224 checkup routine."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         \\c 1 on failure."]
-    pub fn mbedtls_sha224_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          The SHA-256 checkup routine."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         \\c 1 on failure."]
-    pub fn mbedtls_sha256_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
-}
-#[doc = " \\brief          The SHA-512 context structure."]
-#[doc = ""]
-#[doc = "                 The structure is used both for SHA-384 and for SHA-512"]
-#[doc = "                 checksum calculations. The choice between these two is"]
-#[doc = "                 made in the call to mbedtls_sha512_starts()."]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_sha512_context {
-    pub private_total: [u64; 2usize],
-    pub private_state: [u64; 8usize],
-    pub private_buffer: [crate::c_types::c_uchar; 128usize],
-    pub private_is384: crate::c_types::c_int,
-}
-extern "C" {
-    #[doc = " \\brief          This function initializes a SHA-512 context."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The SHA-512 context to initialize. This must"]
-    #[doc = "                 not be \\c NULL."]
-    pub fn mbedtls_sha512_init(ctx: *mut mbedtls_sha512_context);
-}
-extern "C" {
-    #[doc = " \\brief          This function clears a SHA-512 context."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The SHA-512 context to clear. This may be \\c NULL,"]
-    #[doc = "                 in which case this function does nothing. If it"]
-    #[doc = "                 is not \\c NULL, it must point to an initialized"]
-    #[doc = "                 SHA-512 context."]
-    pub fn mbedtls_sha512_free(ctx: *mut mbedtls_sha512_context);
-}
-extern "C" {
-    #[doc = " \\brief          This function clones the state of a SHA-512 context."]
-    #[doc = ""]
-    #[doc = " \\param dst      The destination context. This must be initialized."]
-    #[doc = " \\param src      The context to clone. This must be initialized."]
-    pub fn mbedtls_sha512_clone(
-        dst: *mut mbedtls_sha512_context,
-        src: *const mbedtls_sha512_context,
-    );
-}
-extern "C" {
-    #[doc = " \\brief          This function starts a SHA-384 or SHA-512 checksum"]
-    #[doc = "                 calculation."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The SHA-512 context to use. This must be initialized."]
-    #[doc = " \\param is384    Determines which function to use. This must be"]
-    #[doc = "                 either \\c 0 for SHA-512, or \\c 1 for SHA-384."]
-    #[doc = ""]
-    #[doc = " \\note           is384 must be defined accordingly to the enabled"]
-    #[doc = "                 MBEDTLS_SHA384_C/MBEDTLS_SHA512_C symbols otherwise the"]
-    #[doc = "                 function will return #MBEDTLS_ERR_SHA512_BAD_INPUT_DATA."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         A negative error code on failure."]
-    pub fn mbedtls_sha512_starts(
-        ctx: *mut mbedtls_sha512_context,
-        is384: crate::c_types::c_int,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function feeds an input buffer into an ongoing"]
-    #[doc = "                 SHA-512 checksum calculation."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The SHA-512 context. This must be initialized"]
-    #[doc = "                 and have a hash operation started."]
-    #[doc = " \\param input    The buffer holding the input data. This must"]
-    #[doc = "                 be a readable buffer of length \\p ilen Bytes."]
-    #[doc = " \\param ilen     The length of the input data in Bytes."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         A negative error code on failure."]
-    pub fn mbedtls_sha512_update(
-        ctx: *mut mbedtls_sha512_context,
-        input: *const crate::c_types::c_uchar,
-        ilen: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function finishes the SHA-512 operation, and writes"]
-    #[doc = "                 the result to the output buffer."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The SHA-512 context. This must be initialized"]
-    #[doc = "                 and have a hash operation started."]
-    #[doc = " \\param output   The SHA-384 or SHA-512 checksum result."]
-    #[doc = "                 This must be a writable buffer of length \\c 64 bytes"]
-    #[doc = "                 for SHA-512, \\c 48 bytes for SHA-384."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         A negative error code on failure."]
-    pub fn mbedtls_sha512_finish(
-        ctx: *mut mbedtls_sha512_context,
-        output: *mut crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function processes a single data block within"]
-    #[doc = "                 the ongoing SHA-512 computation."]
-    #[doc = "                 This function is for internal use only."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The SHA-512 context. This must be initialized."]
-    #[doc = " \\param data     The buffer holding one block of data. This"]
-    #[doc = "                 must be a readable buffer of length \\c 128 Bytes."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         A negative error code on failure."]
-    pub fn mbedtls_internal_sha512_process(
-        ctx: *mut mbedtls_sha512_context,
-        data: *const crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function calculates the SHA-512 or SHA-384"]
-    #[doc = "                 checksum of a buffer."]
-    #[doc = ""]
-    #[doc = "                 The function allocates the context, performs the"]
-    #[doc = "                 calculation, and frees the context."]
-    #[doc = ""]
-    #[doc = "                 The SHA-512 result is calculated as"]
-    #[doc = "                 output = SHA-512(input buffer)."]
-    #[doc = ""]
-    #[doc = " \\param input    The buffer holding the input data. This must be"]
-    #[doc = "                 a readable buffer of length \\p ilen Bytes."]
-    #[doc = " \\param ilen     The length of the input data in Bytes."]
-    #[doc = " \\param output   The SHA-384 or SHA-512 checksum result."]
-    #[doc = "                 This must be a writable buffer of length \\c 64 bytes"]
-    #[doc = "                 for SHA-512, \\c 48 bytes for SHA-384."]
-    #[doc = " \\param is384    Determines which function to use. This must be either"]
-    #[doc = "                 \\c 0 for SHA-512, or \\c 1 for SHA-384."]
-    #[doc = ""]
-    #[doc = " \\note           is384 must be defined accordingly with the supported"]
-    #[doc = "                 symbols in the config file. If:"]
-    #[doc = "                 - is384 is 0, but \\c MBEDTLS_SHA384_C is not defined, or"]
-    #[doc = "                 - is384 is 1, but \\c MBEDTLS_SHA512_C is not defined"]
-    #[doc = "                 then the function will return"]
-    #[doc = "                 #MBEDTLS_ERR_SHA512_BAD_INPUT_DATA."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         A negative error code on failure."]
-    pub fn mbedtls_sha512(
-        input: *const crate::c_types::c_uchar,
-        ilen: size_t,
-        output: *mut crate::c_types::c_uchar,
-        is384: crate::c_types::c_int,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          The SHA-384 checkup routine."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         \\c 1 on failure."]
-    pub fn mbedtls_sha384_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          The SHA-512 checkup routine."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         \\c 1 on failure."]
-    pub fn mbedtls_sha512_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_psa_hash_operation_t {
-    pub private_alg: psa_algorithm_t,
-    pub private_ctx: mbedtls_psa_hash_operation_t__bindgen_ty_1,
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub union mbedtls_psa_hash_operation_t__bindgen_ty_1 {
-    pub dummy: crate::c_types::c_uint,
-    pub md5: mbedtls_md5_context,
-    pub ripemd160: mbedtls_ripemd160_context,
-    pub sha1: mbedtls_sha1_context,
-    pub sha256: mbedtls_sha256_context,
-    pub sha512: mbedtls_sha512_context,
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_psa_cipher_operation_t {
-    pub private_alg: psa_algorithm_t,
-    pub private_iv_length: u8,
-    pub private_block_length: u8,
-    pub private_ctx: mbedtls_psa_cipher_operation_t__bindgen_ty_1,
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub union mbedtls_psa_cipher_operation_t__bindgen_ty_1 {
-    pub private_dummy: crate::c_types::c_uint,
-    pub private_cipher: mbedtls_cipher_context_t,
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub union psa_driver_hash_context_t {
-    pub dummy: crate::c_types::c_uint,
-    pub mbedtls_ctx: mbedtls_psa_hash_operation_t,
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub union psa_driver_cipher_context_t {
-    pub dummy: crate::c_types::c_uint,
-    pub mbedtls_ctx: mbedtls_psa_cipher_operation_t,
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct psa_hash_operation_s {
-    pub private_id: crate::c_types::c_uint,
-    pub private_ctx: psa_driver_hash_context_t,
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct psa_cipher_operation_s {
-    pub private_id: crate::c_types::c_uint,
-    pub _bitfield_align_1: [u8; 0],
-    pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>,
-    pub private_default_iv_length: u8,
-    pub private_ctx: psa_driver_cipher_context_t,
-}
-impl psa_cipher_operation_s {
-    #[inline]
-    pub fn private_iv_required(&self) -> crate::c_types::c_uint {
-        unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) }
-    }
-    #[inline]
-    pub fn set_private_iv_required(&mut self, val: crate::c_types::c_uint) {
-        unsafe {
-            let val: u32 = ::core::mem::transmute(val);
-            self._bitfield_1.set(0usize, 1u8, val as u64)
-        }
-    }
-    #[inline]
-    pub fn private_iv_set(&self) -> crate::c_types::c_uint {
-        unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) }
-    }
-    #[inline]
-    pub fn set_private_iv_set(&mut self, val: crate::c_types::c_uint) {
-        unsafe {
-            let val: u32 = ::core::mem::transmute(val);
-            self._bitfield_1.set(1usize, 1u8, val as u64)
-        }
-    }
-    #[inline]
-    pub fn new_bitfield_1(
-        private_iv_required: crate::c_types::c_uint,
-        private_iv_set: crate::c_types::c_uint,
-    ) -> __BindgenBitfieldUnit<[u8; 1usize]> {
-        let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default();
-        __bindgen_bitfield_unit.set(0usize, 1u8, {
-            let private_iv_required: u32 = unsafe { ::core::mem::transmute(private_iv_required) };
-            private_iv_required as u64
-        });
-        __bindgen_bitfield_unit.set(1usize, 1u8, {
-            let private_iv_set: u32 = unsafe { ::core::mem::transmute(private_iv_set) };
-            private_iv_set as u64
-        });
-        __bindgen_bitfield_unit
-    }
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_psa_hmac_operation_t {
-    pub private_alg: psa_algorithm_t,
-    #[doc = " The hash context."]
-    pub hash_ctx: psa_hash_operation_s,
-    pub private_opad: [u8; 128usize],
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_psa_mac_operation_t {
-    pub private_alg: psa_algorithm_t,
-    pub private_ctx: mbedtls_psa_mac_operation_t__bindgen_ty_1,
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub union mbedtls_psa_mac_operation_t__bindgen_ty_1 {
-    pub private_dummy: crate::c_types::c_uint,
-    pub private_hmac: mbedtls_psa_hmac_operation_t,
-    pub private_cmac: mbedtls_cipher_context_t,
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_psa_aead_operation_t {
-    pub private_alg: psa_algorithm_t,
-    pub private_key_type: psa_key_type_t,
-    pub _bitfield_align_1: [u8; 0],
-    pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>,
-    pub private_tag_length: u8,
-    pub ctx: mbedtls_psa_aead_operation_t__bindgen_ty_1,
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub union mbedtls_psa_aead_operation_t__bindgen_ty_1 {
-    pub dummy: crate::c_types::c_uint,
-    pub private_ccm: mbedtls_ccm_context,
-    pub private_gcm: mbedtls_gcm_context,
-    pub private_chachapoly: mbedtls_chachapoly_context,
-}
-impl mbedtls_psa_aead_operation_t {
-    #[inline]
-    pub fn private_is_encrypt(&self) -> crate::c_types::c_uint {
-        unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) }
-    }
-    #[inline]
-    pub fn set_private_is_encrypt(&mut self, val: crate::c_types::c_uint) {
-        unsafe {
-            let val: u32 = ::core::mem::transmute(val);
-            self._bitfield_1.set(0usize, 1u8, val as u64)
-        }
-    }
-    #[inline]
-    pub fn new_bitfield_1(
-        private_is_encrypt: crate::c_types::c_uint,
-    ) -> __BindgenBitfieldUnit<[u8; 1usize]> {
-        let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default();
-        __bindgen_bitfield_unit.set(0usize, 1u8, {
-            let private_is_encrypt: u32 = unsafe { ::core::mem::transmute(private_is_encrypt) };
-            private_is_encrypt as u64
-        });
-        __bindgen_bitfield_unit
-    }
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_psa_sign_hash_interruptible_operation_t {
-    pub private_dummy: crate::c_types::c_uint,
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_psa_verify_hash_interruptible_operation_t {
-    pub private_dummy: crate::c_types::c_uint,
-}
-#[doc = "< Client"]
-pub const mbedtls_ecjpake_role_MBEDTLS_ECJPAKE_CLIENT: mbedtls_ecjpake_role = 0;
-#[doc = "< Server"]
-pub const mbedtls_ecjpake_role_MBEDTLS_ECJPAKE_SERVER: mbedtls_ecjpake_role = 1;
-#[doc = " Roles in the EC J-PAKE exchange"]
-pub type mbedtls_ecjpake_role = crate::c_types::c_uint;
-#[doc = " EC J-PAKE context structure."]
-#[doc = ""]
-#[doc = " J-PAKE is a symmetric protocol, except for the identifiers used in"]
-#[doc = " Zero-Knowledge Proofs, and the serialization of the second message"]
-#[doc = " (KeyExchange) as defined by the Thread spec."]
-#[doc = ""]
-#[doc = " In order to benefit from this symmetry, we choose a different naming"]
-#[doc = " convention from the Thread v1.0 spec. Correspondence is indicated in the"]
-#[doc = " description as a pair C: client name, S: server name"]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_ecjpake_context {
-    pub private_md_type: mbedtls_md_type_t,
-    pub private_grp: mbedtls_ecp_group,
-    pub private_role: mbedtls_ecjpake_role,
-    pub private_point_format: crate::c_types::c_int,
-    pub private_Xm1: mbedtls_ecp_point,
-    pub private_Xm2: mbedtls_ecp_point,
-    pub private_Xp1: mbedtls_ecp_point,
-    pub private_Xp2: mbedtls_ecp_point,
-    pub private_Xp: mbedtls_ecp_point,
-    pub private_xm1: mbedtls_mpi,
-    pub private_xm2: mbedtls_mpi,
-    pub private_s: mbedtls_mpi,
-}
-extern "C" {
-    #[doc = " \\brief           Initialize an ECJPAKE context."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The ECJPAKE context to initialize."]
-    #[doc = "                  This must not be \\c NULL."]
-    pub fn mbedtls_ecjpake_init(ctx: *mut mbedtls_ecjpake_context);
-}
-extern "C" {
-    #[doc = " \\brief           Set up an ECJPAKE context for use."]
-    #[doc = ""]
-    #[doc = " \\note            Currently the only values for hash/curve allowed by the"]
-    #[doc = "                  standard are #MBEDTLS_MD_SHA256/#MBEDTLS_ECP_DP_SECP256R1."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The ECJPAKE context to set up. This must be initialized."]
-    #[doc = " \\param role      The role of the caller. This must be either"]
-    #[doc = "                  #MBEDTLS_ECJPAKE_CLIENT or #MBEDTLS_ECJPAKE_SERVER."]
-    #[doc = " \\param hash      The identifier of the hash function to use,"]
-    #[doc = "                  for example #MBEDTLS_MD_SHA256."]
-    #[doc = " \\param curve     The identifier of the elliptic curve to use,"]
-    #[doc = "                  for example #MBEDTLS_ECP_DP_SECP256R1."]
-    #[doc = " \\param secret    The pre-shared secret (passphrase). This must be"]
-    #[doc = "                  a readable not empty buffer of length \\p len Bytes. It need"]
-    #[doc = "                  only be valid for the duration of this call."]
-    #[doc = " \\param len       The length of the pre-shared secret \\p secret."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 if successful."]
-    #[doc = " \\return          A negative error code on failure."]
-    pub fn mbedtls_ecjpake_setup(
-        ctx: *mut mbedtls_ecjpake_context,
-        role: mbedtls_ecjpake_role,
-        hash: mbedtls_md_type_t,
-        curve: mbedtls_ecp_group_id,
-        secret: *const crate::c_types::c_uchar,
-        len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief               Set the point format for future reads and writes."]
-    #[doc = ""]
-    #[doc = " \\param ctx           The ECJPAKE context to configure."]
-    #[doc = " \\param point_format  The point format to use:"]
-    #[doc = "                      #MBEDTLS_ECP_PF_UNCOMPRESSED (default)"]
-    #[doc = "                      or #MBEDTLS_ECP_PF_COMPRESSED."]
-    #[doc = ""]
-    #[doc = " \\return              \\c 0 if successful."]
-    #[doc = " \\return              #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if \\p point_format"]
-    #[doc = "                      is invalid."]
-    pub fn mbedtls_ecjpake_set_point_format(
-        ctx: *mut mbedtls_ecjpake_context,
-        point_format: crate::c_types::c_int,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Check if an ECJPAKE context is ready for use."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The ECJPAKE context to check. This must be"]
-    #[doc = "                  initialized."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 if the context is ready for use."]
-    #[doc = " \\return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA otherwise."]
-    pub fn mbedtls_ecjpake_check(ctx: *const mbedtls_ecjpake_context) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Generate and write the first round message"]
-    #[doc = "                  (TLS: contents of the Client/ServerHello extension,"]
-    #[doc = "                  excluding extension type and length bytes)."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The ECJPAKE context to use. This must be"]
-    #[doc = "                  initialized and set up."]
-    #[doc = " \\param buf       The buffer to write the contents to. This must be a"]
-    #[doc = "                  writable buffer of length \\p len Bytes."]
-    #[doc = " \\param len       The length of \\p buf in Bytes."]
-    #[doc = " \\param olen      The address at which to store the total number"]
-    #[doc = "                  of Bytes written to \\p buf. This must not be \\c NULL."]
-    #[doc = " \\param f_rng     The RNG function to use. This must not be \\c NULL."]
-    #[doc = " \\param p_rng     The RNG parameter to be passed to \\p f_rng. This"]
-    #[doc = "                  may be \\c NULL if \\p f_rng doesn't use a context."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 if successful."]
-    #[doc = " \\return          A negative error code on failure."]
-    pub fn mbedtls_ecjpake_write_round_one(
-        ctx: *mut mbedtls_ecjpake_context,
-        buf: *mut crate::c_types::c_uchar,
-        len: size_t,
-        olen: *mut size_t,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Read and process the first round message"]
-    #[doc = "                  (TLS: contents of the Client/ServerHello extension,"]
-    #[doc = "                  excluding extension type and length bytes)."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The ECJPAKE context to use. This must be initialized"]
-    #[doc = "                  and set up."]
-    #[doc = " \\param buf       The buffer holding the first round message. This must"]
-    #[doc = "                  be a readable buffer of length \\p len Bytes."]
-    #[doc = " \\param len       The length in Bytes of \\p buf."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 if successful."]
-    #[doc = " \\return          A negative error code on failure."]
-    pub fn mbedtls_ecjpake_read_round_one(
-        ctx: *mut mbedtls_ecjpake_context,
-        buf: *const crate::c_types::c_uchar,
-        len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Generate and write the second round message"]
-    #[doc = "                  (TLS: contents of the Client/ServerKeyExchange)."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The ECJPAKE context to use. This must be initialized,"]
-    #[doc = "                  set up, and already have performed round one."]
-    #[doc = " \\param buf       The buffer to write the round two contents to."]
-    #[doc = "                  This must be a writable buffer of length \\p len Bytes."]
-    #[doc = " \\param len       The size of \\p buf in Bytes."]
-    #[doc = " \\param olen      The address at which to store the total number of Bytes"]
-    #[doc = "                  written to \\p buf. This must not be \\c NULL."]
-    #[doc = " \\param f_rng     The RNG function to use. This must not be \\c NULL."]
-    #[doc = " \\param p_rng     The RNG parameter to be passed to \\p f_rng. This"]
-    #[doc = "                  may be \\c NULL if \\p f_rng doesn't use a context."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 if successful."]
-    #[doc = " \\return          A negative error code on failure."]
-    pub fn mbedtls_ecjpake_write_round_two(
-        ctx: *mut mbedtls_ecjpake_context,
-        buf: *mut crate::c_types::c_uchar,
-        len: size_t,
-        olen: *mut size_t,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Read and process the second round message"]
-    #[doc = "                  (TLS: contents of the Client/ServerKeyExchange)."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The ECJPAKE context to use. This must be initialized"]
-    #[doc = "                  and set up and already have performed round one."]
-    #[doc = " \\param buf       The buffer holding the second round message. This must"]
-    #[doc = "                  be a readable buffer of length \\p len Bytes."]
-    #[doc = " \\param len       The length in Bytes of \\p buf."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 if successful."]
-    #[doc = " \\return          A negative error code on failure."]
-    pub fn mbedtls_ecjpake_read_round_two(
-        ctx: *mut mbedtls_ecjpake_context,
-        buf: *const crate::c_types::c_uchar,
-        len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Derive the shared secret"]
-    #[doc = "                  (TLS: Pre-Master Secret)."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The ECJPAKE context to use. This must be initialized,"]
-    #[doc = "                  set up and have performed both round one and two."]
-    #[doc = " \\param buf       The buffer to write the derived secret to. This must"]
-    #[doc = "                  be a writable buffer of length \\p len Bytes."]
-    #[doc = " \\param len       The length of \\p buf in Bytes."]
-    #[doc = " \\param olen      The address at which to store the total number of Bytes"]
-    #[doc = "                  written to \\p buf. This must not be \\c NULL."]
-    #[doc = " \\param f_rng     The RNG function to use. This must not be \\c NULL."]
-    #[doc = " \\param p_rng     The RNG parameter to be passed to \\p f_rng. This"]
-    #[doc = "                  may be \\c NULL if \\p f_rng doesn't use a context."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 if successful."]
-    #[doc = " \\return          A negative error code on failure."]
-    pub fn mbedtls_ecjpake_derive_secret(
-        ctx: *mut mbedtls_ecjpake_context,
-        buf: *mut crate::c_types::c_uchar,
-        len: size_t,
-        olen: *mut size_t,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Write the shared key material to be passed to a Key"]
-    #[doc = "                  Derivation Function as described in RFC8236."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The ECJPAKE context to use. This must be initialized,"]
-    #[doc = "                  set up and have performed both round one and two."]
-    #[doc = " \\param buf       The buffer to write the derived secret to. This must"]
-    #[doc = "                  be a writable buffer of length \\p len Bytes."]
-    #[doc = " \\param len       The length of \\p buf in Bytes."]
-    #[doc = " \\param olen      The address at which to store the total number of bytes"]
-    #[doc = "                  written to \\p buf. This must not be \\c NULL."]
-    #[doc = " \\param f_rng     The RNG function to use. This must not be \\c NULL."]
-    #[doc = " \\param p_rng     The RNG parameter to be passed to \\p f_rng. This"]
-    #[doc = "                  may be \\c NULL if \\p f_rng doesn't use a context."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 if successful."]
-    #[doc = " \\return          A negative error code on failure."]
-    pub fn mbedtls_ecjpake_write_shared_key(
-        ctx: *mut mbedtls_ecjpake_context,
-        buf: *mut crate::c_types::c_uchar,
-        len: size_t,
-        olen: *mut size_t,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This clears an ECJPAKE context and frees any"]
-    #[doc = "                  embedded data structure."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The ECJPAKE context to free. This may be \\c NULL,"]
-    #[doc = "                  in which case this function does nothing. If it is not"]
-    #[doc = "                  \\c NULL, it must point to an initialized ECJPAKE context."]
-    pub fn mbedtls_ecjpake_free(ctx: *mut mbedtls_ecjpake_context);
-}
-extern "C" {
-    #[doc = " \\brief          Checkup routine"]
-    #[doc = ""]
-    #[doc = " \\return         0 if successful, or 1 if a test failed"]
-    pub fn mbedtls_ecjpake_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_psa_pake_operation_t {
-    pub private_alg: psa_algorithm_t,
-    pub private_password: *mut u8,
-    pub private_password_len: size_t,
-    pub private_role: u8,
-    pub private_buffer: [u8; 336usize],
-    pub private_buffer_length: size_t,
-    pub private_buffer_offset: size_t,
-    pub private_ctx: mbedtls_psa_pake_operation_t__bindgen_ty_1,
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub union mbedtls_psa_pake_operation_t__bindgen_ty_1 {
-    pub private_dummy: crate::c_types::c_uint,
-    pub private_jpake: mbedtls_ecjpake_context,
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub union psa_driver_mac_context_t {
-    pub dummy: crate::c_types::c_uint,
-    pub mbedtls_ctx: mbedtls_psa_mac_operation_t,
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub union psa_driver_aead_context_t {
-    pub dummy: crate::c_types::c_uint,
-    pub mbedtls_ctx: mbedtls_psa_aead_operation_t,
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub union psa_driver_sign_hash_interruptible_context_t {
-    pub dummy: crate::c_types::c_uint,
-    pub mbedtls_ctx: mbedtls_psa_sign_hash_interruptible_operation_t,
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub union psa_driver_verify_hash_interruptible_context_t {
-    pub dummy: crate::c_types::c_uint,
-    pub mbedtls_ctx: mbedtls_psa_verify_hash_interruptible_operation_t,
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub union psa_driver_pake_context_t {
-    pub dummy: crate::c_types::c_uint,
-    pub mbedtls_ctx: mbedtls_psa_pake_operation_t,
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct psa_mac_operation_s {
-    pub private_id: crate::c_types::c_uint,
-    pub private_mac_size: u8,
-    pub _bitfield_align_1: [u8; 0],
-    pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>,
-    pub private_ctx: psa_driver_mac_context_t,
-}
-impl psa_mac_operation_s {
-    #[inline]
-    pub fn private_is_sign(&self) -> crate::c_types::c_uint {
-        unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) }
-    }
-    #[inline]
-    pub fn set_private_is_sign(&mut self, val: crate::c_types::c_uint) {
-        unsafe {
-            let val: u32 = ::core::mem::transmute(val);
-            self._bitfield_1.set(0usize, 1u8, val as u64)
-        }
-    }
-    #[inline]
-    pub fn new_bitfield_1(
-        private_is_sign: crate::c_types::c_uint,
-    ) -> __BindgenBitfieldUnit<[u8; 1usize]> {
-        let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default();
-        __bindgen_bitfield_unit.set(0usize, 1u8, {
-            let private_is_sign: u32 = unsafe { ::core::mem::transmute(private_is_sign) };
-            private_is_sign as u64
-        });
-        __bindgen_bitfield_unit
-    }
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct psa_aead_operation_s {
-    pub private_id: crate::c_types::c_uint,
-    pub private_alg: psa_algorithm_t,
-    pub private_key_type: psa_key_type_t,
-    pub private_ad_remaining: size_t,
-    pub private_body_remaining: size_t,
-    pub _bitfield_align_1: [u8; 0],
-    pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>,
-    pub private_ctx: psa_driver_aead_context_t,
-}
-impl psa_aead_operation_s {
-    #[inline]
-    pub fn private_nonce_set(&self) -> crate::c_types::c_uint {
-        unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) }
-    }
-    #[inline]
-    pub fn set_private_nonce_set(&mut self, val: crate::c_types::c_uint) {
-        unsafe {
-            let val: u32 = ::core::mem::transmute(val);
-            self._bitfield_1.set(0usize, 1u8, val as u64)
-        }
-    }
-    #[inline]
-    pub fn private_lengths_set(&self) -> crate::c_types::c_uint {
-        unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) }
-    }
-    #[inline]
-    pub fn set_private_lengths_set(&mut self, val: crate::c_types::c_uint) {
-        unsafe {
-            let val: u32 = ::core::mem::transmute(val);
-            self._bitfield_1.set(1usize, 1u8, val as u64)
-        }
-    }
-    #[inline]
-    pub fn private_ad_started(&self) -> crate::c_types::c_uint {
-        unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) }
-    }
-    #[inline]
-    pub fn set_private_ad_started(&mut self, val: crate::c_types::c_uint) {
-        unsafe {
-            let val: u32 = ::core::mem::transmute(val);
-            self._bitfield_1.set(2usize, 1u8, val as u64)
-        }
-    }
-    #[inline]
-    pub fn private_body_started(&self) -> crate::c_types::c_uint {
-        unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u32) }
-    }
-    #[inline]
-    pub fn set_private_body_started(&mut self, val: crate::c_types::c_uint) {
-        unsafe {
-            let val: u32 = ::core::mem::transmute(val);
-            self._bitfield_1.set(3usize, 1u8, val as u64)
-        }
-    }
-    #[inline]
-    pub fn private_is_encrypt(&self) -> crate::c_types::c_uint {
-        unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 1u8) as u32) }
-    }
-    #[inline]
-    pub fn set_private_is_encrypt(&mut self, val: crate::c_types::c_uint) {
-        unsafe {
-            let val: u32 = ::core::mem::transmute(val);
-            self._bitfield_1.set(4usize, 1u8, val as u64)
-        }
-    }
-    #[inline]
-    pub fn new_bitfield_1(
-        private_nonce_set: crate::c_types::c_uint,
-        private_lengths_set: crate::c_types::c_uint,
-        private_ad_started: crate::c_types::c_uint,
-        private_body_started: crate::c_types::c_uint,
-        private_is_encrypt: crate::c_types::c_uint,
-    ) -> __BindgenBitfieldUnit<[u8; 1usize]> {
-        let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default();
-        __bindgen_bitfield_unit.set(0usize, 1u8, {
-            let private_nonce_set: u32 = unsafe { ::core::mem::transmute(private_nonce_set) };
-            private_nonce_set as u64
-        });
-        __bindgen_bitfield_unit.set(1usize, 1u8, {
-            let private_lengths_set: u32 = unsafe { ::core::mem::transmute(private_lengths_set) };
-            private_lengths_set as u64
-        });
-        __bindgen_bitfield_unit.set(2usize, 1u8, {
-            let private_ad_started: u32 = unsafe { ::core::mem::transmute(private_ad_started) };
-            private_ad_started as u64
-        });
-        __bindgen_bitfield_unit.set(3usize, 1u8, {
-            let private_body_started: u32 = unsafe { ::core::mem::transmute(private_body_started) };
-            private_body_started as u64
-        });
-        __bindgen_bitfield_unit.set(4usize, 1u8, {
-            let private_is_encrypt: u32 = unsafe { ::core::mem::transmute(private_is_encrypt) };
-            private_is_encrypt as u64
-        });
-        __bindgen_bitfield_unit
-    }
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct psa_hkdf_key_derivation_t {
-    pub private_info: *mut u8,
-    pub private_info_length: size_t,
-    pub private_offset_in_block: u8,
-    pub private_block_number: u8,
-    pub _bitfield_align_1: [u8; 0],
-    pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>,
-    pub private_output_block: [u8; 64usize],
-    pub private_prk: [u8; 64usize],
-    pub private_hmac: psa_mac_operation_s,
-}
-impl psa_hkdf_key_derivation_t {
-    #[inline]
-    pub fn private_state(&self) -> crate::c_types::c_uint {
-        unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 2u8) as u32) }
-    }
-    #[inline]
-    pub fn set_private_state(&mut self, val: crate::c_types::c_uint) {
-        unsafe {
-            let val: u32 = ::core::mem::transmute(val);
-            self._bitfield_1.set(0usize, 2u8, val as u64)
-        }
-    }
-    #[inline]
-    pub fn private_info_set(&self) -> crate::c_types::c_uint {
-        unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) }
-    }
-    #[inline]
-    pub fn set_private_info_set(&mut self, val: crate::c_types::c_uint) {
-        unsafe {
-            let val: u32 = ::core::mem::transmute(val);
-            self._bitfield_1.set(2usize, 1u8, val as u64)
-        }
-    }
-    #[inline]
-    pub fn new_bitfield_1(
-        private_state: crate::c_types::c_uint,
-        private_info_set: crate::c_types::c_uint,
-    ) -> __BindgenBitfieldUnit<[u8; 1usize]> {
-        let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default();
-        __bindgen_bitfield_unit.set(0usize, 2u8, {
-            let private_state: u32 = unsafe { ::core::mem::transmute(private_state) };
-            private_state as u64
-        });
-        __bindgen_bitfield_unit.set(2usize, 1u8, {
-            let private_info_set: u32 = unsafe { ::core::mem::transmute(private_info_set) };
-            private_info_set as u64
-        });
-        __bindgen_bitfield_unit
-    }
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct psa_tls12_ecjpake_to_pms_t {
-    pub private_data: [u8; 32usize],
-}
-pub const psa_tls12_prf_key_derivation_state_t_PSA_TLS12_PRF_STATE_INIT:
-    psa_tls12_prf_key_derivation_state_t = 0;
-pub const psa_tls12_prf_key_derivation_state_t_PSA_TLS12_PRF_STATE_SEED_SET:
-    psa_tls12_prf_key_derivation_state_t = 1;
-pub const psa_tls12_prf_key_derivation_state_t_PSA_TLS12_PRF_STATE_OTHER_KEY_SET:
-    psa_tls12_prf_key_derivation_state_t = 2;
-pub const psa_tls12_prf_key_derivation_state_t_PSA_TLS12_PRF_STATE_KEY_SET:
-    psa_tls12_prf_key_derivation_state_t = 3;
-pub const psa_tls12_prf_key_derivation_state_t_PSA_TLS12_PRF_STATE_LABEL_SET:
-    psa_tls12_prf_key_derivation_state_t = 4;
-pub const psa_tls12_prf_key_derivation_state_t_PSA_TLS12_PRF_STATE_OUTPUT:
-    psa_tls12_prf_key_derivation_state_t = 5;
-pub type psa_tls12_prf_key_derivation_state_t = crate::c_types::c_uint;
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct psa_tls12_prf_key_derivation_s {
-    pub private_left_in_block: u8,
-    pub private_block_number: u8,
-    pub private_state: psa_tls12_prf_key_derivation_state_t,
-    pub private_secret: *mut u8,
-    pub private_secret_length: size_t,
-    pub private_seed: *mut u8,
-    pub private_seed_length: size_t,
-    pub private_label: *mut u8,
-    pub private_label_length: size_t,
-    pub private_other_secret: *mut u8,
-    pub private_other_secret_length: size_t,
-    pub private_Ai: [u8; 64usize],
-    pub private_output_block: [u8; 64usize],
-}
-pub type psa_tls12_prf_key_derivation_t = psa_tls12_prf_key_derivation_s;
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct psa_key_derivation_s {
-    pub private_alg: psa_algorithm_t,
-    pub _bitfield_align_1: [u8; 0],
-    pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>,
-    pub private_capacity: size_t,
-    pub private_ctx: psa_key_derivation_s__bindgen_ty_1,
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub union psa_key_derivation_s__bindgen_ty_1 {
-    pub private_dummy: u8,
-    pub private_hkdf: psa_hkdf_key_derivation_t,
-    pub private_tls12_prf: psa_tls12_prf_key_derivation_t,
-    pub private_tls12_ecjpake_to_pms: psa_tls12_ecjpake_to_pms_t,
-}
-impl psa_key_derivation_s {
-    #[inline]
-    pub fn private_can_output_key(&self) -> crate::c_types::c_uint {
-        unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) }
-    }
-    #[inline]
-    pub fn set_private_can_output_key(&mut self, val: crate::c_types::c_uint) {
-        unsafe {
-            let val: u32 = ::core::mem::transmute(val);
-            self._bitfield_1.set(0usize, 1u8, val as u64)
-        }
-    }
-    #[inline]
-    pub fn new_bitfield_1(
-        private_can_output_key: crate::c_types::c_uint,
-    ) -> __BindgenBitfieldUnit<[u8; 1usize]> {
-        let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default();
-        __bindgen_bitfield_unit.set(0usize, 1u8, {
-            let private_can_output_key: u32 =
-                unsafe { ::core::mem::transmute(private_can_output_key) };
-            private_can_output_key as u64
-        });
-        __bindgen_bitfield_unit
-    }
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct psa_key_policy_s {
-    pub private_usage: psa_key_usage_t,
-    pub private_alg: psa_algorithm_t,
-    pub private_alg2: psa_algorithm_t,
-}
-pub type psa_key_policy_t = psa_key_policy_s;
-pub type psa_key_bits_t = u16;
-#[doc = " A mask of flags that can be stored in key attributes."]
-#[doc = ""]
-#[doc = " This type is also used internally to store flags in slots. Internal"]
-#[doc = " flags are defined in library/psa_crypto_core.h. Internal flags may have"]
-#[doc = " the same value as external flags if they are properly handled during"]
-#[doc = " key creation and in psa_get_key_attributes."]
-pub type psa_key_attributes_flag_t = u16;
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct psa_core_key_attributes_t {
-    pub private_type: psa_key_type_t,
-    pub private_bits: psa_key_bits_t,
-    pub private_lifetime: psa_key_lifetime_t,
-    pub private_id: mbedtls_svc_key_id_t,
-    pub private_policy: psa_key_policy_t,
-    pub private_flags: psa_key_attributes_flag_t,
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct psa_key_attributes_s {
-    pub private_core: psa_core_key_attributes_t,
-    pub private_domain_parameters: *mut crate::c_types::c_void,
-    pub private_domain_parameters_size: size_t,
-}
-extern "C" {
-    #[doc = " \\brief Set domain parameters for a key."]
-    #[doc = ""]
-    #[doc = " Some key types require additional domain parameters in addition to"]
-    #[doc = " the key type identifier and the key size. Use this function instead"]
-    #[doc = " of psa_set_key_type() when you need to specify domain parameters."]
-    #[doc = ""]
-    #[doc = " The format for the required domain parameters varies based on the key type."]
-    #[doc = ""]
-    #[doc = " - For RSA keys (#PSA_KEY_TYPE_RSA_PUBLIC_KEY or #PSA_KEY_TYPE_RSA_KEY_PAIR),"]
-    #[doc = "   the domain parameter data consists of the public exponent,"]
-    #[doc = "   represented as a big-endian integer with no leading zeros."]
-    #[doc = "   This information is used when generating an RSA key pair."]
-    #[doc = "   When importing a key, the public exponent is read from the imported"]
-    #[doc = "   key data and the exponent recorded in the attribute structure is ignored."]
-    #[doc = "   As an exception, the public exponent 65537 is represented by an empty"]
-    #[doc = "   byte string."]
-    #[doc = " - For DSA keys (#PSA_KEY_TYPE_DSA_PUBLIC_KEY or #PSA_KEY_TYPE_DSA_KEY_PAIR),"]
-    #[doc = "   the `Dss-Params` format as defined by RFC 3279 &sect;2.3.2."]
-    #[doc = "   ```"]
-    #[doc = "   Dss-Params ::= SEQUENCE  {"]
-    #[doc = "      p       INTEGER,"]
-    #[doc = "      q       INTEGER,"]
-    #[doc = "      g       INTEGER"]
-    #[doc = "   }"]
-    #[doc = "   ```"]
-    #[doc = " - For Diffie-Hellman key exchange keys"]
-    #[doc = "   (#PSA_KEY_TYPE_DH_PUBLIC_KEY(#PSA_DH_FAMILY_CUSTOM) or"]
-    #[doc = "   #PSA_KEY_TYPE_DH_KEY_PAIR(#PSA_DH_FAMILY_CUSTOM)), the"]
-    #[doc = "   `DomainParameters` format as defined by RFC 3279 &sect;2.3.3."]
-    #[doc = "   ```"]
-    #[doc = "   DomainParameters ::= SEQUENCE {"]
-    #[doc = "      p               INTEGER,                    -- odd prime, p=jq +1"]
-    #[doc = "      g               INTEGER,                    -- generator, g"]
-    #[doc = "      q               INTEGER,                    -- factor of p-1"]
-    #[doc = "      j               INTEGER OPTIONAL,           -- subgroup factor"]
-    #[doc = "      validationParams ValidationParams OPTIONAL"]
-    #[doc = "   }"]
-    #[doc = "   ValidationParams ::= SEQUENCE {"]
-    #[doc = "      seed            BIT STRING,"]
-    #[doc = "      pgenCounter     INTEGER"]
-    #[doc = "   }"]
-    #[doc = "   ```"]
-    #[doc = ""]
-    #[doc = " \\note This function may allocate memory or other resources."]
-    #[doc = "       Once you have called this function on an attribute structure,"]
-    #[doc = "       you must call psa_reset_key_attributes() to free these resources."]
-    #[doc = ""]
-    #[doc = " \\note This is an experimental extension to the interface. It may change"]
-    #[doc = "       in future versions of the library."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] attributes    Attribute structure where the specified domain"]
-    #[doc = "                              parameters will be stored."]
-    #[doc = "                              If this function fails, the content of"]
-    #[doc = "                              \\p attributes is not modified."]
-    #[doc = " \\param type                  Key type (a \\c PSA_KEY_TYPE_XXX value)."]
-    #[doc = " \\param[in] data              Buffer containing the key domain parameters."]
-    #[doc = "                              The content of this buffer is interpreted"]
-    #[doc = "                              according to \\p type as described above."]
-    #[doc = " \\param data_length           Size of the \\p data buffer in bytes."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_NOT_SUPPORTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    pub fn psa_set_key_domain_parameters(
-        attributes: *mut psa_key_attributes_t,
-        type_: psa_key_type_t,
-        data: *const u8,
-        data_length: size_t,
-    ) -> psa_status_t;
-}
-#[doc = " \\brief The context for PSA interruptible hash signing."]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct psa_sign_hash_interruptible_operation_s {
-    pub private_id: crate::c_types::c_uint,
-    pub private_ctx: psa_driver_sign_hash_interruptible_context_t,
-    pub _bitfield_align_1: [u8; 0],
-    pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>,
-    pub private_num_ops: u32,
-}
-impl psa_sign_hash_interruptible_operation_s {
-    #[inline]
-    pub fn private_error_occurred(&self) -> crate::c_types::c_uint {
-        unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) }
-    }
-    #[inline]
-    pub fn set_private_error_occurred(&mut self, val: crate::c_types::c_uint) {
-        unsafe {
-            let val: u32 = ::core::mem::transmute(val);
-            self._bitfield_1.set(0usize, 1u8, val as u64)
-        }
-    }
-    #[inline]
-    pub fn new_bitfield_1(
-        private_error_occurred: crate::c_types::c_uint,
-    ) -> __BindgenBitfieldUnit<[u8; 1usize]> {
-        let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default();
-        __bindgen_bitfield_unit.set(0usize, 1u8, {
-            let private_error_occurred: u32 =
-                unsafe { ::core::mem::transmute(private_error_occurred) };
-            private_error_occurred as u64
-        });
-        __bindgen_bitfield_unit
-    }
-}
-#[doc = " \\brief The context for PSA interruptible hash verification."]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct psa_verify_hash_interruptible_operation_s {
-    pub private_id: crate::c_types::c_uint,
-    pub private_ctx: psa_driver_verify_hash_interruptible_context_t,
-    pub _bitfield_align_1: [u8; 0],
-    pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>,
-    pub private_num_ops: u32,
-}
-impl psa_verify_hash_interruptible_operation_s {
-    #[inline]
-    pub fn private_error_occurred(&self) -> crate::c_types::c_uint {
-        unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) }
-    }
-    #[inline]
-    pub fn set_private_error_occurred(&mut self, val: crate::c_types::c_uint) {
-        unsafe {
-            let val: u32 = ::core::mem::transmute(val);
-            self._bitfield_1.set(0usize, 1u8, val as u64)
-        }
-    }
-    #[inline]
-    pub fn new_bitfield_1(
-        private_error_occurred: crate::c_types::c_uint,
-    ) -> __BindgenBitfieldUnit<[u8; 1usize]> {
-        let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default();
-        __bindgen_bitfield_unit.set(0usize, 1u8, {
-            let private_error_occurred: u32 =
-                unsafe { ::core::mem::transmute(private_error_occurred) };
-            private_error_occurred as u64
-        });
-        __bindgen_bitfield_unit
-    }
-}
-pub type psa_key_handle_t = mbedtls_svc_key_id_t;
-extern "C" {
-    #[doc = " Open a handle to an existing persistent key."]
-    #[doc = ""]
-    #[doc = " Open a handle to a persistent key. A key is persistent if it was created"]
-    #[doc = " with a lifetime other than #PSA_KEY_LIFETIME_VOLATILE. A persistent key"]
-    #[doc = " always has a nonzero key identifier, set with psa_set_key_id() when"]
-    #[doc = " creating the key. Implementations may provide additional pre-provisioned"]
-    #[doc = " keys that can be opened with psa_open_key(). Such keys have an application"]
-    #[doc = " key identifier in the vendor range, as documented in the description of"]
-    #[doc = " #psa_key_id_t."]
-    #[doc = ""]
-    #[doc = " The application must eventually close the handle with psa_close_key() or"]
-    #[doc = " psa_destroy_key() to release associated resources. If the application dies"]
-    #[doc = " without calling one of these functions, the implementation should perform"]
-    #[doc = " the equivalent of a call to psa_close_key()."]
-    #[doc = ""]
-    #[doc = " Some implementations permit an application to open the same key multiple"]
-    #[doc = " times. If this is successful, each call to psa_open_key() will return a"]
-    #[doc = " different key handle."]
-    #[doc = ""]
-    #[doc = " \\note This API is not part of the PSA Cryptography API Release 1.0.0"]
-    #[doc = " specification. It was defined in the 1.0 Beta 3 version of the"]
-    #[doc = " specification but was removed in the 1.0.0 released version. This API is"]
-    #[doc = " kept for the time being to not break applications relying on it. It is not"]
-    #[doc = " deprecated yet but will be in the near future."]
-    #[doc = ""]
-    #[doc = " \\note Applications that rely on opening a key multiple times will not be"]
-    #[doc = " portable to implementations that only permit a single key handle to be"]
-    #[doc = " opened. See also :ref:\\`key-handles\\`."]
-    #[doc = ""]
-    #[doc = ""]
-    #[doc = " \\param key           The persistent identifier of the key."]
-    #[doc = " \\param[out] handle   On success, a handle to the key."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success. The application can now use the value of `*handle`"]
-    #[doc = "         to access the key."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY"]
-    #[doc = "         The implementation does not have sufficient resources to open the"]
-    #[doc = "         key. This can be due to reaching an implementation limit on the"]
-    #[doc = "         number of open keys, the number of open key handles, or available"]
-    #[doc = "         memory."]
-    #[doc = " \\retval #PSA_ERROR_DOES_NOT_EXIST"]
-    #[doc = "         There is no persistent key with key identifier \\p key."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT"]
-    #[doc = "         \\p key is not a valid persistent key identifier."]
-    #[doc = " \\retval #PSA_ERROR_NOT_PERMITTED"]
-    #[doc = "         The specified key exists, but the application does not have the"]
-    #[doc = "         permission to access it. Note that this specification does not"]
-    #[doc = "         define any way to create such a key, but it may be possible"]
-    #[doc = "         through implementation-specific means."]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_DATA_INVALID \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_DATA_CORRUPT \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_open_key(key: mbedtls_svc_key_id_t, handle: *mut psa_key_handle_t) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Close a key handle."]
-    #[doc = ""]
-    #[doc = " If the handle designates a volatile key, this will destroy the key material"]
-    #[doc = " and free all associated resources, just like psa_destroy_key()."]
-    #[doc = ""]
-    #[doc = " If this is the last open handle to a persistent key, then closing the handle"]
-    #[doc = " will free all resources associated with the key in volatile memory. The key"]
-    #[doc = " data in persistent storage is not affected and can be opened again later"]
-    #[doc = " with a call to psa_open_key()."]
-    #[doc = ""]
-    #[doc = " Closing the key handle makes the handle invalid, and the key handle"]
-    #[doc = " must not be used again by the application."]
-    #[doc = ""]
-    #[doc = " \\note This API is not part of the PSA Cryptography API Release 1.0.0"]
-    #[doc = " specification. It was defined in the 1.0 Beta 3 version of the"]
-    #[doc = " specification but was removed in the 1.0.0 released version. This API is"]
-    #[doc = " kept for the time being to not break applications relying on it. It is not"]
-    #[doc = " deprecated yet but will be in the near future."]
-    #[doc = ""]
-    #[doc = " \\note If the key handle was used to set up an active"]
-    #[doc = " :ref:\\`multipart operation <multipart-operations>\\`, then closing the"]
-    #[doc = " key handle can cause the multipart operation to fail. Applications should"]
-    #[doc = " maintain the key handle until after the multipart operation has finished."]
-    #[doc = ""]
-    #[doc = " \\param handle        The key handle to close."]
-    #[doc = "                      If this is \\c 0, do nothing and return \\c PSA_SUCCESS."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         \\p handle was a valid handle or \\c 0. It is now closed."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_HANDLE"]
-    #[doc = "         \\p handle is not a valid handle nor \\c 0."]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_close_key(handle: psa_key_handle_t) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " \\brief Library deinitialization."]
-    #[doc = ""]
-    #[doc = " This function clears all data associated with the PSA layer,"]
-    #[doc = " including the whole key store."]
-    #[doc = ""]
-    #[doc = " This is an Mbed TLS extension."]
-    pub fn mbedtls_psa_crypto_free();
-}
-#[doc = " \\brief Statistics about"]
-#[doc = " resource consumption related to the PSA keystore."]
-#[doc = ""]
-#[doc = " \\note The content of this structure is not part of the stable API and ABI"]
-#[doc = "       of Mbed Crypto and may change arbitrarily from version to version."]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_psa_stats_s {
-    pub private_volatile_slots: size_t,
-    pub private_persistent_slots: size_t,
-    pub private_external_slots: size_t,
-    pub private_half_filled_slots: size_t,
-    pub private_cache_slots: size_t,
-    pub private_empty_slots: size_t,
-    pub private_locked_slots: size_t,
-    pub private_max_open_internal_key_id: psa_key_id_t,
-    pub private_max_open_external_key_id: psa_key_id_t,
-}
-#[doc = " \\brief Statistics about"]
-#[doc = " resource consumption related to the PSA keystore."]
-#[doc = ""]
-#[doc = " \\note The content of this structure is not part of the stable API and ABI"]
-#[doc = "       of Mbed Crypto and may change arbitrarily from version to version."]
-pub type mbedtls_psa_stats_t = mbedtls_psa_stats_s;
-extern "C" {
-    #[doc = " \\brief Get statistics about"]
-    #[doc = " resource consumption related to the PSA keystore."]
-    #[doc = ""]
-    #[doc = " \\note When Mbed Crypto is built as part of a service, with isolation"]
-    #[doc = "       between the application and the keystore, the service may or"]
-    #[doc = "       may not expose this function."]
-    pub fn mbedtls_psa_get_stats(stats: *mut mbedtls_psa_stats_t);
-}
-extern "C" {
-    #[doc = " \\brief Inject an initial entropy seed for the random generator into"]
-    #[doc = "        secure storage."]
-    #[doc = ""]
-    #[doc = " This function injects data to be used as a seed for the random generator"]
-    #[doc = " used by the PSA Crypto implementation. On devices that lack a trusted"]
-    #[doc = " entropy source (preferably a hardware random number generator),"]
-    #[doc = " the Mbed PSA Crypto implementation uses this value to seed its"]
-    #[doc = " random generator."]
-    #[doc = ""]
-    #[doc = " On devices without a trusted entropy source, this function must be"]
-    #[doc = " called exactly once in the lifetime of the device. On devices with"]
-    #[doc = " a trusted entropy source, calling this function is optional."]
-    #[doc = " In all cases, this function may only be called before calling any"]
-    #[doc = " other function in the PSA Crypto API, including psa_crypto_init()."]
-    #[doc = ""]
-    #[doc = " When this function returns successfully, it populates a file in"]
-    #[doc = " persistent storage. Once the file has been created, this function"]
-    #[doc = " can no longer succeed."]
-    #[doc = ""]
-    #[doc = " If any error occurs, this function does not change the system state."]
-    #[doc = " You can call this function again after correcting the reason for the"]
-    #[doc = " error if possible."]
-    #[doc = ""]
-    #[doc = " \\warning This function **can** fail! Callers MUST check the return status."]
-    #[doc = ""]
-    #[doc = " \\warning If you use this function, you should use it as part of a"]
-    #[doc = "          factory provisioning process. The value of the injected seed"]
-    #[doc = "          is critical to the security of the device. It must be"]
-    #[doc = "          *secret*, *unpredictable* and (statistically) *unique per device*."]
-    #[doc = "          You should be generate it randomly using a cryptographically"]
-    #[doc = "          secure random generator seeded from trusted entropy sources."]
-    #[doc = "          You should transmit it securely to the device and ensure"]
-    #[doc = "          that its value is not leaked or stored anywhere beyond the"]
-    #[doc = "          needs of transmitting it from the point of generation to"]
-    #[doc = "          the call of this function, and erase all copies of the value"]
-    #[doc = "          once this function returns."]
-    #[doc = ""]
-    #[doc = " This is an Mbed TLS extension."]
-    #[doc = ""]
-    #[doc = " \\note This function is only available on the following platforms:"]
-    #[doc = " * If the compile-time option MBEDTLS_PSA_INJECT_ENTROPY is enabled."]
-    #[doc = "   Note that you must provide compatible implementations of"]
-    #[doc = "   mbedtls_nv_seed_read and mbedtls_nv_seed_write."]
-    #[doc = " * In a client-server integration of PSA Cryptography, on the client side,"]
-    #[doc = "   if the server supports this feature."]
-    #[doc = " \\param[in] seed          Buffer containing the seed value to inject."]
-    #[doc = " \\param[in] seed_size     Size of the \\p seed buffer."]
-    #[doc = "                          The size of the seed in bytes must be greater"]
-    #[doc = "                          or equal to both #MBEDTLS_ENTROPY_BLOCK_SIZE"]
-    #[doc = "                          and the value of \\c MBEDTLS_ENTROPY_MIN_PLATFORM"]
-    #[doc = "                          in `library/entropy_poll.h` in the Mbed TLS source"]
-    #[doc = "                          code."]
-    #[doc = "                          It must be less or equal to"]
-    #[doc = "                          #MBEDTLS_ENTROPY_MAX_SEED_SIZE."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         The seed value was injected successfully. The random generator"]
-    #[doc = "         of the PSA Crypto implementation is now ready for use."]
-    #[doc = "         You may now call psa_crypto_init() and use the PSA Crypto"]
-    #[doc = "         implementation."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT"]
-    #[doc = "         \\p seed_size is out of range."]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE"]
-    #[doc = "         There was a failure reading or writing from storage."]
-    #[doc = " \\retval #PSA_ERROR_NOT_PERMITTED"]
-    #[doc = "         The library has already been initialized. It is no longer"]
-    #[doc = "         possible to call this function."]
-    pub fn mbedtls_psa_inject_entropy(seed: *const u8, seed_size: size_t) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " \\brief Get domain parameters for a key."]
-    #[doc = ""]
-    #[doc = " Get the domain parameters for a key with this function, if any. The format"]
-    #[doc = " of the domain parameters written to \\p data is specified in the"]
-    #[doc = " documentation for psa_set_key_domain_parameters()."]
-    #[doc = ""]
-    #[doc = " \\note This is an experimental extension to the interface. It may change"]
-    #[doc = "       in future versions of the library."]
-    #[doc = ""]
-    #[doc = " \\param[in] attributes        The key attribute structure to query."]
-    #[doc = " \\param[out] data             On success, the key domain parameters."]
-    #[doc = " \\param data_size             Size of the \\p data buffer in bytes."]
-    #[doc = "                              The buffer is guaranteed to be large"]
-    #[doc = "                              enough if its size in bytes is at least"]
-    #[doc = "                              the value given by"]
-    #[doc = "                              PSA_KEY_DOMAIN_PARAMETERS_SIZE()."]
-    #[doc = " \\param[out] data_length      On success, the number of bytes"]
-    #[doc = "                              that make up the key domain parameters data."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BUFFER_TOO_SMALL \\emptydescription"]
-    pub fn psa_get_key_domain_parameters(
-        attributes: *const psa_key_attributes_t,
-        data: *mut u8,
-        data_size: size_t,
-        data_length: *mut size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Convert an ECC curve identifier from the PSA encoding to Mbed TLS."]
-    #[doc = ""]
-    #[doc = " \\note This function is provided solely for the convenience of"]
-    #[doc = "       Mbed TLS and may be removed at any time without notice."]
-    #[doc = ""]
-    #[doc = " \\param curve         A PSA elliptic curve identifier"]
-    #[doc = "                      (`PSA_ECC_FAMILY_xxx`)."]
-    #[doc = " \\param bits          The bit-length of a private key on \\p curve."]
-    #[doc = " \\param bits_is_sloppy If true, \\p bits may be the bit-length rounded up"]
-    #[doc = "                      to the nearest multiple of 8. This allows the caller"]
-    #[doc = "                      to infer the exact curve from the length of a key"]
-    #[doc = "                      which is supplied as a byte string."]
-    #[doc = ""]
-    #[doc = " \\return              The corresponding Mbed TLS elliptic curve identifier"]
-    #[doc = "                      (`MBEDTLS_ECP_DP_xxx`)."]
-    #[doc = " \\return              #MBEDTLS_ECP_DP_NONE if \\c curve is not recognized."]
-    #[doc = " \\return              #MBEDTLS_ECP_DP_NONE if \\p bits is not"]
-    #[doc = "                      correct for \\p curve."]
-    pub fn mbedtls_ecc_group_of_psa(
-        curve: psa_ecc_family_t,
-        bits: size_t,
-        bits_is_sloppy: crate::c_types::c_int,
-    ) -> mbedtls_ecp_group_id;
-}
-extern "C" {
-    #[doc = " External random generator function, implemented by the platform."]
-    #[doc = ""]
-    #[doc = " When the compile-time option #MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled,"]
-    #[doc = " this function replaces Mbed TLS's entropy and DRBG modules for all"]
-    #[doc = " random generation triggered via PSA crypto interfaces."]
-    #[doc = ""]
-    #[doc = " \\note This random generator must deliver random numbers with cryptographic"]
-    #[doc = "       quality and high performance. It must supply unpredictable numbers"]
-    #[doc = "       with a uniform distribution. The implementation of this function"]
-    #[doc = "       is responsible for ensuring that the random generator is seeded"]
-    #[doc = "       with sufficient entropy. If you have a hardware TRNG which is slow"]
-    #[doc = "       or delivers non-uniform output, declare it as an entropy source"]
-    #[doc = "       with mbedtls_entropy_add_source() instead of enabling this option."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] context       Pointer to the random generator context."]
-    #[doc = "                              This is all-bits-zero on the first call"]
-    #[doc = "                              and preserved between successive calls."]
-    #[doc = " \\param[out] output           Output buffer. On success, this buffer"]
-    #[doc = "                              contains random data with a uniform"]
-    #[doc = "                              distribution."]
-    #[doc = " \\param output_size           The size of the \\p output buffer in bytes."]
-    #[doc = " \\param[out] output_length    On success, set this value to \\p output_size."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success. The output buffer contains \\p output_size bytes of"]
-    #[doc = "         cryptographic-quality random data, and \\c *output_length is"]
-    #[doc = "         set to \\p output_size."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_ENTROPY"]
-    #[doc = "         The random generator requires extra entropy and there is no"]
-    #[doc = "         way to obtain entropy under current environment conditions."]
-    #[doc = "         This error should not happen under normal circumstances since"]
-    #[doc = "         this function is responsible for obtaining as much entropy as"]
-    #[doc = "         it needs. However implementations of this function may return"]
-    #[doc = "         #PSA_ERROR_INSUFFICIENT_ENTROPY if there is no way to obtain"]
-    #[doc = "         entropy without blocking indefinitely."]
-    #[doc = " \\retval #PSA_ERROR_HARDWARE_FAILURE"]
-    #[doc = "         A failure of the random generator hardware that isn't covered"]
-    #[doc = "         by #PSA_ERROR_INSUFFICIENT_ENTROPY."]
-    pub fn mbedtls_psa_external_get_random(
-        context: *mut mbedtls_psa_external_random_context_t,
-        output: *mut u8,
-        output_size: size_t,
-        output_length: *mut size_t,
-    ) -> psa_status_t;
-}
-#[doc = " A slot number identifying a key in a driver."]
-#[doc = ""]
-#[doc = " Values of this type are used to identify built-in keys."]
-pub type psa_drv_slot_number_t = u64;
-#[doc = " \\brief Encoding of the application role of PAKE"]
-#[doc = ""]
-#[doc = " Encodes the application's role in the algorithm is being executed. For more"]
-#[doc = " information see the documentation of individual \\c PSA_PAKE_ROLE_XXX"]
-#[doc = " constants."]
-pub type psa_pake_role_t = u8;
-#[doc = " Encoding of input and output indicators for PAKE."]
-#[doc = ""]
-#[doc = " Some PAKE algorithms need to exchange more data than just a single key share."]
-#[doc = " This type is for encoding additional input and output data for such"]
-#[doc = " algorithms."]
-pub type psa_pake_step_t = u8;
-#[doc = " Encoding of the type of the PAKE's primitive."]
-#[doc = ""]
-#[doc = " Values defined by this standard will never be in the range 0x80-0xff."]
-#[doc = " Vendors who define additional types must use an encoding in this range."]
-#[doc = ""]
-#[doc = " For more information see the documentation of individual"]
-#[doc = " \\c PSA_PAKE_PRIMITIVE_TYPE_XXX constants."]
-pub type psa_pake_primitive_type_t = u8;
-#[doc = " \\brief Encoding of the family of the primitive associated with the PAKE."]
-#[doc = ""]
-#[doc = " For more information see the documentation of individual"]
-#[doc = " \\c PSA_PAKE_PRIMITIVE_TYPE_XXX constants."]
-pub type psa_pake_family_t = u8;
-#[doc = " \\brief Encoding of the primitive associated with the PAKE."]
-#[doc = ""]
-#[doc = " For more information see the documentation of the #PSA_PAKE_PRIMITIVE macro."]
-pub type psa_pake_primitive_t = u32;
-#[doc = " The type of the data structure for PAKE cipher suites."]
-#[doc = ""]
-#[doc = " This is an implementation-defined \\c struct. Applications should not"]
-#[doc = " make any assumptions about the content of this structure."]
-#[doc = " Implementation details can change in future versions without notice."]
-pub type psa_pake_cipher_suite_t = psa_pake_cipher_suite_s;
-#[doc = " The type of the state data structure for PAKE operations."]
-#[doc = ""]
-#[doc = " Before calling any function on a PAKE operation object, the application"]
-#[doc = " must initialize it by any of the following means:"]
-#[doc = " - Set the structure to all-bits-zero, for example:"]
-#[doc = "   \\code"]
-#[doc = "   psa_pake_operation_t operation;"]
-#[doc = "   memset(&operation, 0, sizeof(operation));"]
-#[doc = "   \\endcode"]
-#[doc = " - Initialize the structure to logical zero values, for example:"]
-#[doc = "   \\code"]
-#[doc = "   psa_pake_operation_t operation = {0};"]
-#[doc = "   \\endcode"]
-#[doc = " - Initialize the structure to the initializer #PSA_PAKE_OPERATION_INIT,"]
-#[doc = "   for example:"]
-#[doc = "   \\code"]
-#[doc = "   psa_pake_operation_t operation = PSA_PAKE_OPERATION_INIT;"]
-#[doc = "   \\endcode"]
-#[doc = " - Assign the result of the function psa_pake_operation_init()"]
-#[doc = "   to the structure, for example:"]
-#[doc = "   \\code"]
-#[doc = "   psa_pake_operation_t operation;"]
-#[doc = "   operation = psa_pake_operation_init();"]
-#[doc = "   \\endcode"]
-#[doc = ""]
-#[doc = " This is an implementation-defined \\c struct. Applications should not"]
-#[doc = " make any assumptions about the content of this structure."]
-#[doc = " Implementation details can change in future versions without notice."]
-pub type psa_pake_operation_t = psa_pake_operation_s;
-#[doc = " The type of input values for PAKE operations."]
-pub type psa_crypto_driver_pake_inputs_t = psa_crypto_driver_pake_inputs_s;
-#[doc = " The type of computation stage for J-PAKE operations."]
-pub type psa_jpake_computation_stage_t = psa_jpake_computation_stage_s;
-extern "C" {
-    #[doc = " Get the length of the password in bytes from given inputs."]
-    #[doc = ""]
-    #[doc = " \\param[in]  inputs           Operation inputs."]
-    #[doc = " \\param[out] password_len     Password length."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         Password hasn't been set yet."]
-    pub fn psa_crypto_driver_pake_get_password_len(
-        inputs: *const psa_crypto_driver_pake_inputs_t,
-        password_len: *mut size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Get the password from given inputs."]
-    #[doc = ""]
-    #[doc = " \\param[in]  inputs           Operation inputs."]
-    #[doc = " \\param[out] buffer           Return buffer for password."]
-    #[doc = " \\param      buffer_size      Size of the return buffer in bytes."]
-    #[doc = " \\param[out] buffer_length    Actual size of the password in bytes."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         Password hasn't been set yet."]
-    pub fn psa_crypto_driver_pake_get_password(
-        inputs: *const psa_crypto_driver_pake_inputs_t,
-        buffer: *mut u8,
-        buffer_size: size_t,
-        buffer_length: *mut size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Get the role from given inputs."]
-    #[doc = ""]
-    #[doc = " \\param[in]  inputs           Operation inputs."]
-    #[doc = " \\param[out] role             Return buffer for role."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         Role hasn't been set yet."]
-    pub fn psa_crypto_driver_pake_get_role(
-        inputs: *const psa_crypto_driver_pake_inputs_t,
-        role: *mut psa_pake_role_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Get the length of the user id in bytes from given inputs."]
-    #[doc = ""]
-    #[doc = " \\param[in]  inputs           Operation inputs."]
-    #[doc = " \\param[out] user_len         User id length."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         User id hasn't been set yet."]
-    pub fn psa_crypto_driver_pake_get_user_len(
-        inputs: *const psa_crypto_driver_pake_inputs_t,
-        user_len: *mut size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Get the length of the peer id in bytes from given inputs."]
-    #[doc = ""]
-    #[doc = " \\param[in]  inputs           Operation inputs."]
-    #[doc = " \\param[out] peer_len         Peer id length."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         Peer id hasn't been set yet."]
-    pub fn psa_crypto_driver_pake_get_peer_len(
-        inputs: *const psa_crypto_driver_pake_inputs_t,
-        peer_len: *mut size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Get the user id from given inputs."]
-    #[doc = ""]
-    #[doc = " \\param[in]  inputs           Operation inputs."]
-    #[doc = " \\param[out] user_id          User id."]
-    #[doc = " \\param      user_id_size     Size of \\p user_id in bytes."]
-    #[doc = " \\param[out] user_id_len      Size of the user id in bytes."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         User id hasn't been set yet."]
-    #[doc = " \\retval #PSA_ERROR_BUFFER_TOO_SMALL"]
-    #[doc = "         The size of the \\p user_id is too small."]
-    pub fn psa_crypto_driver_pake_get_user(
-        inputs: *const psa_crypto_driver_pake_inputs_t,
-        user_id: *mut u8,
-        user_id_size: size_t,
-        user_id_len: *mut size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Get the peer id from given inputs."]
-    #[doc = ""]
-    #[doc = " \\param[in]  inputs           Operation inputs."]
-    #[doc = " \\param[out] peer_id          Peer id."]
-    #[doc = " \\param      peer_id_size     Size of \\p peer_id in bytes."]
-    #[doc = " \\param[out] peer_id_length   Size of the peer id in bytes."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         Peer id hasn't been set yet."]
-    #[doc = " \\retval #PSA_ERROR_BUFFER_TOO_SMALL"]
-    #[doc = "         The size of the \\p peer_id is too small."]
-    pub fn psa_crypto_driver_pake_get_peer(
-        inputs: *const psa_crypto_driver_pake_inputs_t,
-        peer_id: *mut u8,
-        peer_id_size: size_t,
-        peer_id_length: *mut size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Get the cipher suite from given inputs."]
-    #[doc = ""]
-    #[doc = " \\param[in]  inputs           Operation inputs."]
-    #[doc = " \\param[out] cipher_suite     Return buffer for role."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         Cipher_suite hasn't been set yet."]
-    pub fn psa_crypto_driver_pake_get_cipher_suite(
-        inputs: *const psa_crypto_driver_pake_inputs_t,
-        cipher_suite: *mut psa_pake_cipher_suite_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Set the session information for a password-authenticated key exchange."]
-    #[doc = ""]
-    #[doc = " The sequence of operations to set up a password-authenticated key exchange"]
-    #[doc = " is as follows:"]
-    #[doc = " -# Allocate an operation object which will be passed to all the functions"]
-    #[doc = "    listed here."]
-    #[doc = " -# Initialize the operation object with one of the methods described in the"]
-    #[doc = "    documentation for #psa_pake_operation_t, e.g."]
-    #[doc = "    #PSA_PAKE_OPERATION_INIT."]
-    #[doc = " -# Call psa_pake_setup() to specify the cipher suite."]
-    #[doc = " -# Call \\c psa_pake_set_xxx() functions on the operation to complete the"]
-    #[doc = "    setup. The exact sequence of \\c psa_pake_set_xxx() functions that needs"]
-    #[doc = "    to be called depends on the algorithm in use."]
-    #[doc = ""]
-    #[doc = " Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX`"]
-    #[doc = " values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\\c alg) is true)"]
-    #[doc = " for more information."]
-    #[doc = ""]
-    #[doc = " A typical sequence of calls to perform a password-authenticated key"]
-    #[doc = " exchange:"]
-    #[doc = " -# Call psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...) to get the"]
-    #[doc = "    key share that needs to be sent to the peer."]
-    #[doc = " -# Call psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...) to provide"]
-    #[doc = "    the key share that was received from the peer."]
-    #[doc = " -# Depending on the algorithm additional calls to psa_pake_output() and"]
-    #[doc = "    psa_pake_input() might be necessary."]
-    #[doc = " -# Call psa_pake_get_implicit_key() for accessing the shared secret."]
-    #[doc = ""]
-    #[doc = " Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX`"]
-    #[doc = " values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\\c alg) is true)"]
-    #[doc = " for more information."]
-    #[doc = ""]
-    #[doc = " If an error occurs at any step after a call to psa_pake_setup(),"]
-    #[doc = " the operation will need to be reset by a call to psa_pake_abort(). The"]
-    #[doc = " application may call psa_pake_abort() at any time after the operation"]
-    #[doc = " has been initialized."]
-    #[doc = ""]
-    #[doc = " After a successful call to psa_pake_setup(), the application must"]
-    #[doc = " eventually terminate the operation. The following events terminate an"]
-    #[doc = " operation:"]
-    #[doc = " - A call to psa_pake_abort()."]
-    #[doc = " - A successful call to psa_pake_get_implicit_key()."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation     The operation object to set up. It must have"]
-    #[doc = "                              been initialized but not set up yet."]
-    #[doc = " \\param[in] cipher_suite      The cipher suite to use. (A cipher suite fully"]
-    #[doc = "                              characterizes a PAKE algorithm and determines"]
-    #[doc = "                              the algorithm as well.)"]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT"]
-    #[doc = "         The algorithm in \\p cipher_suite is not a PAKE algorithm, or the"]
-    #[doc = "         PAKE primitive in \\p cipher_suite is not compatible with the"]
-    #[doc = "         PAKE algorithm, or the hash algorithm in \\p cipher_suite is invalid"]
-    #[doc = "         or not compatible with the PAKE algorithm and primitive."]
-    #[doc = " \\retval #PSA_ERROR_NOT_SUPPORTED"]
-    #[doc = "         The algorithm in \\p cipher_suite is not a supported PAKE algorithm,"]
-    #[doc = "         or the PAKE primitive in \\p cipher_suite is not supported or not"]
-    #[doc = "         compatible with the PAKE algorithm, or the hash algorithm in"]
-    #[doc = "         \\p cipher_suite is not supported or not compatible with the PAKE"]
-    #[doc = "         algorithm and primitive."]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The operation state is not valid, or"]
-    #[doc = "         the library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_pake_setup(
-        operation: *mut psa_pake_operation_t,
-        cipher_suite: *const psa_pake_cipher_suite_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Set the password for a password-authenticated key exchange from key ID."]
-    #[doc = ""]
-    #[doc = " Call this function when the password, or a value derived from the password,"]
-    #[doc = " is already present in the key store."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation     The operation object to set the password for. It"]
-    #[doc = "                              must have been set up by psa_pake_setup() and"]
-    #[doc = "                              not yet in use (neither psa_pake_output() nor"]
-    #[doc = "                              psa_pake_input() has been called yet). It must"]
-    #[doc = "                              be on operation for which the password hasn't"]
-    #[doc = "                              been set yet (psa_pake_set_password_key()"]
-    #[doc = "                              hasn't been called yet)."]
-    #[doc = " \\param password              Identifier of the key holding the password or a"]
-    #[doc = "                              value derived from the password (eg. by a"]
-    #[doc = "                              memory-hard function).  It must remain valid"]
-    #[doc = "                              until the operation terminates. It must be of"]
-    #[doc = "                              type #PSA_KEY_TYPE_PASSWORD or"]
-    #[doc = "                              #PSA_KEY_TYPE_PASSWORD_HASH. It has to allow"]
-    #[doc = "                              the usage #PSA_KEY_USAGE_DERIVE."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_HANDLE"]
-    #[doc = "         \\p password is not a valid key identifier."]
-    #[doc = " \\retval #PSA_ERROR_NOT_PERMITTED"]
-    #[doc = "         The key does not have the #PSA_KEY_USAGE_DERIVE flag, or it does not"]
-    #[doc = "         permit the \\p operation's algorithm."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT"]
-    #[doc = "         The key type for \\p password is not #PSA_KEY_TYPE_PASSWORD or"]
-    #[doc = "         #PSA_KEY_TYPE_PASSWORD_HASH, or \\p password is not compatible with"]
-    #[doc = "         the \\p operation's cipher suite."]
-    #[doc = " \\retval #PSA_ERROR_NOT_SUPPORTED"]
-    #[doc = "         The key type or key size of \\p password is not supported with the"]
-    #[doc = "         \\p operation's cipher suite."]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_DATA_CORRUPT \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_DATA_INVALID \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The operation state is not valid (it must have been set up.), or"]
-    #[doc = "         the library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_pake_set_password_key(
-        operation: *mut psa_pake_operation_t,
-        password: mbedtls_svc_key_id_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Set the user ID for a password-authenticated key exchange."]
-    #[doc = ""]
-    #[doc = " Call this function to set the user ID. For PAKE algorithms that associate a"]
-    #[doc = " user identifier with each side of the session you need to call"]
-    #[doc = " psa_pake_set_peer() as well. For PAKE algorithms that associate a single"]
-    #[doc = " user identifier with the session, call psa_pake_set_user() only."]
-    #[doc = ""]
-    #[doc = " Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX`"]
-    #[doc = " values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\\c alg) is true)"]
-    #[doc = " for more information."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation     The operation object to set the user ID for. It"]
-    #[doc = "                              must have been set up by psa_pake_setup() and"]
-    #[doc = "                              not yet in use (neither psa_pake_output() nor"]
-    #[doc = "                              psa_pake_input() has been called yet). It must"]
-    #[doc = "                              be on operation for which the user ID hasn't"]
-    #[doc = "                              been set (psa_pake_set_user() hasn't been"]
-    #[doc = "                              called yet)."]
-    #[doc = " \\param[in] user_id           The user ID to authenticate with."]
-    #[doc = "                              (temporary limitation: \"client\" or \"server\" only)"]
-    #[doc = " \\param user_id_len           Size of the \\p user_id buffer in bytes."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT"]
-    #[doc = "         \\p user_id is not valid for the \\p operation's algorithm and cipher"]
-    #[doc = "         suite."]
-    #[doc = " \\retval #PSA_ERROR_NOT_SUPPORTED"]
-    #[doc = "         The value of \\p user_id is not supported by the implementation."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The operation state is not valid, or"]
-    #[doc = "         the library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_pake_set_user(
-        operation: *mut psa_pake_operation_t,
-        user_id: *const u8,
-        user_id_len: size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Set the peer ID for a password-authenticated key exchange."]
-    #[doc = ""]
-    #[doc = " Call this function in addition to psa_pake_set_user() for PAKE algorithms"]
-    #[doc = " that associate a user identifier with each side of the session. For PAKE"]
-    #[doc = " algorithms that associate a single user identifier with the session, call"]
-    #[doc = " psa_pake_set_user() only."]
-    #[doc = ""]
-    #[doc = " Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX`"]
-    #[doc = " values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\\c alg) is true)"]
-    #[doc = " for more information."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation     The operation object to set the peer ID for. It"]
-    #[doc = "                              must have been set up by psa_pake_setup() and"]
-    #[doc = "                              not yet in use (neither psa_pake_output() nor"]
-    #[doc = "                              psa_pake_input() has been called yet). It must"]
-    #[doc = "                              be on operation for which the peer ID hasn't"]
-    #[doc = "                              been set (psa_pake_set_peer() hasn't been"]
-    #[doc = "                              called yet)."]
-    #[doc = " \\param[in] peer_id           The peer's ID to authenticate."]
-    #[doc = "                              (temporary limitation: \"client\" or \"server\" only)"]
-    #[doc = " \\param peer_id_len           Size of the \\p peer_id buffer in bytes."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT"]
-    #[doc = "         \\p user_id is not valid for the \\p operation's algorithm and cipher"]
-    #[doc = "         suite."]
-    #[doc = " \\retval #PSA_ERROR_NOT_SUPPORTED"]
-    #[doc = "         The algorithm doesn't associate a second identity with the session."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         Calling psa_pake_set_peer() is invalid with the \\p operation's"]
-    #[doc = "         algorithm, the operation state is not valid, or the library has not"]
-    #[doc = "         been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_pake_set_peer(
-        operation: *mut psa_pake_operation_t,
-        peer_id: *const u8,
-        peer_id_len: size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Set the application role for a password-authenticated key exchange."]
-    #[doc = ""]
-    #[doc = " Not all PAKE algorithms need to differentiate the communicating entities."]
-    #[doc = " It is optional to call this function for PAKEs that don't require a role"]
-    #[doc = " to be specified. For such PAKEs the application role parameter is ignored,"]
-    #[doc = " or #PSA_PAKE_ROLE_NONE can be passed as \\c role."]
-    #[doc = ""]
-    #[doc = " Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX`"]
-    #[doc = " values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\\c alg) is true)"]
-    #[doc = " for more information."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation     The operation object to specify the"]
-    #[doc = "                              application's role for. It must have been set up"]
-    #[doc = "                              by psa_pake_setup() and not yet in use (neither"]
-    #[doc = "                              psa_pake_output() nor psa_pake_input() has been"]
-    #[doc = "                              called yet). It must be on operation for which"]
-    #[doc = "                              the application's role hasn't been specified"]
-    #[doc = "                              (psa_pake_set_role() hasn't been called yet)."]
-    #[doc = " \\param role                  A value of type ::psa_pake_role_t indicating the"]
-    #[doc = "                              application's role in the PAKE the algorithm"]
-    #[doc = "                              that is being set up. For more information see"]
-    #[doc = "                              the documentation of \\c PSA_PAKE_ROLE_XXX"]
-    #[doc = "                              constants."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT"]
-    #[doc = "         The \\p role is not a valid PAKE role in the \\p operation’s algorithm."]
-    #[doc = " \\retval #PSA_ERROR_NOT_SUPPORTED"]
-    #[doc = "         The \\p role for this algorithm is not supported or is not valid."]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The operation state is not valid, or"]
-    #[doc = "         the library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_pake_set_role(
-        operation: *mut psa_pake_operation_t,
-        role: psa_pake_role_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Get output for a step of a password-authenticated key exchange."]
-    #[doc = ""]
-    #[doc = " Depending on the algorithm being executed, you might need to call this"]
-    #[doc = " function several times or you might not need to call this at all."]
-    #[doc = ""]
-    #[doc = " The exact sequence of calls to perform a password-authenticated key"]
-    #[doc = " exchange depends on the algorithm in use.  Refer to the documentation of"]
-    #[doc = " individual PAKE algorithm types (`PSA_ALG_XXX` values of type"]
-    #[doc = " ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\\c alg) is true) for more"]
-    #[doc = " information."]
-    #[doc = ""]
-    #[doc = " If this function returns an error status, the operation enters an error"]
-    #[doc = " state and must be aborted by calling psa_pake_abort()."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation    Active PAKE operation."]
-    #[doc = " \\param step                 The step of the algorithm for which the output is"]
-    #[doc = "                             requested."]
-    #[doc = " \\param[out] output          Buffer where the output is to be written in the"]
-    #[doc = "                             format appropriate for this \\p step. Refer to"]
-    #[doc = "                             the documentation of the individual"]
-    #[doc = "                             \\c PSA_PAKE_STEP_XXX constants for more"]
-    #[doc = "                             information."]
-    #[doc = " \\param output_size          Size of the \\p output buffer in bytes. This must"]
-    #[doc = "                             be at least #PSA_PAKE_OUTPUT_SIZE(\\p alg, \\p"]
-    #[doc = "                             primitive, \\p step) where \\p alg and"]
-    #[doc = "                             \\p primitive are the PAKE algorithm and primitive"]
-    #[doc = "                             in the operation's cipher suite, and \\p step is"]
-    #[doc = "                             the output step."]
-    #[doc = ""]
-    #[doc = " \\param[out] output_length   On success, the number of bytes of the returned"]
-    #[doc = "                             output."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_BUFFER_TOO_SMALL"]
-    #[doc = "         The size of the \\p output buffer is too small."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT"]
-    #[doc = "         \\p step is not compatible with the operation's algorithm."]
-    #[doc = " \\retval #PSA_ERROR_NOT_SUPPORTED"]
-    #[doc = "         \\p step is not supported with the operation's algorithm."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_ENTROPY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_DATA_CORRUPT \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_DATA_INVALID \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The operation state is not valid (it must be active, and fully set"]
-    #[doc = "         up, and this call must conform to the algorithm's requirements"]
-    #[doc = "         for ordering of input and output steps), or"]
-    #[doc = "         the library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_pake_output(
-        operation: *mut psa_pake_operation_t,
-        step: psa_pake_step_t,
-        output: *mut u8,
-        output_size: size_t,
-        output_length: *mut size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Provide input for a step of a password-authenticated key exchange."]
-    #[doc = ""]
-    #[doc = " Depending on the algorithm being executed, you might need to call this"]
-    #[doc = " function several times or you might not need to call this at all."]
-    #[doc = ""]
-    #[doc = " The exact sequence of calls to perform a password-authenticated key"]
-    #[doc = " exchange depends on the algorithm in use.  Refer to the documentation of"]
-    #[doc = " individual PAKE algorithm types (`PSA_ALG_XXX` values of type"]
-    #[doc = " ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\\c alg) is true) for more"]
-    #[doc = " information."]
-    #[doc = ""]
-    #[doc = " If this function returns an error status, the operation enters an error"]
-    #[doc = " state and must be aborted by calling psa_pake_abort()."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation    Active PAKE operation."]
-    #[doc = " \\param step                 The step for which the input is provided."]
-    #[doc = " \\param[in] input            Buffer containing the input in the format"]
-    #[doc = "                             appropriate for this \\p step. Refer to the"]
-    #[doc = "                             documentation of the individual"]
-    #[doc = "                             \\c PSA_PAKE_STEP_XXX constants for more"]
-    #[doc = "                             information."]
-    #[doc = " \\param input_length         Size of the \\p input buffer in bytes."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_SIGNATURE"]
-    #[doc = "         The verification fails for a #PSA_PAKE_STEP_ZK_PROOF input step."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT"]
-    #[doc = "         \\p is not compatible with the \\p operation’s algorithm, or the"]
-    #[doc = "         \\p input is not valid for the \\p operation's algorithm, cipher suite"]
-    #[doc = "         or \\p step."]
-    #[doc = " \\retval #PSA_ERROR_NOT_SUPPORTED"]
-    #[doc = "         \\p step p is not supported with the \\p operation's algorithm, or the"]
-    #[doc = "         \\p input is not supported for the \\p operation's algorithm, cipher"]
-    #[doc = "         suite or \\p step."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_DATA_CORRUPT \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_DATA_INVALID \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The operation state is not valid (it must be active, and fully set"]
-    #[doc = "         up, and this call must conform to the algorithm's requirements"]
-    #[doc = "         for ordering of input and output steps), or"]
-    #[doc = "         the library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_pake_input(
-        operation: *mut psa_pake_operation_t,
-        step: psa_pake_step_t,
-        input: *const u8,
-        input_length: size_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Get implicitly confirmed shared secret from a PAKE."]
-    #[doc = ""]
-    #[doc = " At this point there is a cryptographic guarantee that only the authenticated"]
-    #[doc = " party who used the same password is able to compute the key. But there is no"]
-    #[doc = " guarantee that the peer is the party it claims to be and was able to do so."]
-    #[doc = ""]
-    #[doc = " That is, the authentication is only implicit. Since the peer is not"]
-    #[doc = " authenticated yet, no action should be taken yet that assumes that the peer"]
-    #[doc = " is who it claims to be. For example, do not access restricted files on the"]
-    #[doc = " peer's behalf until an explicit authentication has succeeded."]
-    #[doc = ""]
-    #[doc = " This function can be called after the key exchange phase of the operation"]
-    #[doc = " has completed. It imports the shared secret output of the PAKE into the"]
-    #[doc = " provided derivation operation. The input step"]
-    #[doc = " #PSA_KEY_DERIVATION_INPUT_SECRET is used when placing the shared key"]
-    #[doc = " material in the key derivation operation."]
-    #[doc = ""]
-    #[doc = " The exact sequence of calls to perform a password-authenticated key"]
-    #[doc = " exchange depends on the algorithm in use.  Refer to the documentation of"]
-    #[doc = " individual PAKE algorithm types (`PSA_ALG_XXX` values of type"]
-    #[doc = " ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\\c alg) is true) for more"]
-    #[doc = " information."]
-    #[doc = ""]
-    #[doc = " When this function returns successfully, \\p operation becomes inactive."]
-    #[doc = " If this function returns an error status, both \\p operation"]
-    #[doc = " and \\p key_derivation operations enter an error state and must be aborted by"]
-    #[doc = " calling psa_pake_abort() and psa_key_derivation_abort() respectively."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation    Active PAKE operation."]
-    #[doc = " \\param[out] output          A key derivation operation that is ready"]
-    #[doc = "                             for an input step of type"]
-    #[doc = "                             #PSA_KEY_DERIVATION_INPUT_SECRET."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_INVALID_ARGUMENT"]
-    #[doc = "         #PSA_KEY_DERIVATION_INPUT_SECRET is not compatible with the"]
-    #[doc = "         algorithm in the \\p output key derivation operation."]
-    #[doc = " \\retval #PSA_ERROR_NOT_SUPPORTED"]
-    #[doc = "         Input from a PAKE is not supported by the algorithm in the \\p output"]
-    #[doc = "         key derivation operation."]
-    #[doc = " \\retval #PSA_ERROR_INSUFFICIENT_MEMORY \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_STORAGE_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_DATA_CORRUPT \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_DATA_INVALID \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The PAKE operation state is not valid (it must be active, but beyond"]
-    #[doc = "         that validity is specific to the algorithm), or"]
-    #[doc = "         the library has not been previously initialized by psa_crypto_init(),"]
-    #[doc = "         or the state of \\p output is not valid for"]
-    #[doc = "         the #PSA_KEY_DERIVATION_INPUT_SECRET step. This can happen if the"]
-    #[doc = "         step is out of order or the application has done this step already"]
-    #[doc = "         and it may not be repeated."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_pake_get_implicit_key(
-        operation: *mut psa_pake_operation_t,
-        output: *mut psa_key_derivation_operation_t,
-    ) -> psa_status_t;
-}
-extern "C" {
-    #[doc = " Abort a PAKE operation."]
-    #[doc = ""]
-    #[doc = " Aborting an operation frees all associated resources except for the \\c"]
-    #[doc = " operation structure itself. Once aborted, the operation object can be reused"]
-    #[doc = " for another operation by calling psa_pake_setup() again."]
-    #[doc = ""]
-    #[doc = " This function may be called at any time after the operation"]
-    #[doc = " object has been initialized as described in #psa_pake_operation_t."]
-    #[doc = ""]
-    #[doc = " In particular, calling psa_pake_abort() after the operation has been"]
-    #[doc = " terminated by a call to psa_pake_abort() or psa_pake_get_implicit_key()"]
-    #[doc = " is safe and has no effect."]
-    #[doc = ""]
-    #[doc = " \\param[in,out] operation    The operation to abort."]
-    #[doc = ""]
-    #[doc = " \\retval #PSA_SUCCESS"]
-    #[doc = "         Success."]
-    #[doc = " \\retval #PSA_ERROR_COMMUNICATION_FAILURE \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_CORRUPTION_DETECTED \\emptydescription"]
-    #[doc = " \\retval #PSA_ERROR_BAD_STATE"]
-    #[doc = "         The library has not been previously initialized by psa_crypto_init()."]
-    #[doc = "         It is implementation-dependent whether a failure to initialize"]
-    #[doc = "         results in this error code."]
-    pub fn psa_pake_abort(operation: *mut psa_pake_operation_t) -> psa_status_t;
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct psa_pake_cipher_suite_s {
-    pub algorithm: psa_algorithm_t,
-    pub type_: psa_pake_primitive_type_t,
-    pub family: psa_pake_family_t,
-    pub bits: u16,
-    pub hash: psa_algorithm_t,
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct psa_crypto_driver_pake_inputs_s {
-    pub private_password: *mut u8,
-    pub private_password_len: size_t,
-    pub private_role: psa_pake_role_t,
-    pub private_user: *mut u8,
-    pub private_user_len: size_t,
-    pub private_peer: *mut u8,
-    pub private_peer_len: size_t,
-    pub private_attributes: psa_key_attributes_t,
-    pub private_cipher_suite: psa_pake_cipher_suite_t,
-}
-pub const psa_jpake_step_PSA_PAKE_STEP_INVALID: psa_jpake_step = 0;
-pub const psa_jpake_step_PSA_PAKE_STEP_X1_X2: psa_jpake_step = 1;
-pub const psa_jpake_step_PSA_PAKE_STEP_X2S: psa_jpake_step = 2;
-pub const psa_jpake_step_PSA_PAKE_STEP_DERIVE: psa_jpake_step = 3;
-pub type psa_jpake_step = crate::c_types::c_uint;
-pub use self::psa_jpake_step as psa_jpake_step_t;
-pub const psa_jpake_state_PSA_PAKE_STATE_INVALID: psa_jpake_state = 0;
-pub const psa_jpake_state_PSA_PAKE_STATE_SETUP: psa_jpake_state = 1;
-pub const psa_jpake_state_PSA_PAKE_STATE_READY: psa_jpake_state = 2;
-pub const psa_jpake_state_PSA_PAKE_OUTPUT_X1_X2: psa_jpake_state = 3;
-pub const psa_jpake_state_PSA_PAKE_OUTPUT_X2S: psa_jpake_state = 4;
-pub const psa_jpake_state_PSA_PAKE_INPUT_X1_X2: psa_jpake_state = 5;
-pub const psa_jpake_state_PSA_PAKE_INPUT_X4S: psa_jpake_state = 6;
-pub type psa_jpake_state = crate::c_types::c_uint;
-pub use self::psa_jpake_state as psa_jpake_state_t;
-pub const psa_jpake_sequence_PSA_PAKE_SEQ_INVALID: psa_jpake_sequence = 0;
-pub const psa_jpake_sequence_PSA_PAKE_X1_STEP_KEY_SHARE: psa_jpake_sequence = 1;
-pub const psa_jpake_sequence_PSA_PAKE_X1_STEP_ZK_PUBLIC: psa_jpake_sequence = 2;
-pub const psa_jpake_sequence_PSA_PAKE_X1_STEP_ZK_PROOF: psa_jpake_sequence = 3;
-pub const psa_jpake_sequence_PSA_PAKE_X2_STEP_KEY_SHARE: psa_jpake_sequence = 4;
-pub const psa_jpake_sequence_PSA_PAKE_X2_STEP_ZK_PUBLIC: psa_jpake_sequence = 5;
-pub const psa_jpake_sequence_PSA_PAKE_X2_STEP_ZK_PROOF: psa_jpake_sequence = 6;
-pub const psa_jpake_sequence_PSA_PAKE_SEQ_END: psa_jpake_sequence = 7;
-pub type psa_jpake_sequence = crate::c_types::c_uint;
-pub use self::psa_jpake_sequence as psa_jpake_sequence_t;
-pub const psa_crypto_driver_pake_step_PSA_JPAKE_STEP_INVALID: psa_crypto_driver_pake_step = 0;
-pub const psa_crypto_driver_pake_step_PSA_JPAKE_X1_STEP_KEY_SHARE: psa_crypto_driver_pake_step = 1;
-pub const psa_crypto_driver_pake_step_PSA_JPAKE_X1_STEP_ZK_PUBLIC: psa_crypto_driver_pake_step = 2;
-pub const psa_crypto_driver_pake_step_PSA_JPAKE_X1_STEP_ZK_PROOF: psa_crypto_driver_pake_step = 3;
-pub const psa_crypto_driver_pake_step_PSA_JPAKE_X2_STEP_KEY_SHARE: psa_crypto_driver_pake_step = 4;
-pub const psa_crypto_driver_pake_step_PSA_JPAKE_X2_STEP_ZK_PUBLIC: psa_crypto_driver_pake_step = 5;
-pub const psa_crypto_driver_pake_step_PSA_JPAKE_X2_STEP_ZK_PROOF: psa_crypto_driver_pake_step = 6;
-pub const psa_crypto_driver_pake_step_PSA_JPAKE_X2S_STEP_KEY_SHARE: psa_crypto_driver_pake_step = 7;
-pub const psa_crypto_driver_pake_step_PSA_JPAKE_X2S_STEP_ZK_PUBLIC: psa_crypto_driver_pake_step = 8;
-pub const psa_crypto_driver_pake_step_PSA_JPAKE_X2S_STEP_ZK_PROOF: psa_crypto_driver_pake_step = 9;
-pub const psa_crypto_driver_pake_step_PSA_JPAKE_X4S_STEP_KEY_SHARE: psa_crypto_driver_pake_step =
-    10;
-pub const psa_crypto_driver_pake_step_PSA_JPAKE_X4S_STEP_ZK_PUBLIC: psa_crypto_driver_pake_step =
-    11;
-pub const psa_crypto_driver_pake_step_PSA_JPAKE_X4S_STEP_ZK_PROOF: psa_crypto_driver_pake_step = 12;
-pub type psa_crypto_driver_pake_step = crate::c_types::c_uint;
-pub use self::psa_crypto_driver_pake_step as psa_crypto_driver_pake_step_t;
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct psa_jpake_computation_stage_s {
-    pub private_state: psa_jpake_state_t,
-    pub private_sequence: psa_jpake_sequence_t,
-    pub private_input_step: psa_jpake_step_t,
-    pub private_output_step: psa_jpake_step_t,
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct psa_pake_operation_s {
-    pub private_id: crate::c_types::c_uint,
-    pub private_alg: psa_algorithm_t,
-    pub private_stage: u8,
-    pub private_computation_stage: psa_pake_operation_s__bindgen_ty_1,
-    pub private_data: psa_pake_operation_s__bindgen_ty_2,
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub union psa_pake_operation_s__bindgen_ty_1 {
-    pub private_dummy: u8,
-    pub private_jpake: psa_jpake_computation_stage_t,
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub union psa_pake_operation_s__bindgen_ty_2 {
-    pub private_ctx: psa_driver_pake_context_t,
-    pub private_inputs: psa_crypto_driver_pake_inputs_t,
-}
-#[doc = " Type-length-value structure that allows for ASN1 using DER."]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_asn1_buf {
-    #[doc = "< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING."]
-    pub tag: crate::c_types::c_int,
-    #[doc = "< ASN1 length, in octets."]
-    pub len: size_t,
-    #[doc = "< ASN1 data, e.g. in ASCII."]
-    pub p: *mut crate::c_types::c_uchar,
-}
-#[doc = " Container for ASN1 bit strings."]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_asn1_bitstring {
-    #[doc = "< ASN1 length, in octets."]
-    pub len: size_t,
-    #[doc = "< Number of unused bits at the end of the string"]
-    pub unused_bits: crate::c_types::c_uchar,
-    #[doc = "< Raw ASN1 data for the bit string"]
-    pub p: *mut crate::c_types::c_uchar,
-}
-#[doc = " Container for a sequence of ASN.1 items"]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_asn1_sequence {
-    #[doc = "< Buffer containing the given ASN.1 item."]
-    pub buf: mbedtls_asn1_buf,
-    #[doc = " The next entry in the sequence."]
-    #[doc = ""]
-    #[doc = " The details of memory management for sequences are not documented and"]
-    #[doc = " may change in future versions. Set this field to \\p NULL when"]
-    #[doc = " initializing a structure, and do not modify it except via Mbed TLS"]
-    #[doc = " library functions."]
-    pub next: *mut mbedtls_asn1_sequence,
-}
-#[doc = " Container for a sequence or list of 'named' ASN.1 data items"]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_asn1_named_data {
-    #[doc = "< The object identifier."]
-    pub oid: mbedtls_asn1_buf,
-    #[doc = "< The named value."]
-    pub val: mbedtls_asn1_buf,
-    #[doc = " The next entry in the sequence."]
-    #[doc = ""]
-    #[doc = " The details of memory management for named data sequences are not"]
-    #[doc = " documented and may change in future versions. Set this field to \\p NULL"]
-    #[doc = " when initializing a structure, and do not modify it except via Mbed TLS"]
-    #[doc = " library functions."]
-    pub next: *mut mbedtls_asn1_named_data,
-    pub private_next_merged: crate::c_types::c_uchar,
-}
-extern "C" {
-    #[doc = " \\brief       Get the length of an ASN.1 element."]
-    #[doc = "              Updates the pointer to immediately behind the length."]
-    #[doc = ""]
-    #[doc = " \\param p     On entry, \\c *p points to the first byte of the length,"]
-    #[doc = "              i.e. immediately after the tag."]
-    #[doc = "              On successful completion, \\c *p points to the first byte"]
-    #[doc = "              after the length, i.e. the first byte of the content."]
-    #[doc = "              On error, the value of \\c *p is undefined."]
-    #[doc = " \\param end   End of data."]
-    #[doc = " \\param len   On successful completion, \\c *len contains the length"]
-    #[doc = "              read from the ASN.1 input."]
-    #[doc = ""]
-    #[doc = " \\return      0 if successful."]
-    #[doc = " \\return      #MBEDTLS_ERR_ASN1_OUT_OF_DATA if the ASN.1 element"]
-    #[doc = "              would end beyond \\p end."]
-    #[doc = " \\return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparsable."]
-    pub fn mbedtls_asn1_get_len(
-        p: *mut *mut crate::c_types::c_uchar,
-        end: *const crate::c_types::c_uchar,
-        len: *mut size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief       Get the tag and length of the element."]
-    #[doc = "              Check for the requested tag."]
-    #[doc = "              Updates the pointer to immediately behind the tag and length."]
-    #[doc = ""]
-    #[doc = " \\param p     On entry, \\c *p points to the start of the ASN.1 element."]
-    #[doc = "              On successful completion, \\c *p points to the first byte"]
-    #[doc = "              after the length, i.e. the first byte of the content."]
-    #[doc = "              On error, the value of \\c *p is undefined."]
-    #[doc = " \\param end   End of data."]
-    #[doc = " \\param len   On successful completion, \\c *len contains the length"]
-    #[doc = "              read from the ASN.1 input."]
-    #[doc = " \\param tag   The expected tag."]
-    #[doc = ""]
-    #[doc = " \\return      0 if successful."]
-    #[doc = " \\return      #MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if the data does not start"]
-    #[doc = "              with the requested tag."]
-    #[doc = " \\return      #MBEDTLS_ERR_ASN1_OUT_OF_DATA if the ASN.1 element"]
-    #[doc = "              would end beyond \\p end."]
-    #[doc = " \\return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparsable."]
-    pub fn mbedtls_asn1_get_tag(
-        p: *mut *mut crate::c_types::c_uchar,
-        end: *const crate::c_types::c_uchar,
-        len: *mut size_t,
-        tag: crate::c_types::c_int,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief       Retrieve a boolean ASN.1 tag and its value."]
-    #[doc = "              Updates the pointer to immediately behind the full tag."]
-    #[doc = ""]
-    #[doc = " \\param p     On entry, \\c *p points to the start of the ASN.1 element."]
-    #[doc = "              On successful completion, \\c *p points to the first byte"]
-    #[doc = "              beyond the ASN.1 element."]
-    #[doc = "              On error, the value of \\c *p is undefined."]
-    #[doc = " \\param end   End of data."]
-    #[doc = " \\param val   On success, the parsed value (\\c 0 or \\c 1)."]
-    #[doc = ""]
-    #[doc = " \\return      0 if successful."]
-    #[doc = " \\return      An ASN.1 error code if the input does not start with"]
-    #[doc = "              a valid ASN.1 BOOLEAN."]
-    pub fn mbedtls_asn1_get_bool(
-        p: *mut *mut crate::c_types::c_uchar,
-        end: *const crate::c_types::c_uchar,
-        val: *mut crate::c_types::c_int,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief       Retrieve an integer ASN.1 tag and its value."]
-    #[doc = "              Updates the pointer to immediately behind the full tag."]
-    #[doc = ""]
-    #[doc = " \\param p     On entry, \\c *p points to the start of the ASN.1 element."]
-    #[doc = "              On successful completion, \\c *p points to the first byte"]
-    #[doc = "              beyond the ASN.1 element."]
-    #[doc = "              On error, the value of \\c *p is undefined."]
-    #[doc = " \\param end   End of data."]
-    #[doc = " \\param val   On success, the parsed value."]
-    #[doc = ""]
-    #[doc = " \\return      0 if successful."]
-    #[doc = " \\return      An ASN.1 error code if the input does not start with"]
-    #[doc = "              a valid ASN.1 INTEGER."]
-    #[doc = " \\return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does"]
-    #[doc = "              not fit in an \\c int."]
-    pub fn mbedtls_asn1_get_int(
-        p: *mut *mut crate::c_types::c_uchar,
-        end: *const crate::c_types::c_uchar,
-        val: *mut crate::c_types::c_int,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief       Retrieve an enumerated ASN.1 tag and its value."]
-    #[doc = "              Updates the pointer to immediately behind the full tag."]
-    #[doc = ""]
-    #[doc = " \\param p     On entry, \\c *p points to the start of the ASN.1 element."]
-    #[doc = "              On successful completion, \\c *p points to the first byte"]
-    #[doc = "              beyond the ASN.1 element."]
-    #[doc = "              On error, the value of \\c *p is undefined."]
-    #[doc = " \\param end   End of data."]
-    #[doc = " \\param val   On success, the parsed value."]
-    #[doc = ""]
-    #[doc = " \\return      0 if successful."]
-    #[doc = " \\return      An ASN.1 error code if the input does not start with"]
-    #[doc = "              a valid ASN.1 ENUMERATED."]
-    #[doc = " \\return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does"]
-    #[doc = "              not fit in an \\c int."]
-    pub fn mbedtls_asn1_get_enum(
-        p: *mut *mut crate::c_types::c_uchar,
-        end: *const crate::c_types::c_uchar,
-        val: *mut crate::c_types::c_int,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief       Retrieve a bitstring ASN.1 tag and its value."]
-    #[doc = "              Updates the pointer to immediately behind the full tag."]
-    #[doc = ""]
-    #[doc = " \\param p     On entry, \\c *p points to the start of the ASN.1 element."]
-    #[doc = "              On successful completion, \\c *p is equal to \\p end."]
-    #[doc = "              On error, the value of \\c *p is undefined."]
-    #[doc = " \\param end   End of data."]
-    #[doc = " \\param bs    On success, ::mbedtls_asn1_bitstring information about"]
-    #[doc = "              the parsed value."]
-    #[doc = ""]
-    #[doc = " \\return      0 if successful."]
-    #[doc = " \\return      #MBEDTLS_ERR_ASN1_LENGTH_MISMATCH if the input contains"]
-    #[doc = "              extra data after a valid BIT STRING."]
-    #[doc = " \\return      An ASN.1 error code if the input does not start with"]
-    #[doc = "              a valid ASN.1 BIT STRING."]
-    pub fn mbedtls_asn1_get_bitstring(
-        p: *mut *mut crate::c_types::c_uchar,
-        end: *const crate::c_types::c_uchar,
-        bs: *mut mbedtls_asn1_bitstring,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief       Retrieve a bitstring ASN.1 tag without unused bits and its"]
-    #[doc = "              value."]
-    #[doc = "              Updates the pointer to the beginning of the bit/octet string."]
-    #[doc = ""]
-    #[doc = " \\param p     On entry, \\c *p points to the start of the ASN.1 element."]
-    #[doc = "              On successful completion, \\c *p points to the first byte"]
-    #[doc = "              of the content of the BIT STRING."]
-    #[doc = "              On error, the value of \\c *p is undefined."]
-    #[doc = " \\param end   End of data."]
-    #[doc = " \\param len   On success, \\c *len is the length of the content in bytes."]
-    #[doc = ""]
-    #[doc = " \\return      0 if successful."]
-    #[doc = " \\return      #MBEDTLS_ERR_ASN1_INVALID_DATA if the input starts with"]
-    #[doc = "              a valid BIT STRING with a nonzero number of unused bits."]
-    #[doc = " \\return      An ASN.1 error code if the input does not start with"]
-    #[doc = "              a valid ASN.1 BIT STRING."]
-    pub fn mbedtls_asn1_get_bitstring_null(
-        p: *mut *mut crate::c_types::c_uchar,
-        end: *const crate::c_types::c_uchar,
-        len: *mut size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief       Parses and splits an ASN.1 \"SEQUENCE OF <tag>\"."]
-    #[doc = "              Updates the pointer to immediately behind the full sequence tag."]
-    #[doc = ""]
-    #[doc = " This function allocates memory for the sequence elements. You can free"]
-    #[doc = " the allocated memory with mbedtls_asn1_sequence_free()."]
-    #[doc = ""]
-    #[doc = " \\note        On error, this function may return a partial list in \\p cur."]
-    #[doc = "              You must set `cur->next = NULL` before calling this function!"]
-    #[doc = "              Otherwise it is impossible to distinguish a previously non-null"]
-    #[doc = "              pointer from a pointer to an object allocated by this function."]
-    #[doc = ""]
-    #[doc = " \\note        If the sequence is empty, this function does not modify"]
-    #[doc = "              \\c *cur. If the sequence is valid and non-empty, this"]
-    #[doc = "              function sets `cur->buf.tag` to \\p tag. This allows"]
-    #[doc = "              callers to distinguish between an empty sequence and"]
-    #[doc = "              a one-element sequence."]
-    #[doc = ""]
-    #[doc = " \\param p     On entry, \\c *p points to the start of the ASN.1 element."]
-    #[doc = "              On successful completion, \\c *p is equal to \\p end."]
-    #[doc = "              On error, the value of \\c *p is undefined."]
-    #[doc = " \\param end   End of data."]
-    #[doc = " \\param cur   A ::mbedtls_asn1_sequence which this function fills."]
-    #[doc = "              When this function returns, \\c *cur is the head of a linked"]
-    #[doc = "              list. Each node in this list is allocated with"]
-    #[doc = "              mbedtls_calloc() apart from \\p cur itself, and should"]
-    #[doc = "              therefore be freed with mbedtls_free()."]
-    #[doc = "              The list describes the content of the sequence."]
-    #[doc = "              The head of the list (i.e. \\c *cur itself) describes the"]
-    #[doc = "              first element, `*cur->next` describes the second element, etc."]
-    #[doc = "              For each element, `buf.tag == tag`, `buf.len` is the length"]
-    #[doc = "              of the content of the content of the element, and `buf.p`"]
-    #[doc = "              points to the first byte of the content (i.e. immediately"]
-    #[doc = "              past the length of the element)."]
-    #[doc = "              Note that list elements may be allocated even on error."]
-    #[doc = " \\param tag   Each element of the sequence must have this tag."]
-    #[doc = ""]
-    #[doc = " \\return      0 if successful."]
-    #[doc = " \\return      #MBEDTLS_ERR_ASN1_LENGTH_MISMATCH if the input contains"]
-    #[doc = "              extra data after a valid SEQUENCE OF \\p tag."]
-    #[doc = " \\return      #MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if the input starts with"]
-    #[doc = "              an ASN.1 SEQUENCE in which an element has a tag that"]
-    #[doc = "              is different from \\p tag."]
-    #[doc = " \\return      #MBEDTLS_ERR_ASN1_ALLOC_FAILED if a memory allocation failed."]
-    #[doc = " \\return      An ASN.1 error code if the input does not start with"]
-    #[doc = "              a valid ASN.1 SEQUENCE."]
-    pub fn mbedtls_asn1_get_sequence_of(
-        p: *mut *mut crate::c_types::c_uchar,
-        end: *const crate::c_types::c_uchar,
-        cur: *mut mbedtls_asn1_sequence,
-        tag: crate::c_types::c_int,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Free a heap-allocated linked list presentation of"]
-    #[doc = "                 an ASN.1 sequence, including the first element."]
-    #[doc = ""]
-    #[doc = " There are two common ways to manage the memory used for the representation"]
-    #[doc = " of a parsed ASN.1 sequence:"]
-    #[doc = " - Allocate a head node `mbedtls_asn1_sequence *head` with mbedtls_calloc()."]
-    #[doc = "   Pass this node as the `cur` argument to mbedtls_asn1_get_sequence_of()."]
-    #[doc = "   When you have finished processing the sequence,"]
-    #[doc = "   call mbedtls_asn1_sequence_free() on `head`."]
-    #[doc = " - Allocate a head node `mbedtls_asn1_sequence *head` in any manner,"]
-    #[doc = "   for example on the stack. Make sure that `head->next == NULL`."]
-    #[doc = "   Pass `head` as the `cur` argument to mbedtls_asn1_get_sequence_of()."]
-    #[doc = "   When you have finished processing the sequence,"]
-    #[doc = "   call mbedtls_asn1_sequence_free() on `head->cur`,"]
-    #[doc = "   then free `head` itself in the appropriate manner."]
-    #[doc = ""]
-    #[doc = " \\param seq      The address of the first sequence component. This may"]
-    #[doc = "                 be \\c NULL, in which case this functions returns"]
-    #[doc = "                 immediately."]
-    pub fn mbedtls_asn1_sequence_free(seq: *mut mbedtls_asn1_sequence);
-}
-extern "C" {
-    #[doc = " \\brief                Traverse an ASN.1 SEQUENCE container and"]
-    #[doc = "                       call a callback for each entry."]
-    #[doc = ""]
-    #[doc = " This function checks that the input is a SEQUENCE of elements that"]
-    #[doc = " each have a \"must\" tag, and calls a callback function on the elements"]
-    #[doc = " that have a \"may\" tag."]
-    #[doc = ""]
-    #[doc = " For example, to validate that the input is a SEQUENCE of `tag1` and call"]
-    #[doc = " `cb` on each element, use"]
-    #[doc = " ```"]
-    #[doc = " mbedtls_asn1_traverse_sequence_of(&p, end, 0xff, tag1, 0, 0, cb, ctx);"]
-    #[doc = " ```"]
-    #[doc = ""]
-    #[doc = " To validate that the input is a SEQUENCE of ANY and call `cb` on"]
-    #[doc = " each element, use"]
-    #[doc = " ```"]
-    #[doc = " mbedtls_asn1_traverse_sequence_of(&p, end, 0, 0, 0, 0, cb, ctx);"]
-    #[doc = " ```"]
-    #[doc = ""]
-    #[doc = " To validate that the input is a SEQUENCE of CHOICE {NULL, OCTET STRING}"]
-    #[doc = " and call `cb` on each element that is an OCTET STRING, use"]
-    #[doc = " ```"]
-    #[doc = " mbedtls_asn1_traverse_sequence_of(&p, end, 0xfe, 0x04, 0xff, 0x04, cb, ctx);"]
-    #[doc = " ```"]
-    #[doc = ""]
-    #[doc = " The callback is called on the elements with a \"may\" tag from left to"]
-    #[doc = " right. If the input is not a valid SEQUENCE of elements with a \"must\" tag,"]
-    #[doc = " the callback is called on the elements up to the leftmost point where"]
-    #[doc = " the input is invalid."]
-    #[doc = ""]
-    #[doc = " \\warning              This function is still experimental and may change"]
-    #[doc = "                       at any time."]
-    #[doc = ""]
-    #[doc = " \\param p              The address of the pointer to the beginning of"]
-    #[doc = "                       the ASN.1 SEQUENCE header. This is updated to"]
-    #[doc = "                       point to the end of the ASN.1 SEQUENCE container"]
-    #[doc = "                       on a successful invocation."]
-    #[doc = " \\param end            The end of the ASN.1 SEQUENCE container."]
-    #[doc = " \\param tag_must_mask  A mask to be applied to the ASN.1 tags found within"]
-    #[doc = "                       the SEQUENCE before comparing to \\p tag_must_value."]
-    #[doc = " \\param tag_must_val   The required value of each ASN.1 tag found in the"]
-    #[doc = "                       SEQUENCE, after masking with \\p tag_must_mask."]
-    #[doc = "                       Mismatching tags lead to an error."]
-    #[doc = "                       For example, a value of \\c 0 for both \\p tag_must_mask"]
-    #[doc = "                       and \\p tag_must_val means that every tag is allowed,"]
-    #[doc = "                       while a value of \\c 0xFF for \\p tag_must_mask means"]
-    #[doc = "                       that \\p tag_must_val is the only allowed tag."]
-    #[doc = " \\param tag_may_mask   A mask to be applied to the ASN.1 tags found within"]
-    #[doc = "                       the SEQUENCE before comparing to \\p tag_may_value."]
-    #[doc = " \\param tag_may_val    The desired value of each ASN.1 tag found in the"]
-    #[doc = "                       SEQUENCE, after masking with \\p tag_may_mask."]
-    #[doc = "                       Mismatching tags will be silently ignored."]
-    #[doc = "                       For example, a value of \\c 0 for \\p tag_may_mask and"]
-    #[doc = "                       \\p tag_may_val means that any tag will be considered,"]
-    #[doc = "                       while a value of \\c 0xFF for \\p tag_may_mask means"]
-    #[doc = "                       that all tags with value different from \\p tag_may_val"]
-    #[doc = "                       will be ignored."]
-    #[doc = " \\param cb             The callback to trigger for each component"]
-    #[doc = "                       in the ASN.1 SEQUENCE that matches \\p tag_may_val."]
-    #[doc = "                       The callback function is called with the following"]
-    #[doc = "                       parameters:"]
-    #[doc = "                       - \\p ctx."]
-    #[doc = "                       - The tag of the current element."]
-    #[doc = "                       - A pointer to the start of the current element's"]
-    #[doc = "                         content inside the input."]
-    #[doc = "                       - The length of the content of the current element."]
-    #[doc = "                       If the callback returns a non-zero value,"]
-    #[doc = "                       the function stops immediately,"]
-    #[doc = "                       forwarding the callback's return value."]
-    #[doc = " \\param ctx            The context to be passed to the callback \\p cb."]
-    #[doc = ""]
-    #[doc = " \\return               \\c 0 if successful the entire ASN.1 SEQUENCE"]
-    #[doc = "                       was traversed without parsing or callback errors."]
-    #[doc = " \\return               #MBEDTLS_ERR_ASN1_LENGTH_MISMATCH if the input"]
-    #[doc = "                       contains extra data after a valid SEQUENCE"]
-    #[doc = "                       of elements with an accepted tag."]
-    #[doc = " \\return               #MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if the input starts"]
-    #[doc = "                       with an ASN.1 SEQUENCE in which an element has a tag"]
-    #[doc = "                       that is not accepted."]
-    #[doc = " \\return               An ASN.1 error code if the input does not start with"]
-    #[doc = "                       a valid ASN.1 SEQUENCE."]
-    #[doc = " \\return               A non-zero error code forwarded from the callback"]
-    #[doc = "                       \\p cb in case the latter returns a non-zero value."]
-    pub fn mbedtls_asn1_traverse_sequence_of(
-        p: *mut *mut crate::c_types::c_uchar,
-        end: *const crate::c_types::c_uchar,
-        tag_must_mask: crate::c_types::c_uchar,
-        tag_must_val: crate::c_types::c_uchar,
-        tag_may_mask: crate::c_types::c_uchar,
-        tag_may_val: crate::c_types::c_uchar,
-        cb: ::core::option::Option<
-            unsafe extern "C" fn(
-                ctx: *mut crate::c_types::c_void,
-                tag: crate::c_types::c_int,
-                start: *mut crate::c_types::c_uchar,
-                len: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        ctx: *mut crate::c_types::c_void,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief       Retrieve an integer ASN.1 tag and its value."]
-    #[doc = "              Updates the pointer to immediately behind the full tag."]
-    #[doc = ""]
-    #[doc = " \\param p     On entry, \\c *p points to the start of the ASN.1 element."]
-    #[doc = "              On successful completion, \\c *p points to the first byte"]
-    #[doc = "              beyond the ASN.1 element."]
-    #[doc = "              On error, the value of \\c *p is undefined."]
-    #[doc = " \\param end   End of data."]
-    #[doc = " \\param X     On success, the parsed value."]
-    #[doc = ""]
-    #[doc = " \\return      0 if successful."]
-    #[doc = " \\return      An ASN.1 error code if the input does not start with"]
-    #[doc = "              a valid ASN.1 INTEGER."]
-    #[doc = " \\return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does"]
-    #[doc = "              not fit in an \\c int."]
-    #[doc = " \\return      An MPI error code if the parsed value is too large."]
-    pub fn mbedtls_asn1_get_mpi(
-        p: *mut *mut crate::c_types::c_uchar,
-        end: *const crate::c_types::c_uchar,
-        X: *mut mbedtls_mpi,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief       Retrieve an AlgorithmIdentifier ASN.1 sequence."]
-    #[doc = "              Updates the pointer to immediately behind the full"]
-    #[doc = "              AlgorithmIdentifier."]
-    #[doc = ""]
-    #[doc = " \\param p     On entry, \\c *p points to the start of the ASN.1 element."]
-    #[doc = "              On successful completion, \\c *p points to the first byte"]
-    #[doc = "              beyond the AlgorithmIdentifier element."]
-    #[doc = "              On error, the value of \\c *p is undefined."]
-    #[doc = " \\param end   End of data."]
-    #[doc = " \\param alg   The buffer to receive the OID."]
-    #[doc = " \\param params The buffer to receive the parameters."]
-    #[doc = "              This is zeroized if there are no parameters."]
-    #[doc = ""]
-    #[doc = " \\return      0 if successful or a specific ASN.1 or MPI error code."]
-    pub fn mbedtls_asn1_get_alg(
-        p: *mut *mut crate::c_types::c_uchar,
-        end: *const crate::c_types::c_uchar,
-        alg: *mut mbedtls_asn1_buf,
-        params: *mut mbedtls_asn1_buf,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief       Retrieve an AlgorithmIdentifier ASN.1 sequence with NULL or no"]
-    #[doc = "              params."]
-    #[doc = "              Updates the pointer to immediately behind the full"]
-    #[doc = "              AlgorithmIdentifier."]
-    #[doc = ""]
-    #[doc = " \\param p     On entry, \\c *p points to the start of the ASN.1 element."]
-    #[doc = "              On successful completion, \\c *p points to the first byte"]
-    #[doc = "              beyond the AlgorithmIdentifier element."]
-    #[doc = "              On error, the value of \\c *p is undefined."]
-    #[doc = " \\param end   End of data."]
-    #[doc = " \\param alg   The buffer to receive the OID."]
-    #[doc = ""]
-    #[doc = " \\return      0 if successful or a specific ASN.1 or MPI error code."]
-    pub fn mbedtls_asn1_get_alg_null(
-        p: *mut *mut crate::c_types::c_uchar,
-        end: *const crate::c_types::c_uchar,
-        alg: *mut mbedtls_asn1_buf,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief       Find a specific named_data entry in a sequence or list based on"]
-    #[doc = "              the OID."]
-    #[doc = ""]
-    #[doc = " \\param list  The list to seek through"]
-    #[doc = " \\param oid   The OID to look for"]
-    #[doc = " \\param len   Size of the OID"]
-    #[doc = ""]
-    #[doc = " \\return      NULL if not found, or a pointer to the existing entry."]
-    pub fn mbedtls_asn1_find_named_data(
-        list: *const mbedtls_asn1_named_data,
-        oid: *const crate::c_types::c_char,
-        len: size_t,
-    ) -> *const mbedtls_asn1_named_data;
-}
-extern "C" {
-    #[doc = " \\brief       Free a mbedtls_asn1_named_data entry"]
-    #[doc = ""]
-    #[doc = " \\deprecated  This function is deprecated and will be removed in a"]
-    #[doc = "              future version of the library."]
-    #[doc = "              Please use mbedtls_asn1_free_named_data_list()"]
-    #[doc = "              or mbedtls_asn1_free_named_data_list_shallow()."]
-    #[doc = ""]
-    #[doc = " \\param entry The named data entry to free."]
-    #[doc = "              This function calls mbedtls_free() on"]
-    #[doc = "              `entry->oid.p` and `entry->val.p`."]
-    pub fn mbedtls_asn1_free_named_data(entry: *mut mbedtls_asn1_named_data);
-}
-extern "C" {
-    #[doc = " \\brief       Free all entries in a mbedtls_asn1_named_data list."]
-    #[doc = ""]
-    #[doc = " \\param head  Pointer to the head of the list of named data entries to free."]
-    #[doc = "              This function calls mbedtls_free() on"]
-    #[doc = "              `entry->oid.p` and `entry->val.p` and then on `entry`"]
-    #[doc = "              for each list entry, and sets \\c *head to \\c NULL."]
-    pub fn mbedtls_asn1_free_named_data_list(head: *mut *mut mbedtls_asn1_named_data);
-}
-extern "C" {
-    #[doc = " \\brief       Free all shallow entries in a mbedtls_asn1_named_data list,"]
-    #[doc = "              but do not free internal pointer targets."]
-    #[doc = ""]
-    #[doc = " \\param name  Head of the list of named data entries to free."]
-    #[doc = "              This function calls mbedtls_free() on each list element."]
-    pub fn mbedtls_asn1_free_named_data_list_shallow(name: *mut mbedtls_asn1_named_data);
-}
-#[doc = " Type-length-value structure that allows for ASN1 using DER."]
-pub type mbedtls_x509_buf = mbedtls_asn1_buf;
-#[doc = " Container for ASN1 bit strings."]
-pub type mbedtls_x509_bitstring = mbedtls_asn1_bitstring;
-#[doc = " Container for a sequence or list of 'named' ASN.1 data items"]
-pub type mbedtls_x509_name = mbedtls_asn1_named_data;
-#[doc = " Container for a sequence of ASN.1 items"]
-pub type mbedtls_x509_sequence = mbedtls_asn1_sequence;
-#[doc = " Container for date and time (precision in seconds)."]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_x509_time {
-    #[doc = "< Date."]
-    pub year: crate::c_types::c_int,
-    #[doc = "< Date."]
-    pub mon: crate::c_types::c_int,
-    #[doc = "< Date."]
-    pub day: crate::c_types::c_int,
-    #[doc = "< Time."]
-    pub hour: crate::c_types::c_int,
-    #[doc = "< Time."]
-    pub min: crate::c_types::c_int,
-    #[doc = "< Time."]
-    pub sec: crate::c_types::c_int,
-}
-#[doc = " From RFC 5280 section 4.2.1.6:"]
-#[doc = " OtherName ::= SEQUENCE {"]
-#[doc = "      type-id    OBJECT IDENTIFIER,"]
-#[doc = "      value      [0] EXPLICIT ANY DEFINED BY type-id }"]
-#[doc = ""]
-#[doc = " Future versions of the library may add new fields to this structure or"]
-#[doc = " to its embedded union and structure."]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_x509_san_other_name {
-    #[doc = "< The type id."]
-    pub type_id: mbedtls_x509_buf,
-    pub value: mbedtls_x509_san_other_name__bindgen_ty_1,
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub union mbedtls_x509_san_other_name__bindgen_ty_1 {
-    pub hardware_module_name: mbedtls_x509_san_other_name__bindgen_ty_1__bindgen_ty_1,
-}
-#[doc = " From RFC 4108 section 5:"]
-#[doc = " HardwareModuleName ::= SEQUENCE {"]
-#[doc = "                         hwType OBJECT IDENTIFIER,"]
-#[doc = "                         hwSerialNum OCTET STRING }"]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_x509_san_other_name__bindgen_ty_1__bindgen_ty_1 {
-    #[doc = "< The object identifier."]
-    pub oid: mbedtls_x509_buf,
-    #[doc = "< The named value."]
-    pub val: mbedtls_x509_buf,
-}
-#[doc = " A structure for holding the parsed Subject Alternative Name,"]
-#[doc = " according to type."]
-#[doc = ""]
-#[doc = " Future versions of the library may add new fields to this structure or"]
-#[doc = " to its embedded union and structure."]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_x509_subject_alternative_name {
-    #[doc = "< The SAN type, value of MBEDTLS_X509_SAN_XXX."]
-    pub type_: crate::c_types::c_int,
-    #[doc = "< A union of the supported SAN types"]
-    pub san: mbedtls_x509_subject_alternative_name__bindgen_ty_1,
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub union mbedtls_x509_subject_alternative_name__bindgen_ty_1 {
-    #[doc = "< The otherName supported type."]
-    pub other_name: mbedtls_x509_san_other_name,
-    #[doc = "< The buffer for the unconstructed types. Only rfc822Name, dnsName and uniformResourceIdentifier are currently supported"]
-    pub unstructured_name: mbedtls_x509_buf,
-}
-extern "C" {
-    #[doc = " \\brief          Store the certificate DN in printable form into buf;"]
-    #[doc = "                 no more than size characters will be written."]
-    #[doc = ""]
-    #[doc = " \\param buf      Buffer to write to"]
-    #[doc = " \\param size     Maximum size of buffer"]
-    #[doc = " \\param dn       The X509 name to represent"]
-    #[doc = ""]
-    #[doc = " \\return         The length of the string written (not including the"]
-    #[doc = "                 terminated nul byte), or a negative error code."]
-    pub fn mbedtls_x509_dn_gets(
-        buf: *mut crate::c_types::c_char,
-        size: size_t,
-        dn: *const mbedtls_x509_name,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Store the certificate serial in printable form into buf;"]
-    #[doc = "                 no more than size characters will be written."]
-    #[doc = ""]
-    #[doc = " \\param buf      Buffer to write to"]
-    #[doc = " \\param size     Maximum size of buffer"]
-    #[doc = " \\param serial   The X509 serial to represent"]
-    #[doc = ""]
-    #[doc = " \\return         The length of the string written (not including the"]
-    #[doc = "                 terminated nul byte), or a negative error code."]
-    pub fn mbedtls_x509_serial_gets(
-        buf: *mut crate::c_types::c_char,
-        size: size_t,
-        serial: *const mbedtls_x509_buf,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Check a given mbedtls_x509_time against the system time"]
-    #[doc = "                 and tell if it's in the past."]
-    #[doc = ""]
-    #[doc = " \\note           Intended usage is \"if( is_past( valid_to ) ) ERROR\"."]
-    #[doc = "                 Hence the return value of 1 if on internal errors."]
-    #[doc = ""]
-    #[doc = " \\param to       mbedtls_x509_time to check"]
-    #[doc = ""]
-    #[doc = " \\return         1 if the given time is in the past or an error occurred,"]
-    #[doc = "                 0 otherwise."]
-    pub fn mbedtls_x509_time_is_past(to: *const mbedtls_x509_time) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Check a given mbedtls_x509_time against the system time"]
-    #[doc = "                 and tell if it's in the future."]
-    #[doc = ""]
-    #[doc = " \\note           Intended usage is \"if( is_future( valid_from ) ) ERROR\"."]
-    #[doc = "                 Hence the return value of 1 if on internal errors."]
-    #[doc = ""]
-    #[doc = " \\param from     mbedtls_x509_time to check"]
-    #[doc = ""]
-    #[doc = " \\return         1 if the given time is in the future or an error occurred,"]
-    #[doc = "                 0 otherwise."]
-    pub fn mbedtls_x509_time_is_future(from: *const mbedtls_x509_time) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function parses an item in the SubjectAlternativeNames"]
-    #[doc = "                 extension."]
-    #[doc = ""]
-    #[doc = " \\param san_buf  The buffer holding the raw data item of the subject"]
-    #[doc = "                 alternative name."]
-    #[doc = " \\param san      The target structure to populate with the parsed presentation"]
-    #[doc = "                 of the subject alternative name encoded in \\p san_raw."]
-    #[doc = ""]
-    #[doc = " \\note           Supported GeneralName types, as defined in RFC 5280:"]
-    #[doc = "                 \"rfc822Name\", \"dnsName\", \"uniformResourceIdentifier\" and \"hardware_module_name\""]
-    #[doc = "                 of type \"otherName\", as defined in RFC 4108."]
-    #[doc = ""]
-    #[doc = " \\note           This function should be called on a single raw data of"]
-    #[doc = "                 subject alternative name. For example, after successful"]
-    #[doc = "                 certificate parsing, one must iterate on every item in the"]
-    #[doc = "                 \\p crt->subject_alt_names sequence, and pass it to"]
-    #[doc = "                 this function."]
-    #[doc = ""]
-    #[doc = " \\warning        The target structure contains pointers to the raw data of the"]
-    #[doc = "                 parsed certificate, and its lifetime is restricted by the"]
-    #[doc = "                 lifetime of the certificate."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success"]
-    #[doc = " \\return         #MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE for an unsupported"]
-    #[doc = "                 SAN type."]
-    #[doc = " \\return         Another negative value for any other failure."]
-    pub fn mbedtls_x509_parse_subject_alt_name(
-        san_buf: *const mbedtls_x509_buf,
-        san: *mut mbedtls_x509_subject_alternative_name,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\} addtogroup x509_module"]
-    pub fn mbedtls_x509_get_name(
-        p: *mut *mut crate::c_types::c_uchar,
-        end: *const crate::c_types::c_uchar,
-        cur: *mut mbedtls_x509_name,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    pub fn mbedtls_x509_get_alg_null(
-        p: *mut *mut crate::c_types::c_uchar,
-        end: *const crate::c_types::c_uchar,
-        alg: *mut mbedtls_x509_buf,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    pub fn mbedtls_x509_get_alg(
-        p: *mut *mut crate::c_types::c_uchar,
-        end: *const crate::c_types::c_uchar,
-        alg: *mut mbedtls_x509_buf,
-        params: *mut mbedtls_x509_buf,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    pub fn mbedtls_x509_get_rsassa_pss_params(
-        params: *const mbedtls_x509_buf,
-        md_alg: *mut mbedtls_md_type_t,
-        mgf_md: *mut mbedtls_md_type_t,
-        salt_len: *mut crate::c_types::c_int,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    pub fn mbedtls_x509_get_sig(
-        p: *mut *mut crate::c_types::c_uchar,
-        end: *const crate::c_types::c_uchar,
-        sig: *mut mbedtls_x509_buf,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    pub fn mbedtls_x509_get_sig_alg(
-        sig_oid: *const mbedtls_x509_buf,
-        sig_params: *const mbedtls_x509_buf,
-        md_alg: *mut mbedtls_md_type_t,
-        pk_alg: *mut mbedtls_pk_type_t,
-        sig_opts: *mut *mut crate::c_types::c_void,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    pub fn mbedtls_x509_get_time(
-        p: *mut *mut crate::c_types::c_uchar,
-        end: *const crate::c_types::c_uchar,
-        t: *mut mbedtls_x509_time,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    pub fn mbedtls_x509_get_serial(
-        p: *mut *mut crate::c_types::c_uchar,
-        end: *const crate::c_types::c_uchar,
-        serial: *mut mbedtls_x509_buf,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    pub fn mbedtls_x509_get_ext(
-        p: *mut *mut crate::c_types::c_uchar,
-        end: *const crate::c_types::c_uchar,
-        ext: *mut mbedtls_x509_buf,
-        tag: crate::c_types::c_int,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    pub fn mbedtls_x509_sig_alg_gets(
-        buf: *mut crate::c_types::c_char,
-        size: size_t,
-        sig_oid: *const mbedtls_x509_buf,
-        pk_alg: mbedtls_pk_type_t,
-        md_alg: mbedtls_md_type_t,
-        sig_opts: *const crate::c_types::c_void,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    pub fn mbedtls_x509_key_size_helper(
-        buf: *mut crate::c_types::c_char,
-        buf_size: size_t,
-        name: *const crate::c_types::c_char,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    pub fn mbedtls_x509_string_to_names(
-        head: *mut *mut mbedtls_asn1_named_data,
-        name: *const crate::c_types::c_char,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    pub fn mbedtls_x509_set_extension(
-        head: *mut *mut mbedtls_asn1_named_data,
-        oid: *const crate::c_types::c_char,
-        oid_len: size_t,
-        critical: crate::c_types::c_int,
-        val: *const crate::c_types::c_uchar,
-        val_len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    pub fn mbedtls_x509_write_extensions(
-        p: *mut *mut crate::c_types::c_uchar,
-        start: *mut crate::c_types::c_uchar,
-        first: *mut mbedtls_asn1_named_data,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    pub fn mbedtls_x509_write_names(
-        p: *mut *mut crate::c_types::c_uchar,
-        start: *mut crate::c_types::c_uchar,
-        first: *mut mbedtls_asn1_named_data,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    pub fn mbedtls_x509_write_sig(
-        p: *mut *mut crate::c_types::c_uchar,
-        start: *mut crate::c_types::c_uchar,
-        oid: *const crate::c_types::c_char,
-        oid_len: size_t,
-        sig: *mut crate::c_types::c_uchar,
-        size: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    pub fn mbedtls_x509_get_ns_cert_type(
-        p: *mut *mut crate::c_types::c_uchar,
-        end: *const crate::c_types::c_uchar,
-        ns_cert_type: *mut crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    pub fn mbedtls_x509_get_key_usage(
-        p: *mut *mut crate::c_types::c_uchar,
-        end: *const crate::c_types::c_uchar,
-        key_usage: *mut crate::c_types::c_uint,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    pub fn mbedtls_x509_get_subject_alt_name(
-        p: *mut *mut crate::c_types::c_uchar,
-        end: *const crate::c_types::c_uchar,
-        subject_alt_name: *mut mbedtls_x509_sequence,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    pub fn mbedtls_x509_info_subject_alt_name(
-        buf: *mut *mut crate::c_types::c_char,
-        size: *mut size_t,
-        subject_alt_name: *const mbedtls_x509_sequence,
-        prefix: *const crate::c_types::c_char,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    pub fn mbedtls_x509_info_cert_type(
-        buf: *mut *mut crate::c_types::c_char,
-        size: *mut size_t,
-        ns_cert_type: crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    pub fn mbedtls_x509_info_key_usage(
-        buf: *mut *mut crate::c_types::c_char,
-        size: *mut size_t,
-        key_usage: crate::c_types::c_uint,
-    ) -> crate::c_types::c_int;
-}
-#[doc = " Certificate revocation list entry."]
-#[doc = " Contains the CA-specific serial numbers and revocation dates."]
-#[doc = ""]
-#[doc = " Some fields of this structure are publicly readable. Do not modify"]
-#[doc = " them except via Mbed TLS library functions: the effect of modifying"]
-#[doc = " those fields or the data that those fields points to is unspecified."]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_x509_crl_entry {
-    #[doc = " Direct access to the whole entry inside the containing buffer."]
-    pub raw: mbedtls_x509_buf,
-    #[doc = " The serial number of the revoked certificate."]
-    pub serial: mbedtls_x509_buf,
-    #[doc = " The revocation date of this entry."]
-    pub revocation_date: mbedtls_x509_time,
-    #[doc = " Direct access to the list of CRL entry extensions"]
-    #[doc = " (an ASN.1 constructed sequence)."]
-    #[doc = ""]
-    #[doc = " If there are no extensions, `entry_ext.len == 0` and"]
-    #[doc = " `entry_ext.p == NULL`."]
-    pub entry_ext: mbedtls_x509_buf,
-    #[doc = " Next element in the linked list of entries."]
-    #[doc = " \\p NULL indicates the end of the list."]
-    #[doc = " Do not modify this field directly."]
-    pub next: *mut mbedtls_x509_crl_entry,
-}
-#[doc = " Certificate revocation list structure."]
-#[doc = " Every CRL may have multiple entries."]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_x509_crl {
-    #[doc = "< The raw certificate data (DER)."]
-    pub raw: mbedtls_x509_buf,
-    #[doc = "< The raw certificate body (DER). The part that is To Be Signed."]
-    pub tbs: mbedtls_x509_buf,
-    #[doc = "< CRL version (1=v1, 2=v2)"]
-    pub version: crate::c_types::c_int,
-    #[doc = "< CRL signature type identifier"]
-    pub sig_oid: mbedtls_x509_buf,
-    #[doc = "< The raw issuer data (DER)."]
-    pub issuer_raw: mbedtls_x509_buf,
-    #[doc = "< The parsed issuer data (named information object)."]
-    pub issuer: mbedtls_x509_name,
-    pub this_update: mbedtls_x509_time,
-    pub next_update: mbedtls_x509_time,
-    #[doc = "< The CRL entries containing the certificate revocation times for this CA."]
-    pub entry: mbedtls_x509_crl_entry,
-    pub crl_ext: mbedtls_x509_buf,
-    pub private_sig_oid2: mbedtls_x509_buf,
-    pub private_sig: mbedtls_x509_buf,
-    pub private_sig_md: mbedtls_md_type_t,
-    pub private_sig_pk: mbedtls_pk_type_t,
-    pub private_sig_opts: *mut crate::c_types::c_void,
-    #[doc = " Next element in the linked list of CRL."]
-    #[doc = " \\p NULL indicates the end of the list."]
-    #[doc = " Do not modify this field directly."]
-    pub next: *mut mbedtls_x509_crl,
-}
-extern "C" {
-    #[doc = " \\brief          Parse a DER-encoded CRL and append it to the chained list"]
-    #[doc = ""]
-    #[doc = " \\note           If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto"]
-    #[doc = "                 subsystem must have been initialized by calling"]
-    #[doc = "                 psa_crypto_init() before calling this function."]
-    #[doc = ""]
-    #[doc = " \\param chain    points to the start of the chain"]
-    #[doc = " \\param buf      buffer holding the CRL data in DER format"]
-    #[doc = " \\param buflen   size of the buffer"]
-    #[doc = "                 (including the terminating null byte for PEM data)"]
-    #[doc = ""]
-    #[doc = " \\return         0 if successful, or a specific X509 or PEM error code"]
-    pub fn mbedtls_x509_crl_parse_der(
-        chain: *mut mbedtls_x509_crl,
-        buf: *const crate::c_types::c_uchar,
-        buflen: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Parse one or more CRLs and append them to the chained list"]
-    #[doc = ""]
-    #[doc = " \\note           Multiple CRLs are accepted only if using PEM format"]
-    #[doc = ""]
-    #[doc = " \\note           If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto"]
-    #[doc = "                 subsystem must have been initialized by calling"]
-    #[doc = "                 psa_crypto_init() before calling this function."]
-    #[doc = ""]
-    #[doc = " \\param chain    points to the start of the chain"]
-    #[doc = " \\param buf      buffer holding the CRL data in PEM or DER format"]
-    #[doc = " \\param buflen   size of the buffer"]
-    #[doc = "                 (including the terminating null byte for PEM data)"]
-    #[doc = ""]
-    #[doc = " \\return         0 if successful, or a specific X509 or PEM error code"]
-    pub fn mbedtls_x509_crl_parse(
-        chain: *mut mbedtls_x509_crl,
-        buf: *const crate::c_types::c_uchar,
-        buflen: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Returns an informational string about the CRL."]
-    #[doc = ""]
-    #[doc = " \\param buf      Buffer to write to"]
-    #[doc = " \\param size     Maximum size of buffer"]
-    #[doc = " \\param prefix   A line prefix"]
-    #[doc = " \\param crl      The X509 CRL to represent"]
-    #[doc = ""]
-    #[doc = " \\return         The length of the string written (not including the"]
-    #[doc = "                 terminated nul byte), or a negative error code."]
-    pub fn mbedtls_x509_crl_info(
-        buf: *mut crate::c_types::c_char,
-        size: size_t,
-        prefix: *const crate::c_types::c_char,
-        crl: *const mbedtls_x509_crl,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Initialize a CRL (chain)"]
-    #[doc = ""]
-    #[doc = " \\param crl      CRL chain to initialize"]
-    pub fn mbedtls_x509_crl_init(crl: *mut mbedtls_x509_crl);
-}
-extern "C" {
-    #[doc = " \\brief          Unallocate all CRL data"]
-    #[doc = ""]
-    #[doc = " \\param crl      CRL chain to free"]
-    pub fn mbedtls_x509_crl_free(crl: *mut mbedtls_x509_crl);
-}
-#[doc = " Container for an X.509 certificate. The certificate may be chained."]
-#[doc = ""]
-#[doc = " Some fields of this structure are publicly readable. Do not modify"]
-#[doc = " them except via Mbed TLS library functions: the effect of modifying"]
-#[doc = " those fields or the data that those fields points to is unspecified."]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_x509_crt {
-    pub private_own_buffer: crate::c_types::c_int,
-    #[doc = "< The raw certificate data (DER)."]
-    pub raw: mbedtls_x509_buf,
-    #[doc = "< The raw certificate body (DER). The part that is To Be Signed."]
-    pub tbs: mbedtls_x509_buf,
-    #[doc = "< The X.509 version. (1=v1, 2=v2, 3=v3)"]
-    pub version: crate::c_types::c_int,
-    #[doc = "< Unique id for certificate issued by a specific CA."]
-    pub serial: mbedtls_x509_buf,
-    #[doc = "< Signature algorithm, e.g. sha1RSA"]
-    pub sig_oid: mbedtls_x509_buf,
-    #[doc = "< The raw issuer data (DER). Used for quick comparison."]
-    pub issuer_raw: mbedtls_x509_buf,
-    #[doc = "< The raw subject data (DER). Used for quick comparison."]
-    pub subject_raw: mbedtls_x509_buf,
-    #[doc = "< The parsed issuer data (named information object)."]
-    pub issuer: mbedtls_x509_name,
-    #[doc = "< The parsed subject data (named information object)."]
-    pub subject: mbedtls_x509_name,
-    #[doc = "< Start time of certificate validity."]
-    pub valid_from: mbedtls_x509_time,
-    #[doc = "< End time of certificate validity."]
-    pub valid_to: mbedtls_x509_time,
-    pub pk_raw: mbedtls_x509_buf,
-    #[doc = "< Container for the public key context."]
-    pub pk: mbedtls_pk_context,
-    #[doc = "< Optional X.509 v2/v3 issuer unique identifier."]
-    pub issuer_id: mbedtls_x509_buf,
-    #[doc = "< Optional X.509 v2/v3 subject unique identifier."]
-    pub subject_id: mbedtls_x509_buf,
-    #[doc = "< Optional X.509 v3 extensions."]
-    pub v3_ext: mbedtls_x509_buf,
-    #[doc = "< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName, uniformResourceIdentifier and OtherName are listed)."]
-    pub subject_alt_names: mbedtls_x509_sequence,
-    #[doc = "< Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed)."]
-    pub certificate_policies: mbedtls_x509_sequence,
-    pub private_ext_types: crate::c_types::c_int,
-    pub private_ca_istrue: crate::c_types::c_int,
-    pub private_max_pathlen: crate::c_types::c_int,
-    pub private_key_usage: crate::c_types::c_uint,
-    #[doc = "< Optional list of extended key usage OIDs."]
-    pub ext_key_usage: mbedtls_x509_sequence,
-    pub private_ns_cert_type: crate::c_types::c_uchar,
-    pub private_sig: mbedtls_x509_buf,
-    pub private_sig_md: mbedtls_md_type_t,
-    pub private_sig_pk: mbedtls_pk_type_t,
-    pub private_sig_opts: *mut crate::c_types::c_void,
-    #[doc = " Next certificate in the linked list that constitutes the CA chain."]
-    #[doc = " \\p NULL indicates the end of the list."]
-    #[doc = " Do not modify this field directly."]
-    pub next: *mut mbedtls_x509_crt,
-}
-#[doc = " Security profile for certificate verification."]
-#[doc = ""]
-#[doc = " All lists are bitfields, built by ORing flags from MBEDTLS_X509_ID_FLAG()."]
-#[doc = ""]
-#[doc = " The fields of this structure are part of the public API and can be"]
-#[doc = " manipulated directly by applications. Future versions of the library may"]
-#[doc = " add extra fields or reorder existing fields."]
-#[doc = ""]
-#[doc = " You can create custom profiles by starting from a copy of"]
-#[doc = " an existing profile, such as mbedtls_x509_crt_profile_default or"]
-#[doc = " mbedtls_x509_ctr_profile_none and then tune it to your needs."]
-#[doc = ""]
-#[doc = " For example to allow SHA-224 in addition to the default:"]
-#[doc = ""]
-#[doc = "  mbedtls_x509_crt_profile my_profile = mbedtls_x509_crt_profile_default;"]
-#[doc = "  my_profile.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 );"]
-#[doc = ""]
-#[doc = " Or to allow only RSA-3072+ with SHA-256:"]
-#[doc = ""]
-#[doc = "  mbedtls_x509_crt_profile my_profile = mbedtls_x509_crt_profile_none;"]
-#[doc = "  my_profile.allowed_mds = MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 );"]
-#[doc = "  my_profile.allowed_pks = MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_RSA );"]
-#[doc = "  my_profile.rsa_min_bitlen = 3072;"]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_x509_crt_profile {
-    #[doc = "< MDs for signatures"]
-    pub allowed_mds: u32,
-    #[doc = "< PK algs for public keys;"]
-    #[doc = "   this applies to all certificates"]
-    #[doc = "   in the provided chain."]
-    pub allowed_pks: u32,
-    #[doc = "< Elliptic curves for ECDSA"]
-    pub allowed_curves: u32,
-    #[doc = "< Minimum size for RSA keys"]
-    pub rsa_min_bitlen: u32,
-}
-#[doc = " Container for writing a certificate (CRT)"]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_x509write_cert {
-    pub private_version: crate::c_types::c_int,
-    pub private_serial: [crate::c_types::c_uchar; 20usize],
-    pub private_serial_len: size_t,
-    pub private_subject_key: *mut mbedtls_pk_context,
-    pub private_issuer_key: *mut mbedtls_pk_context,
-    pub private_subject: *mut mbedtls_asn1_named_data,
-    pub private_issuer: *mut mbedtls_asn1_named_data,
-    pub private_md_alg: mbedtls_md_type_t,
-    pub private_not_before: [crate::c_types::c_char; 16usize],
-    pub private_not_after: [crate::c_types::c_char; 16usize],
-    pub private_extensions: *mut mbedtls_asn1_named_data,
-}
-#[doc = " Item in a verification chain: cert and flags for it"]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_x509_crt_verify_chain_item {
-    pub private_crt: *mut mbedtls_x509_crt,
-    pub private_flags: u32,
-}
-#[doc = " Verification chain as built by \\c mbedtls_crt_verify_chain()"]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_x509_crt_verify_chain {
-    pub private_items: [mbedtls_x509_crt_verify_chain_item; 10usize],
-    pub private_len: crate::c_types::c_uint,
-}
-pub type mbedtls_x509_crt_restart_ctx = crate::c_types::c_void;
-extern "C" {
-    #[doc = " Default security profile. Should provide a good balance between security"]
-    #[doc = " and compatibility with current deployments."]
-    #[doc = ""]
-    #[doc = " This profile permits:"]
-    #[doc = " - SHA2 hashes with at least 256 bits: SHA-256, SHA-384, SHA-512."]
-    #[doc = " - Elliptic curves with 255 bits and above except secp256k1."]
-    #[doc = " - RSA with 2048 bits and above."]
-    #[doc = ""]
-    #[doc = " New minor versions of Mbed TLS may extend this profile, for example if"]
-    #[doc = " new algorithms are added to the library. New minor versions of Mbed TLS will"]
-    #[doc = " not reduce this profile unless serious security concerns require it."]
-    pub static mbedtls_x509_crt_profile_default: mbedtls_x509_crt_profile;
-}
-extern "C" {
-    #[doc = " Expected next default profile. Recommended for new deployments."]
-    #[doc = " Currently targets a 128-bit security level, except for allowing RSA-2048."]
-    #[doc = " This profile may change at any time."]
-    pub static mbedtls_x509_crt_profile_next: mbedtls_x509_crt_profile;
-}
-extern "C" {
-    #[doc = " NSA Suite B profile."]
-    pub static mbedtls_x509_crt_profile_suiteb: mbedtls_x509_crt_profile;
-}
-extern "C" {
-    #[doc = " Empty profile that allows nothing. Useful as a basis for constructing"]
-    #[doc = " custom profiles."]
-    pub static mbedtls_x509_crt_profile_none: mbedtls_x509_crt_profile;
-}
-extern "C" {
-    #[doc = " \\brief          Parse a single DER formatted certificate and add it"]
-    #[doc = "                 to the end of the provided chained list."]
-    #[doc = ""]
-    #[doc = " \\note           If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto"]
-    #[doc = "                 subsystem must have been initialized by calling"]
-    #[doc = "                 psa_crypto_init() before calling this function."]
-    #[doc = ""]
-    #[doc = " \\param chain    The pointer to the start of the CRT chain to attach to."]
-    #[doc = "                 When parsing the first CRT in a chain, this should point"]
-    #[doc = "                 to an instance of ::mbedtls_x509_crt initialized through"]
-    #[doc = "                 mbedtls_x509_crt_init()."]
-    #[doc = " \\param buf      The buffer holding the DER encoded certificate."]
-    #[doc = " \\param buflen   The size in Bytes of \\p buf."]
-    #[doc = ""]
-    #[doc = " \\note           This function makes an internal copy of the CRT buffer"]
-    #[doc = "                 \\p buf. In particular, \\p buf may be destroyed or reused"]
-    #[doc = "                 after this call returns. To avoid duplicating the CRT"]
-    #[doc = "                 buffer (at the cost of stricter lifetime constraints),"]
-    #[doc = "                 use mbedtls_x509_crt_parse_der_nocopy() instead."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful."]
-    #[doc = " \\return         A negative error code on failure."]
-    pub fn mbedtls_x509_crt_parse_der(
-        chain: *mut mbedtls_x509_crt,
-        buf: *const crate::c_types::c_uchar,
-        buflen: size_t,
-    ) -> crate::c_types::c_int;
-}
-#[doc = " \\brief          The type of certificate extension callbacks."]
-#[doc = ""]
-#[doc = "                 Callbacks of this type are passed to and used by the"]
-#[doc = "                 mbedtls_x509_crt_parse_der_with_ext_cb() routine when"]
-#[doc = "                 it encounters either an unsupported extension or a"]
-#[doc = "                 \"certificate policies\" extension containing any"]
-#[doc = "                 unsupported certificate policies."]
-#[doc = "                 Future versions of the library may invoke the callback"]
-#[doc = "                 in other cases, if and when the need arises."]
-#[doc = ""]
-#[doc = " \\param p_ctx    An opaque context passed to the callback."]
-#[doc = " \\param crt      The certificate being parsed."]
-#[doc = " \\param oid      The OID of the extension."]
-#[doc = " \\param critical Whether the extension is critical."]
-#[doc = " \\param p        Pointer to the start of the extension value"]
-#[doc = "                 (the content of the OCTET STRING)."]
-#[doc = " \\param end      End of extension value."]
-#[doc = ""]
-#[doc = " \\note           The callback must fail and return a negative error code"]
-#[doc = "                 if it can not parse or does not support the extension."]
-#[doc = "                 When the callback fails to parse a critical extension"]
-#[doc = "                 mbedtls_x509_crt_parse_der_with_ext_cb() also fails."]
-#[doc = "                 When the callback fails to parse a non critical extension"]
-#[doc = "                 mbedtls_x509_crt_parse_der_with_ext_cb() simply skips"]
-#[doc = "                 the extension and continues parsing."]
-#[doc = ""]
-#[doc = " \\return         \\c 0 on success."]
-#[doc = " \\return         A negative error code on failure."]
-pub type mbedtls_x509_crt_ext_cb_t = ::core::option::Option<
-    unsafe extern "C" fn(
-        p_ctx: *mut crate::c_types::c_void,
-        crt: *const mbedtls_x509_crt,
-        oid: *const mbedtls_x509_buf,
-        critical: crate::c_types::c_int,
-        p: *const crate::c_types::c_uchar,
-        end: *const crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int,
->;
-extern "C" {
-    #[doc = " \\brief            Parse a single DER formatted certificate and add it"]
-    #[doc = "                   to the end of the provided chained list."]
-    #[doc = ""]
-    #[doc = " \\note             If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto"]
-    #[doc = "                   subsystem must have been initialized by calling"]
-    #[doc = "                   psa_crypto_init() before calling this function."]
-    #[doc = ""]
-    #[doc = " \\param chain      The pointer to the start of the CRT chain to attach to."]
-    #[doc = "                   When parsing the first CRT in a chain, this should point"]
-    #[doc = "                   to an instance of ::mbedtls_x509_crt initialized through"]
-    #[doc = "                   mbedtls_x509_crt_init()."]
-    #[doc = " \\param buf        The buffer holding the DER encoded certificate."]
-    #[doc = " \\param buflen     The size in Bytes of \\p buf."]
-    #[doc = " \\param make_copy  When not zero this function makes an internal copy of the"]
-    #[doc = "                   CRT buffer \\p buf. In particular, \\p buf may be destroyed"]
-    #[doc = "                   or reused after this call returns."]
-    #[doc = "                   When zero this function avoids duplicating the CRT buffer"]
-    #[doc = "                   by taking temporary ownership thereof until the CRT"]
-    #[doc = "                   is destroyed (like mbedtls_x509_crt_parse_der_nocopy())"]
-    #[doc = " \\param cb         A callback invoked for every unsupported certificate"]
-    #[doc = "                   extension."]
-    #[doc = " \\param p_ctx      An opaque context passed to the callback."]
-    #[doc = ""]
-    #[doc = " \\note             This call is functionally equivalent to"]
-    #[doc = "                   mbedtls_x509_crt_parse_der(), and/or"]
-    #[doc = "                   mbedtls_x509_crt_parse_der_nocopy()"]
-    #[doc = "                   but it calls the callback with every unsupported"]
-    #[doc = "                   certificate extension and additionally the"]
-    #[doc = "                   \"certificate policies\" extension if it contains any"]
-    #[doc = "                   unsupported certificate policies."]
-    #[doc = "                   The callback must return a negative error code if it"]
-    #[doc = "                   does not know how to handle such an extension."]
-    #[doc = "                   When the callback fails to parse a critical extension"]
-    #[doc = "                   mbedtls_x509_crt_parse_der_with_ext_cb() also fails."]
-    #[doc = "                   When the callback fails to parse a non critical extension"]
-    #[doc = "                   mbedtls_x509_crt_parse_der_with_ext_cb() simply skips"]
-    #[doc = "                   the extension and continues parsing."]
-    #[doc = "                   Future versions of the library may invoke the callback"]
-    #[doc = "                   in other cases, if and when the need arises."]
-    #[doc = ""]
-    #[doc = " \\return           \\c 0 if successful."]
-    #[doc = " \\return           A negative error code on failure."]
-    pub fn mbedtls_x509_crt_parse_der_with_ext_cb(
-        chain: *mut mbedtls_x509_crt,
-        buf: *const crate::c_types::c_uchar,
-        buflen: size_t,
-        make_copy: crate::c_types::c_int,
-        cb: mbedtls_x509_crt_ext_cb_t,
-        p_ctx: *mut crate::c_types::c_void,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Parse a single DER formatted certificate and add it"]
-    #[doc = "                 to the end of the provided chained list. This is a"]
-    #[doc = "                 variant of mbedtls_x509_crt_parse_der() which takes"]
-    #[doc = "                 temporary ownership of the CRT buffer until the CRT"]
-    #[doc = "                 is destroyed."]
-    #[doc = ""]
-    #[doc = " \\note           If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto"]
-    #[doc = "                 subsystem must have been initialized by calling"]
-    #[doc = "                 psa_crypto_init() before calling this function."]
-    #[doc = ""]
-    #[doc = " \\param chain    The pointer to the start of the CRT chain to attach to."]
-    #[doc = "                 When parsing the first CRT in a chain, this should point"]
-    #[doc = "                 to an instance of ::mbedtls_x509_crt initialized through"]
-    #[doc = "                 mbedtls_x509_crt_init()."]
-    #[doc = " \\param buf      The address of the readable buffer holding the DER encoded"]
-    #[doc = "                 certificate to use. On success, this buffer must be"]
-    #[doc = "                 retained and not be changed for the lifetime of the"]
-    #[doc = "                 CRT chain \\p chain, that is, until \\p chain is destroyed"]
-    #[doc = "                 through a call to mbedtls_x509_crt_free()."]
-    #[doc = " \\param buflen   The size in Bytes of \\p buf."]
-    #[doc = ""]
-    #[doc = " \\note           This call is functionally equivalent to"]
-    #[doc = "                 mbedtls_x509_crt_parse_der(), but it avoids creating a"]
-    #[doc = "                 copy of the input buffer at the cost of stronger lifetime"]
-    #[doc = "                 constraints. This is useful in constrained environments"]
-    #[doc = "                 where duplication of the CRT cannot be tolerated."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful."]
-    #[doc = " \\return         A negative error code on failure."]
-    pub fn mbedtls_x509_crt_parse_der_nocopy(
-        chain: *mut mbedtls_x509_crt,
-        buf: *const crate::c_types::c_uchar,
-        buflen: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Parse one DER-encoded or one or more concatenated PEM-encoded"]
-    #[doc = "                 certificates and add them to the chained list."]
-    #[doc = ""]
-    #[doc = "                 For CRTs in PEM encoding, the function parses permissively:"]
-    #[doc = "                 if at least one certificate can be parsed, the function"]
-    #[doc = "                 returns the number of certificates for which parsing failed"]
-    #[doc = "                 (hence \\c 0 if all certificates were parsed successfully)."]
-    #[doc = "                 If no certificate could be parsed, the function returns"]
-    #[doc = "                 the first (negative) error encountered during parsing."]
-    #[doc = ""]
-    #[doc = "                 PEM encoded certificates may be interleaved by other data"]
-    #[doc = "                 such as human readable descriptions of their content, as"]
-    #[doc = "                 long as the certificates are enclosed in the PEM specific"]
-    #[doc = "                 '-----{BEGIN/END} CERTIFICATE-----' delimiters."]
-    #[doc = ""]
-    #[doc = " \\note           If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto"]
-    #[doc = "                 subsystem must have been initialized by calling"]
-    #[doc = "                 psa_crypto_init() before calling this function."]
-    #[doc = ""]
-    #[doc = " \\param chain    The chain to which to add the parsed certificates."]
-    #[doc = " \\param buf      The buffer holding the certificate data in PEM or DER format."]
-    #[doc = "                 For certificates in PEM encoding, this may be a concatenation"]
-    #[doc = "                 of multiple certificates; for DER encoding, the buffer must"]
-    #[doc = "                 comprise exactly one certificate."]
-    #[doc = " \\param buflen   The size of \\p buf, including the terminating \\c NULL byte"]
-    #[doc = "                 in case of PEM encoded data."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if all certificates were parsed successfully."]
-    #[doc = " \\return         The (positive) number of certificates that couldn't"]
-    #[doc = "                 be parsed if parsing was partly successful (see above)."]
-    #[doc = " \\return         A negative X509 or PEM error code otherwise."]
-    #[doc = ""]
-    pub fn mbedtls_x509_crt_parse(
-        chain: *mut mbedtls_x509_crt,
-        buf: *const crate::c_types::c_uchar,
-        buflen: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Returns an informational string about the"]
-    #[doc = "                 certificate."]
-    #[doc = ""]
-    #[doc = " \\param buf      Buffer to write to"]
-    #[doc = " \\param size     Maximum size of buffer"]
-    #[doc = " \\param prefix   A line prefix"]
-    #[doc = " \\param crt      The X509 certificate to represent"]
-    #[doc = ""]
-    #[doc = " \\return         The length of the string written (not including the"]
-    #[doc = "                 terminated nul byte), or a negative error code."]
-    pub fn mbedtls_x509_crt_info(
-        buf: *mut crate::c_types::c_char,
-        size: size_t,
-        prefix: *const crate::c_types::c_char,
-        crt: *const mbedtls_x509_crt,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Returns an informational string about the"]
-    #[doc = "                 verification status of a certificate."]
-    #[doc = ""]
-    #[doc = " \\param buf      Buffer to write to"]
-    #[doc = " \\param size     Maximum size of buffer"]
-    #[doc = " \\param prefix   A line prefix"]
-    #[doc = " \\param flags    Verification flags created by mbedtls_x509_crt_verify()"]
-    #[doc = ""]
-    #[doc = " \\return         The length of the string written (not including the"]
-    #[doc = "                 terminated nul byte), or a negative error code."]
-    pub fn mbedtls_x509_crt_verify_info(
-        buf: *mut crate::c_types::c_char,
-        size: size_t,
-        prefix: *const crate::c_types::c_char,
-        flags: u32,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Verify a chain of certificates."]
-    #[doc = ""]
-    #[doc = "                 The verify callback is a user-supplied callback that"]
-    #[doc = "                 can clear / modify / add flags for a certificate. If set,"]
-    #[doc = "                 the verification callback is called for each"]
-    #[doc = "                 certificate in the chain (from the trust-ca down to the"]
-    #[doc = "                 presented crt). The parameters for the callback are:"]
-    #[doc = "                 (void *parameter, mbedtls_x509_crt *crt, int certificate_depth,"]
-    #[doc = "                 int *flags). With the flags representing current flags for"]
-    #[doc = "                 that specific certificate and the certificate depth from"]
-    #[doc = "                 the bottom (Peer cert depth = 0)."]
-    #[doc = ""]
-    #[doc = "                 All flags left after returning from the callback"]
-    #[doc = "                 are also returned to the application. The function should"]
-    #[doc = "                 return 0 for anything (including invalid certificates)"]
-    #[doc = "                 other than fatal error, as a non-zero return code"]
-    #[doc = "                 immediately aborts the verification process. For fatal"]
-    #[doc = "                 errors, a specific error code should be used (different"]
-    #[doc = "                 from MBEDTLS_ERR_X509_CERT_VERIFY_FAILED which should not"]
-    #[doc = "                 be returned at this point), or MBEDTLS_ERR_X509_FATAL_ERROR"]
-    #[doc = "                 can be used if no better code is available."]
-    #[doc = ""]
-    #[doc = " \\note           In case verification failed, the results can be displayed"]
-    #[doc = "                 using \\c mbedtls_x509_crt_verify_info()"]
-    #[doc = ""]
-    #[doc = " \\note           Same as \\c mbedtls_x509_crt_verify_with_profile() with the"]
-    #[doc = "                 default security profile."]
-    #[doc = ""]
-    #[doc = " \\note           It is your responsibility to provide up-to-date CRLs for"]
-    #[doc = "                 all trusted CAs. If no CRL is provided for the CA that was"]
-    #[doc = "                 used to sign the certificate, CRL verification is skipped"]
-    #[doc = "                 silently, that is *without* setting any flag."]
-    #[doc = ""]
-    #[doc = " \\note           The \\c trust_ca list can contain two types of certificates:"]
-    #[doc = "                 (1) those of trusted root CAs, so that certificates"]
-    #[doc = "                 chaining up to those CAs will be trusted, and (2)"]
-    #[doc = "                 self-signed end-entity certificates to be trusted (for"]
-    #[doc = "                 specific peers you know) - in that case, the self-signed"]
-    #[doc = "                 certificate doesn't need to have the CA bit set."]
-    #[doc = ""]
-    #[doc = " \\param crt      The certificate chain to be verified."]
-    #[doc = " \\param trust_ca The list of trusted CAs."]
-    #[doc = " \\param ca_crl   The list of CRLs for trusted CAs."]
-    #[doc = " \\param cn       The expected Common Name. This will be checked to be"]
-    #[doc = "                 present in the certificate's subjectAltNames extension or,"]
-    #[doc = "                 if this extension is absent, as a CN component in its"]
-    #[doc = "                 Subject name. Currently only DNS names are supported. This"]
-    #[doc = "                 may be \\c NULL if the CN need not be verified."]
-    #[doc = " \\param flags    The address at which to store the result of the verification."]
-    #[doc = "                 If the verification couldn't be completed, the flag value is"]
-    #[doc = "                 set to (uint32_t) -1."]
-    #[doc = " \\param f_vrfy   The verification callback to use. See the documentation"]
-    #[doc = "                 of mbedtls_x509_crt_verify() for more information."]
-    #[doc = " \\param p_vrfy   The context to be passed to \\p f_vrfy."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if the chain is valid with respect to the"]
-    #[doc = "                 passed CN, CAs, CRLs and security profile."]
-    #[doc = " \\return         #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the"]
-    #[doc = "                 certificate chain verification failed. In this case,"]
-    #[doc = "                 \\c *flags will have one or more"]
-    #[doc = "                 \\c MBEDTLS_X509_BADCERT_XXX or \\c MBEDTLS_X509_BADCRL_XXX"]
-    #[doc = "                 flags set."]
-    #[doc = " \\return         Another negative error code in case of a fatal error"]
-    #[doc = "                 encountered during the verification process."]
-    pub fn mbedtls_x509_crt_verify(
-        crt: *mut mbedtls_x509_crt,
-        trust_ca: *mut mbedtls_x509_crt,
-        ca_crl: *mut mbedtls_x509_crl,
-        cn: *const crate::c_types::c_char,
-        flags: *mut u32,
-        f_vrfy: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut mbedtls_x509_crt,
-                arg3: crate::c_types::c_int,
-                arg4: *mut u32,
-            ) -> crate::c_types::c_int,
-        >,
-        p_vrfy: *mut crate::c_types::c_void,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Verify a chain of certificates with respect to"]
-    #[doc = "                 a configurable security profile."]
-    #[doc = ""]
-    #[doc = " \\note           Same as \\c mbedtls_x509_crt_verify(), but with explicit"]
-    #[doc = "                 security profile."]
-    #[doc = ""]
-    #[doc = " \\note           The restrictions on keys (RSA minimum size, allowed curves"]
-    #[doc = "                 for ECDSA) apply to all certificates: trusted root,"]
-    #[doc = "                 intermediate CAs if any, and end entity certificate."]
-    #[doc = ""]
-    #[doc = " \\param crt      The certificate chain to be verified."]
-    #[doc = " \\param trust_ca The list of trusted CAs."]
-    #[doc = " \\param ca_crl   The list of CRLs for trusted CAs."]
-    #[doc = " \\param profile  The security profile to use for the verification."]
-    #[doc = " \\param cn       The expected Common Name. This may be \\c NULL if the"]
-    #[doc = "                 CN need not be verified."]
-    #[doc = " \\param flags    The address at which to store the result of the verification."]
-    #[doc = "                 If the verification couldn't be completed, the flag value is"]
-    #[doc = "                 set to (uint32_t) -1."]
-    #[doc = " \\param f_vrfy   The verification callback to use. See the documentation"]
-    #[doc = "                 of mbedtls_x509_crt_verify() for more information."]
-    #[doc = " \\param p_vrfy   The context to be passed to \\p f_vrfy."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if the chain is valid with respect to the"]
-    #[doc = "                 passed CN, CAs, CRLs and security profile."]
-    #[doc = " \\return         #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the"]
-    #[doc = "                 certificate chain verification failed. In this case,"]
-    #[doc = "                 \\c *flags will have one or more"]
-    #[doc = "                 \\c MBEDTLS_X509_BADCERT_XXX or \\c MBEDTLS_X509_BADCRL_XXX"]
-    #[doc = "                 flags set."]
-    #[doc = " \\return         Another negative error code in case of a fatal error"]
-    #[doc = "                 encountered during the verification process."]
-    pub fn mbedtls_x509_crt_verify_with_profile(
-        crt: *mut mbedtls_x509_crt,
-        trust_ca: *mut mbedtls_x509_crt,
-        ca_crl: *mut mbedtls_x509_crl,
-        profile: *const mbedtls_x509_crt_profile,
-        cn: *const crate::c_types::c_char,
-        flags: *mut u32,
-        f_vrfy: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut mbedtls_x509_crt,
-                arg3: crate::c_types::c_int,
-                arg4: *mut u32,
-            ) -> crate::c_types::c_int,
-        >,
-        p_vrfy: *mut crate::c_types::c_void,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Restartable version of \\c mbedtls_crt_verify_with_profile()"]
-    #[doc = ""]
-    #[doc = " \\note           Performs the same job as \\c mbedtls_crt_verify_with_profile()"]
-    #[doc = "                 but can return early and restart according to the limit"]
-    #[doc = "                 set with \\c mbedtls_ecp_set_max_ops() to reduce blocking."]
-    #[doc = ""]
-    #[doc = " \\param crt      The certificate chain to be verified."]
-    #[doc = " \\param trust_ca The list of trusted CAs."]
-    #[doc = " \\param ca_crl   The list of CRLs for trusted CAs."]
-    #[doc = " \\param profile  The security profile to use for the verification."]
-    #[doc = " \\param cn       The expected Common Name. This may be \\c NULL if the"]
-    #[doc = "                 CN need not be verified."]
-    #[doc = " \\param flags    The address at which to store the result of the verification."]
-    #[doc = "                 If the verification couldn't be completed, the flag value is"]
-    #[doc = "                 set to (uint32_t) -1."]
-    #[doc = " \\param f_vrfy   The verification callback to use. See the documentation"]
-    #[doc = "                 of mbedtls_x509_crt_verify() for more information."]
-    #[doc = " \\param p_vrfy   The context to be passed to \\p f_vrfy."]
-    #[doc = " \\param rs_ctx   The restart context to use. This may be set to \\c NULL"]
-    #[doc = "                 to disable restartable ECC."]
-    #[doc = ""]
-    #[doc = " \\return         See \\c mbedtls_crt_verify_with_profile(), or"]
-    #[doc = " \\return         #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of"]
-    #[doc = "                 operations was reached: see \\c mbedtls_ecp_set_max_ops()."]
-    pub fn mbedtls_x509_crt_verify_restartable(
-        crt: *mut mbedtls_x509_crt,
-        trust_ca: *mut mbedtls_x509_crt,
-        ca_crl: *mut mbedtls_x509_crl,
-        profile: *const mbedtls_x509_crt_profile,
-        cn: *const crate::c_types::c_char,
-        flags: *mut u32,
-        f_vrfy: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut mbedtls_x509_crt,
-                arg3: crate::c_types::c_int,
-                arg4: *mut u32,
-            ) -> crate::c_types::c_int,
-        >,
-        p_vrfy: *mut crate::c_types::c_void,
-        rs_ctx: *mut mbedtls_x509_crt_restart_ctx,
-    ) -> crate::c_types::c_int;
-}
-#[doc = " \\brief               The type of trusted certificate callbacks."]
-#[doc = ""]
-#[doc = "                      Callbacks of this type are passed to and used by the CRT"]
-#[doc = "                      verification routine mbedtls_x509_crt_verify_with_ca_cb()"]
-#[doc = "                      when looking for trusted signers of a given certificate."]
-#[doc = ""]
-#[doc = "                      On success, the callback returns a list of trusted"]
-#[doc = "                      certificates to be considered as potential signers"]
-#[doc = "                      for the input certificate."]
-#[doc = ""]
-#[doc = " \\param p_ctx         An opaque context passed to the callback."]
-#[doc = " \\param child         The certificate for which to search a potential signer."]
-#[doc = "                      This will point to a readable certificate."]
-#[doc = " \\param candidate_cas The address at which to store the address of the first"]
-#[doc = "                      entry in the generated linked list of candidate signers."]
-#[doc = "                      This will not be \\c NULL."]
-#[doc = ""]
-#[doc = " \\note                The callback must only return a non-zero value on a"]
-#[doc = "                      fatal error. If, in contrast, the search for a potential"]
-#[doc = "                      signer completes without a single candidate, the"]
-#[doc = "                      callback must return \\c 0 and set \\c *candidate_cas"]
-#[doc = "                      to \\c NULL."]
-#[doc = ""]
-#[doc = " \\return              \\c 0 on success. In this case, \\c *candidate_cas points"]
-#[doc = "                      to a heap-allocated linked list of instances of"]
-#[doc = "                      ::mbedtls_x509_crt, and ownership of this list is passed"]
-#[doc = "                      to the caller."]
-#[doc = " \\return              A negative error code on failure."]
-pub type mbedtls_x509_crt_ca_cb_t = ::core::option::Option<
-    unsafe extern "C" fn(
-        p_ctx: *mut crate::c_types::c_void,
-        child: *const mbedtls_x509_crt,
-        candidate_cas: *mut *mut mbedtls_x509_crt,
-    ) -> crate::c_types::c_int,
->;
-extern "C" {
-    #[doc = " \\brief          Check usage of certificate against keyUsage extension."]
-    #[doc = ""]
-    #[doc = " \\param crt      Leaf certificate used."]
-    #[doc = " \\param usage    Intended usage(s) (eg MBEDTLS_X509_KU_KEY_ENCIPHERMENT"]
-    #[doc = "                 before using the certificate to perform an RSA key"]
-    #[doc = "                 exchange)."]
-    #[doc = ""]
-    #[doc = " \\note           Except for decipherOnly and encipherOnly, a bit set in the"]
-    #[doc = "                 usage argument means this bit MUST be set in the"]
-    #[doc = "                 certificate. For decipherOnly and encipherOnly, it means"]
-    #[doc = "                 that bit MAY be set."]
-    #[doc = ""]
-    #[doc = " \\return         0 is these uses of the certificate are allowed,"]
-    #[doc = "                 MBEDTLS_ERR_X509_BAD_INPUT_DATA if the keyUsage extension"]
-    #[doc = "                 is present but does not match the usage argument."]
-    #[doc = ""]
-    #[doc = " \\note           You should only call this function on leaf certificates, on"]
-    #[doc = "                 (intermediate) CAs the keyUsage extension is automatically"]
-    #[doc = "                 checked by \\c mbedtls_x509_crt_verify()."]
-    pub fn mbedtls_x509_crt_check_key_usage(
-        crt: *const mbedtls_x509_crt,
-        usage: crate::c_types::c_uint,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Check usage of certificate against extendedKeyUsage."]
-    #[doc = ""]
-    #[doc = " \\param crt       Leaf certificate used."]
-    #[doc = " \\param usage_oid Intended usage (eg MBEDTLS_OID_SERVER_AUTH or"]
-    #[doc = "                  MBEDTLS_OID_CLIENT_AUTH)."]
-    #[doc = " \\param usage_len Length of usage_oid (eg given by MBEDTLS_OID_SIZE())."]
-    #[doc = ""]
-    #[doc = " \\return          0 if this use of the certificate is allowed,"]
-    #[doc = "                  MBEDTLS_ERR_X509_BAD_INPUT_DATA if not."]
-    #[doc = ""]
-    #[doc = " \\note            Usually only makes sense on leaf certificates."]
-    pub fn mbedtls_x509_crt_check_extended_key_usage(
-        crt: *const mbedtls_x509_crt,
-        usage_oid: *const crate::c_types::c_char,
-        usage_len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Verify the certificate revocation status"]
-    #[doc = ""]
-    #[doc = " \\param crt      a certificate to be verified"]
-    #[doc = " \\param crl      the CRL to verify against"]
-    #[doc = ""]
-    #[doc = " \\return         1 if the certificate is revoked, 0 otherwise"]
-    #[doc = ""]
-    pub fn mbedtls_x509_crt_is_revoked(
-        crt: *const mbedtls_x509_crt,
-        crl: *const mbedtls_x509_crl,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Initialize a certificate (chain)"]
-    #[doc = ""]
-    #[doc = " \\param crt      Certificate chain to initialize"]
-    pub fn mbedtls_x509_crt_init(crt: *mut mbedtls_x509_crt);
-}
-extern "C" {
-    #[doc = " \\brief          Unallocate all certificate data"]
-    #[doc = ""]
-    #[doc = " \\param crt      Certificate chain to free"]
-    pub fn mbedtls_x509_crt_free(crt: *mut mbedtls_x509_crt);
-}
-extern "C" {
-    #[doc = " \\brief           Initialize a CRT writing context"]
-    #[doc = ""]
-    #[doc = " \\param ctx       CRT context to initialize"]
-    pub fn mbedtls_x509write_crt_init(ctx: *mut mbedtls_x509write_cert);
-}
-extern "C" {
-    #[doc = " \\brief           Set the version for a Certificate"]
-    #[doc = "                  Default: MBEDTLS_X509_CRT_VERSION_3"]
-    #[doc = ""]
-    #[doc = " \\param ctx       CRT context to use"]
-    #[doc = " \\param version   version to set (MBEDTLS_X509_CRT_VERSION_1, MBEDTLS_X509_CRT_VERSION_2 or"]
-    #[doc = "                                  MBEDTLS_X509_CRT_VERSION_3)"]
-    pub fn mbedtls_x509write_crt_set_version(
-        ctx: *mut mbedtls_x509write_cert,
-        version: crate::c_types::c_int,
-    );
-}
-extern "C" {
-    #[doc = " \\brief           Set the serial number for a Certificate."]
-    #[doc = ""]
-    #[doc = " \\deprecated      This function is deprecated and will be removed in a"]
-    #[doc = "                  future version of the library. Please use"]
-    #[doc = "                  mbedtls_x509write_crt_set_serial_raw() instead."]
-    #[doc = ""]
-    #[doc = " \\note            Even though the MBEDTLS_BIGNUM_C guard looks redundant since"]
-    #[doc = "                  X509 depends on PK and PK depends on BIGNUM, this emphasizes"]
-    #[doc = "                  a direct dependency between X509 and BIGNUM which is going"]
-    #[doc = "                  to be deprecated in the future."]
-    #[doc = ""]
-    #[doc = " \\param ctx       CRT context to use"]
-    #[doc = " \\param serial    serial number to set"]
-    #[doc = ""]
-    #[doc = " \\return          0 if successful"]
-    pub fn mbedtls_x509write_crt_set_serial(
-        ctx: *mut mbedtls_x509write_cert,
-        serial: *const mbedtls_mpi,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Set the serial number for a Certificate."]
-    #[doc = ""]
-    #[doc = " \\param ctx          CRT context to use"]
-    #[doc = " \\param serial       A raw array of bytes containing the serial number in big"]
-    #[doc = "                     endian format"]
-    #[doc = " \\param serial_len   Length of valid bytes (expressed in bytes) in \\p serial"]
-    #[doc = "                     input buffer"]
-    #[doc = ""]
-    #[doc = " \\return          0 if successful, or"]
-    #[doc = "                  MBEDTLS_ERR_X509_BAD_INPUT_DATA if the provided input buffer"]
-    #[doc = "                  is too big (longer than MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN)"]
-    pub fn mbedtls_x509write_crt_set_serial_raw(
-        ctx: *mut mbedtls_x509write_cert,
-        serial: *mut crate::c_types::c_uchar,
-        serial_len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Set the validity period for a Certificate"]
-    #[doc = "                  Timestamps should be in string format for UTC timezone"]
-    #[doc = "                  i.e. \"YYYYMMDDhhmmss\""]
-    #[doc = "                  e.g. \"20131231235959\" for December 31st 2013"]
-    #[doc = "                       at 23:59:59"]
-    #[doc = ""]
-    #[doc = " \\param ctx       CRT context to use"]
-    #[doc = " \\param not_before    not_before timestamp"]
-    #[doc = " \\param not_after     not_after timestamp"]
-    #[doc = ""]
-    #[doc = " \\return          0 if timestamp was parsed successfully, or"]
-    #[doc = "                  a specific error code"]
-    pub fn mbedtls_x509write_crt_set_validity(
-        ctx: *mut mbedtls_x509write_cert,
-        not_before: *const crate::c_types::c_char,
-        not_after: *const crate::c_types::c_char,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Set the issuer name for a Certificate"]
-    #[doc = "                  Issuer names should contain a comma-separated list"]
-    #[doc = "                  of OID types and values:"]
-    #[doc = "                  e.g. \"C=UK,O=ARM,CN=mbed TLS CA\""]
-    #[doc = ""]
-    #[doc = " \\param ctx           CRT context to use"]
-    #[doc = " \\param issuer_name   issuer name to set"]
-    #[doc = ""]
-    #[doc = " \\return          0 if issuer name was parsed successfully, or"]
-    #[doc = "                  a specific error code"]
-    pub fn mbedtls_x509write_crt_set_issuer_name(
-        ctx: *mut mbedtls_x509write_cert,
-        issuer_name: *const crate::c_types::c_char,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Set the subject name for a Certificate"]
-    #[doc = "                  Subject names should contain a comma-separated list"]
-    #[doc = "                  of OID types and values:"]
-    #[doc = "                  e.g. \"C=UK,O=ARM,CN=mbed TLS Server 1\""]
-    #[doc = ""]
-    #[doc = " \\param ctx           CRT context to use"]
-    #[doc = " \\param subject_name  subject name to set"]
-    #[doc = ""]
-    #[doc = " \\return          0 if subject name was parsed successfully, or"]
-    #[doc = "                  a specific error code"]
-    pub fn mbedtls_x509write_crt_set_subject_name(
-        ctx: *mut mbedtls_x509write_cert,
-        subject_name: *const crate::c_types::c_char,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Set the subject public key for the certificate"]
-    #[doc = ""]
-    #[doc = " \\param ctx       CRT context to use"]
-    #[doc = " \\param key       public key to include"]
-    pub fn mbedtls_x509write_crt_set_subject_key(
-        ctx: *mut mbedtls_x509write_cert,
-        key: *mut mbedtls_pk_context,
-    );
-}
-extern "C" {
-    #[doc = " \\brief           Set the issuer key used for signing the certificate"]
-    #[doc = ""]
-    #[doc = " \\param ctx       CRT context to use"]
-    #[doc = " \\param key       private key to sign with"]
-    pub fn mbedtls_x509write_crt_set_issuer_key(
-        ctx: *mut mbedtls_x509write_cert,
-        key: *mut mbedtls_pk_context,
-    );
-}
-extern "C" {
-    #[doc = " \\brief           Set the MD algorithm to use for the signature"]
-    #[doc = "                  (e.g. MBEDTLS_MD_SHA1)"]
-    #[doc = ""]
-    #[doc = " \\param ctx       CRT context to use"]
-    #[doc = " \\param md_alg    MD algorithm to use"]
-    pub fn mbedtls_x509write_crt_set_md_alg(
-        ctx: *mut mbedtls_x509write_cert,
-        md_alg: mbedtls_md_type_t,
-    );
-}
-extern "C" {
-    #[doc = " \\brief           Generic function to add to or replace an extension in the"]
-    #[doc = "                  CRT"]
-    #[doc = ""]
-    #[doc = " \\param ctx       CRT context to use"]
-    #[doc = " \\param oid       OID of the extension"]
-    #[doc = " \\param oid_len   length of the OID"]
-    #[doc = " \\param critical  if the extension is critical (per the RFC's definition)"]
-    #[doc = " \\param val       value of the extension OCTET STRING"]
-    #[doc = " \\param val_len   length of the value data"]
-    #[doc = ""]
-    #[doc = " \\return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED"]
-    pub fn mbedtls_x509write_crt_set_extension(
-        ctx: *mut mbedtls_x509write_cert,
-        oid: *const crate::c_types::c_char,
-        oid_len: size_t,
-        critical: crate::c_types::c_int,
-        val: *const crate::c_types::c_uchar,
-        val_len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Set the basicConstraints extension for a CRT"]
-    #[doc = ""]
-    #[doc = " \\param ctx       CRT context to use"]
-    #[doc = " \\param is_ca     is this a CA certificate"]
-    #[doc = " \\param max_pathlen   maximum length of certificate chains below this"]
-    #[doc = "                      certificate (only for CA certificates, -1 is"]
-    #[doc = "                      unlimited)"]
-    #[doc = ""]
-    #[doc = " \\return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED"]
-    pub fn mbedtls_x509write_crt_set_basic_constraints(
-        ctx: *mut mbedtls_x509write_cert,
-        is_ca: crate::c_types::c_int,
-        max_pathlen: crate::c_types::c_int,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Set the subjectKeyIdentifier extension for a CRT"]
-    #[doc = "                  Requires that mbedtls_x509write_crt_set_subject_key() has been"]
-    #[doc = "                  called before"]
-    #[doc = ""]
-    #[doc = " \\param ctx       CRT context to use"]
-    #[doc = ""]
-    #[doc = " \\return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED"]
-    pub fn mbedtls_x509write_crt_set_subject_key_identifier(
-        ctx: *mut mbedtls_x509write_cert,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Set the authorityKeyIdentifier extension for a CRT"]
-    #[doc = "                  Requires that mbedtls_x509write_crt_set_issuer_key() has been"]
-    #[doc = "                  called before"]
-    #[doc = ""]
-    #[doc = " \\param ctx       CRT context to use"]
-    #[doc = ""]
-    #[doc = " \\return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED"]
-    pub fn mbedtls_x509write_crt_set_authority_key_identifier(
-        ctx: *mut mbedtls_x509write_cert,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Set the Key Usage Extension flags"]
-    #[doc = "                  (e.g. MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_SIGN)"]
-    #[doc = ""]
-    #[doc = " \\param ctx       CRT context to use"]
-    #[doc = " \\param key_usage key usage flags to set"]
-    #[doc = ""]
-    #[doc = " \\return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED"]
-    pub fn mbedtls_x509write_crt_set_key_usage(
-        ctx: *mut mbedtls_x509write_cert,
-        key_usage: crate::c_types::c_uint,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Set the Extended Key Usage Extension"]
-    #[doc = "                  (e.g. MBEDTLS_OID_SERVER_AUTH)"]
-    #[doc = ""]
-    #[doc = " \\param ctx       CRT context to use"]
-    #[doc = " \\param exts      extended key usage extensions to set, a sequence of"]
-    #[doc = "                  MBEDTLS_ASN1_OID objects"]
-    #[doc = ""]
-    #[doc = " \\return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED"]
-    pub fn mbedtls_x509write_crt_set_ext_key_usage(
-        ctx: *mut mbedtls_x509write_cert,
-        exts: *const mbedtls_asn1_sequence,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Set the Netscape Cert Type flags"]
-    #[doc = "                  (e.g. MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT | MBEDTLS_X509_NS_CERT_TYPE_EMAIL)"]
-    #[doc = ""]
-    #[doc = " \\param ctx           CRT context to use"]
-    #[doc = " \\param ns_cert_type  Netscape Cert Type flags to set"]
-    #[doc = ""]
-    #[doc = " \\return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED"]
-    pub fn mbedtls_x509write_crt_set_ns_cert_type(
-        ctx: *mut mbedtls_x509write_cert,
-        ns_cert_type: crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Free the contents of a CRT write context"]
-    #[doc = ""]
-    #[doc = " \\param ctx       CRT context to free"]
-    pub fn mbedtls_x509write_crt_free(ctx: *mut mbedtls_x509write_cert);
-}
-extern "C" {
-    #[doc = " \\brief           Write a built up certificate to a X509 DER structure"]
-    #[doc = "                  Note: data is written at the end of the buffer! Use the"]
-    #[doc = "                        return value to determine where you should start"]
-    #[doc = "                        using the buffer"]
-    #[doc = ""]
-    #[doc = " \\param ctx       certificate to write away"]
-    #[doc = " \\param buf       buffer to write to"]
-    #[doc = " \\param size      size of the buffer"]
-    #[doc = " \\param f_rng     RNG function. This must not be \\c NULL."]
-    #[doc = " \\param p_rng     RNG parameter"]
-    #[doc = ""]
-    #[doc = " \\return          length of data written if successful, or a specific"]
-    #[doc = "                  error code"]
-    #[doc = ""]
-    #[doc = " \\note            \\p f_rng is used for the signature operation."]
-    pub fn mbedtls_x509write_crt_der(
-        ctx: *mut mbedtls_x509write_cert,
-        buf: *mut crate::c_types::c_uchar,
-        size: size_t,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Write a built up certificate to a X509 PEM string"]
-    #[doc = ""]
-    #[doc = " \\param ctx       certificate to write away"]
-    #[doc = " \\param buf       buffer to write to"]
-    #[doc = " \\param size      size of the buffer"]
-    #[doc = " \\param f_rng     RNG function. This must not be \\c NULL."]
-    #[doc = " \\param p_rng     RNG parameter"]
-    #[doc = ""]
-    #[doc = " \\return          0 if successful, or a specific error code"]
-    #[doc = ""]
-    #[doc = " \\note            \\p f_rng is used for the signature operation."]
-    pub fn mbedtls_x509write_crt_pem(
-        ctx: *mut mbedtls_x509write_cert,
-        buf: *mut crate::c_types::c_uchar,
-        size: size_t,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-    ) -> crate::c_types::c_int;
-}
-#[doc = "<  The prime modulus."]
-pub const mbedtls_dhm_parameter_MBEDTLS_DHM_PARAM_P: mbedtls_dhm_parameter = 0;
-#[doc = "<  The generator."]
-pub const mbedtls_dhm_parameter_MBEDTLS_DHM_PARAM_G: mbedtls_dhm_parameter = 1;
-#[doc = "<  Our secret value."]
-pub const mbedtls_dhm_parameter_MBEDTLS_DHM_PARAM_X: mbedtls_dhm_parameter = 2;
-#[doc = "<  Our public key = \\c G^X mod \\c P."]
-pub const mbedtls_dhm_parameter_MBEDTLS_DHM_PARAM_GX: mbedtls_dhm_parameter = 3;
-#[doc = "<  The public key of the peer = \\c G^Y mod \\c P."]
-pub const mbedtls_dhm_parameter_MBEDTLS_DHM_PARAM_GY: mbedtls_dhm_parameter = 4;
-#[doc = "<  The shared secret = \\c G^(XY) mod \\c P."]
-pub const mbedtls_dhm_parameter_MBEDTLS_DHM_PARAM_K: mbedtls_dhm_parameter = 5;
-#[doc = " Which parameter to access in mbedtls_dhm_get_value()."]
-pub type mbedtls_dhm_parameter = crate::c_types::c_uint;
-#[doc = " \\brief          The DHM context structure."]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_dhm_context {
-    pub private_P: mbedtls_mpi,
-    pub private_G: mbedtls_mpi,
-    pub private_X: mbedtls_mpi,
-    pub private_GX: mbedtls_mpi,
-    pub private_GY: mbedtls_mpi,
-    pub private_K: mbedtls_mpi,
-    pub private_RP: mbedtls_mpi,
-    pub private_Vi: mbedtls_mpi,
-    pub private_Vf: mbedtls_mpi,
-    pub private_pX: mbedtls_mpi,
-}
-extern "C" {
-    #[doc = " \\brief          This function initializes the DHM context."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The DHM context to initialize."]
-    pub fn mbedtls_dhm_init(ctx: *mut mbedtls_dhm_context);
-}
-extern "C" {
-    #[doc = " \\brief          This function parses the DHM parameters in a"]
-    #[doc = "                 TLS ServerKeyExchange handshake message"]
-    #[doc = "                 (DHM modulus, generator, and public key)."]
-    #[doc = ""]
-    #[doc = " \\note           In a TLS handshake, this is the how the client"]
-    #[doc = "                 sets up its DHM context from the server's public"]
-    #[doc = "                 DHM key material."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The DHM context to use. This must be initialized."]
-    #[doc = " \\param p        On input, *p must be the start of the input buffer."]
-    #[doc = "                 On output, *p is updated to point to the end of the data"]
-    #[doc = "                 that has been read. On success, this is the first byte"]
-    #[doc = "                 past the end of the ServerKeyExchange parameters."]
-    #[doc = "                 On error, this is the point at which an error has been"]
-    #[doc = "                 detected, which is usually not useful except to debug"]
-    #[doc = "                 failures."]
-    #[doc = " \\param end      The end of the input buffer."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         An \\c MBEDTLS_ERR_DHM_XXX error code on failure."]
-    pub fn mbedtls_dhm_read_params(
-        ctx: *mut mbedtls_dhm_context,
-        p: *mut *mut crate::c_types::c_uchar,
-        end: *const crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function generates a DHM key pair and exports its"]
-    #[doc = "                 public part together with the DHM parameters in the format"]
-    #[doc = "                 used in a TLS ServerKeyExchange handshake message."]
-    #[doc = ""]
-    #[doc = " \\note           This function assumes that the DHM parameters \\c ctx->P"]
-    #[doc = "                 and \\c ctx->G have already been properly set. For that, use"]
-    #[doc = "                 mbedtls_dhm_set_group() below in conjunction with"]
-    #[doc = "                 mbedtls_mpi_read_binary() and mbedtls_mpi_read_string()."]
-    #[doc = ""]
-    #[doc = " \\note           In a TLS handshake, this is the how the server generates"]
-    #[doc = "                 and exports its DHM key material."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The DHM context to use. This must be initialized"]
-    #[doc = "                 and have the DHM parameters set. It may or may not"]
-    #[doc = "                 already have imported the peer's public key."]
-    #[doc = " \\param x_size   The private key size in Bytes."]
-    #[doc = " \\param olen     The address at which to store the number of Bytes"]
-    #[doc = "                 written on success. This must not be \\c NULL."]
-    #[doc = " \\param output   The destination buffer. This must be a writable buffer of"]
-    #[doc = "                 sufficient size to hold the reduced binary presentation of"]
-    #[doc = "                 the modulus, the generator and the public key, each wrapped"]
-    #[doc = "                 with a 2-byte length field. It is the responsibility of the"]
-    #[doc = "                 caller to ensure that enough space is available. Refer to"]
-    #[doc = "                 mbedtls_mpi_size() to computing the byte-size of an MPI."]
-    #[doc = " \\param f_rng    The RNG function. Must not be \\c NULL."]
-    #[doc = " \\param p_rng    The RNG context to be passed to \\p f_rng. This may be"]
-    #[doc = "                 \\c NULL if \\p f_rng doesn't need a context parameter."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         An \\c MBEDTLS_ERR_DHM_XXX error code on failure."]
-    pub fn mbedtls_dhm_make_params(
-        ctx: *mut mbedtls_dhm_context,
-        x_size: crate::c_types::c_int,
-        output: *mut crate::c_types::c_uchar,
-        olen: *mut size_t,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function sets the prime modulus and generator."]
-    #[doc = ""]
-    #[doc = " \\note           This function can be used to set \\c ctx->P, \\c ctx->G"]
-    #[doc = "                 in preparation for mbedtls_dhm_make_params()."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The DHM context to configure. This must be initialized."]
-    #[doc = " \\param P        The MPI holding the DHM prime modulus. This must be"]
-    #[doc = "                 an initialized MPI."]
-    #[doc = " \\param G        The MPI holding the DHM generator. This must be an"]
-    #[doc = "                 initialized MPI."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful."]
-    #[doc = " \\return         An \\c MBEDTLS_ERR_DHM_XXX error code on failure."]
-    pub fn mbedtls_dhm_set_group(
-        ctx: *mut mbedtls_dhm_context,
-        P: *const mbedtls_mpi,
-        G: *const mbedtls_mpi,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function imports the raw public value of the peer."]
-    #[doc = ""]
-    #[doc = " \\note           In a TLS handshake, this is the how the server imports"]
-    #[doc = "                 the Client's public DHM key."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The DHM context to use. This must be initialized and have"]
-    #[doc = "                 its DHM parameters set, e.g. via mbedtls_dhm_set_group()."]
-    #[doc = "                 It may or may not already have generated its own private key."]
-    #[doc = " \\param input    The input buffer containing the \\c G^Y value of the peer."]
-    #[doc = "                 This must be a readable buffer of size \\p ilen Bytes."]
-    #[doc = " \\param ilen     The size of the input buffer \\p input in Bytes."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         An \\c MBEDTLS_ERR_DHM_XXX error code on failure."]
-    pub fn mbedtls_dhm_read_public(
-        ctx: *mut mbedtls_dhm_context,
-        input: *const crate::c_types::c_uchar,
-        ilen: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function creates a DHM key pair and exports"]
-    #[doc = "                 the raw public key in big-endian format."]
-    #[doc = ""]
-    #[doc = " \\note           The destination buffer is always fully written"]
-    #[doc = "                 so as to contain a big-endian representation of G^X mod P."]
-    #[doc = "                 If it is larger than \\c ctx->len, it is padded accordingly"]
-    #[doc = "                 with zero-bytes at the beginning."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The DHM context to use. This must be initialized and"]
-    #[doc = "                 have the DHM parameters set. It may or may not already"]
-    #[doc = "                 have imported the peer's public key."]
-    #[doc = " \\param x_size   The private key size in Bytes."]
-    #[doc = " \\param output   The destination buffer. This must be a writable buffer of"]
-    #[doc = "                 size \\p olen Bytes."]
-    #[doc = " \\param olen     The length of the destination buffer. This must be at least"]
-    #[doc = "                 equal to `ctx->len` (the size of \\c P)."]
-    #[doc = " \\param f_rng    The RNG function. This must not be \\c NULL."]
-    #[doc = " \\param p_rng    The RNG context to be passed to \\p f_rng. This may be \\c NULL"]
-    #[doc = "                 if \\p f_rng doesn't need a context argument."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         An \\c MBEDTLS_ERR_DHM_XXX error code on failure."]
-    pub fn mbedtls_dhm_make_public(
-        ctx: *mut mbedtls_dhm_context,
-        x_size: crate::c_types::c_int,
-        output: *mut crate::c_types::c_uchar,
-        olen: size_t,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function derives and exports the shared secret"]
-    #[doc = "                 \\c (G^Y)^X mod \\c P."]
-    #[doc = ""]
-    #[doc = " \\note           If \\p f_rng is not \\c NULL, it is used to blind the input as"]
-    #[doc = "                 a countermeasure against timing attacks. Blinding is used"]
-    #[doc = "                 only if our private key \\c X is re-used, and not used"]
-    #[doc = "                 otherwise. We recommend always passing a non-NULL"]
-    #[doc = "                 \\p f_rng argument."]
-    #[doc = ""]
-    #[doc = " \\param ctx           The DHM context to use. This must be initialized"]
-    #[doc = "                      and have its own private key generated and the peer's"]
-    #[doc = "                      public key imported."]
-    #[doc = " \\param output        The buffer to write the generated shared key to. This"]
-    #[doc = "                      must be a writable buffer of size \\p output_size Bytes."]
-    #[doc = " \\param output_size   The size of the destination buffer. This must be at"]
-    #[doc = "                      least the size of \\c ctx->len (the size of \\c P)."]
-    #[doc = " \\param olen          On exit, holds the actual number of Bytes written."]
-    #[doc = " \\param f_rng         The RNG function. Must not be \\c NULL. Used for"]
-    #[doc = "                      blinding."]
-    #[doc = " \\param p_rng         The RNG context to be passed to \\p f_rng. This may be"]
-    #[doc = "                      \\c NULL if \\p f_rng doesn't need a context parameter."]
-    #[doc = ""]
-    #[doc = " \\return              \\c 0 on success."]
-    #[doc = " \\return              An \\c MBEDTLS_ERR_DHM_XXX error code on failure."]
-    pub fn mbedtls_dhm_calc_secret(
-        ctx: *mut mbedtls_dhm_context,
-        output: *mut crate::c_types::c_uchar,
-        output_size: size_t,
-        olen: *mut size_t,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function returns the size of the prime modulus in bits."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The DHM context to query."]
-    #[doc = ""]
-    #[doc = " \\return         The size of the prime modulus in bits,"]
-    #[doc = "                 i.e. the number n such that 2^(n-1) <= P < 2^n."]
-    pub fn mbedtls_dhm_get_bitlen(ctx: *const mbedtls_dhm_context) -> size_t;
-}
-extern "C" {
-    #[doc = " \\brief          This function returns the size of the prime modulus in bytes."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The DHM context to query."]
-    #[doc = ""]
-    #[doc = " \\return         The size of the prime modulus in bytes,"]
-    #[doc = "                 i.e. the number n such that 2^(8*(n-1)) <= P < 2^(8*n)."]
-    pub fn mbedtls_dhm_get_len(ctx: *const mbedtls_dhm_context) -> size_t;
-}
-extern "C" {
-    #[doc = " \\brief          This function copies a parameter of a DHM key."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The DHM context to query."]
-    #[doc = " \\param param    The parameter to copy."]
-    #[doc = " \\param dest     The MPI object to copy the value into. It must be"]
-    #[doc = "                 initialized."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         #MBEDTLS_ERR_DHM_BAD_INPUT_DATA if \\p field is invalid."]
-    #[doc = " \\return         An \\c MBEDTLS_ERR_MPI_XXX error code if the copy fails."]
-    pub fn mbedtls_dhm_get_value(
-        ctx: *const mbedtls_dhm_context,
-        param: mbedtls_dhm_parameter,
-        dest: *mut mbedtls_mpi,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function frees and clears the components"]
-    #[doc = "                 of a DHM context."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The DHM context to free and clear. This may be \\c NULL,"]
-    #[doc = "                 in which case this function is a no-op. If it is not \\c NULL,"]
-    #[doc = "                 it must point to an initialized DHM context."]
-    pub fn mbedtls_dhm_free(ctx: *mut mbedtls_dhm_context);
-}
-extern "C" {
-    #[doc = " \\brief             This function parses DHM parameters in PEM or DER format."]
-    #[doc = ""]
-    #[doc = " \\param dhm         The DHM context to import the DHM parameters into."]
-    #[doc = "                    This must be initialized."]
-    #[doc = " \\param dhmin       The input buffer. This must be a readable buffer of"]
-    #[doc = "                    length \\p dhminlen Bytes."]
-    #[doc = " \\param dhminlen    The size of the input buffer \\p dhmin, including the"]
-    #[doc = "                    terminating \\c NULL Byte for PEM data."]
-    #[doc = ""]
-    #[doc = " \\return            \\c 0 on success."]
-    #[doc = " \\return            An \\c MBEDTLS_ERR_DHM_XXX or \\c MBEDTLS_ERR_PEM_XXX error"]
-    #[doc = "                    code on failure."]
-    pub fn mbedtls_dhm_parse_dhm(
-        dhm: *mut mbedtls_dhm_context,
-        dhmin: *const crate::c_types::c_uchar,
-        dhminlen: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          The DMH checkup routine."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         \\c 1 on failure."]
-    pub fn mbedtls_dhm_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
-}
-#[doc = "< Our key."]
-pub const mbedtls_ecdh_side_MBEDTLS_ECDH_OURS: mbedtls_ecdh_side = 0;
-#[doc = "< The key of the peer."]
-pub const mbedtls_ecdh_side_MBEDTLS_ECDH_THEIRS: mbedtls_ecdh_side = 1;
-#[doc = " Defines the source of the imported EC key."]
-pub type mbedtls_ecdh_side = crate::c_types::c_uint;
-#[doc = "< Implementation not defined."]
-pub const mbedtls_ecdh_variant_MBEDTLS_ECDH_VARIANT_NONE: mbedtls_ecdh_variant = 0;
-#[doc = "< The default Mbed TLS implementation"]
-pub const mbedtls_ecdh_variant_MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: mbedtls_ecdh_variant = 1;
-#[doc = " Defines the ECDH implementation used."]
-#[doc = ""]
-#[doc = " Later versions of the library may add new variants, therefore users should"]
-#[doc = " not make any assumptions about them."]
-pub type mbedtls_ecdh_variant = crate::c_types::c_uint;
-#[doc = " The context used by the default ECDH implementation."]
-#[doc = ""]
-#[doc = " Later versions might change the structure of this context, therefore users"]
-#[doc = " should not make any assumptions about the structure of"]
-#[doc = " mbedtls_ecdh_context_mbed."]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_ecdh_context_mbed {
-    pub private_grp: mbedtls_ecp_group,
-    pub private_d: mbedtls_mpi,
-    pub private_Q: mbedtls_ecp_point,
-    pub private_Qp: mbedtls_ecp_point,
-    pub private_z: mbedtls_mpi,
-}
-#[doc = " \\warning         Performing multiple operations concurrently on the same"]
-#[doc = "                  ECDSA context is not supported; objects of this type"]
-#[doc = "                  should not be shared between multiple threads."]
-#[doc = " \\brief           The ECDH context structure."]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_ecdh_context {
-    pub private_point_format: u8,
-    pub private_grp_id: mbedtls_ecp_group_id,
-    pub private_var: mbedtls_ecdh_variant,
-    pub private_ctx: mbedtls_ecdh_context__bindgen_ty_1,
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub union mbedtls_ecdh_context__bindgen_ty_1 {
-    pub private_mbed_ecdh: mbedtls_ecdh_context_mbed,
-}
-extern "C" {
-    #[doc = " \\brief          Check whether a given group can be used for ECDH."]
-    #[doc = ""]
-    #[doc = " \\param gid      The ECP group ID to check."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 1 if the group can be used, \\c 0 otherwise"]
-    pub fn mbedtls_ecdh_can_do(gid: mbedtls_ecp_group_id) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function generates an ECDH keypair on an elliptic"]
-    #[doc = "                  curve."]
-    #[doc = ""]
-    #[doc = "                  This function performs the first of two core computations"]
-    #[doc = "                  implemented during the ECDH key exchange. The second core"]
-    #[doc = "                  computation is performed by mbedtls_ecdh_compute_shared()."]
-    #[doc = ""]
-    #[doc = " \\see             ecp.h"]
-    #[doc = ""]
-    #[doc = " \\param grp       The ECP group to use. This must be initialized and have"]
-    #[doc = "                  domain parameters loaded, for example through"]
-    #[doc = "                  mbedtls_ecp_load() or mbedtls_ecp_tls_read_group()."]
-    #[doc = " \\param d         The destination MPI (private key)."]
-    #[doc = "                  This must be initialized."]
-    #[doc = " \\param Q         The destination point (public key)."]
-    #[doc = "                  This must be initialized."]
-    #[doc = " \\param f_rng     The RNG function to use. This must not be \\c NULL."]
-    #[doc = " \\param p_rng     The RNG context to be passed to \\p f_rng. This may be"]
-    #[doc = "                  \\c NULL in case \\p f_rng doesn't need a context argument."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          Another \\c MBEDTLS_ERR_ECP_XXX or"]
-    #[doc = "                  \\c MBEDTLS_MPI_XXX error code on failure."]
-    pub fn mbedtls_ecdh_gen_public(
-        grp: *mut mbedtls_ecp_group,
-        d: *mut mbedtls_mpi,
-        Q: *mut mbedtls_ecp_point,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function computes the shared secret."]
-    #[doc = ""]
-    #[doc = "                  This function performs the second of two core computations"]
-    #[doc = "                  implemented during the ECDH key exchange. The first core"]
-    #[doc = "                  computation is performed by mbedtls_ecdh_gen_public()."]
-    #[doc = ""]
-    #[doc = " \\see             ecp.h"]
-    #[doc = ""]
-    #[doc = " \\note            If \\p f_rng is not NULL, it is used to implement"]
-    #[doc = "                  countermeasures against side-channel attacks."]
-    #[doc = "                  For more information, see mbedtls_ecp_mul()."]
-    #[doc = ""]
-    #[doc = " \\param grp       The ECP group to use. This must be initialized and have"]
-    #[doc = "                  domain parameters loaded, for example through"]
-    #[doc = "                  mbedtls_ecp_load() or mbedtls_ecp_tls_read_group()."]
-    #[doc = " \\param z         The destination MPI (shared secret)."]
-    #[doc = "                  This must be initialized."]
-    #[doc = " \\param Q         The public key from another party."]
-    #[doc = "                  This must be initialized."]
-    #[doc = " \\param d         Our secret exponent (private key)."]
-    #[doc = "                  This must be initialized."]
-    #[doc = " \\param f_rng     The RNG function to use. This must not be \\c NULL."]
-    #[doc = " \\param p_rng     The RNG context to be passed to \\p f_rng. This may be"]
-    #[doc = "                  \\c NULL if \\p f_rng is \\c NULL or doesn't need a"]
-    #[doc = "                  context argument."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          Another \\c MBEDTLS_ERR_ECP_XXX or"]
-    #[doc = "                  \\c MBEDTLS_MPI_XXX error code on failure."]
-    pub fn mbedtls_ecdh_compute_shared(
-        grp: *mut mbedtls_ecp_group,
-        z: *mut mbedtls_mpi,
-        Q: *const mbedtls_ecp_point,
-        d: *const mbedtls_mpi,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function initializes an ECDH context."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The ECDH context to initialize. This must not be \\c NULL."]
-    pub fn mbedtls_ecdh_init(ctx: *mut mbedtls_ecdh_context);
-}
-extern "C" {
-    #[doc = " \\brief           This function sets up the ECDH context with the information"]
-    #[doc = "                  given."]
-    #[doc = ""]
-    #[doc = "                  This function should be called after mbedtls_ecdh_init() but"]
-    #[doc = "                  before mbedtls_ecdh_make_params(). There is no need to call"]
-    #[doc = "                  this function before mbedtls_ecdh_read_params()."]
-    #[doc = ""]
-    #[doc = "                  This is the first function used by a TLS server for ECDHE"]
-    #[doc = "                  ciphersuites."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The ECDH context to set up. This must be initialized."]
-    #[doc = " \\param grp_id    The group id of the group to set up the context for."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    pub fn mbedtls_ecdh_setup(
-        ctx: *mut mbedtls_ecdh_context,
-        grp_id: mbedtls_ecp_group_id,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function frees a context."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The context to free. This may be \\c NULL, in which"]
-    #[doc = "                  case this function does nothing. If it is not \\c NULL,"]
-    #[doc = "                  it must point to an initialized ECDH context."]
-    pub fn mbedtls_ecdh_free(ctx: *mut mbedtls_ecdh_context);
-}
-extern "C" {
-    #[doc = " \\brief           This function generates an EC key pair and exports its"]
-    #[doc = "                  in the format used in a TLS ServerKeyExchange handshake"]
-    #[doc = "                  message."]
-    #[doc = ""]
-    #[doc = "                  This is the second function used by a TLS server for ECDHE"]
-    #[doc = "                  ciphersuites. (It is called after mbedtls_ecdh_setup().)"]
-    #[doc = ""]
-    #[doc = " \\see             ecp.h"]
-    #[doc = ""]
-    #[doc = " \\param ctx       The ECDH context to use. This must be initialized"]
-    #[doc = "                  and bound to a group, for example via mbedtls_ecdh_setup()."]
-    #[doc = " \\param olen      The address at which to store the number of Bytes written."]
-    #[doc = " \\param buf       The destination buffer. This must be a writable buffer of"]
-    #[doc = "                  length \\p blen Bytes."]
-    #[doc = " \\param blen      The length of the destination buffer \\p buf in Bytes."]
-    #[doc = " \\param f_rng     The RNG function to use. This must not be \\c NULL."]
-    #[doc = " \\param p_rng     The RNG context to be passed to \\p f_rng. This may be"]
-    #[doc = "                  \\c NULL in case \\p f_rng doesn't need a context argument."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of"]
-    #[doc = "                  operations was reached: see \\c mbedtls_ecp_set_max_ops()."]
-    #[doc = " \\return          Another \\c MBEDTLS_ERR_ECP_XXX error code on failure."]
-    pub fn mbedtls_ecdh_make_params(
-        ctx: *mut mbedtls_ecdh_context,
-        olen: *mut size_t,
-        buf: *mut crate::c_types::c_uchar,
-        blen: size_t,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function parses the ECDHE parameters in a"]
-    #[doc = "                  TLS ServerKeyExchange handshake message."]
-    #[doc = ""]
-    #[doc = " \\note            In a TLS handshake, this is the how the client"]
-    #[doc = "                  sets up its ECDHE context from the server's public"]
-    #[doc = "                  ECDHE key material."]
-    #[doc = ""]
-    #[doc = " \\see             ecp.h"]
-    #[doc = ""]
-    #[doc = " \\param ctx       The ECDHE context to use. This must be initialized."]
-    #[doc = " \\param buf       On input, \\c *buf must be the start of the input buffer."]
-    #[doc = "                  On output, \\c *buf is updated to point to the end of the"]
-    #[doc = "                  data that has been read. On success, this is the first byte"]
-    #[doc = "                  past the end of the ServerKeyExchange parameters."]
-    #[doc = "                  On error, this is the point at which an error has been"]
-    #[doc = "                  detected, which is usually not useful except to debug"]
-    #[doc = "                  failures."]
-    #[doc = " \\param end       The end of the input buffer."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          An \\c MBEDTLS_ERR_ECP_XXX error code on failure."]
-    #[doc = ""]
-    pub fn mbedtls_ecdh_read_params(
-        ctx: *mut mbedtls_ecdh_context,
-        buf: *mut *const crate::c_types::c_uchar,
-        end: *const crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function sets up an ECDH context from an EC key."]
-    #[doc = ""]
-    #[doc = "                  It is used by clients and servers in place of the"]
-    #[doc = "                  ServerKeyEchange for static ECDH, and imports ECDH"]
-    #[doc = "                  parameters from the EC key information of a certificate."]
-    #[doc = ""]
-    #[doc = " \\see             ecp.h"]
-    #[doc = ""]
-    #[doc = " \\param ctx       The ECDH context to set up. This must be initialized."]
-    #[doc = " \\param key       The EC key to use. This must be initialized."]
-    #[doc = " \\param side      Defines the source of the key. Possible values are:"]
-    #[doc = "                  - #MBEDTLS_ECDH_OURS: The key is ours."]
-    #[doc = "                  - #MBEDTLS_ECDH_THEIRS: The key is that of the peer."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          Another \\c MBEDTLS_ERR_ECP_XXX error code on failure."]
-    #[doc = ""]
-    pub fn mbedtls_ecdh_get_params(
-        ctx: *mut mbedtls_ecdh_context,
-        key: *const mbedtls_ecp_keypair,
-        side: mbedtls_ecdh_side,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function generates a public key and exports it"]
-    #[doc = "                  as a TLS ClientKeyExchange payload."]
-    #[doc = ""]
-    #[doc = "                  This is the second function used by a TLS client for ECDH(E)"]
-    #[doc = "                  ciphersuites."]
-    #[doc = ""]
-    #[doc = " \\see             ecp.h"]
-    #[doc = ""]
-    #[doc = " \\param ctx       The ECDH context to use. This must be initialized"]
-    #[doc = "                  and bound to a group, the latter usually by"]
-    #[doc = "                  mbedtls_ecdh_read_params()."]
-    #[doc = " \\param olen      The address at which to store the number of Bytes written."]
-    #[doc = "                  This must not be \\c NULL."]
-    #[doc = " \\param buf       The destination buffer. This must be a writable buffer"]
-    #[doc = "                  of length \\p blen Bytes."]
-    #[doc = " \\param blen      The size of the destination buffer \\p buf in Bytes."]
-    #[doc = " \\param f_rng     The RNG function to use. This must not be \\c NULL."]
-    #[doc = " \\param p_rng     The RNG context to be passed to \\p f_rng. This may be"]
-    #[doc = "                  \\c NULL in case \\p f_rng doesn't need a context argument."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of"]
-    #[doc = "                  operations was reached: see \\c mbedtls_ecp_set_max_ops()."]
-    #[doc = " \\return          Another \\c MBEDTLS_ERR_ECP_XXX error code on failure."]
-    pub fn mbedtls_ecdh_make_public(
-        ctx: *mut mbedtls_ecdh_context,
-        olen: *mut size_t,
-        buf: *mut crate::c_types::c_uchar,
-        blen: size_t,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief       This function parses and processes the ECDHE payload of a"]
-    #[doc = "              TLS ClientKeyExchange message."]
-    #[doc = ""]
-    #[doc = "              This is the third function used by a TLS server for ECDH(E)"]
-    #[doc = "              ciphersuites. (It is called after mbedtls_ecdh_setup() and"]
-    #[doc = "              mbedtls_ecdh_make_params().)"]
-    #[doc = ""]
-    #[doc = " \\see         ecp.h"]
-    #[doc = ""]
-    #[doc = " \\param ctx   The ECDH context to use. This must be initialized"]
-    #[doc = "              and bound to a group, for example via mbedtls_ecdh_setup()."]
-    #[doc = " \\param buf   The pointer to the ClientKeyExchange payload. This must"]
-    #[doc = "              be a readable buffer of length \\p blen Bytes."]
-    #[doc = " \\param blen  The length of the input buffer \\p buf in Bytes."]
-    #[doc = ""]
-    #[doc = " \\return      \\c 0 on success."]
-    #[doc = " \\return      An \\c MBEDTLS_ERR_ECP_XXX error code on failure."]
-    pub fn mbedtls_ecdh_read_public(
-        ctx: *mut mbedtls_ecdh_context,
-        buf: *const crate::c_types::c_uchar,
-        blen: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           This function derives and exports the shared secret."]
-    #[doc = ""]
-    #[doc = "                  This is the last function used by both TLS client"]
-    #[doc = "                  and servers."]
-    #[doc = ""]
-    #[doc = " \\note            If \\p f_rng is not NULL, it is used to implement"]
-    #[doc = "                  countermeasures against side-channel attacks."]
-    #[doc = "                  For more information, see mbedtls_ecp_mul()."]
-    #[doc = ""]
-    #[doc = " \\see             ecp.h"]
-    #[doc = ""]
-    #[doc = " \\param ctx       The ECDH context to use. This must be initialized"]
-    #[doc = "                  and have its own private key generated and the peer's"]
-    #[doc = "                  public key imported."]
-    #[doc = " \\param olen      The address at which to store the total number of"]
-    #[doc = "                  Bytes written on success. This must not be \\c NULL."]
-    #[doc = " \\param buf       The buffer to write the generated shared key to. This"]
-    #[doc = "                  must be a writable buffer of size \\p blen Bytes."]
-    #[doc = " \\param blen      The length of the destination buffer \\p buf in Bytes."]
-    #[doc = " \\param f_rng     The RNG function to use. This must not be \\c NULL."]
-    #[doc = " \\param p_rng     The RNG context. This may be \\c NULL if \\p f_rng"]
-    #[doc = "                  doesn't need a context argument."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    #[doc = " \\return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of"]
-    #[doc = "                  operations was reached: see \\c mbedtls_ecp_set_max_ops()."]
-    #[doc = " \\return          Another \\c MBEDTLS_ERR_ECP_XXX error code on failure."]
-    pub fn mbedtls_ecdh_calc_secret(
-        ctx: *mut mbedtls_ecdh_context,
-        olen: *mut size_t,
-        buf: *mut crate::c_types::c_uchar,
-        blen: size_t,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-    ) -> crate::c_types::c_int;
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub union mbedtls_ssl_premaster_secret {
-    pub _pms_rsa: [crate::c_types::c_uchar; 48usize],
-    pub _pms_dhm: [crate::c_types::c_uchar; 1024usize],
-    pub _pms_ecdh: [crate::c_types::c_uchar; 66usize],
-    pub _pms_psk: [crate::c_types::c_uchar; 100usize],
-    pub _pms_dhe_psk: [crate::c_types::c_uchar; 1076usize],
-    pub _pms_rsa_psk: [crate::c_types::c_uchar; 100usize],
-    pub _pms_ecdhe_psk: [crate::c_types::c_uchar; 118usize],
-}
-pub const mbedtls_ssl_states_MBEDTLS_SSL_HELLO_REQUEST: mbedtls_ssl_states = 0;
-pub const mbedtls_ssl_states_MBEDTLS_SSL_CLIENT_HELLO: mbedtls_ssl_states = 1;
-pub const mbedtls_ssl_states_MBEDTLS_SSL_SERVER_HELLO: mbedtls_ssl_states = 2;
-pub const mbedtls_ssl_states_MBEDTLS_SSL_SERVER_CERTIFICATE: mbedtls_ssl_states = 3;
-pub const mbedtls_ssl_states_MBEDTLS_SSL_SERVER_KEY_EXCHANGE: mbedtls_ssl_states = 4;
-pub const mbedtls_ssl_states_MBEDTLS_SSL_CERTIFICATE_REQUEST: mbedtls_ssl_states = 5;
-pub const mbedtls_ssl_states_MBEDTLS_SSL_SERVER_HELLO_DONE: mbedtls_ssl_states = 6;
-pub const mbedtls_ssl_states_MBEDTLS_SSL_CLIENT_CERTIFICATE: mbedtls_ssl_states = 7;
-pub const mbedtls_ssl_states_MBEDTLS_SSL_CLIENT_KEY_EXCHANGE: mbedtls_ssl_states = 8;
-pub const mbedtls_ssl_states_MBEDTLS_SSL_CERTIFICATE_VERIFY: mbedtls_ssl_states = 9;
-pub const mbedtls_ssl_states_MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC: mbedtls_ssl_states = 10;
-pub const mbedtls_ssl_states_MBEDTLS_SSL_CLIENT_FINISHED: mbedtls_ssl_states = 11;
-pub const mbedtls_ssl_states_MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC: mbedtls_ssl_states = 12;
-pub const mbedtls_ssl_states_MBEDTLS_SSL_SERVER_FINISHED: mbedtls_ssl_states = 13;
-pub const mbedtls_ssl_states_MBEDTLS_SSL_FLUSH_BUFFERS: mbedtls_ssl_states = 14;
-pub const mbedtls_ssl_states_MBEDTLS_SSL_HANDSHAKE_WRAPUP: mbedtls_ssl_states = 15;
-pub const mbedtls_ssl_states_MBEDTLS_SSL_NEW_SESSION_TICKET: mbedtls_ssl_states = 16;
-pub const mbedtls_ssl_states_MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT: mbedtls_ssl_states = 17;
-pub const mbedtls_ssl_states_MBEDTLS_SSL_HELLO_RETRY_REQUEST: mbedtls_ssl_states = 18;
-pub const mbedtls_ssl_states_MBEDTLS_SSL_ENCRYPTED_EXTENSIONS: mbedtls_ssl_states = 19;
-pub const mbedtls_ssl_states_MBEDTLS_SSL_END_OF_EARLY_DATA: mbedtls_ssl_states = 20;
-pub const mbedtls_ssl_states_MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY: mbedtls_ssl_states = 21;
-pub const mbedtls_ssl_states_MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED: mbedtls_ssl_states = 22;
-pub const mbedtls_ssl_states_MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO: mbedtls_ssl_states =
-    23;
-pub const mbedtls_ssl_states_MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO: mbedtls_ssl_states = 24;
-pub const mbedtls_ssl_states_MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO: mbedtls_ssl_states = 25;
-pub const mbedtls_ssl_states_MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST: mbedtls_ssl_states =
-    26;
-pub const mbedtls_ssl_states_MBEDTLS_SSL_HANDSHAKE_OVER: mbedtls_ssl_states = 27;
-pub const mbedtls_ssl_states_MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET: mbedtls_ssl_states = 28;
-pub const mbedtls_ssl_states_MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH: mbedtls_ssl_states = 29;
-pub type mbedtls_ssl_states = crate::c_types::c_uint;
-#[doc = " \\brief          Callback type: send data on the network."]
-#[doc = ""]
-#[doc = " \\note           That callback may be either blocking or non-blocking."]
-#[doc = ""]
-#[doc = " \\param ctx      Context for the send callback (typically a file descriptor)"]
-#[doc = " \\param buf      Buffer holding the data to send"]
-#[doc = " \\param len      Length of the data to send"]
-#[doc = ""]
-#[doc = " \\return         The callback must return the number of bytes sent if any,"]
-#[doc = "                 or a non-zero error code."]
-#[doc = "                 If performing non-blocking I/O, \\c MBEDTLS_ERR_SSL_WANT_WRITE"]
-#[doc = "                 must be returned when the operation would block."]
-#[doc = ""]
-#[doc = " \\note           The callback is allowed to send fewer bytes than requested."]
-#[doc = "                 It must always return the number of bytes actually sent."]
-pub type mbedtls_ssl_send_t = ::core::option::Option<
-    unsafe extern "C" fn(
-        ctx: *mut crate::c_types::c_void,
-        buf: *const crate::c_types::c_uchar,
-        len: size_t,
-    ) -> crate::c_types::c_int,
->;
-#[doc = " \\brief          Callback type: receive data from the network."]
-#[doc = ""]
-#[doc = " \\note           That callback may be either blocking or non-blocking."]
-#[doc = ""]
-#[doc = " \\param ctx      Context for the receive callback (typically a file"]
-#[doc = "                 descriptor)"]
-#[doc = " \\param buf      Buffer to write the received data to"]
-#[doc = " \\param len      Length of the receive buffer"]
-#[doc = ""]
-#[doc = " \\returns        If data has been received, the positive number of bytes received."]
-#[doc = " \\returns        \\c 0 if the connection has been closed."]
-#[doc = " \\returns        If performing non-blocking I/O, \\c MBEDTLS_ERR_SSL_WANT_READ"]
-#[doc = "                 must be returned when the operation would block."]
-#[doc = " \\returns        Another negative error code on other kinds of failures."]
-#[doc = ""]
-#[doc = " \\note           The callback may receive fewer bytes than the length of the"]
-#[doc = "                 buffer. It must always return the number of bytes actually"]
-#[doc = "                 received and written to the buffer."]
-pub type mbedtls_ssl_recv_t = ::core::option::Option<
-    unsafe extern "C" fn(
-        ctx: *mut crate::c_types::c_void,
-        buf: *mut crate::c_types::c_uchar,
-        len: size_t,
-    ) -> crate::c_types::c_int,
->;
-#[doc = " \\brief          Callback type: receive data from the network, with timeout"]
-#[doc = ""]
-#[doc = " \\note           That callback must block until data is received, or the"]
-#[doc = "                 timeout delay expires, or the operation is interrupted by a"]
-#[doc = "                 signal."]
-#[doc = ""]
-#[doc = " \\param ctx      Context for the receive callback (typically a file descriptor)"]
-#[doc = " \\param buf      Buffer to write the received data to"]
-#[doc = " \\param len      Length of the receive buffer"]
-#[doc = " \\param timeout  Maximum number of milliseconds to wait for data"]
-#[doc = "                 0 means no timeout (potentially waiting forever)"]
-#[doc = ""]
-#[doc = " \\return         The callback must return the number of bytes received,"]
-#[doc = "                 or a non-zero error code:"]
-#[doc = "                 \\c MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out,"]
-#[doc = "                 \\c MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal."]
-#[doc = ""]
-#[doc = " \\note           The callback may receive fewer bytes than the length of the"]
-#[doc = "                 buffer. It must always return the number of bytes actually"]
-#[doc = "                 received and written to the buffer."]
-pub type mbedtls_ssl_recv_timeout_t = ::core::option::Option<
-    unsafe extern "C" fn(
-        ctx: *mut crate::c_types::c_void,
-        buf: *mut crate::c_types::c_uchar,
-        len: size_t,
-        timeout: u32,
-    ) -> crate::c_types::c_int,
->;
-#[doc = " \\brief          Callback type: set a pair of timers/delays to watch"]
-#[doc = ""]
-#[doc = " \\param ctx      Context pointer"]
-#[doc = " \\param int_ms   Intermediate delay in milliseconds"]
-#[doc = " \\param fin_ms   Final delay in milliseconds"]
-#[doc = "                 0 cancels the current timer."]
-#[doc = ""]
-#[doc = " \\note           This callback must at least store the necessary information"]
-#[doc = "                 for the associated \\c mbedtls_ssl_get_timer_t callback to"]
-#[doc = "                 return correct information."]
-#[doc = ""]
-#[doc = " \\note           If using an event-driven style of programming, an event must"]
-#[doc = "                 be generated when the final delay is passed. The event must"]
-#[doc = "                 cause a call to \\c mbedtls_ssl_handshake() with the proper"]
-#[doc = "                 SSL context to be scheduled. Care must be taken to ensure"]
-#[doc = "                 that at most one such call happens at a time."]
-#[doc = ""]
-#[doc = " \\note           Only one timer at a time must be running. Calling this"]
-#[doc = "                 function while a timer is running must cancel it. Cancelled"]
-#[doc = "                 timers must not generate any event."]
-pub type mbedtls_ssl_set_timer_t = ::core::option::Option<
-    unsafe extern "C" fn(ctx: *mut crate::c_types::c_void, int_ms: u32, fin_ms: u32),
->;
-#[doc = " \\brief          Callback type: get status of timers/delays"]
-#[doc = ""]
-#[doc = " \\param ctx      Context pointer"]
-#[doc = ""]
-#[doc = " \\return         This callback must return:"]
-#[doc = "                 -1 if cancelled (fin_ms == 0),"]
-#[doc = "                  0 if none of the delays have passed,"]
-#[doc = "                  1 if only the intermediate delay has passed,"]
-#[doc = "                  2 if the final delay has passed."]
-pub type mbedtls_ssl_get_timer_t = ::core::option::Option<
-    unsafe extern "C" fn(ctx: *mut crate::c_types::c_void) -> crate::c_types::c_int,
->;
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_ssl_transform {
-    _unused: [u8; 0],
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_ssl_handshake_params {
-    _unused: [u8; 0],
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_ssl_sig_hash_set_t {
-    _unused: [u8; 0],
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_ssl_key_cert {
-    _unused: [u8; 0],
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_ssl_flight_item {
-    _unused: [u8; 0],
-}
-#[doc = " \\brief          Callback type: server-side session cache getter"]
-#[doc = ""]
-#[doc = "                 The session cache is logically a key value store, with"]
-#[doc = "                 keys being session IDs and values being instances of"]
-#[doc = "                 mbedtls_ssl_session."]
-#[doc = ""]
-#[doc = "                 This callback retrieves an entry in this key-value store."]
-#[doc = ""]
-#[doc = " \\param data            The address of the session cache structure to query."]
-#[doc = " \\param session_id      The buffer holding the session ID to query."]
-#[doc = " \\param session_id_len  The length of \\p session_id in Bytes."]
-#[doc = " \\param session         The address of the session structure to populate."]
-#[doc = "                        It is initialized with mbdtls_ssl_session_init(),"]
-#[doc = "                        and the callback must always leave it in a state"]
-#[doc = "                        where it can safely be freed via"]
-#[doc = "                        mbedtls_ssl_session_free() independent of the"]
-#[doc = "                        return code of this function."]
-#[doc = ""]
-#[doc = " \\return                \\c 0 on success"]
-#[doc = " \\return                A non-zero return value on failure."]
-#[doc = ""]
-pub type mbedtls_ssl_cache_get_t = ::core::option::Option<
-    unsafe extern "C" fn(
-        data: *mut crate::c_types::c_void,
-        session_id: *const crate::c_types::c_uchar,
-        session_id_len: size_t,
-        session: *mut mbedtls_ssl_session,
-    ) -> crate::c_types::c_int,
->;
-#[doc = " \\brief          Callback type: server-side session cache setter"]
-#[doc = ""]
-#[doc = "                 The session cache is logically a key value store, with"]
-#[doc = "                 keys being session IDs and values being instances of"]
-#[doc = "                 mbedtls_ssl_session."]
-#[doc = ""]
-#[doc = "                 This callback sets an entry in this key-value store."]
-#[doc = ""]
-#[doc = " \\param data            The address of the session cache structure to modify."]
-#[doc = " \\param session_id      The buffer holding the session ID to query."]
-#[doc = " \\param session_id_len  The length of \\p session_id in Bytes."]
-#[doc = " \\param session         The address of the session to be stored in the"]
-#[doc = "                        session cache."]
-#[doc = ""]
-#[doc = " \\return                \\c 0 on success"]
-#[doc = " \\return                A non-zero return value on failure."]
-pub type mbedtls_ssl_cache_set_t = ::core::option::Option<
-    unsafe extern "C" fn(
-        data: *mut crate::c_types::c_void,
-        session_id: *const crate::c_types::c_uchar,
-        session_id_len: size_t,
-        session: *const mbedtls_ssl_session,
-    ) -> crate::c_types::c_int,
->;
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_ssl_tls13_application_secrets {
-    pub client_application_traffic_secret_N: [crate::c_types::c_uchar; 64usize],
-    pub server_application_traffic_secret_N: [crate::c_types::c_uchar; 64usize],
-    pub exporter_master_secret: [crate::c_types::c_uchar; 64usize],
-    pub resumption_master_secret: [crate::c_types::c_uchar; 64usize],
-}
-#[doc = "< Context not in use or version not yet negotiated."]
-pub const mbedtls_ssl_protocol_version_MBEDTLS_SSL_VERSION_UNKNOWN: mbedtls_ssl_protocol_version =
-    0;
-#[doc = "< (D)TLS 1.2"]
-pub const mbedtls_ssl_protocol_version_MBEDTLS_SSL_VERSION_TLS1_2: mbedtls_ssl_protocol_version =
-    771;
-#[doc = "< (D)TLS 1.3"]
-pub const mbedtls_ssl_protocol_version_MBEDTLS_SSL_VERSION_TLS1_3: mbedtls_ssl_protocol_version =
-    772;
-#[doc = " Human-friendly representation of the (D)TLS protocol version."]
-pub type mbedtls_ssl_protocol_version = crate::c_types::c_uint;
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_ssl_session {
-    pub private_mfl_code: crate::c_types::c_uchar,
-    pub private_exported: crate::c_types::c_uchar,
-    pub private_tls_version: mbedtls_ssl_protocol_version,
-    pub private_ciphersuite: crate::c_types::c_int,
-    pub private_id_len: size_t,
-    pub private_id: [crate::c_types::c_uchar; 32usize],
-    pub private_master: [crate::c_types::c_uchar; 48usize],
-    pub private_peer_cert: *mut mbedtls_x509_crt,
-    pub private_verify_result: u32,
-    pub private_ticket: *mut crate::c_types::c_uchar,
-    pub private_ticket_len: size_t,
-    pub private_ticket_lifetime: u32,
-    pub private_endpoint: u8,
-    pub private_ticket_flags: u8,
-    pub private_ticket_age_add: u32,
-    pub private_resumption_key_len: u8,
-    pub private_resumption_key: [crate::c_types::c_uchar; 48usize],
-    pub private_hostname: *mut crate::c_types::c_char,
-    pub private_encrypt_then_mac: crate::c_types::c_int,
-    pub private_app_secrets: mbedtls_ssl_tls13_application_secrets,
-}
-pub const mbedtls_tls_prf_types_MBEDTLS_SSL_TLS_PRF_NONE: mbedtls_tls_prf_types = 0;
-pub const mbedtls_tls_prf_types_MBEDTLS_SSL_TLS_PRF_SHA384: mbedtls_tls_prf_types = 1;
-pub const mbedtls_tls_prf_types_MBEDTLS_SSL_TLS_PRF_SHA256: mbedtls_tls_prf_types = 2;
-pub const mbedtls_tls_prf_types_MBEDTLS_SSL_HKDF_EXPAND_SHA384: mbedtls_tls_prf_types = 3;
-pub const mbedtls_tls_prf_types_MBEDTLS_SSL_HKDF_EXPAND_SHA256: mbedtls_tls_prf_types = 4;
-pub type mbedtls_tls_prf_types = crate::c_types::c_uint;
-pub const mbedtls_ssl_key_export_type_MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET:
-    mbedtls_ssl_key_export_type = 0;
-pub const mbedtls_ssl_key_export_type_MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_EARLY_SECRET:
-    mbedtls_ssl_key_export_type = 1;
-pub const mbedtls_ssl_key_export_type_MBEDTLS_SSL_KEY_EXPORT_TLS1_3_EARLY_EXPORTER_SECRET:
-    mbedtls_ssl_key_export_type = 2;
-pub const mbedtls_ssl_key_export_type_MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_HANDSHAKE_TRAFFIC_SECRET : mbedtls_ssl_key_export_type = 3 ;
-pub const mbedtls_ssl_key_export_type_MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_HANDSHAKE_TRAFFIC_SECRET : mbedtls_ssl_key_export_type = 4 ;
-pub const mbedtls_ssl_key_export_type_MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_APPLICATION_TRAFFIC_SECRET : mbedtls_ssl_key_export_type = 5 ;
-pub const mbedtls_ssl_key_export_type_MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_APPLICATION_TRAFFIC_SECRET : mbedtls_ssl_key_export_type = 6 ;
-pub type mbedtls_ssl_key_export_type = crate::c_types::c_uint;
-#[doc = " \\brief           Callback type: Export key alongside random values for"]
-#[doc = "                                 session identification, and PRF for"]
-#[doc = "                                 implementation of TLS key exporters."]
-#[doc = ""]
-#[doc = " \\param p_expkey   Context for the callback."]
-#[doc = " \\param type       The type of the key that is being exported."]
-#[doc = " \\param secret     The address of the buffer holding the secret"]
-#[doc = "                   that's being exporterd."]
-#[doc = " \\param secret_len The length of \\p secret in bytes."]
-#[doc = " \\param client_random The client random bytes."]
-#[doc = " \\param server_random The server random bytes."]
-#[doc = " \\param tls_prf_type The identifier for the PRF used in the handshake"]
-#[doc = "                     to which the key belongs."]
-pub type mbedtls_ssl_export_keys_t = ::core::option::Option<
-    unsafe extern "C" fn(
-        p_expkey: *mut crate::c_types::c_void,
-        type_: mbedtls_ssl_key_export_type,
-        secret: *const crate::c_types::c_uchar,
-        secret_len: size_t,
-        client_random: *const crate::c_types::c_uchar,
-        server_random: *const crate::c_types::c_uchar,
-        tls_prf_type: mbedtls_tls_prf_types,
-    ),
->;
-#[doc = " \\brief           Callback type: generic handshake callback"]
-#[doc = ""]
-#[doc = " \\note            Callbacks may use user_data funcs to set/get app user data."]
-#[doc = "                  See \\c mbedtls_ssl_get_user_data_p()"]
-#[doc = "                      \\c mbedtls_ssl_get_user_data_n()"]
-#[doc = "                      \\c mbedtls_ssl_conf_get_user_data_p()"]
-#[doc = "                      \\c mbedtls_ssl_conf_get_user_data_n()"]
-#[doc = ""]
-#[doc = " \\param ssl       \\c mbedtls_ssl_context on which the callback is run"]
-#[doc = ""]
-#[doc = " \\return          The return value of the callback is 0 if successful,"]
-#[doc = "                  or a specific MBEDTLS_ERR_XXX code, which will cause"]
-#[doc = "                  the handshake to be aborted."]
-pub type mbedtls_ssl_hs_cb_t = ::core::option::Option<
-    unsafe extern "C" fn(ssl: *mut mbedtls_ssl_context) -> crate::c_types::c_int,
->;
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub union mbedtls_ssl_user_data_t {
-    pub n: usize,
-    pub p: *mut crate::c_types::c_void,
-}
-#[doc = " SSL/TLS configuration to be shared between mbedtls_ssl_context structures."]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_ssl_config {
-    pub private_max_tls_version: mbedtls_ssl_protocol_version,
-    pub private_min_tls_version: mbedtls_ssl_protocol_version,
-    pub private_endpoint: u8,
-    pub private_transport: u8,
-    pub private_authmode: u8,
-    pub private_allow_legacy_renegotiation: u8,
-    pub private_mfl_code: u8,
-    pub private_encrypt_then_mac: u8,
-    pub private_extended_ms: u8,
-    pub private_anti_replay: u8,
-    pub private_disable_renegotiation: u8,
-    pub private_session_tickets: u8,
-    pub private_new_session_tickets_count: u16,
-    pub private_cert_req_ca_list: u8,
-    pub private_respect_cli_pref: u8,
-    pub private_ignore_unexpected_cid: u8,
-    pub private_ciphersuite_list: *const crate::c_types::c_int,
-    pub private_tls13_kex_modes: crate::c_types::c_int,
-    pub private_f_dbg: ::core::option::Option<
-        unsafe extern "C" fn(
-            arg1: *mut crate::c_types::c_void,
-            arg2: crate::c_types::c_int,
-            arg3: *const crate::c_types::c_char,
-            arg4: crate::c_types::c_int,
-            arg5: *const crate::c_types::c_char,
-        ),
-    >,
-    pub private_p_dbg: *mut crate::c_types::c_void,
-    pub private_f_rng: ::core::option::Option<
-        unsafe extern "C" fn(
-            arg1: *mut crate::c_types::c_void,
-            arg2: *mut crate::c_types::c_uchar,
-            arg3: size_t,
-        ) -> crate::c_types::c_int,
-    >,
-    pub private_p_rng: *mut crate::c_types::c_void,
-    pub private_f_get_cache: mbedtls_ssl_cache_get_t,
-    pub private_f_set_cache: mbedtls_ssl_cache_set_t,
-    pub private_p_cache: *mut crate::c_types::c_void,
-    pub private_f_sni: ::core::option::Option<
-        unsafe extern "C" fn(
-            arg1: *mut crate::c_types::c_void,
-            arg2: *mut mbedtls_ssl_context,
-            arg3: *const crate::c_types::c_uchar,
-            arg4: size_t,
-        ) -> crate::c_types::c_int,
-    >,
-    pub private_p_sni: *mut crate::c_types::c_void,
-    pub private_f_vrfy: ::core::option::Option<
-        unsafe extern "C" fn(
-            arg1: *mut crate::c_types::c_void,
-            arg2: *mut mbedtls_x509_crt,
-            arg3: crate::c_types::c_int,
-            arg4: *mut u32,
-        ) -> crate::c_types::c_int,
-    >,
-    pub private_p_vrfy: *mut crate::c_types::c_void,
-    pub private_f_psk: ::core::option::Option<
-        unsafe extern "C" fn(
-            arg1: *mut crate::c_types::c_void,
-            arg2: *mut mbedtls_ssl_context,
-            arg3: *const crate::c_types::c_uchar,
-            arg4: size_t,
-        ) -> crate::c_types::c_int,
-    >,
-    pub private_p_psk: *mut crate::c_types::c_void,
-    pub private_f_cookie_write: ::core::option::Option<
-        unsafe extern "C" fn(
-            arg1: *mut crate::c_types::c_void,
-            arg2: *mut *mut crate::c_types::c_uchar,
-            arg3: *mut crate::c_types::c_uchar,
-            arg4: *const crate::c_types::c_uchar,
-            arg5: size_t,
-        ) -> crate::c_types::c_int,
-    >,
-    pub private_f_cookie_check: ::core::option::Option<
-        unsafe extern "C" fn(
-            arg1: *mut crate::c_types::c_void,
-            arg2: *const crate::c_types::c_uchar,
-            arg3: size_t,
-            arg4: *const crate::c_types::c_uchar,
-            arg5: size_t,
-        ) -> crate::c_types::c_int,
-    >,
-    pub private_p_cookie: *mut crate::c_types::c_void,
-    pub private_f_ticket_write: ::core::option::Option<
-        unsafe extern "C" fn(
-            arg1: *mut crate::c_types::c_void,
-            arg2: *const mbedtls_ssl_session,
-            arg3: *mut crate::c_types::c_uchar,
-            arg4: *const crate::c_types::c_uchar,
-            arg5: *mut size_t,
-            arg6: *mut u32,
-        ) -> crate::c_types::c_int,
-    >,
-    pub private_f_ticket_parse: ::core::option::Option<
-        unsafe extern "C" fn(
-            arg1: *mut crate::c_types::c_void,
-            arg2: *mut mbedtls_ssl_session,
-            arg3: *mut crate::c_types::c_uchar,
-            arg4: size_t,
-        ) -> crate::c_types::c_int,
-    >,
-    pub private_p_ticket: *mut crate::c_types::c_void,
-    pub private_cid_len: size_t,
-    pub private_cert_profile: *const mbedtls_x509_crt_profile,
-    pub private_key_cert: *mut mbedtls_ssl_key_cert,
-    pub private_ca_chain: *mut mbedtls_x509_crt,
-    pub private_ca_crl: *mut mbedtls_x509_crl,
-    pub private_sig_hashes: *const crate::c_types::c_int,
-    pub private_sig_algs: *const u16,
-    pub private_curve_list: *const mbedtls_ecp_group_id,
-    pub private_group_list: *const u16,
-    pub private_dhm_P: mbedtls_mpi,
-    pub private_dhm_G: mbedtls_mpi,
-    pub private_psk: *mut crate::c_types::c_uchar,
-    pub private_psk_len: size_t,
-    pub private_psk_identity: *mut crate::c_types::c_uchar,
-    pub private_psk_identity_len: size_t,
-    pub private_alpn_list: *mut *const crate::c_types::c_char,
-    pub private_read_timeout: u32,
-    pub private_hs_timeout_min: u32,
-    pub private_hs_timeout_max: u32,
-    pub private_renego_max_records: crate::c_types::c_int,
-    pub private_renego_period: [crate::c_types::c_uchar; 8usize],
-    pub private_badmac_limit: crate::c_types::c_uint,
-    pub private_dhm_min_bitlen: crate::c_types::c_uint,
-    pub private_user_data: mbedtls_ssl_user_data_t,
-    pub private_f_cert_cb: mbedtls_ssl_hs_cb_t,
-    pub private_dn_hints: *const mbedtls_x509_crt,
-}
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_ssl_context {
-    pub private_conf: *const mbedtls_ssl_config,
-    pub private_state: crate::c_types::c_int,
-    pub private_renego_status: crate::c_types::c_int,
-    pub private_renego_records_seen: crate::c_types::c_int,
-    pub private_tls_version: mbedtls_ssl_protocol_version,
-    pub private_badmac_seen: crate::c_types::c_uint,
-    pub private_f_vrfy: ::core::option::Option<
-        unsafe extern "C" fn(
-            arg1: *mut crate::c_types::c_void,
-            arg2: *mut mbedtls_x509_crt,
-            arg3: crate::c_types::c_int,
-            arg4: *mut u32,
-        ) -> crate::c_types::c_int,
-    >,
-    pub private_p_vrfy: *mut crate::c_types::c_void,
-    pub private_f_send: mbedtls_ssl_send_t,
-    pub private_f_recv: mbedtls_ssl_recv_t,
-    pub private_f_recv_timeout: mbedtls_ssl_recv_timeout_t,
-    pub private_p_bio: *mut crate::c_types::c_void,
-    pub private_session_in: *mut mbedtls_ssl_session,
-    pub private_session_out: *mut mbedtls_ssl_session,
-    pub private_session: *mut mbedtls_ssl_session,
-    pub private_session_negotiate: *mut mbedtls_ssl_session,
-    pub private_handshake: *mut mbedtls_ssl_handshake_params,
-    pub private_transform_in: *mut mbedtls_ssl_transform,
-    pub private_transform_out: *mut mbedtls_ssl_transform,
-    pub private_transform: *mut mbedtls_ssl_transform,
-    pub private_transform_negotiate: *mut mbedtls_ssl_transform,
-    pub private_transform_application: *mut mbedtls_ssl_transform,
-    pub private_p_timer: *mut crate::c_types::c_void,
-    pub private_f_set_timer: mbedtls_ssl_set_timer_t,
-    pub private_f_get_timer: mbedtls_ssl_get_timer_t,
-    pub private_in_buf: *mut crate::c_types::c_uchar,
-    pub private_in_ctr: *mut crate::c_types::c_uchar,
-    pub private_in_hdr: *mut crate::c_types::c_uchar,
-    pub private_in_cid: *mut crate::c_types::c_uchar,
-    pub private_in_len: *mut crate::c_types::c_uchar,
-    pub private_in_iv: *mut crate::c_types::c_uchar,
-    pub private_in_msg: *mut crate::c_types::c_uchar,
-    pub private_in_offt: *mut crate::c_types::c_uchar,
-    pub private_in_msgtype: crate::c_types::c_int,
-    pub private_in_msglen: size_t,
-    pub private_in_left: size_t,
-    pub private_in_epoch: u16,
-    pub private_next_record_offset: size_t,
-    pub private_in_window_top: u64,
-    pub private_in_window: u64,
-    pub private_in_hslen: size_t,
-    pub private_nb_zero: crate::c_types::c_int,
-    pub private_keep_current_message: crate::c_types::c_int,
-    pub private_send_alert: crate::c_types::c_uchar,
-    pub private_alert_type: crate::c_types::c_uchar,
-    pub private_alert_reason: crate::c_types::c_int,
-    pub private_disable_datagram_packing: u8,
-    pub private_out_buf: *mut crate::c_types::c_uchar,
-    pub private_out_ctr: *mut crate::c_types::c_uchar,
-    pub private_out_hdr: *mut crate::c_types::c_uchar,
-    pub private_out_cid: *mut crate::c_types::c_uchar,
-    pub private_out_len: *mut crate::c_types::c_uchar,
-    pub private_out_iv: *mut crate::c_types::c_uchar,
-    pub private_out_msg: *mut crate::c_types::c_uchar,
-    pub private_out_msgtype: crate::c_types::c_int,
-    pub private_out_msglen: size_t,
-    pub private_out_left: size_t,
-    pub private_cur_out_ctr: [crate::c_types::c_uchar; 8usize],
-    pub private_mtu: u16,
-    pub private_hostname: *mut crate::c_types::c_char,
-    pub private_alpn_chosen: *const crate::c_types::c_char,
-    pub private_cli_id: *mut crate::c_types::c_uchar,
-    pub private_cli_id_len: size_t,
-    pub private_secure_renegotiation: crate::c_types::c_int,
-    pub private_verify_data_len: size_t,
-    pub private_own_verify_data: [crate::c_types::c_char; 12usize],
-    pub private_peer_verify_data: [crate::c_types::c_char; 12usize],
-    pub private_own_cid: [crate::c_types::c_uchar; 32usize],
-    pub private_own_cid_len: u8,
-    pub private_negotiate_cid: u8,
-    pub private_f_export_keys: mbedtls_ssl_export_keys_t,
-    pub private_p_export_keys: *mut crate::c_types::c_void,
-    pub private_user_data: mbedtls_ssl_user_data_t,
-}
-extern "C" {
-    #[doc = " \\brief               Return the name of the ciphersuite associated with the"]
-    #[doc = "                      given ID"]
-    #[doc = ""]
-    #[doc = " \\param ciphersuite_id SSL ciphersuite ID"]
-    #[doc = ""]
-    #[doc = " \\return              a string containing the ciphersuite name"]
-    pub fn mbedtls_ssl_get_ciphersuite_name(
-        ciphersuite_id: crate::c_types::c_int,
-    ) -> *const crate::c_types::c_char;
-}
-extern "C" {
-    #[doc = " \\brief               Return the ID of the ciphersuite associated with the"]
-    #[doc = "                      given name"]
-    #[doc = ""]
-    #[doc = " \\param ciphersuite_name SSL ciphersuite name"]
-    #[doc = ""]
-    #[doc = " \\return              the ID with the ciphersuite or 0 if not found"]
-    pub fn mbedtls_ssl_get_ciphersuite_id(
-        ciphersuite_name: *const crate::c_types::c_char,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Initialize an SSL context"]
-    #[doc = "                 Just makes the context ready for mbedtls_ssl_setup() or"]
-    #[doc = "                 mbedtls_ssl_free()"]
-    #[doc = ""]
-    #[doc = " \\param ssl      SSL context"]
-    pub fn mbedtls_ssl_init(ssl: *mut mbedtls_ssl_context);
-}
-extern "C" {
-    #[doc = " \\brief          Set up an SSL context for use"]
-    #[doc = ""]
-    #[doc = " \\note           No copy of the configuration context is made, it can be"]
-    #[doc = "                 shared by many mbedtls_ssl_context structures."]
-    #[doc = ""]
-    #[doc = " \\warning        The conf structure will be accessed during the session."]
-    #[doc = "                 It must not be modified or freed as long as the session"]
-    #[doc = "                 is active."]
-    #[doc = ""]
-    #[doc = " \\warning        This function must be called exactly once per context."]
-    #[doc = "                 Calling mbedtls_ssl_setup again is not supported, even"]
-    #[doc = "                 if no session is active."]
-    #[doc = ""]
-    #[doc = " \\note           If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto"]
-    #[doc = "                 subsystem must have been initialized by calling"]
-    #[doc = "                 psa_crypto_init() before calling this function."]
-    #[doc = ""]
-    #[doc = " \\param ssl      SSL context"]
-    #[doc = " \\param conf     SSL configuration to use"]
-    #[doc = ""]
-    #[doc = " \\return         0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED if"]
-    #[doc = "                 memory allocation failed"]
-    pub fn mbedtls_ssl_setup(
-        ssl: *mut mbedtls_ssl_context,
-        conf: *const mbedtls_ssl_config,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Reset an already initialized SSL context for re-use"]
-    #[doc = "                 while retaining application-set variables, function"]
-    #[doc = "                 pointers and data."]
-    #[doc = ""]
-    #[doc = " \\param ssl      SSL context"]
-    #[doc = " \\return         0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED or"]
-    #[doc = "MBEDTLS_ERR_SSL_HW_ACCEL_FAILED"]
-    pub fn mbedtls_ssl_session_reset(ssl: *mut mbedtls_ssl_context) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Set the current endpoint type"]
-    #[doc = ""]
-    #[doc = " \\param conf     SSL configuration"]
-    #[doc = " \\param endpoint must be MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER"]
-    pub fn mbedtls_ssl_conf_endpoint(
-        conf: *mut mbedtls_ssl_config,
-        endpoint: crate::c_types::c_int,
-    );
-}
-extern "C" {
-    #[doc = " \\brief           Set the transport type (TLS or DTLS)."]
-    #[doc = "                  Default: TLS"]
-    #[doc = ""]
-    #[doc = " \\note            For DTLS, you must either provide a recv callback that"]
-    #[doc = "                  doesn't block, or one that handles timeouts, see"]
-    #[doc = "                  \\c mbedtls_ssl_set_bio(). You also need to provide timer"]
-    #[doc = "                  callbacks with \\c mbedtls_ssl_set_timer_cb()."]
-    #[doc = ""]
-    #[doc = " \\param conf      SSL configuration"]
-    #[doc = " \\param transport transport type:"]
-    #[doc = "                  MBEDTLS_SSL_TRANSPORT_STREAM for TLS,"]
-    #[doc = "                  MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS."]
-    pub fn mbedtls_ssl_conf_transport(
-        conf: *mut mbedtls_ssl_config,
-        transport: crate::c_types::c_int,
-    );
-}
-extern "C" {
-    #[doc = " \\brief          Set the certificate verification mode"]
-    #[doc = "                 Default: NONE on server, REQUIRED on client"]
-    #[doc = ""]
-    #[doc = " \\param conf     SSL configuration"]
-    #[doc = " \\param authmode can be:"]
-    #[doc = ""]
-    #[doc = "  MBEDTLS_SSL_VERIFY_NONE:      peer certificate is not checked"]
-    #[doc = "                        (default on server)"]
-    #[doc = "                        (insecure on client)"]
-    #[doc = ""]
-    #[doc = "  MBEDTLS_SSL_VERIFY_OPTIONAL:  peer certificate is checked, however the"]
-    #[doc = "                        handshake continues even if verification failed;"]
-    #[doc = "                        mbedtls_ssl_get_verify_result() can be called after the"]
-    #[doc = "                        handshake is complete."]
-    #[doc = ""]
-    #[doc = "  MBEDTLS_SSL_VERIFY_REQUIRED:  peer *must* present a valid certificate,"]
-    #[doc = "                        handshake is aborted if verification failed."]
-    #[doc = "                        (default on client)"]
-    #[doc = ""]
-    #[doc = " \\note On client, MBEDTLS_SSL_VERIFY_REQUIRED is the recommended mode."]
-    #[doc = " With MBEDTLS_SSL_VERIFY_OPTIONAL, the user needs to call mbedtls_ssl_get_verify_result() at"]
-    #[doc = " the right time(s), which may not be obvious, while REQUIRED always perform"]
-    #[doc = " the verification as soon as possible. For example, REQUIRED was protecting"]
-    #[doc = " against the \"triple handshake\" attack even before it was found."]
-    pub fn mbedtls_ssl_conf_authmode(
-        conf: *mut mbedtls_ssl_config,
-        authmode: crate::c_types::c_int,
-    );
-}
-extern "C" {
-    #[doc = " \\brief          Set the verification callback (Optional)."]
-    #[doc = ""]
-    #[doc = "                 If set, the provided verify callback is called for each"]
-    #[doc = "                 certificate in the peer's CRT chain, including the trusted"]
-    #[doc = "                 root. For more information, please see the documentation of"]
-    #[doc = "                 \\c mbedtls_x509_crt_verify()."]
-    #[doc = ""]
-    #[doc = " \\note           For per context callbacks and contexts, please use"]
-    #[doc = "                 mbedtls_ssl_set_verify() instead."]
-    #[doc = ""]
-    #[doc = " \\param conf     The SSL configuration to use."]
-    #[doc = " \\param f_vrfy   The verification callback to use during CRT verification."]
-    #[doc = " \\param p_vrfy   The opaque context to be passed to the callback."]
-    pub fn mbedtls_ssl_conf_verify(
-        conf: *mut mbedtls_ssl_config,
-        f_vrfy: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut mbedtls_x509_crt,
-                arg3: crate::c_types::c_int,
-                arg4: *mut u32,
-            ) -> crate::c_types::c_int,
-        >,
-        p_vrfy: *mut crate::c_types::c_void,
-    );
-}
-extern "C" {
-    #[doc = " \\brief          Set the random number generator callback"]
-    #[doc = ""]
-    #[doc = " \\param conf     SSL configuration"]
-    #[doc = " \\param f_rng    RNG function (mandatory)"]
-    #[doc = " \\param p_rng    RNG parameter"]
-    pub fn mbedtls_ssl_conf_rng(
-        conf: *mut mbedtls_ssl_config,
-        f_rng: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_rng: *mut crate::c_types::c_void,
-    );
-}
-extern "C" {
-    #[doc = " \\brief          Set the debug callback"]
-    #[doc = ""]
-    #[doc = "                 The callback has the following argument:"]
-    #[doc = "                 void *           opaque context for the callback"]
-    #[doc = "                 int              debug level"]
-    #[doc = "                 const char *     file name"]
-    #[doc = "                 int              line number"]
-    #[doc = "                 const char *     message"]
-    #[doc = ""]
-    #[doc = " \\param conf     SSL configuration"]
-    #[doc = " \\param f_dbg    debug function"]
-    #[doc = " \\param p_dbg    debug parameter"]
-    pub fn mbedtls_ssl_conf_dbg(
-        conf: *mut mbedtls_ssl_config,
-        f_dbg: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: crate::c_types::c_int,
-                arg3: *const crate::c_types::c_char,
-                arg4: crate::c_types::c_int,
-                arg5: *const crate::c_types::c_char,
-            ),
-        >,
-        p_dbg: *mut crate::c_types::c_void,
-    );
-}
-extern "C" {
-    #[doc = " \\brief          Set the underlying BIO callbacks for write, read and"]
-    #[doc = "                 read-with-timeout."]
-    #[doc = ""]
-    #[doc = " \\param ssl      SSL context"]
-    #[doc = " \\param p_bio    parameter (context) shared by BIO callbacks"]
-    #[doc = " \\param f_send   write callback"]
-    #[doc = " \\param f_recv   read callback"]
-    #[doc = " \\param f_recv_timeout blocking read callback with timeout."]
-    #[doc = ""]
-    #[doc = " \\note           One of f_recv or f_recv_timeout can be NULL, in which case"]
-    #[doc = "                 the other is used. If both are non-NULL, f_recv_timeout is"]
-    #[doc = "                 used and f_recv is ignored (as if it were NULL)."]
-    #[doc = ""]
-    #[doc = " \\note           The two most common use cases are:"]
-    #[doc = "                 - non-blocking I/O, f_recv != NULL, f_recv_timeout == NULL"]
-    #[doc = "                 - blocking I/O, f_recv == NULL, f_recv_timeout != NULL"]
-    #[doc = ""]
-    #[doc = " \\note           For DTLS, you need to provide either a non-NULL"]
-    #[doc = "                 f_recv_timeout callback, or a f_recv that doesn't block."]
-    #[doc = ""]
-    #[doc = " \\note           See the documentations of \\c mbedtls_ssl_send_t,"]
-    #[doc = "                 \\c mbedtls_ssl_recv_t and \\c mbedtls_ssl_recv_timeout_t for"]
-    #[doc = "                 the conventions those callbacks must follow."]
-    #[doc = ""]
-    #[doc = " \\note           On some platforms, net_sockets.c provides"]
-    #[doc = "                 \\c mbedtls_net_send(), \\c mbedtls_net_recv() and"]
-    #[doc = "                 \\c mbedtls_net_recv_timeout() that are suitable to be used"]
-    #[doc = "                 here."]
-    pub fn mbedtls_ssl_set_bio(
-        ssl: *mut mbedtls_ssl_context,
-        p_bio: *mut crate::c_types::c_void,
-        f_send: mbedtls_ssl_send_t,
-        f_recv: mbedtls_ssl_recv_t,
-        f_recv_timeout: mbedtls_ssl_recv_timeout_t,
-    );
-}
-extern "C" {
-    #[doc = " \\brief             Configure the use of the Connection ID (CID)"]
-    #[doc = "                    extension in the next handshake."]
-    #[doc = ""]
-    #[doc = "                    Reference: RFC 9146 (or draft-ietf-tls-dtls-connection-id-05"]
-    #[doc = "                    https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05"]
-    #[doc = "                    for legacy version)"]
-    #[doc = ""]
-    #[doc = "                    The DTLS CID extension allows the reliable association of"]
-    #[doc = "                    DTLS records to DTLS connections across changes in the"]
-    #[doc = "                    underlying transport (changed IP and Port metadata) by"]
-    #[doc = "                    adding explicit connection identifiers (CIDs) to the"]
-    #[doc = "                    headers of encrypted DTLS records. The desired CIDs are"]
-    #[doc = "                    configured by the application layer and are exchanged in"]
-    #[doc = "                    new `ClientHello` / `ServerHello` extensions during the"]
-    #[doc = "                    handshake, where each side indicates the CID it wants the"]
-    #[doc = "                    peer to use when writing encrypted messages. The CIDs are"]
-    #[doc = "                    put to use once records get encrypted: the stack discards"]
-    #[doc = "                    any incoming records that don't include the configured CID"]
-    #[doc = "                    in their header, and adds the peer's requested CID to the"]
-    #[doc = "                    headers of outgoing messages."]
-    #[doc = ""]
-    #[doc = "                    This API enables or disables the use of the CID extension"]
-    #[doc = "                    in the next handshake and sets the value of the CID to"]
-    #[doc = "                    be used for incoming messages."]
-    #[doc = ""]
-    #[doc = " \\param ssl         The SSL context to configure. This must be initialized."]
-    #[doc = " \\param enable      This value determines whether the CID extension should"]
-    #[doc = "                    be used or not. Possible values are:"]
-    #[doc = "                    - MBEDTLS_SSL_CID_ENABLED to enable the use of the CID."]
-    #[doc = "                    - MBEDTLS_SSL_CID_DISABLED (default) to disable the use"]
-    #[doc = "                      of the CID."]
-    #[doc = " \\param own_cid     The address of the readable buffer holding the CID we want"]
-    #[doc = "                    the peer to use when sending encrypted messages to us."]
-    #[doc = "                    This may be \\c NULL if \\p own_cid_len is \\c 0."]
-    #[doc = "                    This parameter is unused if \\p enabled is set to"]
-    #[doc = "                    MBEDTLS_SSL_CID_DISABLED."]
-    #[doc = " \\param own_cid_len The length of \\p own_cid."]
-    #[doc = "                    This parameter is unused if \\p enabled is set to"]
-    #[doc = "                    MBEDTLS_SSL_CID_DISABLED."]
-    #[doc = ""]
-    #[doc = " \\note              The value of \\p own_cid_len must match the value of the"]
-    #[doc = "                    \\c len parameter passed to mbedtls_ssl_conf_cid()"]
-    #[doc = "                    when configuring the ::mbedtls_ssl_config that \\p ssl"]
-    #[doc = "                    is bound to."]
-    #[doc = ""]
-    #[doc = " \\note              This CID configuration applies to subsequent handshakes"]
-    #[doc = "                    performed on the SSL context \\p ssl, but does not trigger"]
-    #[doc = "                    one. You still have to call `mbedtls_ssl_handshake()`"]
-    #[doc = "                    (for the initial handshake) or `mbedtls_ssl_renegotiate()`"]
-    #[doc = "                    (for a renegotiation handshake) explicitly after a"]
-    #[doc = "                    successful call to this function to run the handshake."]
-    #[doc = ""]
-    #[doc = " \\note              This call cannot guarantee that the use of the CID"]
-    #[doc = "                    will be successfully negotiated in the next handshake,"]
-    #[doc = "                    because the peer might not support it. Specifically:"]
-    #[doc = "                    - On the Client, enabling the use of the CID through"]
-    #[doc = "                      this call implies that the `ClientHello` in the next"]
-    #[doc = "                      handshake will include the CID extension, thereby"]
-    #[doc = "                      offering the use of the CID to the server. Only if"]
-    #[doc = "                      the `ServerHello` contains the CID extension, too,"]
-    #[doc = "                      the CID extension will actually be put to use."]
-    #[doc = "                    - On the Server, enabling the use of the CID through"]
-    #[doc = "                      this call implies that the server will look for"]
-    #[doc = "                      the CID extension in a `ClientHello` from the client,"]
-    #[doc = "                      and, if present, reply with a CID extension in its"]
-    #[doc = "                      `ServerHello`."]
-    #[doc = ""]
-    #[doc = " \\note              To check whether the use of the CID was negotiated"]
-    #[doc = "                    after the subsequent handshake has completed, please"]
-    #[doc = "                    use the API mbedtls_ssl_get_peer_cid()."]
-    #[doc = ""]
-    #[doc = " \\warning           If the use of the CID extension is enabled in this call"]
-    #[doc = "                    and the subsequent handshake negotiates its use, Mbed TLS"]
-    #[doc = "                    will silently drop every packet whose CID does not match"]
-    #[doc = "                    the CID configured in \\p own_cid. It is the responsibility"]
-    #[doc = "                    of the user to adapt the underlying transport to take care"]
-    #[doc = "                    of CID-based demultiplexing before handing datagrams to"]
-    #[doc = "                    Mbed TLS."]
-    #[doc = ""]
-    #[doc = " \\return            \\c 0 on success. In this case, the CID configuration"]
-    #[doc = "                    applies to the next handshake."]
-    #[doc = " \\return            A negative error code on failure."]
-    pub fn mbedtls_ssl_set_cid(
-        ssl: *mut mbedtls_ssl_context,
-        enable: crate::c_types::c_int,
-        own_cid: *const crate::c_types::c_uchar,
-        own_cid_len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief              Get information about our request for usage of the CID"]
-    #[doc = "                     extension in the current connection."]
-    #[doc = ""]
-    #[doc = " \\param ssl          The SSL context to query."]
-    #[doc = " \\param enabled      The address at which to store whether the CID extension"]
-    #[doc = "                     is requested to be used or not. If the CID is"]
-    #[doc = "                     requested, `*enabled` is set to"]
-    #[doc = "                     MBEDTLS_SSL_CID_ENABLED; otherwise, it is set to"]
-    #[doc = "                     MBEDTLS_SSL_CID_DISABLED."]
-    #[doc = " \\param own_cid      The address of the buffer in which to store our own"]
-    #[doc = "                     CID (if the CID extension is requested). This may be"]
-    #[doc = "                     \\c NULL in case the value of our CID isn't needed. If"]
-    #[doc = "                     it is not \\c NULL, \\p own_cid_len must not be \\c NULL."]
-    #[doc = " \\param own_cid_len  The address at which to store the size of our own CID"]
-    #[doc = "                     (if the CID extension is requested). This is also the"]
-    #[doc = "                     number of Bytes in \\p own_cid that have been written."]
-    #[doc = "                     This may be \\c NULL in case the length of our own CID"]
-    #[doc = "                     isn't needed. If it is \\c NULL, \\p own_cid must be"]
-    #[doc = "                     \\c NULL, too."]
-    #[doc = ""]
-    #[doc = "\\note                If we are requesting an empty CID this function sets"]
-    #[doc = "                     `*enabled` to #MBEDTLS_SSL_CID_DISABLED (the rationale"]
-    #[doc = "                     for this is that the resulting outcome is the"]
-    #[doc = "                     same as if the CID extensions wasn't requested)."]
-    #[doc = ""]
-    #[doc = " \\return            \\c 0 on success."]
-    #[doc = " \\return            A negative error code on failure."]
-    pub fn mbedtls_ssl_get_own_cid(
-        ssl: *mut mbedtls_ssl_context,
-        enabled: *mut crate::c_types::c_int,
-        own_cid: *mut crate::c_types::c_uchar,
-        own_cid_len: *mut size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief              Get information about the use of the CID extension"]
-    #[doc = "                     in the current connection."]
-    #[doc = ""]
-    #[doc = " \\param ssl          The SSL context to query."]
-    #[doc = " \\param enabled      The address at which to store whether the CID extension"]
-    #[doc = "                     is currently in use or not. If the CID is in use,"]
-    #[doc = "                     `*enabled` is set to MBEDTLS_SSL_CID_ENABLED;"]
-    #[doc = "                     otherwise, it is set to MBEDTLS_SSL_CID_DISABLED."]
-    #[doc = " \\param peer_cid     The address of the buffer in which to store the CID"]
-    #[doc = "                     chosen by the peer (if the CID extension is used)."]
-    #[doc = "                     This may be \\c NULL in case the value of peer CID"]
-    #[doc = "                     isn't needed. If it is not \\c NULL, \\p peer_cid_len"]
-    #[doc = "                     must not be \\c NULL."]
-    #[doc = " \\param peer_cid_len The address at which to store the size of the CID"]
-    #[doc = "                     chosen by the peer (if the CID extension is used)."]
-    #[doc = "                     This is also the number of Bytes in \\p peer_cid that"]
-    #[doc = "                     have been written."]
-    #[doc = "                     This may be \\c NULL in case the length of the peer CID"]
-    #[doc = "                     isn't needed. If it is \\c NULL, \\p peer_cid must be"]
-    #[doc = "                     \\c NULL, too."]
-    #[doc = ""]
-    #[doc = " \\note               This applies to the state of the CID negotiated in"]
-    #[doc = "                     the last complete handshake. If a handshake is in"]
-    #[doc = "                     progress, this function will attempt to complete"]
-    #[doc = "                     the handshake first."]
-    #[doc = ""]
-    #[doc = " \\note               If CID extensions have been exchanged but both client"]
-    #[doc = "                     and server chose to use an empty CID, this function"]
-    #[doc = "                     sets `*enabled` to #MBEDTLS_SSL_CID_DISABLED"]
-    #[doc = "                     (the rationale for this is that the resulting"]
-    #[doc = "                     communication is the same as if the CID extensions"]
-    #[doc = "                     hadn't been used)."]
-    #[doc = ""]
-    #[doc = " \\return            \\c 0 on success."]
-    #[doc = " \\return            A negative error code on failure."]
-    pub fn mbedtls_ssl_get_peer_cid(
-        ssl: *mut mbedtls_ssl_context,
-        enabled: *mut crate::c_types::c_int,
-        peer_cid: *mut crate::c_types::c_uchar,
-        peer_cid_len: *mut size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Set the Maximum Transport Unit (MTU)."]
-    #[doc = "                 Special value: 0 means unset (no limit)."]
-    #[doc = "                 This represents the maximum size of a datagram payload"]
-    #[doc = "                 handled by the transport layer (usually UDP) as determined"]
-    #[doc = "                 by the network link and stack. In practice, this controls"]
-    #[doc = "                 the maximum size datagram the DTLS layer will pass to the"]
-    #[doc = "                 \\c f_send() callback set using \\c mbedtls_ssl_set_bio()."]
-    #[doc = ""]
-    #[doc = " \\note           The limit on datagram size is converted to a limit on"]
-    #[doc = "                 record payload by subtracting the current overhead of"]
-    #[doc = "                 encapsulation and encryption/authentication if any."]
-    #[doc = ""]
-    #[doc = " \\note           This can be called at any point during the connection, for"]
-    #[doc = "                 example when a Path Maximum Transfer Unit (PMTU)"]
-    #[doc = "                 estimate becomes available from other sources,"]
-    #[doc = "                 such as lower (or higher) protocol layers."]
-    #[doc = ""]
-    #[doc = " \\note           This setting only controls the size of the packets we send,"]
-    #[doc = "                 and does not restrict the size of the datagrams we're"]
-    #[doc = "                 willing to receive. Client-side, you can request the"]
-    #[doc = "                 server to use smaller records with \\c"]
-    #[doc = "                 mbedtls_ssl_conf_max_frag_len()."]
-    #[doc = ""]
-    #[doc = " \\note           If both a MTU and a maximum fragment length have been"]
-    #[doc = "                 configured (or negotiated with the peer), the resulting"]
-    #[doc = "                 lower limit on record payload (see first note) is used."]
-    #[doc = ""]
-    #[doc = " \\note           This can only be used to decrease the maximum size"]
-    #[doc = "                 of datagrams (hence records, see first note) sent. It"]
-    #[doc = "                 cannot be used to increase the maximum size of records over"]
-    #[doc = "                 the limit set by #MBEDTLS_SSL_OUT_CONTENT_LEN."]
-    #[doc = ""]
-    #[doc = " \\note           Values lower than the current record layer expansion will"]
-    #[doc = "                 result in an error when trying to send data."]
-    #[doc = ""]
-    #[doc = " \\param ssl      SSL context"]
-    #[doc = " \\param mtu      Value of the path MTU in bytes"]
-    pub fn mbedtls_ssl_set_mtu(ssl: *mut mbedtls_ssl_context, mtu: u16);
-}
-extern "C" {
-    #[doc = " \\brief          Set a connection-specific verification callback (optional)."]
-    #[doc = ""]
-    #[doc = "                 If set, the provided verify callback is called for each"]
-    #[doc = "                 certificate in the peer's CRT chain, including the trusted"]
-    #[doc = "                 root. For more information, please see the documentation of"]
-    #[doc = "                 \\c mbedtls_x509_crt_verify()."]
-    #[doc = ""]
-    #[doc = " \\note           This call is analogous to mbedtls_ssl_conf_verify() but"]
-    #[doc = "                 binds the verification callback and context to an SSL context"]
-    #[doc = "                 as opposed to an SSL configuration."]
-    #[doc = "                 If mbedtls_ssl_conf_verify() and mbedtls_ssl_set_verify()"]
-    #[doc = "                 are both used, mbedtls_ssl_set_verify() takes precedence."]
-    #[doc = ""]
-    #[doc = " \\param ssl      The SSL context to use."]
-    #[doc = " \\param f_vrfy   The verification callback to use during CRT verification."]
-    #[doc = " \\param p_vrfy   The opaque context to be passed to the callback."]
-    pub fn mbedtls_ssl_set_verify(
-        ssl: *mut mbedtls_ssl_context,
-        f_vrfy: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut mbedtls_x509_crt,
-                arg3: crate::c_types::c_int,
-                arg4: *mut u32,
-            ) -> crate::c_types::c_int,
-        >,
-        p_vrfy: *mut crate::c_types::c_void,
-    );
-}
-extern "C" {
-    #[doc = " \\brief          Set the timeout period for mbedtls_ssl_read()"]
-    #[doc = "                 (Default: no timeout.)"]
-    #[doc = ""]
-    #[doc = " \\param conf     SSL configuration context"]
-    #[doc = " \\param timeout  Timeout value in milliseconds."]
-    #[doc = "                 Use 0 for no timeout (default)."]
-    #[doc = ""]
-    #[doc = " \\note           With blocking I/O, this will only work if a non-NULL"]
-    #[doc = "                 \\c f_recv_timeout was set with \\c mbedtls_ssl_set_bio()."]
-    #[doc = "                 With non-blocking I/O, this will only work if timer"]
-    #[doc = "                 callbacks were set with \\c mbedtls_ssl_set_timer_cb()."]
-    #[doc = ""]
-    #[doc = " \\note           With non-blocking I/O, you may also skip this function"]
-    #[doc = "                 altogether and handle timeouts at the application layer."]
-    pub fn mbedtls_ssl_conf_read_timeout(conf: *mut mbedtls_ssl_config, timeout: u32);
-}
-extern "C" {
-    #[doc = " \\brief          Check whether a buffer contains a valid and authentic record"]
-    #[doc = "                 that has not been seen before. (DTLS only)."]
-    #[doc = ""]
-    #[doc = "                 This function does not change the user-visible state"]
-    #[doc = "                 of the SSL context. Its sole purpose is to provide"]
-    #[doc = "                 an indication of the legitimacy of an incoming record."]
-    #[doc = ""]
-    #[doc = "                 This can be useful e.g. in distributed server environments"]
-    #[doc = "                 using the DTLS Connection ID feature, in which connections"]
-    #[doc = "                 might need to be passed between service instances on a change"]
-    #[doc = "                 of peer address, but where such disruptive operations should"]
-    #[doc = "                 only happen after the validity of incoming records has been"]
-    #[doc = "                 confirmed."]
-    #[doc = ""]
-    #[doc = " \\param ssl      The SSL context to use."]
-    #[doc = " \\param buf      The address of the buffer holding the record to be checked."]
-    #[doc = "                 This must be a read/write buffer of length \\p buflen Bytes."]
-    #[doc = " \\param buflen   The length of \\p buf in Bytes."]
-    #[doc = ""]
-    #[doc = " \\note           This routine only checks whether the provided buffer begins"]
-    #[doc = "                 with a valid and authentic record that has not been seen"]
-    #[doc = "                 before, but does not check potential data following the"]
-    #[doc = "                 initial record. In particular, it is possible to pass DTLS"]
-    #[doc = "                 datagrams containing multiple records, in which case only"]
-    #[doc = "                 the first record is checked."]
-    #[doc = ""]
-    #[doc = " \\note           This function modifies the input buffer \\p buf. If you need"]
-    #[doc = "                 to preserve the original record, you have to maintain a copy."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if the record is valid and authentic and has not been"]
-    #[doc = "                 seen before."]
-    #[doc = " \\return         MBEDTLS_ERR_SSL_INVALID_MAC if the check completed"]
-    #[doc = "                 successfully but the record was found to be not authentic."]
-    #[doc = " \\return         MBEDTLS_ERR_SSL_INVALID_RECORD if the check completed"]
-    #[doc = "                 successfully but the record was found to be invalid for"]
-    #[doc = "                 a reason different from authenticity checking."]
-    #[doc = " \\return         MBEDTLS_ERR_SSL_UNEXPECTED_RECORD if the check completed"]
-    #[doc = "                 successfully but the record was found to be unexpected"]
-    #[doc = "                 in the state of the SSL context, including replayed records."]
-    #[doc = " \\return         Another negative error code on different kinds of failure."]
-    #[doc = "                 In this case, the SSL context becomes unusable and needs"]
-    #[doc = "                 to be freed or reset before reuse."]
-    pub fn mbedtls_ssl_check_record(
-        ssl: *const mbedtls_ssl_context,
-        buf: *mut crate::c_types::c_uchar,
-        buflen: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Set the timer callbacks (Mandatory for DTLS.)"]
-    #[doc = ""]
-    #[doc = " \\param ssl      SSL context"]
-    #[doc = " \\param p_timer  parameter (context) shared by timer callbacks"]
-    #[doc = " \\param f_set_timer   set timer callback"]
-    #[doc = " \\param f_get_timer   get timer callback. Must return:"]
-    #[doc = ""]
-    #[doc = " \\note           See the documentation of \\c mbedtls_ssl_set_timer_t and"]
-    #[doc = "                 \\c mbedtls_ssl_get_timer_t for the conventions this pair of"]
-    #[doc = "                 callbacks must follow."]
-    #[doc = ""]
-    #[doc = " \\note           On some platforms, timing.c provides"]
-    #[doc = "                 \\c mbedtls_timing_set_delay() and"]
-    #[doc = "                 \\c mbedtls_timing_get_delay() that are suitable for using"]
-    #[doc = "                 here, except if using an event-driven style."]
-    #[doc = ""]
-    #[doc = " \\note           See also the \"DTLS tutorial\" article in our knowledge base."]
-    #[doc = "                 https://mbed-tls.readthedocs.io/en/latest/kb/how-to/dtls-tutorial"]
-    pub fn mbedtls_ssl_set_timer_cb(
-        ssl: *mut mbedtls_ssl_context,
-        p_timer: *mut crate::c_types::c_void,
-        f_set_timer: mbedtls_ssl_set_timer_t,
-        f_get_timer: mbedtls_ssl_get_timer_t,
-    );
-}
-#[doc = " \\brief           Callback type: generate and write session ticket"]
-#[doc = ""]
-#[doc = " \\note            This describes what a callback implementation should do."]
-#[doc = "                  This callback should generate an encrypted and"]
-#[doc = "                  authenticated ticket for the session and write it to the"]
-#[doc = "                  output buffer. Here, ticket means the opaque ticket part"]
-#[doc = "                  of the NewSessionTicket structure of RFC 5077."]
-#[doc = ""]
-#[doc = " \\param p_ticket  Context for the callback"]
-#[doc = " \\param session   SSL session to be written in the ticket"]
-#[doc = " \\param start     Start of the output buffer"]
-#[doc = " \\param end       End of the output buffer"]
-#[doc = " \\param tlen      On exit, holds the length written"]
-#[doc = " \\param lifetime  On exit, holds the lifetime of the ticket in seconds"]
-#[doc = ""]
-#[doc = " \\return          0 if successful, or"]
-#[doc = "                  a specific MBEDTLS_ERR_XXX code."]
-pub type mbedtls_ssl_ticket_write_t = ::core::option::Option<
-    unsafe extern "C" fn(
-        p_ticket: *mut crate::c_types::c_void,
-        session: *const mbedtls_ssl_session,
-        start: *mut crate::c_types::c_uchar,
-        end: *const crate::c_types::c_uchar,
-        tlen: *mut size_t,
-        lifetime: *mut u32,
-    ) -> crate::c_types::c_int,
->;
-#[doc = " \\brief           Callback type: parse and load session ticket"]
-#[doc = ""]
-#[doc = " \\note            This describes what a callback implementation should do."]
-#[doc = "                  This callback should parse a session ticket as generated"]
-#[doc = "                  by the corresponding mbedtls_ssl_ticket_write_t function,"]
-#[doc = "                  and, if the ticket is authentic and valid, load the"]
-#[doc = "                  session."]
-#[doc = ""]
-#[doc = " \\note            The implementation is allowed to modify the first len"]
-#[doc = "                  bytes of the input buffer, eg to use it as a temporary"]
-#[doc = "                  area for the decrypted ticket contents."]
-#[doc = ""]
-#[doc = " \\param p_ticket  Context for the callback"]
-#[doc = " \\param session   SSL session to be loaded"]
-#[doc = " \\param buf       Start of the buffer containing the ticket"]
-#[doc = " \\param len       Length of the ticket."]
-#[doc = ""]
-#[doc = " \\return          0 if successful, or"]
-#[doc = "                  MBEDTLS_ERR_SSL_INVALID_MAC if not authentic, or"]
-#[doc = "                  MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED if expired, or"]
-#[doc = "                  any other non-zero code for other failures."]
-pub type mbedtls_ssl_ticket_parse_t = ::core::option::Option<
-    unsafe extern "C" fn(
-        p_ticket: *mut crate::c_types::c_void,
-        session: *mut mbedtls_ssl_session,
-        buf: *mut crate::c_types::c_uchar,
-        len: size_t,
-    ) -> crate::c_types::c_int,
->;
-extern "C" {
-    #[doc = " \\brief           Configure SSL session ticket callbacks (server only)."]
-    #[doc = "                  (Default: none.)"]
-    #[doc = ""]
-    #[doc = " \\note            On server, session tickets are enabled by providing"]
-    #[doc = "                  non-NULL callbacks."]
-    #[doc = ""]
-    #[doc = " \\note            On client, use \\c mbedtls_ssl_conf_session_tickets()."]
-    #[doc = ""]
-    #[doc = " \\param conf      SSL configuration context"]
-    #[doc = " \\param f_ticket_write    Callback for writing a ticket"]
-    #[doc = " \\param f_ticket_parse    Callback for parsing a ticket"]
-    #[doc = " \\param p_ticket          Context shared by the two callbacks"]
-    pub fn mbedtls_ssl_conf_session_tickets_cb(
-        conf: *mut mbedtls_ssl_config,
-        f_ticket_write: mbedtls_ssl_ticket_write_t,
-        f_ticket_parse: mbedtls_ssl_ticket_parse_t,
-        p_ticket: *mut crate::c_types::c_void,
-    );
-}
-extern "C" {
-    #[doc = " \\brief   Configure a key export callback."]
-    #[doc = "          (Default: none.)"]
-    #[doc = ""]
-    #[doc = "          This API can be used for two purposes:"]
-    #[doc = "          - Debugging: Use this API to e.g. generate an NSSKeylog"]
-    #[doc = "            file and use it to inspect encrypted traffic in tools"]
-    #[doc = "            such as Wireshark."]
-    #[doc = "          - Application-specific export: Use this API to implement"]
-    #[doc = "            key exporters, e.g. for EAP-TLS or DTLS-SRTP."]
-    #[doc = ""]
-    #[doc = ""]
-    #[doc = " \\param ssl            The SSL context to which the export"]
-    #[doc = "                       callback should be attached."]
-    #[doc = " \\param f_export_keys  The callback for the key export."]
-    #[doc = " \\param p_export_keys  The opaque context pointer to be passed to the"]
-    #[doc = "                       callback \\p f_export_keys."]
-    pub fn mbedtls_ssl_set_export_keys_cb(
-        ssl: *mut mbedtls_ssl_context,
-        f_export_keys: mbedtls_ssl_export_keys_t,
-        p_export_keys: *mut crate::c_types::c_void,
-    );
-}
-#[doc = " \\brief          Callback type: generate a cookie"]
-#[doc = ""]
-#[doc = " \\param ctx      Context for the callback"]
-#[doc = " \\param p        Buffer to write to,"]
-#[doc = "                 must be updated to point right after the cookie"]
-#[doc = " \\param end      Pointer to one past the end of the output buffer"]
-#[doc = " \\param info     Client ID info that was passed to"]
-#[doc = "                 \\c mbedtls_ssl_set_client_transport_id()"]
-#[doc = " \\param ilen     Length of info in bytes"]
-#[doc = ""]
-#[doc = " \\return         The callback must return 0 on success,"]
-#[doc = "                 or a negative error code."]
-pub type mbedtls_ssl_cookie_write_t = ::core::option::Option<
-    unsafe extern "C" fn(
-        ctx: *mut crate::c_types::c_void,
-        p: *mut *mut crate::c_types::c_uchar,
-        end: *mut crate::c_types::c_uchar,
-        info: *const crate::c_types::c_uchar,
-        ilen: size_t,
-    ) -> crate::c_types::c_int,
->;
-#[doc = " \\brief          Callback type: verify a cookie"]
-#[doc = ""]
-#[doc = " \\param ctx      Context for the callback"]
-#[doc = " \\param cookie   Cookie to verify"]
-#[doc = " \\param clen     Length of cookie"]
-#[doc = " \\param info     Client ID info that was passed to"]
-#[doc = "                 \\c mbedtls_ssl_set_client_transport_id()"]
-#[doc = " \\param ilen     Length of info in bytes"]
-#[doc = ""]
-#[doc = " \\return         The callback must return 0 if cookie is valid,"]
-#[doc = "                 or a negative error code."]
-pub type mbedtls_ssl_cookie_check_t = ::core::option::Option<
-    unsafe extern "C" fn(
-        ctx: *mut crate::c_types::c_void,
-        cookie: *const crate::c_types::c_uchar,
-        clen: size_t,
-        info: *const crate::c_types::c_uchar,
-        ilen: size_t,
-    ) -> crate::c_types::c_int,
->;
-extern "C" {
-    #[doc = " \\brief           Register callbacks for DTLS cookies"]
-    #[doc = "                  (Server only. DTLS only.)"]
-    #[doc = ""]
-    #[doc = "                  Default: dummy callbacks that fail, in order to force you to"]
-    #[doc = "                  register working callbacks (and initialize their context)."]
-    #[doc = ""]
-    #[doc = "                  To disable HelloVerifyRequest, register NULL callbacks."]
-    #[doc = ""]
-    #[doc = " \\warning         Disabling hello verification allows your server to be used"]
-    #[doc = "                  for amplification in DoS attacks against other hosts."]
-    #[doc = "                  Only disable if you known this can't happen in your"]
-    #[doc = "                  particular environment."]
-    #[doc = ""]
-    #[doc = " \\note            See comments on \\c mbedtls_ssl_handshake() about handling"]
-    #[doc = "                  the MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED that is expected"]
-    #[doc = "                  on the first handshake attempt when this is enabled."]
-    #[doc = ""]
-    #[doc = " \\note            This is also necessary to handle client reconnection from"]
-    #[doc = "                  the same port as described in RFC 6347 section 4.2.8 (only"]
-    #[doc = "                  the variant with cookies is supported currently). See"]
-    #[doc = "                  comments on \\c mbedtls_ssl_read() for details."]
-    #[doc = ""]
-    #[doc = " \\param conf              SSL configuration"]
-    #[doc = " \\param f_cookie_write    Cookie write callback"]
-    #[doc = " \\param f_cookie_check    Cookie check callback"]
-    #[doc = " \\param p_cookie          Context for both callbacks"]
-    pub fn mbedtls_ssl_conf_dtls_cookies(
-        conf: *mut mbedtls_ssl_config,
-        f_cookie_write: mbedtls_ssl_cookie_write_t,
-        f_cookie_check: mbedtls_ssl_cookie_check_t,
-        p_cookie: *mut crate::c_types::c_void,
-    );
-}
-extern "C" {
-    #[doc = " \\brief          Set client's transport-level identification info."]
-    #[doc = "                 (Server only. DTLS only.)"]
-    #[doc = ""]
-    #[doc = "                 This is usually the IP address (and port), but could be"]
-    #[doc = "                 anything identify the client depending on the underlying"]
-    #[doc = "                 network stack. Used for HelloVerifyRequest with DTLS."]
-    #[doc = "                 This is *not* used to route the actual packets."]
-    #[doc = ""]
-    #[doc = " \\param ssl      SSL context"]
-    #[doc = " \\param info     Transport-level info identifying the client (eg IP + port)"]
-    #[doc = " \\param ilen     Length of info in bytes"]
-    #[doc = ""]
-    #[doc = " \\note           An internal copy is made, so the info buffer can be reused."]
-    #[doc = ""]
-    #[doc = " \\return         0 on success,"]
-    #[doc = "                 MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used on client,"]
-    #[doc = "                 MBEDTLS_ERR_SSL_ALLOC_FAILED if out of memory."]
-    pub fn mbedtls_ssl_set_client_transport_id(
-        ssl: *mut mbedtls_ssl_context,
-        info: *const crate::c_types::c_uchar,
-        ilen: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Enable or disable anti-replay protection for DTLS."]
-    #[doc = "                 (DTLS only, no effect on TLS.)"]
-    #[doc = "                 Default: enabled."]
-    #[doc = ""]
-    #[doc = " \\param conf     SSL configuration"]
-    #[doc = " \\param mode     MBEDTLS_SSL_ANTI_REPLAY_ENABLED or MBEDTLS_SSL_ANTI_REPLAY_DISABLED."]
-    #[doc = ""]
-    #[doc = " \\warning        Disabling this is a security risk unless the application"]
-    #[doc = "                 protocol handles duplicated packets in a safe way. You"]
-    #[doc = "                 should not disable this without careful consideration."]
-    #[doc = "                 However, if your application already detects duplicated"]
-    #[doc = "                 packets and needs information about them to adjust its"]
-    #[doc = "                 transmission strategy, then you'll want to disable this."]
-    pub fn mbedtls_ssl_conf_dtls_anti_replay(
-        conf: *mut mbedtls_ssl_config,
-        mode: crate::c_types::c_char,
-    );
-}
-extern "C" {
-    #[doc = " \\brief          Set a limit on the number of records with a bad MAC"]
-    #[doc = "                 before terminating the connection."]
-    #[doc = "                 (DTLS only, no effect on TLS.)"]
-    #[doc = "                 Default: 0 (disabled)."]
-    #[doc = ""]
-    #[doc = " \\param conf     SSL configuration"]
-    #[doc = " \\param limit    Limit, or 0 to disable."]
-    #[doc = ""]
-    #[doc = " \\note           If the limit is N, then the connection is terminated when"]
-    #[doc = "                 the Nth non-authentic record is seen."]
-    #[doc = ""]
-    #[doc = " \\note           Records with an invalid header are not counted, only the"]
-    #[doc = "                 ones going through the authentication-decryption phase."]
-    #[doc = ""]
-    #[doc = " \\note           This is a security trade-off related to the fact that it's"]
-    #[doc = "                 often relatively easy for an active attacker to inject UDP"]
-    #[doc = "                 datagrams. On one hand, setting a low limit here makes it"]
-    #[doc = "                 easier for such an attacker to forcibly terminated a"]
-    #[doc = "                 connection. On the other hand, a high limit or no limit"]
-    #[doc = "                 might make us waste resources checking authentication on"]
-    #[doc = "                 many bogus packets."]
-    pub fn mbedtls_ssl_conf_dtls_badmac_limit(
-        conf: *mut mbedtls_ssl_config,
-        limit: crate::c_types::c_uint,
-    );
-}
-extern "C" {
-    #[doc = " \\brief          Allow or disallow packing of multiple handshake records"]
-    #[doc = "                 within a single datagram."]
-    #[doc = ""]
-    #[doc = " \\param ssl           The SSL context to configure."]
-    #[doc = " \\param allow_packing This determines whether datagram packing may"]
-    #[doc = "                      be used or not. A value of \\c 0 means that every"]
-    #[doc = "                      record will be sent in a separate datagram; a"]
-    #[doc = "                      value of \\c 1 means that, if space permits,"]
-    #[doc = "                      multiple handshake messages (including CCS) belonging to"]
-    #[doc = "                      a single flight may be packed within a single datagram."]
-    #[doc = ""]
-    #[doc = " \\note           This is enabled by default and should only be disabled"]
-    #[doc = "                 for test purposes, or if datagram packing causes"]
-    #[doc = "                 interoperability issues with peers that don't support it."]
-    #[doc = ""]
-    #[doc = " \\note           Allowing datagram packing reduces the network load since"]
-    #[doc = "                 there's less overhead if multiple messages share the same"]
-    #[doc = "                 datagram. Also, it increases the handshake efficiency"]
-    #[doc = "                 since messages belonging to a single datagram will not"]
-    #[doc = "                 be reordered in transit, and so future message buffering"]
-    #[doc = "                 or flight retransmission (if no buffering is used) as"]
-    #[doc = "                 means to deal with reordering are needed less frequently."]
-    #[doc = ""]
-    #[doc = " \\note           Application records are not affected by this option and"]
-    #[doc = "                 are currently always sent in separate datagrams."]
-    #[doc = ""]
-    pub fn mbedtls_ssl_set_datagram_packing(
-        ssl: *mut mbedtls_ssl_context,
-        allow_packing: crate::c_types::c_uint,
-    );
-}
-extern "C" {
-    #[doc = " \\brief          Set retransmit timeout values for the DTLS handshake."]
-    #[doc = "                 (DTLS only, no effect on TLS.)"]
-    #[doc = ""]
-    #[doc = " \\param conf     SSL configuration"]
-    #[doc = " \\param min      Initial timeout value in milliseconds."]
-    #[doc = "                 Default: 1000 (1 second)."]
-    #[doc = " \\param max      Maximum timeout value in milliseconds."]
-    #[doc = "                 Default: 60000 (60 seconds)."]
-    #[doc = ""]
-    #[doc = " \\note           Default values are from RFC 6347 section 4.2.4.1."]
-    #[doc = ""]
-    #[doc = " \\note           The 'min' value should typically be slightly above the"]
-    #[doc = "                 expected round-trip time to your peer, plus whatever time"]
-    #[doc = "                 it takes for the peer to process the message. For example,"]
-    #[doc = "                 if your RTT is about 600ms and you peer needs up to 1s to"]
-    #[doc = "                 do the cryptographic operations in the handshake, then you"]
-    #[doc = "                 should set 'min' slightly above 1600. Lower values of 'min'"]
-    #[doc = "                 might cause spurious resends which waste network resources,"]
-    #[doc = "                 while larger value of 'min' will increase overall latency"]
-    #[doc = "                 on unreliable network links."]
-    #[doc = ""]
-    #[doc = " \\note           The more unreliable your network connection is, the larger"]
-    #[doc = "                 your max / min ratio needs to be in order to achieve"]
-    #[doc = "                 reliable handshakes."]
-    #[doc = ""]
-    #[doc = " \\note           Messages are retransmitted up to log2(ceil(max/min)) times."]
-    #[doc = "                 For example, if min = 1s and max = 5s, the retransmit plan"]
-    #[doc = "                 goes: send ... 1s -> resend ... 2s -> resend ... 4s ->"]
-    #[doc = "                 resend ... 5s -> give up and return a timeout error."]
-    pub fn mbedtls_ssl_conf_handshake_timeout(conf: *mut mbedtls_ssl_config, min: u32, max: u32);
-}
-extern "C" {
-    #[doc = " \\brief          Set the session cache callbacks (server-side only)"]
-    #[doc = "                 If not set, no session resuming is done (except if session"]
-    #[doc = "                 tickets are enabled too)."]
-    #[doc = ""]
-    #[doc = "                 The session cache has the responsibility to check for stale"]
-    #[doc = "                 entries based on timeout. See RFC 5246 for recommendations."]
-    #[doc = ""]
-    #[doc = "                 Warning: session.peer_cert is cleared by the SSL/TLS layer on"]
-    #[doc = "                 connection shutdown, so do not cache the pointer! Either set"]
-    #[doc = "                 it to NULL or make a full copy of the certificate."]
-    #[doc = ""]
-    #[doc = "                 The get callback is called once during the initial handshake"]
-    #[doc = "                 to enable session resuming. The get function has the"]
-    #[doc = "                 following parameters: (void *parameter, mbedtls_ssl_session *session)"]
-    #[doc = "                 If a valid entry is found, it should fill the master of"]
-    #[doc = "                 the session object with the cached values and return 0,"]
-    #[doc = "                 return 1 otherwise. Optionally peer_cert can be set as well"]
-    #[doc = "                 if it is properly present in cache entry."]
-    #[doc = ""]
-    #[doc = "                 The set callback is called once during the initial handshake"]
-    #[doc = "                 to enable session resuming after the entire handshake has"]
-    #[doc = "                 been finished. The set function has the following parameters:"]
-    #[doc = "                 (void *parameter, const mbedtls_ssl_session *session). The function"]
-    #[doc = "                 should create a cache entry for future retrieval based on"]
-    #[doc = "                 the data in the session structure and should keep in mind"]
-    #[doc = "                 that the mbedtls_ssl_session object presented (and all its referenced"]
-    #[doc = "                 data) is cleared by the SSL/TLS layer when the connection is"]
-    #[doc = "                 terminated. It is recommended to add metadata to determine if"]
-    #[doc = "                 an entry is still valid in the future. Return 0 if"]
-    #[doc = "                 successfully cached, return 1 otherwise."]
-    #[doc = ""]
-    #[doc = " \\param conf           SSL configuration"]
-    #[doc = " \\param p_cache        parameter (context) for both callbacks"]
-    #[doc = " \\param f_get_cache    session get callback"]
-    #[doc = " \\param f_set_cache    session set callback"]
-    pub fn mbedtls_ssl_conf_session_cache(
-        conf: *mut mbedtls_ssl_config,
-        p_cache: *mut crate::c_types::c_void,
-        f_get_cache: mbedtls_ssl_cache_get_t,
-        f_set_cache: mbedtls_ssl_cache_set_t,
-    );
-}
-extern "C" {
-    #[doc = " \\brief          Load a session for session resumption."]
-    #[doc = ""]
-    #[doc = "                 Sessions loaded through this call will be considered"]
-    #[doc = "                 for session resumption in the next handshake."]
-    #[doc = ""]
-    #[doc = " \\note           Even if this call succeeds, it is not guaranteed that"]
-    #[doc = "                 the next handshake will indeed be shortened through the"]
-    #[doc = "                 use of session resumption: The server is always free"]
-    #[doc = "                 to reject any attempt for resumption and fall back to"]
-    #[doc = "                 a full handshake."]
-    #[doc = ""]
-    #[doc = " \\note           This function can handle a variety of mechanisms for session"]
-    #[doc = "                 resumption: For TLS 1.2, both session ID-based resumption and"]
-    #[doc = "                 ticket-based resumption will be considered. For TLS 1.3,"]
-    #[doc = "                 once implemented, sessions equate to tickets, and loading"]
-    #[doc = "                 one or more sessions via this call will lead to their"]
-    #[doc = "                 corresponding tickets being advertised as resumption PSKs"]
-    #[doc = "                 by the client."]
-    #[doc = ""]
-    #[doc = " \\note           Calling this function multiple times will only be useful"]
-    #[doc = "                 once TLS 1.3 is supported. For TLS 1.2 connections, this"]
-    #[doc = "                 function should be called at most once."]
-    #[doc = ""]
-    #[doc = " \\param ssl      The SSL context representing the connection which should"]
-    #[doc = "                 be attempted to be setup using session resumption. This"]
-    #[doc = "                 must be initialized via mbedtls_ssl_init() and bound to"]
-    #[doc = "                 an SSL configuration via mbedtls_ssl_setup(), but"]
-    #[doc = "                 the handshake must not yet have been started."]
-    #[doc = " \\param session  The session to be considered for session resumption."]
-    #[doc = "                 This must be a session previously exported via"]
-    #[doc = "                 mbedtls_ssl_get_session(), and potentially serialized and"]
-    #[doc = "                 deserialized through mbedtls_ssl_session_save() and"]
-    #[doc = "                 mbedtls_ssl_session_load() in the meantime."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful."]
-    #[doc = " \\return         \\c MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if the session"]
-    #[doc = "                 could not be loaded because of an implementation limitation."]
-    #[doc = "                 This error is non-fatal, and has no observable effect on"]
-    #[doc = "                 the SSL context or the session that was attempted to be loaded."]
-    #[doc = " \\return         Another negative error code on other kinds of failure."]
-    #[doc = ""]
-    #[doc = " \\sa             mbedtls_ssl_get_session()"]
-    #[doc = " \\sa             mbedtls_ssl_session_load()"]
-    pub fn mbedtls_ssl_set_session(
-        ssl: *mut mbedtls_ssl_context,
-        session: *const mbedtls_ssl_session,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Load serialized session data into a session structure."]
-    #[doc = "                 On client, this can be used for loading saved sessions"]
-    #[doc = "                 before resuming them with mbedtls_ssl_set_session()."]
-    #[doc = "                 On server, this can be used for alternative implementations"]
-    #[doc = "                 of session cache or session tickets."]
-    #[doc = ""]
-    #[doc = " \\warning        If a peer certificate chain is associated with the session,"]
-    #[doc = "                 the serialized state will only contain the peer's"]
-    #[doc = "                 end-entity certificate and the result of the chain"]
-    #[doc = "                 verification (unless verification was disabled), but not"]
-    #[doc = "                 the rest of the chain."]
-    #[doc = ""]
-    #[doc = " \\see            mbedtls_ssl_session_save()"]
-    #[doc = " \\see            mbedtls_ssl_set_session()"]
-    #[doc = ""]
-    #[doc = " \\param session  The session structure to be populated. It must have been"]
-    #[doc = "                 initialised with mbedtls_ssl_session_init() but not"]
-    #[doc = "                 populated yet."]
-    #[doc = " \\param buf      The buffer holding the serialized session data. It must be a"]
-    #[doc = "                 readable buffer of at least \\p len bytes."]
-    #[doc = " \\param len      The size of the serialized data in bytes."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful."]
-    #[doc = " \\return         #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed."]
-    #[doc = " \\return         #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid."]
-    #[doc = " \\return         #MBEDTLS_ERR_SSL_VERSION_MISMATCH if the serialized data"]
-    #[doc = "                 was generated in a different version or configuration of"]
-    #[doc = "                 Mbed TLS."]
-    #[doc = " \\return         Another negative value for other kinds of errors (for"]
-    #[doc = "                 example, unsupported features in the embedded certificate)."]
-    pub fn mbedtls_ssl_session_load(
-        session: *mut mbedtls_ssl_session,
-        buf: *const crate::c_types::c_uchar,
-        len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Save session structure as serialized data in a buffer."]
-    #[doc = "                 On client, this can be used for saving session data,"]
-    #[doc = "                 potentially in non-volatile storage, for resuming later."]
-    #[doc = "                 On server, this can be used for alternative implementations"]
-    #[doc = "                 of session cache or session tickets."]
-    #[doc = ""]
-    #[doc = " \\see            mbedtls_ssl_session_load()"]
-    #[doc = ""]
-    #[doc = " \\param session  The session structure to be saved."]
-    #[doc = " \\param buf      The buffer to write the serialized data to. It must be a"]
-    #[doc = "                 writeable buffer of at least \\p len bytes, or may be \\c"]
-    #[doc = "                 NULL if \\p len is \\c 0."]
-    #[doc = " \\param buf_len  The number of bytes available for writing in \\p buf."]
-    #[doc = " \\param olen     The size in bytes of the data that has been or would have"]
-    #[doc = "                 been written. It must point to a valid \\c size_t."]
-    #[doc = ""]
-    #[doc = " \\note           \\p olen is updated to the correct value regardless of"]
-    #[doc = "                 whether \\p buf_len was large enough. This makes it possible"]
-    #[doc = "                 to determine the necessary size by calling this function"]
-    #[doc = "                 with \\p buf set to \\c NULL and \\p buf_len to \\c 0."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful."]
-    #[doc = " \\return         #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \\p buf is too small."]
-    pub fn mbedtls_ssl_session_save(
-        session: *const mbedtls_ssl_session,
-        buf: *mut crate::c_types::c_uchar,
-        buf_len: size_t,
-        olen: *mut size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief               Set the list of allowed ciphersuites and the preference"]
-    #[doc = "                      order. First in the list has the highest preference."]
-    #[doc = ""]
-    #[doc = "                      For TLS 1.2, the notion of ciphersuite determines both"]
-    #[doc = "                      the key exchange mechanism and the suite of symmetric"]
-    #[doc = "                      algorithms to be used during and after the handshake."]
-    #[doc = ""]
-    #[doc = "                      For TLS 1.3 (in development), the notion of ciphersuite"]
-    #[doc = "                      only determines the suite of symmetric algorithms to be"]
-    #[doc = "                      used during and after the handshake, while key exchange"]
-    #[doc = "                      mechanisms are configured separately."]
-    #[doc = ""]
-    #[doc = "                      In Mbed TLS, ciphersuites for both TLS 1.2 and TLS 1.3"]
-    #[doc = "                      are configured via this function. For users of TLS 1.3,"]
-    #[doc = "                      there will be separate API for the configuration of key"]
-    #[doc = "                      exchange mechanisms."]
-    #[doc = ""]
-    #[doc = "                      The list of ciphersuites passed to this function may"]
-    #[doc = "                      contain a mixture of TLS 1.2 and TLS 1.3 ciphersuite"]
-    #[doc = "                      identifiers. This is useful if negotiation of TLS 1.3"]
-    #[doc = "                      should be attempted, but a fallback to TLS 1.2 would"]
-    #[doc = "                      be tolerated."]
-    #[doc = ""]
-    #[doc = " \\note                By default, the server chooses its preferred"]
-    #[doc = "                      ciphersuite among those that the client supports. If"]
-    #[doc = "                      mbedtls_ssl_conf_preference_order() is called to prefer"]
-    #[doc = "                      the client's preferences, the server instead chooses"]
-    #[doc = "                      the client's preferred ciphersuite among those that"]
-    #[doc = "                      the server supports."]
-    #[doc = ""]
-    #[doc = " \\warning             The ciphersuites array \\p ciphersuites is not copied."]
-    #[doc = "                      It must remain valid for the lifetime of the SSL"]
-    #[doc = "                      configuration \\p conf."]
-    #[doc = ""]
-    #[doc = " \\param conf          The SSL configuration to modify."]
-    #[doc = " \\param ciphersuites  A 0-terminated list of IANA identifiers of supported"]
-    #[doc = "                      ciphersuites, accessible through \\c MBEDTLS_TLS_XXX"]
-    #[doc = "                      and \\c MBEDTLS_TLS1_3_XXX macros defined in"]
-    #[doc = "                      ssl_ciphersuites.h."]
-    pub fn mbedtls_ssl_conf_ciphersuites(
-        conf: *mut mbedtls_ssl_config,
-        ciphersuites: *const crate::c_types::c_int,
-    );
-}
-extern "C" {
-    #[doc = " \\brief Set the supported key exchange modes for TLS 1.3 connections."]
-    #[doc = ""]
-    #[doc = "        In contrast to TLS 1.2, the ciphersuite concept in TLS 1.3 does not"]
-    #[doc = "        include the choice of key exchange mechanism. It is therefore not"]
-    #[doc = "        covered by the API mbedtls_ssl_conf_ciphersuites(). See the"]
-    #[doc = "        documentation of mbedtls_ssl_conf_ciphersuites() for more"]
-    #[doc = "        information on the ciphersuite concept in TLS 1.2 and TLS 1.3."]
-    #[doc = ""]
-    #[doc = "        The present function is specific to TLS 1.3 and allows users to"]
-    #[doc = "        configure the set of supported key exchange mechanisms in TLS 1.3."]
-    #[doc = ""]
-    #[doc = " \\param conf       The SSL configuration the change should apply to."]
-    #[doc = " \\param kex_modes  A bitwise combination of one or more of the following:"]
-    #[doc = "                   - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK"]
-    #[doc = "                     This flag enables pure-PSK key exchanges."]
-    #[doc = "                   - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL"]
-    #[doc = "                     This flag enables combined PSK-ephemeral key exchanges."]
-    #[doc = "                   - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL"]
-    #[doc = "                     This flag enables pure-ephemeral key exchanges."]
-    #[doc = "                   For convenience, the following pre-defined macros are"]
-    #[doc = "                   available for combinations of the above:"]
-    #[doc = "                   - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL"]
-    #[doc = "                     Includes all of pure-PSK, PSK-ephemeral and pure-ephemeral."]
-    #[doc = "                   - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL"]
-    #[doc = "                     Includes both pure-PSK and combined PSK-ephemeral"]
-    #[doc = "                     key exchanges, but excludes pure-ephemeral key exchanges."]
-    #[doc = "                   - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL"]
-    #[doc = "                     Includes both pure-ephemeral and combined PSK-ephemeral"]
-    #[doc = "                     key exchanges."]
-    #[doc = ""]
-    #[doc = " \\note  If a PSK-based key exchange mode shall be supported, applications"]
-    #[doc = "        must also use the APIs mbedtls_ssl_conf_psk() or"]
-    #[doc = "        mbedtls_ssl_conf_psk_cb() or mbedtls_ssl_conf_psk_opaque()"]
-    #[doc = "        to configure the PSKs to be used."]
-    #[doc = ""]
-    #[doc = " \\note  If a pure-ephemeral key exchange mode shall be supported,"]
-    #[doc = "        server-side applications must also provide a certificate via"]
-    #[doc = "        mbedtls_ssl_conf_own_cert()."]
-    #[doc = ""]
-    pub fn mbedtls_ssl_conf_tls13_key_exchange_modes(
-        conf: *mut mbedtls_ssl_config,
-        kex_modes: crate::c_types::c_int,
-    );
-}
-extern "C" {
-    #[doc = " \\brief               Specify the length of Connection IDs for incoming"]
-    #[doc = "                      encrypted DTLS records, as well as the behaviour"]
-    #[doc = "                      on unexpected CIDs."]
-    #[doc = ""]
-    #[doc = "                      By default, the CID length is set to \\c 0,"]
-    #[doc = "                      and unexpected CIDs are silently ignored."]
-    #[doc = ""]
-    #[doc = " \\param conf          The SSL configuration to modify."]
-    #[doc = " \\param len           The length in Bytes of the CID fields in encrypted"]
-    #[doc = "                      DTLS records using the CID mechanism. This must"]
-    #[doc = "                      not be larger than #MBEDTLS_SSL_CID_OUT_LEN_MAX."]
-    #[doc = " \\param ignore_other_cids This determines the stack's behaviour when"]
-    #[doc = "                          receiving a record with an unexpected CID."]
-    #[doc = "                          Possible values are:"]
-    #[doc = "                          - #MBEDTLS_SSL_UNEXPECTED_CID_IGNORE"]
-    #[doc = "                            In this case, the record is silently ignored."]
-    #[doc = "                          - #MBEDTLS_SSL_UNEXPECTED_CID_FAIL"]
-    #[doc = "                            In this case, the stack fails with the specific"]
-    #[doc = "                            error code #MBEDTLS_ERR_SSL_UNEXPECTED_CID."]
-    #[doc = ""]
-    #[doc = " \\note                The CID specification allows implementations to either"]
-    #[doc = "                      use a common length for all incoming connection IDs or"]
-    #[doc = "                      allow variable-length incoming IDs. Mbed TLS currently"]
-    #[doc = "                      requires a common length for all connections sharing the"]
-    #[doc = "                      same SSL configuration; this allows simpler parsing of"]
-    #[doc = "                      record headers."]
-    #[doc = ""]
-    #[doc = " \\return              \\c 0 on success."]
-    #[doc = " \\return              #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if \\p own_cid_len"]
-    #[doc = "                      is too large."]
-    pub fn mbedtls_ssl_conf_cid(
-        conf: *mut mbedtls_ssl_config,
-        len: size_t,
-        ignore_other_cids: crate::c_types::c_int,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Set the X.509 security profile used for verification"]
-    #[doc = ""]
-    #[doc = " \\note           The restrictions are enforced for all certificates in the"]
-    #[doc = "                 chain. However, signatures in the handshake are not covered"]
-    #[doc = "                 by this setting but by \\b mbedtls_ssl_conf_sig_hashes()."]
-    #[doc = ""]
-    #[doc = " \\param conf     SSL configuration"]
-    #[doc = " \\param profile  Profile to use"]
-    pub fn mbedtls_ssl_conf_cert_profile(
-        conf: *mut mbedtls_ssl_config,
-        profile: *const mbedtls_x509_crt_profile,
-    );
-}
-extern "C" {
-    #[doc = " \\brief          Set the data required to verify peer certificate"]
-    #[doc = ""]
-    #[doc = " \\note           See \\c mbedtls_x509_crt_verify() for notes regarding the"]
-    #[doc = "                 parameters ca_chain (maps to trust_ca for that function)"]
-    #[doc = "                 and ca_crl."]
-    #[doc = ""]
-    #[doc = " \\param conf     SSL configuration"]
-    #[doc = " \\param ca_chain trusted CA chain (meaning all fully trusted top-level CAs)"]
-    #[doc = " \\param ca_crl   trusted CA CRLs"]
-    pub fn mbedtls_ssl_conf_ca_chain(
-        conf: *mut mbedtls_ssl_config,
-        ca_chain: *mut mbedtls_x509_crt,
-        ca_crl: *mut mbedtls_x509_crl,
-    );
-}
-extern "C" {
-    #[doc = " \\brief          Set own certificate chain and private key"]
-    #[doc = ""]
-    #[doc = " \\note           own_cert should contain in order from the bottom up your"]
-    #[doc = "                 certificate chain. The top certificate (self-signed)"]
-    #[doc = "                 can be omitted."]
-    #[doc = ""]
-    #[doc = " \\note           On server, this function can be called multiple times to"]
-    #[doc = "                 provision more than one cert/key pair (eg one ECDSA, one"]
-    #[doc = "                 RSA with SHA-256, one RSA with SHA-1). An adequate"]
-    #[doc = "                 certificate will be selected according to the client's"]
-    #[doc = "                 advertised capabilities. In case multiple certificates are"]
-    #[doc = "                 adequate, preference is given to the one set by the first"]
-    #[doc = "                 call to this function, then second, etc."]
-    #[doc = ""]
-    #[doc = " \\note           On client, only the first call has any effect. That is,"]
-    #[doc = "                 only one client certificate can be provisioned. The"]
-    #[doc = "                 server's preferences in its CertificateRequest message will"]
-    #[doc = "                 be ignored and our only cert will be sent regardless of"]
-    #[doc = "                 whether it matches those preferences - the server can then"]
-    #[doc = "                 decide what it wants to do with it."]
-    #[doc = ""]
-    #[doc = " \\note           The provided \\p pk_key needs to match the public key in the"]
-    #[doc = "                 first certificate in \\p own_cert, or all handshakes using"]
-    #[doc = "                 that certificate will fail. It is your responsibility"]
-    #[doc = "                 to ensure that; this function will not perform any check."]
-    #[doc = "                 You may use mbedtls_pk_check_pair() in order to perform"]
-    #[doc = "                 this check yourself, but be aware that this function can"]
-    #[doc = "                 be computationally expensive on some key types."]
-    #[doc = ""]
-    #[doc = " \\param conf     SSL configuration"]
-    #[doc = " \\param own_cert own public certificate chain"]
-    #[doc = " \\param pk_key   own private key"]
-    #[doc = ""]
-    #[doc = " \\return         0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED"]
-    pub fn mbedtls_ssl_conf_own_cert(
-        conf: *mut mbedtls_ssl_config,
-        own_cert: *mut mbedtls_x509_crt,
-        pk_key: *mut mbedtls_pk_context,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Configure pre-shared keys (PSKs) and their"]
-    #[doc = "                 identities to be used in PSK-based ciphersuites."]
-    #[doc = ""]
-    #[doc = "                 Only one PSK can be registered, through either"]
-    #[doc = "                 mbedtls_ssl_conf_psk() or mbedtls_ssl_conf_psk_opaque()."]
-    #[doc = "                 If you attempt to register more than one PSK, this function"]
-    #[doc = "                 fails, though this may change in future versions, which"]
-    #[doc = "                 may add support for multiple PSKs."]
-    #[doc = ""]
-    #[doc = " \\note           This is mainly useful for clients. Servers will usually"]
-    #[doc = "                 want to use \\c mbedtls_ssl_conf_psk_cb() instead."]
-    #[doc = ""]
-    #[doc = " \\note           A PSK set by \\c mbedtls_ssl_set_hs_psk() in the PSK callback"]
-    #[doc = "                 takes precedence over a PSK configured by this function."]
-    #[doc = ""]
-    #[doc = " \\param conf     The SSL configuration to register the PSK with."]
-    #[doc = " \\param psk      The pointer to the pre-shared key to use."]
-    #[doc = " \\param psk_len  The length of the pre-shared key in bytes."]
-    #[doc = " \\param psk_identity      The pointer to the pre-shared key identity."]
-    #[doc = " \\param psk_identity_len  The length of the pre-shared key identity"]
-    #[doc = "                          in bytes."]
-    #[doc = ""]
-    #[doc = " \\note           The PSK and its identity are copied internally and"]
-    #[doc = "                 hence need not be preserved by the caller for the lifetime"]
-    #[doc = "                 of the SSL configuration."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful."]
-    #[doc = " \\return         #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if no more PSKs"]
-    #[doc = "                 can be configured. In this case, the old PSK(s) remain intact."]
-    #[doc = " \\return         Another negative error code on other kinds of failure."]
-    pub fn mbedtls_ssl_conf_psk(
-        conf: *mut mbedtls_ssl_config,
-        psk: *const crate::c_types::c_uchar,
-        psk_len: size_t,
-        psk_identity: *const crate::c_types::c_uchar,
-        psk_identity_len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Set the pre-shared Key (PSK) for the current handshake."]
-    #[doc = ""]
-    #[doc = " \\note           This should only be called inside the PSK callback,"]
-    #[doc = "                 i.e. the function passed to \\c mbedtls_ssl_conf_psk_cb()."]
-    #[doc = ""]
-    #[doc = " \\note           A PSK set by this function takes precedence over a PSK"]
-    #[doc = "                 configured by \\c mbedtls_ssl_conf_psk()."]
-    #[doc = ""]
-    #[doc = " \\param ssl      The SSL context to configure a PSK for."]
-    #[doc = " \\param psk      The pointer to the pre-shared key."]
-    #[doc = " \\param psk_len  The length of the pre-shared key in bytes."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful."]
-    #[doc = " \\return         An \\c MBEDTLS_ERR_SSL_XXX error code on failure."]
-    pub fn mbedtls_ssl_set_hs_psk(
-        ssl: *mut mbedtls_ssl_context,
-        psk: *const crate::c_types::c_uchar,
-        psk_len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Set the PSK callback (server-side only)."]
-    #[doc = ""]
-    #[doc = "                 If set, the PSK callback is called for each"]
-    #[doc = "                 handshake where a PSK-based ciphersuite was negotiated."]
-    #[doc = "                 The caller provides the identity received and wants to"]
-    #[doc = "                 receive the actual PSK data and length."]
-    #[doc = ""]
-    #[doc = "                 The callback has the following parameters:"]
-    #[doc = "                 - \\c void*: The opaque pointer \\p p_psk."]
-    #[doc = "                 - \\c mbedtls_ssl_context*: The SSL context to which"]
-    #[doc = "                                            the operation applies."]
-    #[doc = "                 - \\c const unsigned char*: The PSK identity"]
-    #[doc = "                                            selected by the client."]
-    #[doc = "                 - \\c size_t: The length of the PSK identity"]
-    #[doc = "                              selected by the client."]
-    #[doc = ""]
-    #[doc = "                 If a valid PSK identity is found, the callback should use"]
-    #[doc = "                 \\c mbedtls_ssl_set_hs_psk() or"]
-    #[doc = "                 \\c mbedtls_ssl_set_hs_psk_opaque()"]
-    #[doc = "                 on the SSL context to set the correct PSK and return \\c 0."]
-    #[doc = "                 Any other return value will result in a denied PSK identity."]
-    #[doc = ""]
-    #[doc = " \\note           A dynamic PSK (i.e. set by the PSK callback) takes"]
-    #[doc = "                 precedence over a static PSK (i.e. set by"]
-    #[doc = "                 \\c mbedtls_ssl_conf_psk() or"]
-    #[doc = "                 \\c mbedtls_ssl_conf_psk_opaque())."]
-    #[doc = "                 This means that if you set a PSK callback using this"]
-    #[doc = "                 function, you don't need to set a PSK using"]
-    #[doc = "                 \\c mbedtls_ssl_conf_psk() or"]
-    #[doc = "                 \\c mbedtls_ssl_conf_psk_opaque())."]
-    #[doc = ""]
-    #[doc = " \\param conf     The SSL configuration to register the callback with."]
-    #[doc = " \\param f_psk    The callback for selecting and setting the PSK based"]
-    #[doc = "                 in the PSK identity chosen by the client."]
-    #[doc = " \\param p_psk    A pointer to an opaque structure to be passed to"]
-    #[doc = "                 the callback, for example a PSK store."]
-    pub fn mbedtls_ssl_conf_psk_cb(
-        conf: *mut mbedtls_ssl_config,
-        f_psk: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut mbedtls_ssl_context,
-                arg3: *const crate::c_types::c_uchar,
-                arg4: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_psk: *mut crate::c_types::c_void,
-    );
-}
-extern "C" {
-    #[doc = " \\brief          Set the Diffie-Hellman public P and G values"]
-    #[doc = "                 from big-endian binary presentations."]
-    #[doc = "                 (Default values: MBEDTLS_DHM_RFC3526_MODP_2048_[PG]_BIN)"]
-    #[doc = ""]
-    #[doc = " \\param conf     SSL configuration"]
-    #[doc = " \\param dhm_P    Diffie-Hellman-Merkle modulus in big-endian binary form"]
-    #[doc = " \\param P_len    Length of DHM modulus"]
-    #[doc = " \\param dhm_G    Diffie-Hellman-Merkle generator in big-endian binary form"]
-    #[doc = " \\param G_len    Length of DHM generator"]
-    #[doc = ""]
-    #[doc = " \\return         0 if successful"]
-    pub fn mbedtls_ssl_conf_dh_param_bin(
-        conf: *mut mbedtls_ssl_config,
-        dhm_P: *const crate::c_types::c_uchar,
-        P_len: size_t,
-        dhm_G: *const crate::c_types::c_uchar,
-        G_len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Set the Diffie-Hellman public P and G values,"]
-    #[doc = "                 read from existing context (server-side only)"]
-    #[doc = ""]
-    #[doc = " \\param conf     SSL configuration"]
-    #[doc = " \\param dhm_ctx  Diffie-Hellman-Merkle context"]
-    #[doc = ""]
-    #[doc = " \\return         0 if successful"]
-    pub fn mbedtls_ssl_conf_dh_param_ctx(
-        conf: *mut mbedtls_ssl_config,
-        dhm_ctx: *mut mbedtls_dhm_context,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Set the minimum length for Diffie-Hellman parameters."]
-    #[doc = "                 (Client-side only.)"]
-    #[doc = "                 (Default: 1024 bits.)"]
-    #[doc = ""]
-    #[doc = " \\param conf     SSL configuration"]
-    #[doc = " \\param bitlen   Minimum bit length of the DHM prime"]
-    pub fn mbedtls_ssl_conf_dhm_min_bitlen(
-        conf: *mut mbedtls_ssl_config,
-        bitlen: crate::c_types::c_uint,
-    );
-}
-extern "C" {
-    #[doc = " \\brief          Set the allowed curves in order of preference."]
-    #[doc = ""]
-    #[doc = "                 On server: this only affects selection of the ECDHE curve;"]
-    #[doc = "                 the curves used for ECDH and ECDSA are determined by the"]
-    #[doc = "                 list of available certificates instead."]
-    #[doc = ""]
-    #[doc = "                 On client: this affects the list of curves offered for any"]
-    #[doc = "                 use. The server can override our preference order."]
-    #[doc = ""]
-    #[doc = "                 Both sides: limits the set of curves accepted for use in"]
-    #[doc = "                 ECDHE and in the peer's end-entity certificate."]
-    #[doc = ""]
-    #[doc = " \\deprecated     Superseded by mbedtls_ssl_conf_groups()."]
-    #[doc = ""]
-    #[doc = " \\note           This has no influence on which curves are allowed inside the"]
-    #[doc = "                 certificate chains, see \\c mbedtls_ssl_conf_cert_profile()"]
-    #[doc = "                 for that. For the end-entity certificate however, the key"]
-    #[doc = "                 will be accepted only if it is allowed both by this list"]
-    #[doc = "                 and by the cert profile."]
-    #[doc = ""]
-    #[doc = " \\note           This list should be ordered by decreasing preference"]
-    #[doc = "                 (preferred curve first)."]
-    #[doc = ""]
-    #[doc = " \\note           The default list is the same set of curves that"]
-    #[doc = "                 #mbedtls_x509_crt_profile_default allows, plus"]
-    #[doc = "                 ECDHE-only curves selected according to the same criteria."]
-    #[doc = "                 The order favors curves with the lowest resource usage."]
-    #[doc = ""]
-    #[doc = " \\note           New minor versions of Mbed TLS may extend this list,"]
-    #[doc = "                 for example if new curves are added to the library."]
-    #[doc = "                 New minor versions of Mbed TLS will not remove items"]
-    #[doc = "                 from this list unless serious security concerns require it."]
-    #[doc = "                 New minor versions of Mbed TLS may change the order in"]
-    #[doc = "                 keeping with the general principle of favoring the lowest"]
-    #[doc = "                 resource usage."]
-    #[doc = ""]
-    #[doc = " \\param conf     SSL configuration"]
-    #[doc = " \\param curves   Ordered list of allowed curves,"]
-    #[doc = "                 terminated by MBEDTLS_ECP_DP_NONE."]
-    pub fn mbedtls_ssl_conf_curves(
-        conf: *mut mbedtls_ssl_config,
-        curves: *const mbedtls_ecp_group_id,
-    );
-}
-extern "C" {
-    #[doc = " \\brief          Set the allowed groups in order of preference."]
-    #[doc = ""]
-    #[doc = "                 On server: This only affects the choice of key agreement mechanism"]
-    #[doc = ""]
-    #[doc = "                 On client: this affects the list of groups offered for any"]
-    #[doc = "                 use. The server can override our preference order."]
-    #[doc = ""]
-    #[doc = "                 Both sides: limits the set of groups accepted for use in"]
-    #[doc = "                 key sharing."]
-    #[doc = ""]
-    #[doc = " \\note           This function replaces the deprecated mbedtls_ssl_conf_curves(),"]
-    #[doc = "                 which only allows ECP curves to be configured."]
-    #[doc = ""]
-    #[doc = " \\note           The most recent invocation of either mbedtls_ssl_conf_curves()"]
-    #[doc = "                 or mbedtls_ssl_conf_groups() nullifies all previous invocations"]
-    #[doc = "                 of both."]
-    #[doc = ""]
-    #[doc = " \\note           This list should be ordered by decreasing preference"]
-    #[doc = "                 (preferred group first)."]
-    #[doc = ""]
-    #[doc = " \\note           When this function is not called, a default list is used,"]
-    #[doc = "                 consisting of all supported curves at 255 bits and above,"]
-    #[doc = "                 and all supported finite fields at 2048 bits and above."]
-    #[doc = "                 The order favors groups with the lowest resource usage."]
-    #[doc = ""]
-    #[doc = " \\note           New minor versions of Mbed TLS will not remove items"]
-    #[doc = "                 from the default list unless serious security concerns require it."]
-    #[doc = "                 New minor versions of Mbed TLS may change the order in"]
-    #[doc = "                 keeping with the general principle of favoring the lowest"]
-    #[doc = "                 resource usage."]
-    #[doc = ""]
-    #[doc = " \\param conf     SSL configuration"]
-    #[doc = " \\param groups   List of allowed groups ordered by preference, terminated by 0."]
-    #[doc = "                 Must contain valid IANA NamedGroup IDs (provided via either an integer"]
-    #[doc = "                 or using MBEDTLS_TLS1_3_NAMED_GROUP_XXX macros)."]
-    pub fn mbedtls_ssl_conf_groups(conf: *mut mbedtls_ssl_config, groups: *const u16);
-}
-extern "C" {
-    #[doc = " \\brief          Set the allowed hashes for signatures during the handshake."]
-    #[doc = ""]
-    #[doc = " \\note           This only affects which hashes are offered and can be used"]
-    #[doc = "                 for signatures during the handshake. Hashes for message"]
-    #[doc = "                 authentication and the TLS PRF are controlled by the"]
-    #[doc = "                 ciphersuite, see \\c mbedtls_ssl_conf_ciphersuites(). Hashes"]
-    #[doc = "                 used for certificate signature are controlled by the"]
-    #[doc = "                 verification profile, see \\c mbedtls_ssl_conf_cert_profile()."]
-    #[doc = ""]
-    #[doc = " \\note           This list should be ordered by decreasing preference"]
-    #[doc = "                 (preferred hash first)."]
-    #[doc = ""]
-    #[doc = " \\note           By default, all supported hashes whose length is at least"]
-    #[doc = "                 256 bits are allowed. This is the same set as the default"]
-    #[doc = "                 for certificate verification"]
-    #[doc = "                 (#mbedtls_x509_crt_profile_default)."]
-    #[doc = "                 The preference order is currently unspecified and may"]
-    #[doc = "                 change in future versions."]
-    #[doc = ""]
-    #[doc = " \\note           New minor versions of Mbed TLS may extend this list,"]
-    #[doc = "                 for example if new curves are added to the library."]
-    #[doc = "                 New minor versions of Mbed TLS will not remove items"]
-    #[doc = "                 from this list unless serious security concerns require it."]
-    #[doc = ""]
-    #[doc = " \\param conf     SSL configuration"]
-    #[doc = " \\param hashes   Ordered list of allowed signature hashes,"]
-    #[doc = "                 terminated by \\c MBEDTLS_MD_NONE."]
-    pub fn mbedtls_ssl_conf_sig_hashes(
-        conf: *mut mbedtls_ssl_config,
-        hashes: *const crate::c_types::c_int,
-    );
-}
-extern "C" {
-    #[doc = " \\brief          Configure allowed signature algorithms for use in TLS 1.3"]
-    #[doc = ""]
-    #[doc = " \\param conf     The SSL configuration to use."]
-    #[doc = " \\param sig_algs List of allowed IANA values for TLS 1.3 signature algorithms,"]
-    #[doc = "                 terminated by \\c MBEDTLS_TLS1_3_SIG_NONE. The list must remain"]
-    #[doc = "                 available throughout the lifetime of the conf object. Supported"]
-    #[doc = "                 values are available as \\c MBEDTLS_TLS1_3_SIG_XXXX"]
-    pub fn mbedtls_ssl_conf_sig_algs(conf: *mut mbedtls_ssl_config, sig_algs: *const u16);
-}
-extern "C" {
-    #[doc = " \\brief          Set or reset the hostname to check against the received"]
-    #[doc = "                 server certificate. It sets the ServerName TLS extension,"]
-    #[doc = "                 too, if that extension is enabled. (client-side only)"]
-    #[doc = ""]
-    #[doc = " \\param ssl      SSL context"]
-    #[doc = " \\param hostname the server hostname, may be NULL to clear hostname"]
-    #[doc = ""]
-    #[doc = " \\note           Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN."]
-    #[doc = ""]
-    #[doc = " \\return         0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on"]
-    #[doc = "                 allocation failure, MBEDTLS_ERR_SSL_BAD_INPUT_DATA on"]
-    #[doc = "                 too long input hostname."]
-    #[doc = ""]
-    #[doc = "                 Hostname set to the one provided on success (cleared"]
-    #[doc = "                 when NULL). On allocation failure hostname is cleared."]
-    #[doc = "                 On too long input failure, old hostname is unchanged."]
-    pub fn mbedtls_ssl_set_hostname(
-        ssl: *mut mbedtls_ssl_context,
-        hostname: *const crate::c_types::c_char,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Retrieve SNI extension value for the current handshake."]
-    #[doc = "                 Available in \\p f_cert_cb of \\c mbedtls_ssl_conf_cert_cb(),"]
-    #[doc = "                 this is the same value passed to \\p f_sni callback of"]
-    #[doc = "                 \\c mbedtls_ssl_conf_sni() and may be used instead of"]
-    #[doc = "                 \\c mbedtls_ssl_conf_sni()."]
-    #[doc = ""]
-    #[doc = " \\param ssl      SSL context"]
-    #[doc = " \\param name_len pointer into which to store length of returned value."]
-    #[doc = "                 0 if SNI extension is not present or not yet processed."]
-    #[doc = ""]
-    #[doc = " \\return         const pointer to SNI extension value."]
-    #[doc = "                 - value is valid only when called in \\p f_cert_cb"]
-    #[doc = "                   registered with \\c mbedtls_ssl_conf_cert_cb()."]
-    #[doc = "                 - value is NULL if SNI extension is not present."]
-    #[doc = "                 - value is not '\\0'-terminated.  Use \\c name_len for len."]
-    #[doc = "                 - value must not be freed."]
-    pub fn mbedtls_ssl_get_hs_sni(
-        ssl: *mut mbedtls_ssl_context,
-        name_len: *mut size_t,
-    ) -> *const crate::c_types::c_uchar;
-}
-extern "C" {
-    #[doc = " \\brief          Set own certificate and key for the current handshake"]
-    #[doc = ""]
-    #[doc = " \\note           Same as \\c mbedtls_ssl_conf_own_cert() but for use within"]
-    #[doc = "                 the SNI callback or the certificate selection callback."]
-    #[doc = ""]
-    #[doc = " \\note           Passing null \\c own_cert clears the certificate list for"]
-    #[doc = "                 the current handshake."]
-    #[doc = ""]
-    #[doc = " \\param ssl      SSL context"]
-    #[doc = " \\param own_cert own public certificate chain"]
-    #[doc = " \\param pk_key   own private key"]
-    #[doc = ""]
-    #[doc = " \\return         0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED"]
-    pub fn mbedtls_ssl_set_hs_own_cert(
-        ssl: *mut mbedtls_ssl_context,
-        own_cert: *mut mbedtls_x509_crt,
-        pk_key: *mut mbedtls_pk_context,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Set the data required to verify peer certificate for the"]
-    #[doc = "                 current handshake"]
-    #[doc = ""]
-    #[doc = " \\note           Same as \\c mbedtls_ssl_conf_ca_chain() but for use within"]
-    #[doc = "                 the SNI callback or the certificate selection callback."]
-    #[doc = ""]
-    #[doc = " \\param ssl      SSL context"]
-    #[doc = " \\param ca_chain trusted CA chain (meaning all fully trusted top-level CAs)"]
-    #[doc = " \\param ca_crl   trusted CA CRLs"]
-    pub fn mbedtls_ssl_set_hs_ca_chain(
-        ssl: *mut mbedtls_ssl_context,
-        ca_chain: *mut mbedtls_x509_crt,
-        ca_crl: *mut mbedtls_x509_crl,
-    );
-}
-extern "C" {
-    #[doc = " \\brief          Set DN hints sent to client in CertificateRequest message"]
-    #[doc = ""]
-    #[doc = " \\note           Same as \\c mbedtls_ssl_conf_dn_hints() but for use within"]
-    #[doc = "                 the SNI callback or the certificate selection callback."]
-    #[doc = ""]
-    #[doc = " \\param ssl      SSL context"]
-    #[doc = " \\param crt      crt chain whose subject DNs are issuer DNs of client certs"]
-    #[doc = "                 from which the client should select client peer certificate."]
-    pub fn mbedtls_ssl_set_hs_dn_hints(ssl: *mut mbedtls_ssl_context, crt: *const mbedtls_x509_crt);
-}
-extern "C" {
-    #[doc = " \\brief          Set authmode for the current handshake."]
-    #[doc = ""]
-    #[doc = " \\note           Same as \\c mbedtls_ssl_conf_authmode() but for use within"]
-    #[doc = "                 the SNI callback or the certificate selection callback."]
-    #[doc = ""]
-    #[doc = " \\param ssl      SSL context"]
-    #[doc = " \\param authmode MBEDTLS_SSL_VERIFY_NONE, MBEDTLS_SSL_VERIFY_OPTIONAL or"]
-    #[doc = "                 MBEDTLS_SSL_VERIFY_REQUIRED"]
-    pub fn mbedtls_ssl_set_hs_authmode(
-        ssl: *mut mbedtls_ssl_context,
-        authmode: crate::c_types::c_int,
-    );
-}
-extern "C" {
-    #[doc = " \\brief          Set server side ServerName TLS extension callback"]
-    #[doc = "                 (optional, server-side only)."]
-    #[doc = ""]
-    #[doc = "                 If set, the ServerName callback is called whenever the"]
-    #[doc = "                 server receives a ServerName TLS extension from the client"]
-    #[doc = "                 during a handshake. The ServerName callback has the"]
-    #[doc = "                 following parameters: (void *parameter, mbedtls_ssl_context *ssl,"]
-    #[doc = "                 const unsigned char *hostname, size_t len). If a suitable"]
-    #[doc = "                 certificate is found, the callback must set the"]
-    #[doc = "                 certificate(s) and key(s) to use with \\c"]
-    #[doc = "                 mbedtls_ssl_set_hs_own_cert() (can be called repeatedly),"]
-    #[doc = "                 and may optionally adjust the CA and associated CRL with \\c"]
-    #[doc = "                 mbedtls_ssl_set_hs_ca_chain() as well as the client"]
-    #[doc = "                 authentication mode with \\c mbedtls_ssl_set_hs_authmode(),"]
-    #[doc = "                 then must return 0. If no matching name is found, the"]
-    #[doc = "                 callback may return non-zero to abort the handshake."]
-    #[doc = ""]
-    #[doc = " \\param conf     SSL configuration"]
-    #[doc = " \\param f_sni    verification function"]
-    #[doc = " \\param p_sni    verification parameter"]
-    pub fn mbedtls_ssl_conf_sni(
-        conf: *mut mbedtls_ssl_config,
-        f_sni: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut mbedtls_ssl_context,
-                arg3: *const crate::c_types::c_uchar,
-                arg4: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_sni: *mut crate::c_types::c_void,
-    );
-}
-extern "C" {
-    #[doc = " \\brief          Set the supported Application Layer Protocols."]
-    #[doc = ""]
-    #[doc = " \\param conf     SSL configuration"]
-    #[doc = " \\param protos   Pointer to a NULL-terminated list of supported protocols,"]
-    #[doc = "                 in decreasing preference order. The pointer to the list is"]
-    #[doc = "                 recorded by the library for later reference as required, so"]
-    #[doc = "                 the lifetime of the table must be at least as long as the"]
-    #[doc = "                 lifetime of the SSL configuration structure."]
-    #[doc = ""]
-    #[doc = " \\return         0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA."]
-    pub fn mbedtls_ssl_conf_alpn_protocols(
-        conf: *mut mbedtls_ssl_config,
-        protos: *mut *const crate::c_types::c_char,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Get the name of the negotiated Application Layer Protocol."]
-    #[doc = "                 This function should be called after the handshake is"]
-    #[doc = "                 completed."]
-    #[doc = ""]
-    #[doc = " \\param ssl      SSL context"]
-    #[doc = ""]
-    #[doc = " \\return         Protocol name, or NULL if no protocol was negotiated."]
-    pub fn mbedtls_ssl_get_alpn_protocol(
-        ssl: *const mbedtls_ssl_context,
-    ) -> *const crate::c_types::c_char;
-}
-extern "C" {
-    #[doc = " \\brief          Set the maximum supported version sent from the client side"]
-    #[doc = "                 and/or accepted at the server side."]
-    #[doc = ""]
-    #[doc = "                 See also the documentation of mbedtls_ssl_conf_min_version()."]
-    #[doc = ""]
-    #[doc = " \\note           This ignores ciphersuites from higher versions."]
-    #[doc = ""]
-    #[doc = " \\note           This function is deprecated and has been replaced by"]
-    #[doc = "                 \\c mbedtls_ssl_conf_max_tls_version()."]
-    #[doc = ""]
-    #[doc = " \\param conf     SSL configuration"]
-    #[doc = " \\param major    Major version number (#MBEDTLS_SSL_MAJOR_VERSION_3)"]
-    #[doc = " \\param minor    Minor version number"]
-    #[doc = "                 (#MBEDTLS_SSL_MINOR_VERSION_3 for (D)TLS 1.2,"]
-    #[doc = "                 #MBEDTLS_SSL_MINOR_VERSION_4 for TLS 1.3)"]
-    pub fn mbedtls_ssl_conf_max_version(
-        conf: *mut mbedtls_ssl_config,
-        major: crate::c_types::c_int,
-        minor: crate::c_types::c_int,
-    );
-}
-extern "C" {
-    #[doc = " \\brief          Set the minimum accepted SSL/TLS protocol version"]
-    #[doc = ""]
-    #[doc = " \\note           By default, all supported versions are accepted."]
-    #[doc = "                 Future versions of the library may disable older"]
-    #[doc = "                 protocol versions by default if they become deprecated."]
-    #[doc = ""]
-    #[doc = " \\note           The following versions are supported (if enabled at"]
-    #[doc = "                 compile time):"]
-    #[doc = "                 - (D)TLS 1.2: \\p major = #MBEDTLS_SSL_MAJOR_VERSION_3,"]
-    #[doc = "                   \\p minor = #MBEDTLS_SSL_MINOR_VERSION_3"]
-    #[doc = "                 - TLS 1.3: \\p major = #MBEDTLS_SSL_MAJOR_VERSION_3,"]
-    #[doc = "                   \\p minor = #MBEDTLS_SSL_MINOR_VERSION_4"]
-    #[doc = ""]
-    #[doc = "                 Note that the numbers in the constant names are the"]
-    #[doc = "                 TLS internal protocol numbers, and the minor versions"]
-    #[doc = "                 differ by one from the human-readable versions!"]
-    #[doc = ""]
-    #[doc = " \\note           Input outside of the SSL_MAX_XXXXX_VERSION and"]
-    #[doc = "                 SSL_MIN_XXXXX_VERSION range is ignored."]
-    #[doc = ""]
-    #[doc = " \\note           After the handshake, you can call"]
-    #[doc = "                 mbedtls_ssl_get_version_number() to see what version was"]
-    #[doc = "                 negotiated."]
-    #[doc = ""]
-    #[doc = " \\note           This function is deprecated and has been replaced by"]
-    #[doc = "                 \\c mbedtls_ssl_conf_min_tls_version()."]
-    #[doc = ""]
-    #[doc = " \\param conf     SSL configuration"]
-    #[doc = " \\param major    Major version number (#MBEDTLS_SSL_MAJOR_VERSION_3)"]
-    #[doc = " \\param minor    Minor version number"]
-    #[doc = "                 (#MBEDTLS_SSL_MINOR_VERSION_3 for (D)TLS 1.2,"]
-    #[doc = "                 #MBEDTLS_SSL_MINOR_VERSION_4 for TLS 1.3)"]
-    pub fn mbedtls_ssl_conf_min_version(
-        conf: *mut mbedtls_ssl_config,
-        major: crate::c_types::c_int,
-        minor: crate::c_types::c_int,
-    );
-}
-extern "C" {
-    #[doc = " \\brief           Enable or disable Encrypt-then-MAC"]
-    #[doc = "                  (Default: MBEDTLS_SSL_ETM_ENABLED)"]
-    #[doc = ""]
-    #[doc = " \\note            This should always be enabled, it is a security"]
-    #[doc = "                  improvement, and should not cause any interoperability"]
-    #[doc = "                  issue (used only if the peer supports it too)."]
-    #[doc = ""]
-    #[doc = " \\param conf      SSL configuration"]
-    #[doc = " \\param etm       MBEDTLS_SSL_ETM_ENABLED or MBEDTLS_SSL_ETM_DISABLED"]
-    pub fn mbedtls_ssl_conf_encrypt_then_mac(
-        conf: *mut mbedtls_ssl_config,
-        etm: crate::c_types::c_char,
-    );
-}
-extern "C" {
-    #[doc = " \\brief           Enable or disable Extended Master Secret negotiation."]
-    #[doc = "                  (Default: MBEDTLS_SSL_EXTENDED_MS_ENABLED)"]
-    #[doc = ""]
-    #[doc = " \\note            This should always be enabled, it is a security fix to the"]
-    #[doc = "                  protocol, and should not cause any interoperability issue"]
-    #[doc = "                  (used only if the peer supports it too)."]
-    #[doc = ""]
-    #[doc = " \\param conf      SSL configuration"]
-    #[doc = " \\param ems       MBEDTLS_SSL_EXTENDED_MS_ENABLED or MBEDTLS_SSL_EXTENDED_MS_DISABLED"]
-    pub fn mbedtls_ssl_conf_extended_master_secret(
-        conf: *mut mbedtls_ssl_config,
-        ems: crate::c_types::c_char,
-    );
-}
-extern "C" {
-    #[doc = " \\brief          Whether to send a list of acceptable CAs in"]
-    #[doc = "                 CertificateRequest messages."]
-    #[doc = "                 (Default: do send)"]
-    #[doc = ""]
-    #[doc = " \\param conf     SSL configuration"]
-    #[doc = " \\param cert_req_ca_list   MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED or"]
-    #[doc = "                          MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED"]
-    pub fn mbedtls_ssl_conf_cert_req_ca_list(
-        conf: *mut mbedtls_ssl_config,
-        cert_req_ca_list: crate::c_types::c_char,
-    );
-}
-extern "C" {
-    #[doc = " \\brief          Set the maximum fragment length to emit and/or negotiate."]
-    #[doc = "                 (Typical: the smaller of #MBEDTLS_SSL_IN_CONTENT_LEN and"]
-    #[doc = "                 #MBEDTLS_SSL_OUT_CONTENT_LEN, usually `2^14` bytes)"]
-    #[doc = "                 (Server: set maximum fragment length to emit,"]
-    #[doc = "                 usually negotiated by the client during handshake)"]
-    #[doc = "                 (Client: set maximum fragment length to emit *and*"]
-    #[doc = "                 negotiate with the server during handshake)"]
-    #[doc = "                 (Default: #MBEDTLS_SSL_MAX_FRAG_LEN_NONE)"]
-    #[doc = ""]
-    #[doc = " \\note           On the client side, the maximum fragment length extension"]
-    #[doc = "                 *will not* be used, unless the maximum fragment length has"]
-    #[doc = "                 been set via this function to a value different than"]
-    #[doc = "                 #MBEDTLS_SSL_MAX_FRAG_LEN_NONE."]
-    #[doc = ""]
-    #[doc = " \\note           With TLS, this currently only affects ApplicationData (sent"]
-    #[doc = "                 with \\c mbedtls_ssl_read()), not handshake messages."]
-    #[doc = "                 With DTLS, this affects both ApplicationData and handshake."]
-    #[doc = ""]
-    #[doc = " \\note           This sets the maximum length for a record's payload,"]
-    #[doc = "                 excluding record overhead that will be added to it, see"]
-    #[doc = "                 \\c mbedtls_ssl_get_record_expansion()."]
-    #[doc = ""]
-    #[doc = " \\note           For DTLS, it is also possible to set a limit for the total"]
-    #[doc = "                 size of datagrams passed to the transport layer, including"]
-    #[doc = "                 record overhead, see \\c mbedtls_ssl_set_mtu()."]
-    #[doc = ""]
-    #[doc = " \\param conf     SSL configuration"]
-    #[doc = " \\param mfl_code Code for maximum fragment length (allowed values:"]
-    #[doc = "                 MBEDTLS_SSL_MAX_FRAG_LEN_512,  MBEDTLS_SSL_MAX_FRAG_LEN_1024,"]
-    #[doc = "                 MBEDTLS_SSL_MAX_FRAG_LEN_2048, MBEDTLS_SSL_MAX_FRAG_LEN_4096)"]
-    #[doc = ""]
-    #[doc = " \\return         0 if successful or MBEDTLS_ERR_SSL_BAD_INPUT_DATA"]
-    pub fn mbedtls_ssl_conf_max_frag_len(
-        conf: *mut mbedtls_ssl_config,
-        mfl_code: crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Pick the ciphersuites order according to the second parameter"]
-    #[doc = "                 in the SSL Server module (MBEDTLS_SSL_SRV_C)."]
-    #[doc = "                 (Default, if never called: MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER)"]
-    #[doc = ""]
-    #[doc = " \\param conf     SSL configuration"]
-    #[doc = " \\param order    Server or client (MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER"]
-    #[doc = "                                or MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT)"]
-    pub fn mbedtls_ssl_conf_preference_order(
-        conf: *mut mbedtls_ssl_config,
-        order: crate::c_types::c_int,
-    );
-}
-extern "C" {
-    #[doc = " \\brief          Enable / Disable session tickets (client only)."]
-    #[doc = "                 (Default: MBEDTLS_SSL_SESSION_TICKETS_ENABLED.)"]
-    #[doc = ""]
-    #[doc = " \\note           On server, use \\c mbedtls_ssl_conf_session_tickets_cb()."]
-    #[doc = ""]
-    #[doc = " \\param conf     SSL configuration"]
-    #[doc = " \\param use_tickets   Enable or disable (MBEDTLS_SSL_SESSION_TICKETS_ENABLED or"]
-    #[doc = "                                         MBEDTLS_SSL_SESSION_TICKETS_DISABLED)"]
-    pub fn mbedtls_ssl_conf_session_tickets(
-        conf: *mut mbedtls_ssl_config,
-        use_tickets: crate::c_types::c_int,
-    );
-}
-extern "C" {
-    #[doc = " \\brief   Number of NewSessionTicket messages for the server to send"]
-    #[doc = "          after handshake completion."]
-    #[doc = ""]
-    #[doc = " \\note    The default value is"]
-    #[doc = "          \\c MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS."]
-    #[doc = ""]
-    #[doc = " \\note    In case of a session resumption, this setting only partially apply."]
-    #[doc = "          At most one ticket is sent in that case to just renew the pool of"]
-    #[doc = "          tickets of the client. The rationale is to avoid the number of"]
-    #[doc = "          tickets on the server to become rapidly out of control when the"]
-    #[doc = "          server has the same configuration for all its connection instances."]
-    #[doc = ""]
-    #[doc = " \\param conf    SSL configuration"]
-    #[doc = " \\param num_tickets    Number of NewSessionTicket."]
-    #[doc = ""]
-    pub fn mbedtls_ssl_conf_new_session_tickets(conf: *mut mbedtls_ssl_config, num_tickets: u16);
-}
-extern "C" {
-    #[doc = " \\brief          Enable / Disable renegotiation support for connection when"]
-    #[doc = "                 initiated by peer"]
-    #[doc = "                 (Default: MBEDTLS_SSL_RENEGOTIATION_DISABLED)"]
-    #[doc = ""]
-    #[doc = " \\warning        It is recommended to always disable renegotiation unless you"]
-    #[doc = "                 know you need it and you know what you're doing. In the"]
-    #[doc = "                 past, there have been several issues associated with"]
-    #[doc = "                 renegotiation or a poor understanding of its properties."]
-    #[doc = ""]
-    #[doc = " \\note           Server-side, enabling renegotiation also makes the server"]
-    #[doc = "                 susceptible to a resource DoS by a malicious client."]
-    #[doc = ""]
-    #[doc = " \\param conf    SSL configuration"]
-    #[doc = " \\param renegotiation     Enable or disable (MBEDTLS_SSL_RENEGOTIATION_ENABLED or"]
-    #[doc = "                                             MBEDTLS_SSL_RENEGOTIATION_DISABLED)"]
-    pub fn mbedtls_ssl_conf_renegotiation(
-        conf: *mut mbedtls_ssl_config,
-        renegotiation: crate::c_types::c_int,
-    );
-}
-extern "C" {
-    #[doc = " \\brief          Prevent or allow legacy renegotiation."]
-    #[doc = "                 (Default: MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION)"]
-    #[doc = ""]
-    #[doc = "                 MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION allows connections to"]
-    #[doc = "                 be established even if the peer does not support"]
-    #[doc = "                 secure renegotiation, but does not allow renegotiation"]
-    #[doc = "                 to take place if not secure."]
-    #[doc = "                 (Interoperable and secure option)"]
-    #[doc = ""]
-    #[doc = "                 MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION allows renegotiations"]
-    #[doc = "                 with non-upgraded peers. Allowing legacy renegotiation"]
-    #[doc = "                 makes the connection vulnerable to specific man in the"]
-    #[doc = "                 middle attacks. (See RFC 5746)"]
-    #[doc = "                 (Most interoperable and least secure option)"]
-    #[doc = ""]
-    #[doc = "                 MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE breaks off connections"]
-    #[doc = "                 if peer does not support secure renegotiation. Results"]
-    #[doc = "                 in interoperability issues with non-upgraded peers"]
-    #[doc = "                 that do not support renegotiation altogether."]
-    #[doc = "                 (Most secure option, interoperability issues)"]
-    #[doc = ""]
-    #[doc = " \\param conf     SSL configuration"]
-    #[doc = " \\param allow_legacy  Prevent or allow (SSL_NO_LEGACY_RENEGOTIATION,"]
-    #[doc = "                                        SSL_ALLOW_LEGACY_RENEGOTIATION or"]
-    #[doc = "                                        MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE)"]
-    pub fn mbedtls_ssl_conf_legacy_renegotiation(
-        conf: *mut mbedtls_ssl_config,
-        allow_legacy: crate::c_types::c_int,
-    );
-}
-extern "C" {
-    #[doc = " \\brief          Enforce renegotiation requests."]
-    #[doc = "                 (Default: enforced, max_records = 16)"]
-    #[doc = ""]
-    #[doc = "                 When we request a renegotiation, the peer can comply or"]
-    #[doc = "                 ignore the request. This function allows us to decide"]
-    #[doc = "                 whether to enforce our renegotiation requests by closing"]
-    #[doc = "                 the connection if the peer doesn't comply."]
-    #[doc = ""]
-    #[doc = "                 However, records could already be in transit from the peer"]
-    #[doc = "                 when the request is emitted. In order to increase"]
-    #[doc = "                 reliability, we can accept a number of records before the"]
-    #[doc = "                 expected handshake records."]
-    #[doc = ""]
-    #[doc = "                 The optimal value is highly dependent on the specific usage"]
-    #[doc = "                 scenario."]
-    #[doc = ""]
-    #[doc = " \\note           With DTLS and server-initiated renegotiation, the"]
-    #[doc = "                 HelloRequest is retransmitted every time mbedtls_ssl_read() times"]
-    #[doc = "                 out or receives Application Data, until:"]
-    #[doc = "                 - max_records records have beens seen, if it is >= 0, or"]
-    #[doc = "                 - the number of retransmits that would happen during an"]
-    #[doc = "                 actual handshake has been reached."]
-    #[doc = "                 Please remember the request might be lost a few times"]
-    #[doc = "                 if you consider setting max_records to a really low value."]
-    #[doc = ""]
-    #[doc = " \\warning        On client, the grace period can only happen during"]
-    #[doc = "                 mbedtls_ssl_read(), as opposed to mbedtls_ssl_write() and mbedtls_ssl_renegotiate()"]
-    #[doc = "                 which always behave as if max_record was 0. The reason is,"]
-    #[doc = "                 if we receive application data from the server, we need a"]
-    #[doc = "                 place to write it, which only happens during mbedtls_ssl_read()."]
-    #[doc = ""]
-    #[doc = " \\param conf     SSL configuration"]
-    #[doc = " \\param max_records Use MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED if you don't want to"]
-    #[doc = "                 enforce renegotiation, or a non-negative value to enforce"]
-    #[doc = "                 it but allow for a grace period of max_records records."]
-    pub fn mbedtls_ssl_conf_renegotiation_enforced(
-        conf: *mut mbedtls_ssl_config,
-        max_records: crate::c_types::c_int,
-    );
-}
-extern "C" {
-    #[doc = " \\brief          Set record counter threshold for periodic renegotiation."]
-    #[doc = "                 (Default: 2^48 - 1)"]
-    #[doc = ""]
-    #[doc = "                 Renegotiation is automatically triggered when a record"]
-    #[doc = "                 counter (outgoing or incoming) crosses the defined"]
-    #[doc = "                 threshold. The default value is meant to prevent the"]
-    #[doc = "                 connection from being closed when the counter is about to"]
-    #[doc = "                 reached its maximal value (it is not allowed to wrap)."]
-    #[doc = ""]
-    #[doc = "                 Lower values can be used to enforce policies such as \"keys"]
-    #[doc = "                 must be refreshed every N packets with cipher X\"."]
-    #[doc = ""]
-    #[doc = "                 The renegotiation period can be disabled by setting"]
-    #[doc = "                 conf->disable_renegotiation to"]
-    #[doc = "                 MBEDTLS_SSL_RENEGOTIATION_DISABLED."]
-    #[doc = ""]
-    #[doc = " \\note           When the configured transport is"]
-    #[doc = "                 MBEDTLS_SSL_TRANSPORT_DATAGRAM the maximum renegotiation"]
-    #[doc = "                 period is 2^48 - 1, and for MBEDTLS_SSL_TRANSPORT_STREAM,"]
-    #[doc = "                 the maximum renegotiation period is 2^64 - 1."]
-    #[doc = ""]
-    #[doc = " \\param conf     SSL configuration"]
-    #[doc = " \\param period   The threshold value: a big-endian 64-bit number."]
-    pub fn mbedtls_ssl_conf_renegotiation_period(
-        conf: *mut mbedtls_ssl_config,
-        period: *const crate::c_types::c_uchar,
-    );
-}
-extern "C" {
-    #[doc = " \\brief          Check if there is data already read from the"]
-    #[doc = "                 underlying transport but not yet processed."]
-    #[doc = ""]
-    #[doc = " \\param ssl      SSL context"]
-    #[doc = ""]
-    #[doc = " \\return         0 if nothing's pending, 1 otherwise."]
-    #[doc = ""]
-    #[doc = " \\note           This is different in purpose and behaviour from"]
-    #[doc = "                 \\c mbedtls_ssl_get_bytes_avail in that it considers"]
-    #[doc = "                 any kind of unprocessed data, not only unread"]
-    #[doc = "                 application data. If \\c mbedtls_ssl_get_bytes"]
-    #[doc = "                 returns a non-zero value, this function will"]
-    #[doc = "                 also signal pending data, but the converse does"]
-    #[doc = "                 not hold. For example, in DTLS there might be"]
-    #[doc = "                 further records waiting to be processed from"]
-    #[doc = "                 the current underlying transport's datagram."]
-    #[doc = ""]
-    #[doc = " \\note           If this function returns 1 (data pending), this"]
-    #[doc = "                 does not imply that a subsequent call to"]
-    #[doc = "                 \\c mbedtls_ssl_read will provide any data;"]
-    #[doc = "                 e.g., the unprocessed data might turn out"]
-    #[doc = "                 to be an alert or a handshake message."]
-    #[doc = ""]
-    #[doc = " \\note           This function is useful in the following situation:"]
-    #[doc = "                 If the SSL/TLS module successfully returns from an"]
-    #[doc = "                 operation - e.g. a handshake or an application record"]
-    #[doc = "                 read - and you're awaiting incoming data next, you"]
-    #[doc = "                 must not immediately idle on the underlying transport"]
-    #[doc = "                 to have data ready, but you need to check the value"]
-    #[doc = "                 of this function first. The reason is that the desired"]
-    #[doc = "                 data might already be read but not yet processed."]
-    #[doc = "                 If, in contrast, a previous call to the SSL/TLS module"]
-    #[doc = "                 returned MBEDTLS_ERR_SSL_WANT_READ, it is not necessary"]
-    #[doc = "                 to call this function, as the latter error code entails"]
-    #[doc = "                 that all internal data has been processed."]
-    #[doc = ""]
-    pub fn mbedtls_ssl_check_pending(ssl: *const mbedtls_ssl_context) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Return the number of application data bytes"]
-    #[doc = "                 remaining to be read from the current record."]
-    #[doc = ""]
-    #[doc = " \\param ssl      SSL context"]
-    #[doc = ""]
-    #[doc = " \\return         How many bytes are available in the application"]
-    #[doc = "                 data record read buffer."]
-    #[doc = ""]
-    #[doc = " \\note           When working over a datagram transport, this is"]
-    #[doc = "                 useful to detect the current datagram's boundary"]
-    #[doc = "                 in case \\c mbedtls_ssl_read has written the maximal"]
-    #[doc = "                 amount of data fitting into the input buffer."]
-    #[doc = ""]
-    pub fn mbedtls_ssl_get_bytes_avail(ssl: *const mbedtls_ssl_context) -> size_t;
-}
-extern "C" {
-    #[doc = " \\brief          Return the result of the certificate verification"]
-    #[doc = ""]
-    #[doc = " \\param ssl      The SSL context to use."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if the certificate verification was successful."]
-    #[doc = " \\return         \\c -1u if the result is not available. This may happen"]
-    #[doc = "                 e.g. if the handshake aborts early, or a verification"]
-    #[doc = "                 callback returned a fatal error."]
-    #[doc = " \\return         A bitwise combination of \\c MBEDTLS_X509_BADCERT_XXX"]
-    #[doc = "                 and \\c MBEDTLS_X509_BADCRL_XXX failure flags; see x509.h."]
-    pub fn mbedtls_ssl_get_verify_result(ssl: *const mbedtls_ssl_context) -> u32;
-}
-extern "C" {
-    #[doc = " \\brief          Return the id of the current ciphersuite"]
-    #[doc = ""]
-    #[doc = " \\param ssl      SSL context"]
-    #[doc = ""]
-    #[doc = " \\return         a ciphersuite id"]
-    pub fn mbedtls_ssl_get_ciphersuite_id_from_ssl(
-        ssl: *const mbedtls_ssl_context,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Return the name of the current ciphersuite"]
-    #[doc = ""]
-    #[doc = " \\param ssl      SSL context"]
-    #[doc = ""]
-    #[doc = " \\return         a string containing the ciphersuite name"]
-    pub fn mbedtls_ssl_get_ciphersuite(
-        ssl: *const mbedtls_ssl_context,
-    ) -> *const crate::c_types::c_char;
-}
-extern "C" {
-    #[doc = " \\brief          Return the current TLS version"]
-    #[doc = ""]
-    #[doc = " \\param ssl      SSL context"]
-    #[doc = ""]
-    #[doc = " \\return         a string containing the TLS version"]
-    pub fn mbedtls_ssl_get_version(
-        ssl: *const mbedtls_ssl_context,
-    ) -> *const crate::c_types::c_char;
-}
-extern "C" {
-    #[doc = " \\brief          Return the (maximum) number of bytes added by the record"]
-    #[doc = "                 layer: header + encryption/MAC overhead (inc. padding)"]
-    #[doc = ""]
-    #[doc = " \\param ssl      SSL context"]
-    #[doc = ""]
-    #[doc = " \\return         Current maximum record expansion in bytes"]
-    pub fn mbedtls_ssl_get_record_expansion(
-        ssl: *const mbedtls_ssl_context,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Return the current maximum outgoing record payload in bytes."]
-    #[doc = ""]
-    #[doc = " \\note           The logic to determine the maximum outgoing record payload is"]
-    #[doc = "                 version-specific. It takes into account various factors, such as"]
-    #[doc = "                 the mbedtls_config.h setting \\c MBEDTLS_SSL_OUT_CONTENT_LEN, extensions"]
-    #[doc = "                 such as the max fragment length or record size limit extension if"]
-    #[doc = "                 used, and for DTLS the path MTU as configured and current"]
-    #[doc = "                 record expansion."]
-    #[doc = ""]
-    #[doc = " \\note           With DTLS, \\c mbedtls_ssl_write() will return an error if"]
-    #[doc = "                 called with a larger length value."]
-    #[doc = "                 With TLS, \\c mbedtls_ssl_write() will fragment the input if"]
-    #[doc = "                 necessary and return the number of bytes written; it is up"]
-    #[doc = "                 to the caller to call \\c mbedtls_ssl_write() again in"]
-    #[doc = "                 order to send the remaining bytes if any."]
-    #[doc = ""]
-    #[doc = " \\sa             mbedtls_ssl_get_max_out_record_payload()"]
-    #[doc = " \\sa             mbedtls_ssl_get_record_expansion()"]
-    #[doc = ""]
-    #[doc = " \\param ssl      SSL context"]
-    #[doc = ""]
-    #[doc = " \\return         Current maximum payload for an outgoing record,"]
-    #[doc = "                 or a negative error code."]
-    pub fn mbedtls_ssl_get_max_out_record_payload(
-        ssl: *const mbedtls_ssl_context,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Return the current maximum incoming record payload in bytes."]
-    #[doc = ""]
-    #[doc = " \\note           The logic to determine the maximum incoming record payload is"]
-    #[doc = "                 version-specific. It takes into account various factors, such as"]
-    #[doc = "                 the mbedtls_config.h setting \\c MBEDTLS_SSL_IN_CONTENT_LEN, extensions"]
-    #[doc = "                 such as the max fragment length extension or record size limit"]
-    #[doc = "                 extension if used, and the current record expansion."]
-    #[doc = ""]
-    #[doc = " \\sa             mbedtls_ssl_set_mtu()"]
-    #[doc = " \\sa             mbedtls_ssl_get_max_in_record_payload()"]
-    #[doc = " \\sa             mbedtls_ssl_get_record_expansion()"]
-    #[doc = ""]
-    #[doc = " \\param ssl      SSL context"]
-    #[doc = ""]
-    #[doc = " \\return         Current maximum payload for an incoming record,"]
-    #[doc = "                 or a negative error code."]
-    pub fn mbedtls_ssl_get_max_in_record_payload(
-        ssl: *const mbedtls_ssl_context,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Return the peer certificate from the current connection."]
-    #[doc = ""]
-    #[doc = " \\param  ssl     The SSL context to use. This must be initialized and setup."]
-    #[doc = ""]
-    #[doc = " \\return         The current peer certificate, if available."]
-    #[doc = "                 The returned certificate is owned by the SSL context and"]
-    #[doc = "                 is valid only until the next call to the SSL API."]
-    #[doc = " \\return         \\c NULL if no peer certificate is available. This might"]
-    #[doc = "                 be because the chosen ciphersuite doesn't use CRTs"]
-    #[doc = "                 (PSK-based ciphersuites, for example), or because"]
-    #[doc = "                 #MBEDTLS_SSL_KEEP_PEER_CERTIFICATE has been disabled,"]
-    #[doc = "                 allowing the stack to free the peer's CRT to save memory."]
-    #[doc = ""]
-    #[doc = " \\note           For one-time inspection of the peer's certificate during"]
-    #[doc = "                 the handshake, consider registering an X.509 CRT verification"]
-    #[doc = "                 callback through mbedtls_ssl_conf_verify() instead of calling"]
-    #[doc = "                 this function. Using mbedtls_ssl_conf_verify() also comes at"]
-    #[doc = "                 the benefit of allowing you to influence the verification"]
-    #[doc = "                 process, for example by masking expected and tolerated"]
-    #[doc = "                 verification failures."]
-    #[doc = ""]
-    #[doc = " \\warning        You must not use the pointer returned by this function"]
-    #[doc = "                 after any further call to the SSL API, including"]
-    #[doc = "                 mbedtls_ssl_read() and mbedtls_ssl_write(); this is"]
-    #[doc = "                 because the pointer might change during renegotiation,"]
-    #[doc = "                 which happens transparently to the user."]
-    #[doc = "                 If you want to use the certificate across API calls,"]
-    #[doc = "                 you must make a copy."]
-    pub fn mbedtls_ssl_get_peer_cert(ssl: *const mbedtls_ssl_context) -> *const mbedtls_x509_crt;
-}
-extern "C" {
-    #[doc = " \\brief          Export a session in order to resume it later."]
-    #[doc = ""]
-    #[doc = " \\param ssl      The SSL context representing the connection for which to"]
-    #[doc = "                 to export a session structure for later resumption."]
-    #[doc = " \\param session  The target structure in which to store the exported session."]
-    #[doc = "                 This must have been initialized with mbedtls_ssl_init_session()"]
-    #[doc = "                 but otherwise be unused."]
-    #[doc = ""]
-    #[doc = " \\note           This function can handle a variety of mechanisms for session"]
-    #[doc = "                 resumption: For TLS 1.2, both session ID-based resumption and"]
-    #[doc = "                 ticket-based resumption will be considered. For TLS 1.3,"]
-    #[doc = "                 once implemented, sessions equate to tickets, and calling"]
-    #[doc = "                 this function multiple times will export the available"]
-    #[doc = "                 tickets one a time until no further tickets are available,"]
-    #[doc = "                 in which case MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE will"]
-    #[doc = "                 be returned."]
-    #[doc = ""]
-    #[doc = " \\note           Calling this function multiple times will only be useful"]
-    #[doc = "                 once TLS 1.3 is supported. For TLS 1.2 connections, this"]
-    #[doc = "                 function should be called at most once."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful. In this case, \\p session can be used for"]
-    #[doc = "                 session resumption by passing it to mbedtls_ssl_set_session(),"]
-    #[doc = "                 and serialized for storage via mbedtls_ssl_session_save()."]
-    #[doc = " \\return         #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if no further session"]
-    #[doc = "                 is available for export."]
-    #[doc = "                 This error is a non-fatal, and has no observable effect on"]
-    #[doc = "                 the SSL context or the destination session."]
-    #[doc = " \\return         Another negative error code on other kinds of failure."]
-    #[doc = ""]
-    #[doc = " \\sa             mbedtls_ssl_set_session()"]
-    #[doc = " \\sa             mbedtls_ssl_session_save()"]
-    pub fn mbedtls_ssl_get_session(
-        ssl: *const mbedtls_ssl_context,
-        session: *mut mbedtls_ssl_session,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Perform the SSL handshake"]
-    #[doc = ""]
-    #[doc = " \\param ssl      SSL context"]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful."]
-    #[doc = " \\return         #MBEDTLS_ERR_SSL_WANT_READ or #MBEDTLS_ERR_SSL_WANT_WRITE"]
-    #[doc = "                 if the handshake is incomplete and waiting for data to"]
-    #[doc = "                 be available for reading from or writing to the underlying"]
-    #[doc = "                 transport - in this case you must call this function again"]
-    #[doc = "                 when the underlying transport is ready for the operation."]
-    #[doc = " \\return         #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if an asynchronous"]
-    #[doc = "                 operation is in progress (see"]
-    #[doc = "                 mbedtls_ssl_conf_async_private_cb()) - in this case you"]
-    #[doc = "                 must call this function again when the operation is ready."]
-    #[doc = " \\return         #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS if a cryptographic"]
-    #[doc = "                 operation is in progress (see mbedtls_ecp_set_max_ops()) -"]
-    #[doc = "                 in this case you must call this function again to complete"]
-    #[doc = "                 the handshake when you're done attending other tasks."]
-    #[doc = " \\return         #MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED if DTLS is in use"]
-    #[doc = "                 and the client did not demonstrate reachability yet - in"]
-    #[doc = "                 this case you must stop using the context (see below)."]
-    #[doc = " \\return         Another SSL error code - in this case you must stop using"]
-    #[doc = "                 the context (see below)."]
-    #[doc = ""]
-    #[doc = " \\warning        If this function returns something other than"]
-    #[doc = "                 \\c 0,"]
-    #[doc = "                 #MBEDTLS_ERR_SSL_WANT_READ,"]
-    #[doc = "                 #MBEDTLS_ERR_SSL_WANT_WRITE,"]
-    #[doc = "                 #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or"]
-    #[doc = "                 #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS,"]
-    #[doc = "                 you must stop using the SSL context for reading or writing,"]
-    #[doc = "                 and either free it or call \\c mbedtls_ssl_session_reset()"]
-    #[doc = "                 on it before re-using it for a new connection; the current"]
-    #[doc = "                 connection must be closed."]
-    #[doc = ""]
-    #[doc = " \\note           If DTLS is in use, then you may choose to handle"]
-    #[doc = "                 #MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED specially for logging"]
-    #[doc = "                 purposes, as it is an expected return value rather than an"]
-    #[doc = "                 actual error, but you still need to reset/free the context."]
-    #[doc = ""]
-    #[doc = " \\note           Remarks regarding event-driven DTLS:"]
-    #[doc = "                 If the function returns #MBEDTLS_ERR_SSL_WANT_READ, no datagram"]
-    #[doc = "                 from the underlying transport layer is currently being processed,"]
-    #[doc = "                 and it is safe to idle until the timer or the underlying transport"]
-    #[doc = "                 signal a new event. This is not true for a successful handshake,"]
-    #[doc = "                 in which case the datagram of the underlying transport that is"]
-    #[doc = "                 currently being processed might or might not contain further"]
-    #[doc = "                 DTLS records."]
-    #[doc = ""]
-    #[doc = " \\note           If the context is configured to allow TLS 1.3, or if"]
-    #[doc = "                 #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto"]
-    #[doc = "                 subsystem must have been initialized by calling"]
-    #[doc = "                 psa_crypto_init() before calling this function."]
-    pub fn mbedtls_ssl_handshake(ssl: *mut mbedtls_ssl_context) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Perform a single step of the SSL handshake"]
-    #[doc = ""]
-    #[doc = " \\note           The state of the context (ssl->state) will be at"]
-    #[doc = "                 the next state after this function returns \\c 0. Do not"]
-    #[doc = "                 call this function if mbedtls_ssl_is_handshake_over()"]
-    #[doc = "                 returns \\c 1."]
-    #[doc = ""]
-    #[doc = " \\warning        Whilst in the past you may have used direct access to the"]
-    #[doc = "                 context state (ssl->state) in order to ascertain when to"]
-    #[doc = "                 stop calling this function and although you can still do"]
-    #[doc = "                 so with something like ssl->MBEDTLS_PRIVATE(state) or by"]
-    #[doc = "                 defining MBEDTLS_ALLOW_PRIVATE_ACCESS, this is now"]
-    #[doc = "                 considered deprecated and could be broken in any future"]
-    #[doc = "                 release. If you still find you have good reason for such"]
-    #[doc = "                 direct access, then please do contact the team to explain"]
-    #[doc = "                 this (raise an issue or post to the mailing list), so that"]
-    #[doc = "                 we can add a solution to your problem that will be"]
-    #[doc = "                 guaranteed to work in the future."]
-    #[doc = ""]
-    #[doc = " \\param ssl      SSL context"]
-    #[doc = ""]
-    #[doc = " \\return         See mbedtls_ssl_handshake()."]
-    #[doc = ""]
-    #[doc = " \\warning        If this function returns something other than \\c 0,"]
-    #[doc = "                 #MBEDTLS_ERR_SSL_WANT_READ, #MBEDTLS_ERR_SSL_WANT_WRITE,"]
-    #[doc = "                 #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or"]
-    #[doc = "                 #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, you must stop using"]
-    #[doc = "                 the SSL context for reading or writing, and either free it"]
-    #[doc = "                 or call \\c mbedtls_ssl_session_reset() on it before"]
-    #[doc = "                 re-using it for a new connection; the current connection"]
-    #[doc = "                 must be closed."]
-    pub fn mbedtls_ssl_handshake_step(ssl: *mut mbedtls_ssl_context) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Initiate an SSL renegotiation on the running connection."]
-    #[doc = "                 Client: perform the renegotiation right now."]
-    #[doc = "                 Server: request renegotiation, which will be performed"]
-    #[doc = "                 during the next call to mbedtls_ssl_read() if honored by"]
-    #[doc = "                 client."]
-    #[doc = ""]
-    #[doc = " \\param ssl      SSL context"]
-    #[doc = ""]
-    #[doc = " \\return         0 if successful, or any mbedtls_ssl_handshake() return"]
-    #[doc = "                 value except #MBEDTLS_ERR_SSL_CLIENT_RECONNECT that can't"]
-    #[doc = "                 happen during a renegotiation."]
-    #[doc = ""]
-    #[doc = " \\warning        If this function returns something other than \\c 0,"]
-    #[doc = "                 #MBEDTLS_ERR_SSL_WANT_READ, #MBEDTLS_ERR_SSL_WANT_WRITE,"]
-    #[doc = "                 #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or"]
-    #[doc = "                 #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, you must stop using"]
-    #[doc = "                 the SSL context for reading or writing, and either free it"]
-    #[doc = "                 or call \\c mbedtls_ssl_session_reset() on it before"]
-    #[doc = "                 re-using it for a new connection; the current connection"]
-    #[doc = "                 must be closed."]
-    #[doc = ""]
-    pub fn mbedtls_ssl_renegotiate(ssl: *mut mbedtls_ssl_context) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Read at most 'len' application data bytes"]
-    #[doc = ""]
-    #[doc = " \\param ssl      SSL context"]
-    #[doc = " \\param buf      buffer that will hold the data"]
-    #[doc = " \\param len      maximum number of bytes to read"]
-    #[doc = ""]
-    #[doc = " \\return         The (positive) number of bytes read if successful."]
-    #[doc = " \\return         \\c 0 if the read end of the underlying transport was closed"]
-    #[doc = "                 without sending a CloseNotify beforehand, which might happen"]
-    #[doc = "                 because of various reasons (internal error of an underlying"]
-    #[doc = "                 stack, non-conformant peer not sending a CloseNotify and"]
-    #[doc = "                 such) - in this case you must stop using the context"]
-    #[doc = "                 (see below)."]
-    #[doc = " \\return         #MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY if the underlying"]
-    #[doc = "                 transport is still functional, but the peer has"]
-    #[doc = "                 acknowledged to not send anything anymore."]
-    #[doc = " \\return         #MBEDTLS_ERR_SSL_WANT_READ or #MBEDTLS_ERR_SSL_WANT_WRITE"]
-    #[doc = "                 if the handshake is incomplete and waiting for data to"]
-    #[doc = "                 be available for reading from or writing to the underlying"]
-    #[doc = "                 transport - in this case you must call this function again"]
-    #[doc = "                 when the underlying transport is ready for the operation."]
-    #[doc = " \\return         #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if an asynchronous"]
-    #[doc = "                 operation is in progress (see"]
-    #[doc = "                 mbedtls_ssl_conf_async_private_cb()) - in this case you"]
-    #[doc = "                 must call this function again when the operation is ready."]
-    #[doc = " \\return         #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS if a cryptographic"]
-    #[doc = "                 operation is in progress (see mbedtls_ecp_set_max_ops()) -"]
-    #[doc = "                 in this case you must call this function again to complete"]
-    #[doc = "                 the handshake when you're done attending other tasks."]
-    #[doc = " \\return         #MBEDTLS_ERR_SSL_CLIENT_RECONNECT if we're at the server"]
-    #[doc = "                 side of a DTLS connection and the client is initiating a"]
-    #[doc = "                 new connection using the same source port. See below."]
-    #[doc = " \\return         Another SSL error code - in this case you must stop using"]
-    #[doc = "                 the context (see below)."]
-    #[doc = ""]
-    #[doc = " \\warning        If this function returns something other than"]
-    #[doc = "                 a positive value,"]
-    #[doc = "                 #MBEDTLS_ERR_SSL_WANT_READ,"]
-    #[doc = "                 #MBEDTLS_ERR_SSL_WANT_WRITE,"]
-    #[doc = "                 #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS,"]
-    #[doc = "                 #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS or"]
-    #[doc = "                 #MBEDTLS_ERR_SSL_CLIENT_RECONNECT,"]
-    #[doc = "                 you must stop using the SSL context for reading or writing,"]
-    #[doc = "                 and either free it or call \\c mbedtls_ssl_session_reset()"]
-    #[doc = "                 on it before re-using it for a new connection; the current"]
-    #[doc = "                 connection must be closed."]
-    #[doc = ""]
-    #[doc = " \\note           When this function returns #MBEDTLS_ERR_SSL_CLIENT_RECONNECT"]
-    #[doc = "                 (which can only happen server-side), it means that a client"]
-    #[doc = "                 is initiating a new connection using the same source port."]
-    #[doc = "                 You can either treat that as a connection close and wait"]
-    #[doc = "                 for the client to resend a ClientHello, or directly"]
-    #[doc = "                 continue with \\c mbedtls_ssl_handshake() with the same"]
-    #[doc = "                 context (as it has been reset internally). Either way, you"]
-    #[doc = "                 must make sure this is seen by the application as a new"]
-    #[doc = "                 connection: application state, if any, should be reset, and"]
-    #[doc = "                 most importantly the identity of the client must be checked"]
-    #[doc = "                 again. WARNING: not validating the identity of the client"]
-    #[doc = "                 again, or not transmitting the new identity to the"]
-    #[doc = "                 application layer, would allow authentication bypass!"]
-    #[doc = ""]
-    #[doc = " \\note           Remarks regarding event-driven DTLS:"]
-    #[doc = "                 - If the function returns #MBEDTLS_ERR_SSL_WANT_READ, no datagram"]
-    #[doc = "                   from the underlying transport layer is currently being processed,"]
-    #[doc = "                   and it is safe to idle until the timer or the underlying transport"]
-    #[doc = "                   signal a new event."]
-    #[doc = "                 - This function may return MBEDTLS_ERR_SSL_WANT_READ even if data was"]
-    #[doc = "                   initially available on the underlying transport, as this data may have"]
-    #[doc = "                   been only e.g. duplicated messages or a renegotiation request."]
-    #[doc = "                   Therefore, you must be prepared to receive MBEDTLS_ERR_SSL_WANT_READ even"]
-    #[doc = "                   when reacting to an incoming-data event from the underlying transport."]
-    #[doc = "                 - On success, the datagram of the underlying transport that is currently"]
-    #[doc = "                   being processed may contain further DTLS records. You should call"]
-    #[doc = "                   \\c mbedtls_ssl_check_pending to check for remaining records."]
-    #[doc = ""]
-    pub fn mbedtls_ssl_read(
-        ssl: *mut mbedtls_ssl_context,
-        buf: *mut crate::c_types::c_uchar,
-        len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Try to write exactly 'len' application data bytes"]
-    #[doc = ""]
-    #[doc = " \\warning        This function will do partial writes in some cases. If the"]
-    #[doc = "                 return value is non-negative but less than length, the"]
-    #[doc = "                 function must be called again with updated arguments:"]
-    #[doc = "                 buf + ret, len - ret (if ret is the return value) until"]
-    #[doc = "                 it returns a value equal to the last 'len' argument."]
-    #[doc = ""]
-    #[doc = " \\param ssl      SSL context"]
-    #[doc = " \\param buf      buffer holding the data"]
-    #[doc = " \\param len      how many bytes must be written"]
-    #[doc = ""]
-    #[doc = " \\return         The (non-negative) number of bytes actually written if"]
-    #[doc = "                 successful (may be less than \\p len)."]
-    #[doc = " \\return         #MBEDTLS_ERR_SSL_WANT_READ or #MBEDTLS_ERR_SSL_WANT_WRITE"]
-    #[doc = "                 if the handshake is incomplete and waiting for data to"]
-    #[doc = "                 be available for reading from or writing to the underlying"]
-    #[doc = "                 transport - in this case you must call this function again"]
-    #[doc = "                 when the underlying transport is ready for the operation."]
-    #[doc = " \\return         #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if an asynchronous"]
-    #[doc = "                 operation is in progress (see"]
-    #[doc = "                 mbedtls_ssl_conf_async_private_cb()) - in this case you"]
-    #[doc = "                 must call this function again when the operation is ready."]
-    #[doc = " \\return         #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS if a cryptographic"]
-    #[doc = "                 operation is in progress (see mbedtls_ecp_set_max_ops()) -"]
-    #[doc = "                 in this case you must call this function again to complete"]
-    #[doc = "                 the handshake when you're done attending other tasks."]
-    #[doc = " \\return         Another SSL error code - in this case you must stop using"]
-    #[doc = "                 the context (see below)."]
-    #[doc = ""]
-    #[doc = " \\warning        If this function returns something other than"]
-    #[doc = "                 a non-negative value,"]
-    #[doc = "                 #MBEDTLS_ERR_SSL_WANT_READ,"]
-    #[doc = "                 #MBEDTLS_ERR_SSL_WANT_WRITE,"]
-    #[doc = "                 #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or"]
-    #[doc = "                 #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS,"]
-    #[doc = "                 you must stop using the SSL context for reading or writing,"]
-    #[doc = "                 and either free it or call \\c mbedtls_ssl_session_reset()"]
-    #[doc = "                 on it before re-using it for a new connection; the current"]
-    #[doc = "                 connection must be closed."]
-    #[doc = ""]
-    #[doc = " \\note           When this function returns #MBEDTLS_ERR_SSL_WANT_WRITE/READ,"]
-    #[doc = "                 it must be called later with the *same* arguments,"]
-    #[doc = "                 until it returns a value greater than or equal to 0. When"]
-    #[doc = "                 the function returns #MBEDTLS_ERR_SSL_WANT_WRITE there may be"]
-    #[doc = "                 some partial data in the output buffer, however this is not"]
-    #[doc = "                 yet sent."]
-    #[doc = ""]
-    #[doc = " \\note           If the requested length is greater than the maximum"]
-    #[doc = "                 fragment length (either the built-in limit or the one set"]
-    #[doc = "                 or negotiated with the peer), then:"]
-    #[doc = "                 - with TLS, less bytes than requested are written."]
-    #[doc = "                 - with DTLS, MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned."]
-    #[doc = "                 \\c mbedtls_ssl_get_max_out_record_payload() may be used to"]
-    #[doc = "                 query the active maximum fragment length."]
-    #[doc = ""]
-    #[doc = " \\note           Attempting to write 0 bytes will result in an empty TLS"]
-    #[doc = "                 application record being sent."]
-    pub fn mbedtls_ssl_write(
-        ssl: *mut mbedtls_ssl_context,
-        buf: *const crate::c_types::c_uchar,
-        len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Send an alert message"]
-    #[doc = ""]
-    #[doc = " \\param ssl       SSL context"]
-    #[doc = " \\param level     The alert level of the message"]
-    #[doc = "                  (MBEDTLS_SSL_ALERT_LEVEL_WARNING or MBEDTLS_SSL_ALERT_LEVEL_FATAL)"]
-    #[doc = " \\param message   The alert message (SSL_ALERT_MSG_*)"]
-    #[doc = ""]
-    #[doc = " \\return          0 if successful, or a specific SSL error code."]
-    #[doc = ""]
-    #[doc = " \\note           If this function returns something other than 0 or"]
-    #[doc = "                 MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using"]
-    #[doc = "                 the SSL context for reading or writing, and either free it or"]
-    #[doc = "                 call \\c mbedtls_ssl_session_reset() on it before re-using it"]
-    #[doc = "                 for a new connection; the current connection must be closed."]
-    pub fn mbedtls_ssl_send_alert_message(
-        ssl: *mut mbedtls_ssl_context,
-        level: crate::c_types::c_uchar,
-        message: crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Notify the peer that the connection is being closed"]
-    #[doc = ""]
-    #[doc = " \\param ssl      SSL context"]
-    #[doc = ""]
-    #[doc = " \\return          0 if successful, or a specific SSL error code."]
-    #[doc = ""]
-    #[doc = " \\note           If this function returns something other than 0 or"]
-    #[doc = "                 MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using"]
-    #[doc = "                 the SSL context for reading or writing, and either free it or"]
-    #[doc = "                 call \\c mbedtls_ssl_session_reset() on it before re-using it"]
-    #[doc = "                 for a new connection; the current connection must be closed."]
-    pub fn mbedtls_ssl_close_notify(ssl: *mut mbedtls_ssl_context) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Free referenced items in an SSL context and clear memory"]
-    #[doc = ""]
-    #[doc = " \\param ssl      SSL context"]
-    pub fn mbedtls_ssl_free(ssl: *mut mbedtls_ssl_context);
-}
-extern "C" {
-    #[doc = " \\brief          Save an active connection as serialized data in a buffer."]
-    #[doc = "                 This allows the freeing or re-using of the SSL context"]
-    #[doc = "                 while still picking up the connection later in a way that"]
-    #[doc = "                 it entirely transparent to the peer."]
-    #[doc = ""]
-    #[doc = " \\see            mbedtls_ssl_context_load()"]
-    #[doc = ""]
-    #[doc = " \\note           The serialized data only contains the data that is"]
-    #[doc = "                 necessary to resume the connection: negotiated protocol"]
-    #[doc = "                 options, session identifier, keys, etc."]
-    #[doc = "                 Loading a saved SSL context does not restore settings and"]
-    #[doc = "                 state related to how the application accesses the context,"]
-    #[doc = "                 such as configured callback functions, user data, pending"]
-    #[doc = "                 incoming or outgoing data, etc."]
-    #[doc = ""]
-    #[doc = " \\note           This feature is currently only available under certain"]
-    #[doc = "                 conditions, see the documentation of the return value"]
-    #[doc = "                 #MBEDTLS_ERR_SSL_BAD_INPUT_DATA for details."]
-    #[doc = ""]
-    #[doc = " \\note           When this function succeeds, it calls"]
-    #[doc = "                 mbedtls_ssl_session_reset() on \\p ssl which as a result is"]
-    #[doc = "                 no longer associated with the connection that has been"]
-    #[doc = "                 serialized. This avoids creating copies of the connection"]
-    #[doc = "                 state. You're then free to either re-use the context"]
-    #[doc = "                 structure for a different connection, or call"]
-    #[doc = "                 mbedtls_ssl_free() on it. See the documentation of"]
-    #[doc = "                 mbedtls_ssl_session_reset() for more details."]
-    #[doc = ""]
-    #[doc = " \\param ssl      The SSL context to save. On success, it is no longer"]
-    #[doc = "                 associated with the connection that has been serialized."]
-    #[doc = " \\param buf      The buffer to write the serialized data to. It must be a"]
-    #[doc = "                 writeable buffer of at least \\p buf_len bytes, or may be \\c"]
-    #[doc = "                 NULL if \\p buf_len is \\c 0."]
-    #[doc = " \\param buf_len  The number of bytes available for writing in \\p buf."]
-    #[doc = " \\param olen     The size in bytes of the data that has been or would have"]
-    #[doc = "                 been written. It must point to a valid \\c size_t."]
-    #[doc = ""]
-    #[doc = " \\note           \\p olen is updated to the correct value regardless of"]
-    #[doc = "                 whether \\p buf_len was large enough. This makes it possible"]
-    #[doc = "                 to determine the necessary size by calling this function"]
-    #[doc = "                 with \\p buf set to \\c NULL and \\p buf_len to \\c 0. However,"]
-    #[doc = "                 the value of \\p olen is only guaranteed to be correct when"]
-    #[doc = "                 the function returns #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL or"]
-    #[doc = "                 \\c 0. If the return value is different, then the value of"]
-    #[doc = "                 \\p olen is undefined."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful."]
-    #[doc = " \\return         #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \\p buf is too small."]
-    #[doc = " \\return         #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed"]
-    #[doc = "                 while resetting the context."]
-    #[doc = " \\return         #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if a handshake is in"]
-    #[doc = "                 progress, or there is pending data for reading or sending,"]
-    #[doc = "                 or the connection does not use DTLS 1.2 with an AEAD"]
-    #[doc = "                 ciphersuite, or renegotiation is enabled."]
-    pub fn mbedtls_ssl_context_save(
-        ssl: *mut mbedtls_ssl_context,
-        buf: *mut crate::c_types::c_uchar,
-        buf_len: size_t,
-        olen: *mut size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Load serialized connection data to an SSL context."]
-    #[doc = ""]
-    #[doc = " \\see            mbedtls_ssl_context_save()"]
-    #[doc = ""]
-    #[doc = " \\warning        The same serialized data must never be loaded into more"]
-    #[doc = "                 that one context. In order to ensure that, after"]
-    #[doc = "                 successfully loading serialized data to an SSL context, you"]
-    #[doc = "                 should immediately destroy or invalidate all copies of the"]
-    #[doc = "                 serialized data that was loaded. Loading the same data in"]
-    #[doc = "                 more than one context would cause severe security failures"]
-    #[doc = "                 including but not limited to loss of confidentiality."]
-    #[doc = ""]
-    #[doc = " \\note           Before calling this function, the SSL context must be"]
-    #[doc = "                 prepared in one of the two following ways. The first way is"]
-    #[doc = "                 to take a context freshly initialised with"]
-    #[doc = "                 mbedtls_ssl_init() and call mbedtls_ssl_setup() on it with"]
-    #[doc = "                 the same ::mbedtls_ssl_config structure that was used in"]
-    #[doc = "                 the original connection. The second way is to"]
-    #[doc = "                 call mbedtls_ssl_session_reset() on a context that was"]
-    #[doc = "                 previously prepared as above but used in the meantime."]
-    #[doc = "                 Either way, you must not use the context to perform a"]
-    #[doc = "                 handshake between calling mbedtls_ssl_setup() or"]
-    #[doc = "                 mbedtls_ssl_session_reset() and calling this function. You"]
-    #[doc = "                 may however call other setter functions in that time frame"]
-    #[doc = "                 as indicated in the note below."]
-    #[doc = ""]
-    #[doc = " \\note           Before or after calling this function successfully, you"]
-    #[doc = "                 also need to configure some connection-specific callbacks"]
-    #[doc = "                 and settings before you can use the connection again"]
-    #[doc = "                 (unless they were already set before calling"]
-    #[doc = "                 mbedtls_ssl_session_reset() and the values are suitable for"]
-    #[doc = "                 the present connection). Specifically, you want to call"]
-    #[doc = "                 at least mbedtls_ssl_set_bio(),"]
-    #[doc = "                 mbedtls_ssl_set_timer_cb(), and"]
-    #[doc = "                 mbedtls_ssl_set_user_data_n() or"]
-    #[doc = "                 mbedtls_ssl_set_user_data_p() if they were set originally."]
-    #[doc = "                 All other SSL setter functions"]
-    #[doc = "                 are not necessary to call, either because they're only used"]
-    #[doc = "                 in handshakes, or because the setting is already saved. You"]
-    #[doc = "                 might choose to call them anyway, for example in order to"]
-    #[doc = "                 share code between the cases of establishing a new"]
-    #[doc = "                 connection and the case of loading an already-established"]
-    #[doc = "                 connection."]
-    #[doc = ""]
-    #[doc = " \\note           If you have new information about the path MTU, you want to"]
-    #[doc = "                 call mbedtls_ssl_set_mtu() after calling this function, as"]
-    #[doc = "                 otherwise this function would overwrite your"]
-    #[doc = "                 newly-configured value with the value that was active when"]
-    #[doc = "                 the context was saved."]
-    #[doc = ""]
-    #[doc = " \\note           When this function returns an error code, it calls"]
-    #[doc = "                 mbedtls_ssl_free() on \\p ssl. In this case, you need to"]
-    #[doc = "                 prepare the context with the usual sequence starting with a"]
-    #[doc = "                 call to mbedtls_ssl_init() if you want to use it again."]
-    #[doc = ""]
-    #[doc = " \\param ssl      The SSL context structure to be populated. It must have"]
-    #[doc = "                 been prepared as described in the note above."]
-    #[doc = " \\param buf      The buffer holding the serialized connection data. It must"]
-    #[doc = "                 be a readable buffer of at least \\p len bytes."]
-    #[doc = " \\param len      The size of the serialized data in bytes."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 if successful."]
-    #[doc = " \\return         #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed."]
-    #[doc = " \\return         #MBEDTLS_ERR_SSL_VERSION_MISMATCH if the serialized data"]
-    #[doc = "                 comes from a different Mbed TLS version or build."]
-    #[doc = " \\return         #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid."]
-    pub fn mbedtls_ssl_context_load(
-        ssl: *mut mbedtls_ssl_context,
-        buf: *const crate::c_types::c_uchar,
-        len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Initialize an SSL configuration context"]
-    #[doc = "                 Just makes the context ready for"]
-    #[doc = "                 mbedtls_ssl_config_defaults() or mbedtls_ssl_config_free()."]
-    #[doc = ""]
-    #[doc = " \\note           You need to call mbedtls_ssl_config_defaults() unless you"]
-    #[doc = "                 manually set all of the relevant fields yourself."]
-    #[doc = ""]
-    #[doc = " \\param conf     SSL configuration context"]
-    pub fn mbedtls_ssl_config_init(conf: *mut mbedtls_ssl_config);
-}
-extern "C" {
-    #[doc = " \\brief          Load reasonable default SSL configuration values."]
-    #[doc = "                 (You need to call mbedtls_ssl_config_init() first.)"]
-    #[doc = ""]
-    #[doc = " \\param conf     SSL configuration context"]
-    #[doc = " \\param endpoint MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER"]
-    #[doc = " \\param transport MBEDTLS_SSL_TRANSPORT_STREAM for TLS, or"]
-    #[doc = "                  MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS"]
-    #[doc = " \\param preset   a MBEDTLS_SSL_PRESET_XXX value"]
-    #[doc = ""]
-    #[doc = " \\note           See \\c mbedtls_ssl_conf_transport() for notes on DTLS."]
-    #[doc = ""]
-    #[doc = " \\return         0 if successful, or"]
-    #[doc = "                 MBEDTLS_ERR_XXX_ALLOC_FAILED on memory allocation error."]
-    pub fn mbedtls_ssl_config_defaults(
-        conf: *mut mbedtls_ssl_config,
-        endpoint: crate::c_types::c_int,
-        transport: crate::c_types::c_int,
-        preset: crate::c_types::c_int,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Free an SSL configuration context"]
-    #[doc = ""]
-    #[doc = " \\param conf     SSL configuration context"]
-    pub fn mbedtls_ssl_config_free(conf: *mut mbedtls_ssl_config);
-}
-extern "C" {
-    #[doc = " \\brief          Initialize SSL session structure"]
-    #[doc = ""]
-    #[doc = " \\param session  SSL session"]
-    pub fn mbedtls_ssl_session_init(session: *mut mbedtls_ssl_session);
-}
-extern "C" {
-    #[doc = " \\brief          Free referenced items in an SSL session including the"]
-    #[doc = "                 peer certificate and clear memory"]
-    #[doc = ""]
-    #[doc = " \\note           A session object can be freed even if the SSL context"]
-    #[doc = "                 that was used to retrieve the session is still in use."]
-    #[doc = ""]
-    #[doc = " \\param session  SSL session"]
-    pub fn mbedtls_ssl_session_free(session: *mut mbedtls_ssl_session);
-}
-extern "C" {
-    #[doc = " \\brief          TLS-PRF function for key derivation."]
-    #[doc = ""]
-    #[doc = " \\param prf      The tls_prf type function type to be used."]
-    #[doc = " \\param secret   Secret for the key derivation function."]
-    #[doc = " \\param slen     Length of the secret."]
-    #[doc = " \\param label    String label for the key derivation function,"]
-    #[doc = "                 terminated with null character."]
-    #[doc = " \\param random   Random bytes."]
-    #[doc = " \\param rlen     Length of the random bytes buffer."]
-    #[doc = " \\param dstbuf   The buffer holding the derived key."]
-    #[doc = " \\param dlen     Length of the output buffer."]
-    #[doc = ""]
-    #[doc = " \\return         0 on success. An SSL specific error on failure."]
-    pub fn mbedtls_ssl_tls_prf(
-        prf: mbedtls_tls_prf_types,
-        secret: *const crate::c_types::c_uchar,
-        slen: size_t,
-        label: *const crate::c_types::c_char,
-        random: *const crate::c_types::c_uchar,
-        rlen: size_t,
-        dstbuf: *mut crate::c_types::c_uchar,
-        dlen: size_t,
-    ) -> crate::c_types::c_int;
-}
-#[doc = " \\brief           Entropy poll callback pointer"]
-#[doc = ""]
-#[doc = " \\param data      Callback-specific data pointer"]
-#[doc = " \\param output    Data to fill"]
-#[doc = " \\param len       Maximum size to provide"]
-#[doc = " \\param olen      The actual amount of bytes put into the buffer (Can be 0)"]
-#[doc = ""]
-#[doc = " \\return          0 if no critical failures occurred,"]
-#[doc = "                  MBEDTLS_ERR_ENTROPY_SOURCE_FAILED otherwise"]
-pub type mbedtls_entropy_f_source_ptr = ::core::option::Option<
-    unsafe extern "C" fn(
-        data: *mut crate::c_types::c_void,
-        output: *mut crate::c_types::c_uchar,
-        len: size_t,
-        olen: *mut size_t,
-    ) -> crate::c_types::c_int,
->;
-#[doc = " \\brief           Entropy source state"]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_entropy_source_state {
-    pub private_f_source: mbedtls_entropy_f_source_ptr,
-    pub private_p_source: *mut crate::c_types::c_void,
-    pub private_size: size_t,
-    pub private_threshold: size_t,
-    pub private_strong: crate::c_types::c_int,
-}
-#[doc = " \\brief           Entropy context structure"]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_entropy_context {
-    pub private_accumulator_started: crate::c_types::c_int,
-    pub private_accumulator: mbedtls_sha512_context,
-    pub private_source_count: crate::c_types::c_int,
-    pub private_source: [mbedtls_entropy_source_state; 20usize],
-}
-extern "C" {
-    #[doc = " \\brief           Initialize the context"]
-    #[doc = ""]
-    #[doc = " \\param ctx       Entropy context to initialize"]
-    pub fn mbedtls_entropy_init(ctx: *mut mbedtls_entropy_context);
-}
-extern "C" {
-    #[doc = " \\brief           Free the data in the context"]
-    #[doc = ""]
-    #[doc = " \\param ctx       Entropy context to free"]
-    pub fn mbedtls_entropy_free(ctx: *mut mbedtls_entropy_context);
-}
-extern "C" {
-    #[doc = " \\brief           Adds an entropy source to poll"]
-    #[doc = "                  (Thread-safe if MBEDTLS_THREADING_C is enabled)"]
-    #[doc = ""]
-    #[doc = " \\param ctx       Entropy context"]
-    #[doc = " \\param f_source  Entropy function"]
-    #[doc = " \\param p_source  Function data"]
-    #[doc = " \\param threshold Minimum required from source before entropy is released"]
-    #[doc = "                  ( with mbedtls_entropy_func() ) (in bytes)"]
-    #[doc = " \\param strong    MBEDTLS_ENTROPY_SOURCE_STRONG or"]
-    #[doc = "                  MBEDTLS_ENTROPY_SOURCE_WEAK."]
-    #[doc = "                  At least one strong source needs to be added."]
-    #[doc = "                  Weaker sources (such as the cycle counter) can be used as"]
-    #[doc = "                  a complement."]
-    #[doc = ""]
-    #[doc = " \\return          0 if successful or MBEDTLS_ERR_ENTROPY_MAX_SOURCES"]
-    pub fn mbedtls_entropy_add_source(
-        ctx: *mut mbedtls_entropy_context,
-        f_source: mbedtls_entropy_f_source_ptr,
-        p_source: *mut crate::c_types::c_void,
-        threshold: size_t,
-        strong: crate::c_types::c_int,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Trigger an extra gather poll for the accumulator"]
-    #[doc = "                  (Thread-safe if MBEDTLS_THREADING_C is enabled)"]
-    #[doc = ""]
-    #[doc = " \\param ctx       Entropy context"]
-    #[doc = ""]
-    #[doc = " \\return          0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED"]
-    pub fn mbedtls_entropy_gather(ctx: *mut mbedtls_entropy_context) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Retrieve entropy from the accumulator"]
-    #[doc = "                  (Maximum length: MBEDTLS_ENTROPY_BLOCK_SIZE)"]
-    #[doc = "                  (Thread-safe if MBEDTLS_THREADING_C is enabled)"]
-    #[doc = ""]
-    #[doc = " \\param data      Entropy context"]
-    #[doc = " \\param output    Buffer to fill"]
-    #[doc = " \\param len       Number of bytes desired, must be at most MBEDTLS_ENTROPY_BLOCK_SIZE"]
-    #[doc = ""]
-    #[doc = " \\return          0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED"]
-    pub fn mbedtls_entropy_func(
-        data: *mut crate::c_types::c_void,
-        output: *mut crate::c_types::c_uchar,
-        len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Add data to the accumulator manually"]
-    #[doc = "                  (Thread-safe if MBEDTLS_THREADING_C is enabled)"]
-    #[doc = ""]
-    #[doc = " \\param ctx       Entropy context"]
-    #[doc = " \\param data      Data to add"]
-    #[doc = " \\param len       Length of data"]
-    #[doc = ""]
-    #[doc = " \\return          0 if successful"]
-    pub fn mbedtls_entropy_update_manual(
-        ctx: *mut mbedtls_entropy_context,
-        data: *const crate::c_types::c_uchar,
-        len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Checkup routine"]
-    #[doc = ""]
-    #[doc = "                 This module self-test also calls the entropy self-test,"]
-    #[doc = "                 mbedtls_entropy_source_self_test();"]
-    #[doc = ""]
-    #[doc = " \\return         0 if successful, or 1 if a test failed"]
-    pub fn mbedtls_entropy_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief   Set the threshold error level to handle globally all debug output."]
-    #[doc = "          Debug messages that have a level over the threshold value are"]
-    #[doc = "          discarded."]
-    #[doc = "          (Default value: 0 = No debug )"]
-    #[doc = ""]
-    #[doc = " \\param threshold     threshold level of messages to filter on. Messages at a"]
-    #[doc = "                      higher level will be discarded."]
-    #[doc = "                          - Debug levels"]
-    #[doc = "                              - 0 No debug"]
-    #[doc = "                              - 1 Error"]
-    #[doc = "                              - 2 State change"]
-    #[doc = "                              - 3 Informational"]
-    #[doc = "                              - 4 Verbose"]
-    pub fn mbedtls_debug_set_threshold(threshold: crate::c_types::c_int);
-}
-extern "C" {
-    #[doc = " \\brief    Print a message to the debug output. This function is always used"]
-    #[doc = "          through the MBEDTLS_SSL_DEBUG_MSG() macro, which supplies the ssl"]
-    #[doc = "          context, file and line number parameters."]
-    #[doc = ""]
-    #[doc = " \\param ssl       SSL context"]
-    #[doc = " \\param level     error level of the debug message"]
-    #[doc = " \\param file      file the message has occurred in"]
-    #[doc = " \\param line      line number the message has occurred at"]
-    #[doc = " \\param format    format specifier, in printf format"]
-    #[doc = " \\param ...       variables used by the format specifier"]
-    #[doc = ""]
-    #[doc = " \\attention       This function is intended for INTERNAL usage within the"]
-    #[doc = "                  library only."]
-    pub fn mbedtls_debug_print_msg(
-        ssl: *const mbedtls_ssl_context,
-        level: crate::c_types::c_int,
-        file: *const crate::c_types::c_char,
-        line: crate::c_types::c_int,
-        format: *const crate::c_types::c_char,
-        ...
-    );
-}
-extern "C" {
-    #[doc = " \\brief   Print the return value of a function to the debug output. This"]
-    #[doc = "          function is always used through the MBEDTLS_SSL_DEBUG_RET() macro,"]
-    #[doc = "          which supplies the ssl context, file and line number parameters."]
-    #[doc = ""]
-    #[doc = " \\param ssl       SSL context"]
-    #[doc = " \\param level     error level of the debug message"]
-    #[doc = " \\param file      file the error has occurred in"]
-    #[doc = " \\param line      line number the error has occurred in"]
-    #[doc = " \\param text      the name of the function that returned the error"]
-    #[doc = " \\param ret       the return code value"]
-    #[doc = ""]
-    #[doc = " \\attention       This function is intended for INTERNAL usage within the"]
-    #[doc = "                  library only."]
-    pub fn mbedtls_debug_print_ret(
-        ssl: *const mbedtls_ssl_context,
-        level: crate::c_types::c_int,
-        file: *const crate::c_types::c_char,
-        line: crate::c_types::c_int,
-        text: *const crate::c_types::c_char,
-        ret: crate::c_types::c_int,
-    );
-}
-extern "C" {
-    #[doc = " \\brief   Output a buffer of size len bytes to the debug output. This function"]
-    #[doc = "          is always used through the MBEDTLS_SSL_DEBUG_BUF() macro,"]
-    #[doc = "          which supplies the ssl context, file and line number parameters."]
-    #[doc = ""]
-    #[doc = " \\param ssl       SSL context"]
-    #[doc = " \\param level     error level of the debug message"]
-    #[doc = " \\param file      file the error has occurred in"]
-    #[doc = " \\param line      line number the error has occurred in"]
-    #[doc = " \\param text      a name or label for the buffer being dumped. Normally the"]
-    #[doc = "                  variable or buffer name"]
-    #[doc = " \\param buf       the buffer to be outputted"]
-    #[doc = " \\param len       length of the buffer"]
-    #[doc = ""]
-    #[doc = " \\attention       This function is intended for INTERNAL usage within the"]
-    #[doc = "                  library only."]
-    pub fn mbedtls_debug_print_buf(
-        ssl: *const mbedtls_ssl_context,
-        level: crate::c_types::c_int,
-        file: *const crate::c_types::c_char,
-        line: crate::c_types::c_int,
-        text: *const crate::c_types::c_char,
-        buf: *const crate::c_types::c_uchar,
-        len: size_t,
-    );
-}
-extern "C" {
-    #[doc = " \\brief   Print a MPI variable to the debug output. This function is always"]
-    #[doc = "          used through the MBEDTLS_SSL_DEBUG_MPI() macro, which supplies the"]
-    #[doc = "          ssl context, file and line number parameters."]
-    #[doc = ""]
-    #[doc = " \\param ssl       SSL context"]
-    #[doc = " \\param level     error level of the debug message"]
-    #[doc = " \\param file      file the error has occurred in"]
-    #[doc = " \\param line      line number the error has occurred in"]
-    #[doc = " \\param text      a name or label for the MPI being output. Normally the"]
-    #[doc = "                  variable name"]
-    #[doc = " \\param X         the MPI variable"]
-    #[doc = ""]
-    #[doc = " \\attention       This function is intended for INTERNAL usage within the"]
-    #[doc = "                  library only."]
-    pub fn mbedtls_debug_print_mpi(
-        ssl: *const mbedtls_ssl_context,
-        level: crate::c_types::c_int,
-        file: *const crate::c_types::c_char,
-        line: crate::c_types::c_int,
-        text: *const crate::c_types::c_char,
-        X: *const mbedtls_mpi,
-    );
-}
-extern "C" {
-    #[doc = " \\brief   Print an ECP point to the debug output. This function is always"]
-    #[doc = "          used through the MBEDTLS_SSL_DEBUG_ECP() macro, which supplies the"]
-    #[doc = "          ssl context, file and line number parameters."]
-    #[doc = ""]
-    #[doc = " \\param ssl       SSL context"]
-    #[doc = " \\param level     error level of the debug message"]
-    #[doc = " \\param file      file the error has occurred in"]
-    #[doc = " \\param line      line number the error has occurred in"]
-    #[doc = " \\param text      a name or label for the ECP point being output. Normally the"]
-    #[doc = "                  variable name"]
-    #[doc = " \\param X         the ECP point"]
-    #[doc = ""]
-    #[doc = " \\attention       This function is intended for INTERNAL usage within the"]
-    #[doc = "                  library only."]
-    pub fn mbedtls_debug_print_ecp(
-        ssl: *const mbedtls_ssl_context,
-        level: crate::c_types::c_int,
-        file: *const crate::c_types::c_char,
-        line: crate::c_types::c_int,
-        text: *const crate::c_types::c_char,
-        X: *const mbedtls_ecp_point,
-    );
-}
-extern "C" {
-    #[doc = " \\brief   Print a X.509 certificate structure to the debug output. This"]
-    #[doc = "          function is always used through the MBEDTLS_SSL_DEBUG_CRT() macro,"]
-    #[doc = "          which supplies the ssl context, file and line number parameters."]
-    #[doc = ""]
-    #[doc = " \\param ssl       SSL context"]
-    #[doc = " \\param level     error level of the debug message"]
-    #[doc = " \\param file      file the error has occurred in"]
-    #[doc = " \\param line      line number the error has occurred in"]
-    #[doc = " \\param text      a name or label for the certificate being output"]
-    #[doc = " \\param crt       X.509 certificate structure"]
-    #[doc = ""]
-    #[doc = " \\attention       This function is intended for INTERNAL usage within the"]
-    #[doc = "                  library only."]
-    pub fn mbedtls_debug_print_crt(
-        ssl: *const mbedtls_ssl_context,
-        level: crate::c_types::c_int,
-        file: *const crate::c_types::c_char,
-        line: crate::c_types::c_int,
-        text: *const crate::c_types::c_char,
-        crt: *const mbedtls_x509_crt,
-    );
-}
-pub const mbedtls_debug_ecdh_attr_MBEDTLS_DEBUG_ECDH_Q: mbedtls_debug_ecdh_attr = 0;
-pub const mbedtls_debug_ecdh_attr_MBEDTLS_DEBUG_ECDH_QP: mbedtls_debug_ecdh_attr = 1;
-pub const mbedtls_debug_ecdh_attr_MBEDTLS_DEBUG_ECDH_Z: mbedtls_debug_ecdh_attr = 2;
-pub type mbedtls_debug_ecdh_attr = crate::c_types::c_uint;
-extern "C" {
-    #[doc = " \\brief   Print a field of the ECDH structure in the SSL context to the debug"]
-    #[doc = "          output. This function is always used through the"]
-    #[doc = "          MBEDTLS_SSL_DEBUG_ECDH() macro, which supplies the ssl context, file"]
-    #[doc = "          and line number parameters."]
-    #[doc = ""]
-    #[doc = " \\param ssl       SSL context"]
-    #[doc = " \\param level     error level of the debug message"]
-    #[doc = " \\param file      file the error has occurred in"]
-    #[doc = " \\param line      line number the error has occurred in"]
-    #[doc = " \\param ecdh      the ECDH context"]
-    #[doc = " \\param attr      the identifier of the attribute being output"]
-    #[doc = ""]
-    #[doc = " \\attention       This function is intended for INTERNAL usage within the"]
-    #[doc = "                  library only."]
-    pub fn mbedtls_debug_printf_ecdh(
-        ssl: *const mbedtls_ssl_context,
-        level: crate::c_types::c_int,
-        file: *const crate::c_types::c_char,
-        line: crate::c_types::c_int,
-        ecdh: *const mbedtls_ecdh_context,
-        attr: mbedtls_debug_ecdh_attr,
-    );
-}
-#[doc = " \\brief The AES context-type definition."]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_aes_context {
-    pub private_nr: crate::c_types::c_int,
-    pub private_rk_offset: size_t,
-    pub private_buf: [u32; 68usize],
-}
-#[doc = " \\brief The AES XTS context-type definition."]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_aes_xts_context {
-    pub private_crypt: mbedtls_aes_context,
-    pub private_tweak: mbedtls_aes_context,
-}
-extern "C" {
-    #[doc = " \\brief          This function initializes the specified AES context."]
-    #[doc = ""]
-    #[doc = "                 It must be the first API called before using"]
-    #[doc = "                 the context."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The AES context to initialize. This must not be \\c NULL."]
-    pub fn mbedtls_aes_init(ctx: *mut mbedtls_aes_context);
-}
-extern "C" {
-    #[doc = " \\brief          This function releases and clears the specified AES context."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The AES context to clear."]
-    #[doc = "                 If this is \\c NULL, this function does nothing."]
-    #[doc = "                 Otherwise, the context must have been at least initialized."]
-    pub fn mbedtls_aes_free(ctx: *mut mbedtls_aes_context);
-}
-extern "C" {
-    #[doc = " \\brief          This function initializes the specified AES XTS context."]
-    #[doc = ""]
-    #[doc = "                 It must be the first API called before using"]
-    #[doc = "                 the context."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The AES XTS context to initialize. This must not be \\c NULL."]
-    pub fn mbedtls_aes_xts_init(ctx: *mut mbedtls_aes_xts_context);
-}
-extern "C" {
-    #[doc = " \\brief          This function releases and clears the specified AES XTS context."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The AES XTS context to clear."]
-    #[doc = "                 If this is \\c NULL, this function does nothing."]
-    #[doc = "                 Otherwise, the context must have been at least initialized."]
-    pub fn mbedtls_aes_xts_free(ctx: *mut mbedtls_aes_xts_context);
-}
-extern "C" {
-    #[doc = " \\brief          This function sets the encryption key."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The AES context to which the key should be bound."]
-    #[doc = "                 It must be initialized."]
-    #[doc = " \\param key      The encryption key."]
-    #[doc = "                 This must be a readable buffer of size \\p keybits bits."]
-    #[doc = " \\param keybits  The size of data passed in bits. Valid options are:"]
-    #[doc = "                 <ul><li>128 bits</li>"]
-    #[doc = "                 <li>192 bits</li>"]
-    #[doc = "                 <li>256 bits</li></ul>"]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure."]
-    pub fn mbedtls_aes_setkey_enc(
-        ctx: *mut mbedtls_aes_context,
-        key: *const crate::c_types::c_uchar,
-        keybits: crate::c_types::c_uint,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function sets the decryption key."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The AES context to which the key should be bound."]
-    #[doc = "                 It must be initialized."]
-    #[doc = " \\param key      The decryption key."]
-    #[doc = "                 This must be a readable buffer of size \\p keybits bits."]
-    #[doc = " \\param keybits  The size of data passed. Valid options are:"]
-    #[doc = "                 <ul><li>128 bits</li>"]
-    #[doc = "                 <li>192 bits</li>"]
-    #[doc = "                 <li>256 bits</li></ul>"]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure."]
-    pub fn mbedtls_aes_setkey_dec(
-        ctx: *mut mbedtls_aes_context,
-        key: *const crate::c_types::c_uchar,
-        keybits: crate::c_types::c_uint,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function prepares an XTS context for encryption and"]
-    #[doc = "                 sets the encryption key."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The AES XTS context to which the key should be bound."]
-    #[doc = "                 It must be initialized."]
-    #[doc = " \\param key      The encryption key. This is comprised of the XTS key1"]
-    #[doc = "                 concatenated with the XTS key2."]
-    #[doc = "                 This must be a readable buffer of size \\p keybits bits."]
-    #[doc = " \\param keybits  The size of \\p key passed in bits. Valid options are:"]
-    #[doc = "                 <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li>"]
-    #[doc = "                 <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul>"]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure."]
-    pub fn mbedtls_aes_xts_setkey_enc(
-        ctx: *mut mbedtls_aes_xts_context,
-        key: *const crate::c_types::c_uchar,
-        keybits: crate::c_types::c_uint,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function prepares an XTS context for decryption and"]
-    #[doc = "                 sets the decryption key."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The AES XTS context to which the key should be bound."]
-    #[doc = "                 It must be initialized."]
-    #[doc = " \\param key      The decryption key. This is comprised of the XTS key1"]
-    #[doc = "                 concatenated with the XTS key2."]
-    #[doc = "                 This must be a readable buffer of size \\p keybits bits."]
-    #[doc = " \\param keybits  The size of \\p key passed in bits. Valid options are:"]
-    #[doc = "                 <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li>"]
-    #[doc = "                 <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul>"]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure."]
-    pub fn mbedtls_aes_xts_setkey_dec(
-        ctx: *mut mbedtls_aes_xts_context,
-        key: *const crate::c_types::c_uchar,
-        keybits: crate::c_types::c_uint,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          This function performs an AES single-block encryption or"]
-    #[doc = "                 decryption operation."]
-    #[doc = ""]
-    #[doc = "                 It performs the operation defined in the \\p mode parameter"]
-    #[doc = "                 (encrypt or decrypt), on the input data buffer defined in"]
-    #[doc = "                 the \\p input parameter."]
-    #[doc = ""]
-    #[doc = "                 mbedtls_aes_init(), and either mbedtls_aes_setkey_enc() or"]
-    #[doc = "                 mbedtls_aes_setkey_dec() must be called before the first"]
-    #[doc = "                 call to this API with the same context."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The AES context to use for encryption or decryption."]
-    #[doc = "                 It must be initialized and bound to a key."]
-    #[doc = " \\param mode     The AES operation: #MBEDTLS_AES_ENCRYPT or"]
-    #[doc = "                 #MBEDTLS_AES_DECRYPT."]
-    #[doc = " \\param input    The buffer holding the input data."]
-    #[doc = "                 It must be readable and at least \\c 16 Bytes long."]
-    #[doc = " \\param output   The buffer where the output data will be written."]
-    #[doc = "                 It must be writeable and at least \\c 16 Bytes long."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    pub fn mbedtls_aes_crypt_ecb(
-        ctx: *mut mbedtls_aes_context,
-        mode: crate::c_types::c_int,
-        input: *const crate::c_types::c_uchar,
-        output: *mut crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief  This function performs an AES-CBC encryption or decryption operation"]
-    #[doc = "         on full blocks."]
-    #[doc = ""]
-    #[doc = "         It performs the operation defined in the \\p mode"]
-    #[doc = "         parameter (encrypt/decrypt), on the input data buffer defined in"]
-    #[doc = "         the \\p input parameter."]
-    #[doc = ""]
-    #[doc = "         It can be called as many times as needed, until all the input"]
-    #[doc = "         data is processed. mbedtls_aes_init(), and either"]
-    #[doc = "         mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called"]
-    #[doc = "         before the first call to this API with the same context."]
-    #[doc = ""]
-    #[doc = " \\note   This function operates on full blocks, that is, the input size"]
-    #[doc = "         must be a multiple of the AES block size of \\c 16 Bytes."]
-    #[doc = ""]
-    #[doc = " \\note   Upon exit, the content of the IV is updated so that you can"]
-    #[doc = "         call the same function again on the next"]
-    #[doc = "         block(s) of data and get the same result as if it was"]
-    #[doc = "         encrypted in one call. This allows a \"streaming\" usage."]
-    #[doc = "         If you need to retain the contents of the IV, you should"]
-    #[doc = "         either save it manually or use the cipher module instead."]
-    #[doc = ""]
-    #[doc = ""]
-    #[doc = " \\param ctx      The AES context to use for encryption or decryption."]
-    #[doc = "                 It must be initialized and bound to a key."]
-    #[doc = " \\param mode     The AES operation: #MBEDTLS_AES_ENCRYPT or"]
-    #[doc = "                 #MBEDTLS_AES_DECRYPT."]
-    #[doc = " \\param length   The length of the input data in Bytes. This must be a"]
-    #[doc = "                 multiple of the block size (\\c 16 Bytes)."]
-    #[doc = " \\param iv       Initialization vector (updated after use)."]
-    #[doc = "                 It must be a readable and writeable buffer of \\c 16 Bytes."]
-    #[doc = " \\param input    The buffer holding the input data."]
-    #[doc = "                 It must be readable and of size \\p length Bytes."]
-    #[doc = " \\param output   The buffer holding the output data."]
-    #[doc = "                 It must be writeable and of size \\p length Bytes."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH"]
-    #[doc = "                 on failure."]
-    pub fn mbedtls_aes_crypt_cbc(
-        ctx: *mut mbedtls_aes_context,
-        mode: crate::c_types::c_int,
-        length: size_t,
-        iv: *mut crate::c_types::c_uchar,
-        input: *const crate::c_types::c_uchar,
-        output: *mut crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief      This function performs an AES-XTS encryption or decryption"]
-    #[doc = "             operation for an entire XTS data unit."]
-    #[doc = ""]
-    #[doc = "             AES-XTS encrypts or decrypts blocks based on their location as"]
-    #[doc = "             defined by a data unit number. The data unit number must be"]
-    #[doc = "             provided by \\p data_unit."]
-    #[doc = ""]
-    #[doc = "             NIST SP 800-38E limits the maximum size of a data unit to 2^20"]
-    #[doc = "             AES blocks. If the data unit is larger than this, this function"]
-    #[doc = "             returns #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH."]
-    #[doc = ""]
-    #[doc = " \\param ctx          The AES XTS context to use for AES XTS operations."]
-    #[doc = "                     It must be initialized and bound to a key."]
-    #[doc = " \\param mode         The AES operation: #MBEDTLS_AES_ENCRYPT or"]
-    #[doc = "                     #MBEDTLS_AES_DECRYPT."]
-    #[doc = " \\param length       The length of a data unit in Bytes. This can be any"]
-    #[doc = "                     length between 16 bytes and 2^24 bytes inclusive"]
-    #[doc = "                     (between 1 and 2^20 block cipher blocks)."]
-    #[doc = " \\param data_unit    The address of the data unit encoded as an array of 16"]
-    #[doc = "                     bytes in little-endian format. For disk encryption, this"]
-    #[doc = "                     is typically the index of the block device sector that"]
-    #[doc = "                     contains the data."]
-    #[doc = " \\param input        The buffer holding the input data (which is an entire"]
-    #[doc = "                     data unit). This function reads \\p length Bytes from \\p"]
-    #[doc = "                     input."]
-    #[doc = " \\param output       The buffer holding the output data (which is an entire"]
-    #[doc = "                     data unit). This function writes \\p length Bytes to \\p"]
-    #[doc = "                     output."]
-    #[doc = ""]
-    #[doc = " \\return             \\c 0 on success."]
-    #[doc = " \\return             #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH if \\p length is"]
-    #[doc = "                     smaller than an AES block in size (16 Bytes) or if \\p"]
-    #[doc = "                     length is larger than 2^20 blocks (16 MiB)."]
-    pub fn mbedtls_aes_crypt_xts(
-        ctx: *mut mbedtls_aes_xts_context,
-        mode: crate::c_types::c_int,
-        length: size_t,
-        data_unit: *const crate::c_types::c_uchar,
-        input: *const crate::c_types::c_uchar,
-        output: *mut crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief This function performs an AES-CFB128 encryption or decryption"]
-    #[doc = "        operation."]
-    #[doc = ""]
-    #[doc = "        It performs the operation defined in the \\p mode"]
-    #[doc = "        parameter (encrypt or decrypt), on the input data buffer"]
-    #[doc = "        defined in the \\p input parameter."]
-    #[doc = ""]
-    #[doc = "        For CFB, you must set up the context with mbedtls_aes_setkey_enc(),"]
-    #[doc = "        regardless of whether you are performing an encryption or decryption"]
-    #[doc = "        operation, that is, regardless of the \\p mode parameter. This is"]
-    #[doc = "        because CFB mode uses the same key schedule for encryption and"]
-    #[doc = "        decryption."]
-    #[doc = ""]
-    #[doc = " \\note  Upon exit, the content of the IV is updated so that you can"]
-    #[doc = "        call the same function again on the next"]
-    #[doc = "        block(s) of data and get the same result as if it was"]
-    #[doc = "        encrypted in one call. This allows a \"streaming\" usage."]
-    #[doc = "        If you need to retain the contents of the"]
-    #[doc = "        IV, you must either save it manually or use the cipher"]
-    #[doc = "        module instead."]
-    #[doc = ""]
-    #[doc = ""]
-    #[doc = " \\param ctx      The AES context to use for encryption or decryption."]
-    #[doc = "                 It must be initialized and bound to a key."]
-    #[doc = " \\param mode     The AES operation: #MBEDTLS_AES_ENCRYPT or"]
-    #[doc = "                 #MBEDTLS_AES_DECRYPT."]
-    #[doc = " \\param length   The length of the input data in Bytes."]
-    #[doc = " \\param iv_off   The offset in IV (updated after use)."]
-    #[doc = "                 It must point to a valid \\c size_t."]
-    #[doc = " \\param iv       The initialization vector (updated after use)."]
-    #[doc = "                 It must be a readable and writeable buffer of \\c 16 Bytes."]
-    #[doc = " \\param input    The buffer holding the input data."]
-    #[doc = "                 It must be readable and of size \\p length Bytes."]
-    #[doc = " \\param output   The buffer holding the output data."]
-    #[doc = "                 It must be writeable and of size \\p length Bytes."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    pub fn mbedtls_aes_crypt_cfb128(
-        ctx: *mut mbedtls_aes_context,
-        mode: crate::c_types::c_int,
-        length: size_t,
-        iv_off: *mut size_t,
-        iv: *mut crate::c_types::c_uchar,
-        input: *const crate::c_types::c_uchar,
-        output: *mut crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief This function performs an AES-CFB8 encryption or decryption"]
-    #[doc = "        operation."]
-    #[doc = ""]
-    #[doc = "        It performs the operation defined in the \\p mode"]
-    #[doc = "        parameter (encrypt/decrypt), on the input data buffer defined"]
-    #[doc = "        in the \\p input parameter."]
-    #[doc = ""]
-    #[doc = "        Due to the nature of CFB, you must use the same key schedule for"]
-    #[doc = "        both encryption and decryption operations. Therefore, you must"]
-    #[doc = "        use the context initialized with mbedtls_aes_setkey_enc() for"]
-    #[doc = "        both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT."]
-    #[doc = ""]
-    #[doc = " \\note  Upon exit, the content of the IV is updated so that you can"]
-    #[doc = "        call the same function again on the next"]
-    #[doc = "        block(s) of data and get the same result as if it was"]
-    #[doc = "        encrypted in one call. This allows a \"streaming\" usage."]
-    #[doc = "        If you need to retain the contents of the"]
-    #[doc = "        IV, you should either save it manually or use the cipher"]
-    #[doc = "        module instead."]
-    #[doc = ""]
-    #[doc = ""]
-    #[doc = " \\param ctx      The AES context to use for encryption or decryption."]
-    #[doc = "                 It must be initialized and bound to a key."]
-    #[doc = " \\param mode     The AES operation: #MBEDTLS_AES_ENCRYPT or"]
-    #[doc = "                 #MBEDTLS_AES_DECRYPT"]
-    #[doc = " \\param length   The length of the input data."]
-    #[doc = " \\param iv       The initialization vector (updated after use)."]
-    #[doc = "                 It must be a readable and writeable buffer of \\c 16 Bytes."]
-    #[doc = " \\param input    The buffer holding the input data."]
-    #[doc = "                 It must be readable and of size \\p length Bytes."]
-    #[doc = " \\param output   The buffer holding the output data."]
-    #[doc = "                 It must be writeable and of size \\p length Bytes."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    pub fn mbedtls_aes_crypt_cfb8(
-        ctx: *mut mbedtls_aes_context,
-        mode: crate::c_types::c_int,
-        length: size_t,
-        iv: *mut crate::c_types::c_uchar,
-        input: *const crate::c_types::c_uchar,
-        output: *mut crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief       This function performs an AES-OFB (Output Feedback Mode)"]
-    #[doc = "              encryption or decryption operation."]
-    #[doc = ""]
-    #[doc = "              For OFB, you must set up the context with"]
-    #[doc = "              mbedtls_aes_setkey_enc(), regardless of whether you are"]
-    #[doc = "              performing an encryption or decryption operation. This is"]
-    #[doc = "              because OFB mode uses the same key schedule for encryption and"]
-    #[doc = "              decryption."]
-    #[doc = ""]
-    #[doc = "              The OFB operation is identical for encryption or decryption,"]
-    #[doc = "              therefore no operation mode needs to be specified."]
-    #[doc = ""]
-    #[doc = " \\note        Upon exit, the content of iv, the Initialisation Vector, is"]
-    #[doc = "              updated so that you can call the same function again on the next"]
-    #[doc = "              block(s) of data and get the same result as if it was encrypted"]
-    #[doc = "              in one call. This allows a \"streaming\" usage, by initialising"]
-    #[doc = "              iv_off to 0 before the first call, and preserving its value"]
-    #[doc = "              between calls."]
-    #[doc = ""]
-    #[doc = "              For non-streaming use, the iv should be initialised on each call"]
-    #[doc = "              to a unique value, and iv_off set to 0 on each call."]
-    #[doc = ""]
-    #[doc = "              If you need to retain the contents of the initialisation vector,"]
-    #[doc = "              you must either save it manually or use the cipher module"]
-    #[doc = "              instead."]
-    #[doc = ""]
-    #[doc = " \\warning     For the OFB mode, the initialisation vector must be unique"]
-    #[doc = "              every encryption operation. Reuse of an initialisation vector"]
-    #[doc = "              will compromise security."]
-    #[doc = ""]
-    #[doc = " \\param ctx      The AES context to use for encryption or decryption."]
-    #[doc = "                 It must be initialized and bound to a key."]
-    #[doc = " \\param length   The length of the input data."]
-    #[doc = " \\param iv_off   The offset in IV (updated after use)."]
-    #[doc = "                 It must point to a valid \\c size_t."]
-    #[doc = " \\param iv       The initialization vector (updated after use)."]
-    #[doc = "                 It must be a readable and writeable buffer of \\c 16 Bytes."]
-    #[doc = " \\param input    The buffer holding the input data."]
-    #[doc = "                 It must be readable and of size \\p length Bytes."]
-    #[doc = " \\param output   The buffer holding the output data."]
-    #[doc = "                 It must be writeable and of size \\p length Bytes."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    pub fn mbedtls_aes_crypt_ofb(
-        ctx: *mut mbedtls_aes_context,
-        length: size_t,
-        iv_off: *mut size_t,
-        iv: *mut crate::c_types::c_uchar,
-        input: *const crate::c_types::c_uchar,
-        output: *mut crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief      This function performs an AES-CTR encryption or decryption"]
-    #[doc = "             operation."]
-    #[doc = ""]
-    #[doc = "             Due to the nature of CTR, you must use the same key schedule"]
-    #[doc = "             for both encryption and decryption operations. Therefore, you"]
-    #[doc = "             must use the context initialized with mbedtls_aes_setkey_enc()"]
-    #[doc = "             for both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT."]
-    #[doc = ""]
-    #[doc = " \\warning    You must never reuse a nonce value with the same key. Doing so"]
-    #[doc = "             would void the encryption for the two messages encrypted with"]
-    #[doc = "             the same nonce and key."]
-    #[doc = ""]
-    #[doc = "             There are two common strategies for managing nonces with CTR:"]
-    #[doc = ""]
-    #[doc = "             1. You can handle everything as a single message processed over"]
-    #[doc = "             successive calls to this function. In that case, you want to"]
-    #[doc = "             set \\p nonce_counter and \\p nc_off to 0 for the first call, and"]
-    #[doc = "             then preserve the values of \\p nonce_counter, \\p nc_off and \\p"]
-    #[doc = "             stream_block across calls to this function as they will be"]
-    #[doc = "             updated by this function."]
-    #[doc = ""]
-    #[doc = "             With this strategy, you must not encrypt more than 2**128"]
-    #[doc = "             blocks of data with the same key."]
-    #[doc = ""]
-    #[doc = "             2. You can encrypt separate messages by dividing the \\p"]
-    #[doc = "             nonce_counter buffer in two areas: the first one used for a"]
-    #[doc = "             per-message nonce, handled by yourself, and the second one"]
-    #[doc = "             updated by this function internally."]
-    #[doc = ""]
-    #[doc = "             For example, you might reserve the first 12 bytes for the"]
-    #[doc = "             per-message nonce, and the last 4 bytes for internal use. In that"]
-    #[doc = "             case, before calling this function on a new message you need to"]
-    #[doc = "             set the first 12 bytes of \\p nonce_counter to your chosen nonce"]
-    #[doc = "             value, the last 4 to 0, and \\p nc_off to 0 (which will cause \\p"]
-    #[doc = "             stream_block to be ignored). That way, you can encrypt at most"]
-    #[doc = "             2**96 messages of up to 2**32 blocks each with the same key."]
-    #[doc = ""]
-    #[doc = "             The per-message nonce (or information sufficient to reconstruct"]
-    #[doc = "             it) needs to be communicated with the ciphertext and must be unique."]
-    #[doc = "             The recommended way to ensure uniqueness is to use a message"]
-    #[doc = "             counter. An alternative is to generate random nonces, but this"]
-    #[doc = "             limits the number of messages that can be securely encrypted:"]
-    #[doc = "             for example, with 96-bit random nonces, you should not encrypt"]
-    #[doc = "             more than 2**32 messages with the same key."]
-    #[doc = ""]
-    #[doc = "             Note that for both strategies, sizes are measured in blocks and"]
-    #[doc = "             that an AES block is 16 bytes."]
-    #[doc = ""]
-    #[doc = " \\warning    Upon return, \\p stream_block contains sensitive data. Its"]
-    #[doc = "             content must not be written to insecure storage and should be"]
-    #[doc = "             securely discarded as soon as it's no longer needed."]
-    #[doc = ""]
-    #[doc = " \\param ctx              The AES context to use for encryption or decryption."]
-    #[doc = "                         It must be initialized and bound to a key."]
-    #[doc = " \\param length           The length of the input data."]
-    #[doc = " \\param nc_off           The offset in the current \\p stream_block, for"]
-    #[doc = "                         resuming within the current cipher stream. The"]
-    #[doc = "                         offset pointer should be 0 at the start of a stream."]
-    #[doc = "                         It must point to a valid \\c size_t."]
-    #[doc = " \\param nonce_counter    The 128-bit nonce and counter."]
-    #[doc = "                         It must be a readable-writeable buffer of \\c 16 Bytes."]
-    #[doc = " \\param stream_block     The saved stream block for resuming. This is"]
-    #[doc = "                         overwritten by the function."]
-    #[doc = "                         It must be a readable-writeable buffer of \\c 16 Bytes."]
-    #[doc = " \\param input            The buffer holding the input data."]
-    #[doc = "                         It must be readable and of size \\p length Bytes."]
-    #[doc = " \\param output           The buffer holding the output data."]
-    #[doc = "                         It must be writeable and of size \\p length Bytes."]
-    #[doc = ""]
-    #[doc = " \\return                 \\c 0 on success."]
-    pub fn mbedtls_aes_crypt_ctr(
-        ctx: *mut mbedtls_aes_context,
-        length: size_t,
-        nc_off: *mut size_t,
-        nonce_counter: *mut crate::c_types::c_uchar,
-        stream_block: *mut crate::c_types::c_uchar,
-        input: *const crate::c_types::c_uchar,
-        output: *mut crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Internal AES block encryption function. This is only"]
-    #[doc = "                  exposed to allow overriding it using"]
-    #[doc = "                  \\c MBEDTLS_AES_ENCRYPT_ALT."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The AES context to use for encryption."]
-    #[doc = " \\param input     The plaintext block."]
-    #[doc = " \\param output    The output (ciphertext) block."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    pub fn mbedtls_internal_aes_encrypt(
-        ctx: *mut mbedtls_aes_context,
-        input: *const crate::c_types::c_uchar,
-        output: *mut crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief           Internal AES block decryption function. This is only"]
-    #[doc = "                  exposed to allow overriding it using see"]
-    #[doc = "                  \\c MBEDTLS_AES_DECRYPT_ALT."]
-    #[doc = ""]
-    #[doc = " \\param ctx       The AES context to use for decryption."]
-    #[doc = " \\param input     The ciphertext block."]
-    #[doc = " \\param output    The output (plaintext) block."]
-    #[doc = ""]
-    #[doc = " \\return          \\c 0 on success."]
-    pub fn mbedtls_internal_aes_decrypt(
-        ctx: *mut mbedtls_aes_context,
-        input: *const crate::c_types::c_uchar,
-        output: *mut crate::c_types::c_uchar,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief          Checkup routine."]
-    #[doc = ""]
-    #[doc = " \\return         \\c 0 on success."]
-    #[doc = " \\return         \\c 1 on failure."]
-    pub fn mbedtls_aes_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
-}
-#[doc = " \\brief          The CTR_DRBG context structure."]
-#[repr(C)]
-#[derive(Copy, Clone)]
-pub struct mbedtls_ctr_drbg_context {
-    pub private_counter: [crate::c_types::c_uchar; 16usize],
-    pub private_reseed_counter: crate::c_types::c_int,
-    pub private_prediction_resistance: crate::c_types::c_int,
-    pub private_entropy_len: size_t,
-    pub private_reseed_interval: crate::c_types::c_int,
-    pub private_aes_ctx: mbedtls_aes_context,
-    pub private_f_entropy: ::core::option::Option<
-        unsafe extern "C" fn(
-            arg1: *mut crate::c_types::c_void,
-            arg2: *mut crate::c_types::c_uchar,
-            arg3: size_t,
-        ) -> crate::c_types::c_int,
-    >,
-    pub private_p_entropy: *mut crate::c_types::c_void,
-}
-extern "C" {
-    #[doc = " \\brief               This function initializes the CTR_DRBG context,"]
-    #[doc = "                      and prepares it for mbedtls_ctr_drbg_seed()"]
-    #[doc = "                      or mbedtls_ctr_drbg_free()."]
-    #[doc = ""]
-    #[doc = " \\note                The reseed interval is"]
-    #[doc = "                      #MBEDTLS_CTR_DRBG_RESEED_INTERVAL by default."]
-    #[doc = "                      You can override it by calling"]
-    #[doc = "                      mbedtls_ctr_drbg_set_reseed_interval()."]
-    #[doc = ""]
-    #[doc = " \\param ctx           The CTR_DRBG context to initialize."]
-    pub fn mbedtls_ctr_drbg_init(ctx: *mut mbedtls_ctr_drbg_context);
-}
-extern "C" {
-    #[doc = " - The \\p custom string."]
-    #[doc = ""]
-    #[doc = " \\note                To achieve the nominal security strength permitted"]
-    #[doc = "                      by CTR_DRBG, the entropy length must be:"]
-    #[doc = "                      - at least 16 bytes for a 128-bit strength"]
-    #[doc = "                      (maximum achievable strength when using AES-128);"]
-    #[doc = "                      - at least 32 bytes for a 256-bit strength"]
-    #[doc = "                      (maximum achievable strength when using AES-256)."]
-    #[doc = ""]
-    #[doc = "                      In addition, if you do not pass a nonce in \\p custom,"]
-    #[doc = "                      the sum of the entropy length"]
-    #[doc = "                      and the entropy nonce length must be:"]
-    #[doc = "                      - at least 24 bytes for a 128-bit strength"]
-    #[doc = "                      (maximum achievable strength when using AES-128);"]
-    #[doc = "                      - at least 48 bytes for a 256-bit strength"]
-    #[doc = "                      (maximum achievable strength when using AES-256)."]
-    #[doc = ""]
-    #[doc = " \\param ctx           The CTR_DRBG context to seed."]
-    #[doc = "                      It must have been initialized with"]
-    #[doc = "                      mbedtls_ctr_drbg_init()."]
-    #[doc = "                      After a successful call to mbedtls_ctr_drbg_seed(),"]
-    #[doc = "                      you may not call mbedtls_ctr_drbg_seed() again on"]
-    #[doc = "                      the same context unless you call"]
-    #[doc = "                      mbedtls_ctr_drbg_free() and mbedtls_ctr_drbg_init()"]
-    #[doc = "                      again first."]
-    #[doc = "                      After a failed call to mbedtls_ctr_drbg_seed(),"]
-    #[doc = "                      you must call mbedtls_ctr_drbg_free()."]
-    #[doc = " \\param f_entropy     The entropy callback, taking as arguments the"]
-    #[doc = "                      \\p p_entropy context, the buffer to fill, and the"]
-    #[doc = "                      length of the buffer."]
-    #[doc = "                      \\p f_entropy is always called with a buffer size"]
-    #[doc = "                      less than or equal to the entropy length."]
-    #[doc = " \\param p_entropy     The entropy context to pass to \\p f_entropy."]
-    #[doc = " \\param custom        The personalization string."]
-    #[doc = "                      This can be \\c NULL, in which case the personalization"]
-    #[doc = "                      string is empty regardless of the value of \\p len."]
-    #[doc = " \\param len           The length of the personalization string."]
-    #[doc = "                      This must be at most"]
-    #[doc = "                      #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT"]
-    #[doc = "                      - #MBEDTLS_CTR_DRBG_ENTROPY_LEN."]
-    #[doc = ""]
-    #[doc = " \\return              \\c 0 on success."]
-    #[doc = " \\return              #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure."]
-    pub fn mbedtls_ctr_drbg_seed(
-        ctx: *mut mbedtls_ctr_drbg_context,
-        f_entropy: ::core::option::Option<
-            unsafe extern "C" fn(
-                arg1: *mut crate::c_types::c_void,
-                arg2: *mut crate::c_types::c_uchar,
-                arg3: size_t,
-            ) -> crate::c_types::c_int,
-        >,
-        p_entropy: *mut crate::c_types::c_void,
-        custom: *const crate::c_types::c_uchar,
-        len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief               This function resets CTR_DRBG context to the state immediately"]
-    #[doc = "                      after initial call of mbedtls_ctr_drbg_init()."]
-    #[doc = ""]
-    #[doc = " \\param ctx           The CTR_DRBG context to clear."]
-    pub fn mbedtls_ctr_drbg_free(ctx: *mut mbedtls_ctr_drbg_context);
-}
-extern "C" {
-    #[doc = " \\brief               This function turns prediction resistance on or off."]
-    #[doc = "                      The default value is off."]
-    #[doc = ""]
-    #[doc = " \\note                If enabled, entropy is gathered at the beginning of"]
-    #[doc = "                      every call to mbedtls_ctr_drbg_random_with_add()"]
-    #[doc = "                      or mbedtls_ctr_drbg_random()."]
-    #[doc = "                      Only use this if your entropy source has sufficient"]
-    #[doc = "                      throughput."]
-    #[doc = ""]
-    #[doc = " \\param ctx           The CTR_DRBG context."]
-    #[doc = " \\param resistance    #MBEDTLS_CTR_DRBG_PR_ON or #MBEDTLS_CTR_DRBG_PR_OFF."]
-    pub fn mbedtls_ctr_drbg_set_prediction_resistance(
-        ctx: *mut mbedtls_ctr_drbg_context,
-        resistance: crate::c_types::c_int,
-    );
-}
-extern "C" {
-    #[doc = " \\brief               This function sets the amount of entropy grabbed on each"]
-    #[doc = "                      seed or reseed."]
-    #[doc = ""]
-    #[doc = " The default value is #MBEDTLS_CTR_DRBG_ENTROPY_LEN."]
-    #[doc = ""]
-    #[doc = " \\note                The security strength of CTR_DRBG is bounded by the"]
-    #[doc = "                      entropy length. Thus:"]
-    #[doc = "                      - When using AES-256"]
-    #[doc = "                        (\\c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is disabled,"]
-    #[doc = "                        which is the default),"]
-    #[doc = "                        \\p len must be at least 32 (in bytes)"]
-    #[doc = "                        to achieve a 256-bit strength."]
-    #[doc = "                      - When using AES-128"]
-    #[doc = "                        (\\c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is enabled)"]
-    #[doc = "                        \\p len must be at least 16 (in bytes)"]
-    #[doc = "                        to achieve a 128-bit strength."]
-    #[doc = ""]
-    #[doc = " \\param ctx           The CTR_DRBG context."]
-    #[doc = " \\param len           The amount of entropy to grab, in bytes."]
-    #[doc = "                      This must be at most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT"]
-    #[doc = "                      and at most the maximum length accepted by the"]
-    #[doc = "                      entropy function that is set in the context."]
-    pub fn mbedtls_ctr_drbg_set_entropy_len(ctx: *mut mbedtls_ctr_drbg_context, len: size_t);
-}
-extern "C" {
-    #[doc = " \\brief               This function sets the amount of entropy grabbed"]
-    #[doc = "                      as a nonce for the initial seeding."]
-    #[doc = ""]
-    #[doc = " Call this function before calling mbedtls_ctr_drbg_seed() to read"]
-    #[doc = " a nonce from the entropy source during the initial seeding."]
-    #[doc = ""]
-    #[doc = " \\param ctx           The CTR_DRBG context."]
-    #[doc = " \\param len           The amount of entropy to grab for the nonce, in bytes."]
-    #[doc = "                      This must be at most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT"]
-    #[doc = "                      and at most the maximum length accepted by the"]
-    #[doc = "                      entropy function that is set in the context."]
-    #[doc = ""]
-    #[doc = " \\return              \\c 0 on success."]
-    #[doc = " \\return              #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if \\p len is"]
-    #[doc = "                      more than #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT."]
-    #[doc = " \\return              #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED"]
-    #[doc = "                      if the initial seeding has already taken place."]
-    pub fn mbedtls_ctr_drbg_set_nonce_len(
-        ctx: *mut mbedtls_ctr_drbg_context,
-        len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief               This function sets the reseed interval."]
-    #[doc = ""]
-    #[doc = " The reseed interval is the number of calls to mbedtls_ctr_drbg_random()"]
-    #[doc = " or mbedtls_ctr_drbg_random_with_add() after which the entropy function"]
-    #[doc = " is called again."]
-    #[doc = ""]
-    #[doc = " The default value is #MBEDTLS_CTR_DRBG_RESEED_INTERVAL."]
-    #[doc = ""]
-    #[doc = " \\param ctx           The CTR_DRBG context."]
-    #[doc = " \\param interval      The reseed interval."]
-    pub fn mbedtls_ctr_drbg_set_reseed_interval(
-        ctx: *mut mbedtls_ctr_drbg_context,
-        interval: crate::c_types::c_int,
-    );
-}
-extern "C" {
-    #[doc = " \\brief               This function reseeds the CTR_DRBG context, that is"]
-    #[doc = "                      extracts data from the entropy source."]
-    #[doc = ""]
-    #[doc = " \\note                This function is not thread-safe. It is not safe"]
-    #[doc = "                      to call this function if another thread might be"]
-    #[doc = "                      concurrently obtaining random numbers from the same"]
-    #[doc = "                      context or updating or reseeding the same context."]
-    #[doc = ""]
-    #[doc = " \\param ctx           The CTR_DRBG context."]
-    #[doc = " \\param additional    Additional data to add to the state. Can be \\c NULL."]
-    #[doc = " \\param len           The length of the additional data."]
-    #[doc = "                      This must be less than"]
-    #[doc = "                      #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - \\c entropy_len"]
-    #[doc = "                      where \\c entropy_len is the entropy length"]
-    #[doc = "                      configured for the context."]
-    #[doc = ""]
-    #[doc = " \\return              \\c 0 on success."]
-    #[doc = " \\return              #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure."]
-    pub fn mbedtls_ctr_drbg_reseed(
-        ctx: *mut mbedtls_ctr_drbg_context,
-        additional: *const crate::c_types::c_uchar,
-        len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief              This function updates the state of the CTR_DRBG context."]
-    #[doc = ""]
-    #[doc = " \\note                This function is not thread-safe. It is not safe"]
-    #[doc = "                      to call this function if another thread might be"]
-    #[doc = "                      concurrently obtaining random numbers from the same"]
-    #[doc = "                      context or updating or reseeding the same context."]
-    #[doc = ""]
-    #[doc = " \\param ctx          The CTR_DRBG context."]
-    #[doc = " \\param additional   The data to update the state with. This must not be"]
-    #[doc = "                     \\c NULL unless \\p add_len is \\c 0."]
-    #[doc = " \\param add_len      Length of \\p additional in bytes. This must be at"]
-    #[doc = "                     most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT."]
-    #[doc = ""]
-    #[doc = " \\return             \\c 0 on success."]
-    #[doc = " \\return             #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if"]
-    #[doc = "                     \\p add_len is more than"]
-    #[doc = "                     #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT."]
-    #[doc = " \\return             An error from the underlying AES cipher on failure."]
-    pub fn mbedtls_ctr_drbg_update(
-        ctx: *mut mbedtls_ctr_drbg_context,
-        additional: *const crate::c_types::c_uchar,
-        add_len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief   This function updates a CTR_DRBG instance with additional"]
-    #[doc = "          data and uses it to generate random data."]
-    #[doc = ""]
-    #[doc = " This function automatically reseeds if the reseed counter is exceeded"]
-    #[doc = " or prediction resistance is enabled."]
-    #[doc = ""]
-    #[doc = " \\note                This function is not thread-safe. It is not safe"]
-    #[doc = "                      to call this function if another thread might be"]
-    #[doc = "                      concurrently obtaining random numbers from the same"]
-    #[doc = "                      context or updating or reseeding the same context."]
-    #[doc = ""]
-    #[doc = " \\param p_rng         The CTR_DRBG context. This must be a pointer to a"]
-    #[doc = "                      #mbedtls_ctr_drbg_context structure."]
-    #[doc = " \\param output        The buffer to fill."]
-    #[doc = " \\param output_len    The length of the buffer in bytes."]
-    #[doc = " \\param additional    Additional data to update. Can be \\c NULL, in which"]
-    #[doc = "                      case the additional data is empty regardless of"]
-    #[doc = "                      the value of \\p add_len."]
-    #[doc = " \\param add_len       The length of the additional data"]
-    #[doc = "                      if \\p additional is not \\c NULL."]
-    #[doc = "                      This must be less than #MBEDTLS_CTR_DRBG_MAX_INPUT"]
-    #[doc = "                      and less than"]
-    #[doc = "                      #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - \\c entropy_len"]
-    #[doc = "                      where \\c entropy_len is the entropy length"]
-    #[doc = "                      configured for the context."]
-    #[doc = ""]
-    #[doc = " \\return    \\c 0 on success."]
-    #[doc = " \\return    #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or"]
-    #[doc = "            #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure."]
-    pub fn mbedtls_ctr_drbg_random_with_add(
-        p_rng: *mut crate::c_types::c_void,
-        output: *mut crate::c_types::c_uchar,
-        output_len: size_t,
-        additional: *const crate::c_types::c_uchar,
-        add_len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\param p_rng         The CTR_DRBG context. This must be a pointer to a"]
-    #[doc = "                      #mbedtls_ctr_drbg_context structure."]
-    #[doc = " \\param output        The buffer to fill."]
-    #[doc = " \\param output_len    The length of the buffer in bytes."]
-    #[doc = ""]
-    #[doc = " \\return              \\c 0 on success."]
-    #[doc = " \\return              #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or"]
-    #[doc = "                      #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure."]
-    pub fn mbedtls_ctr_drbg_random(
-        p_rng: *mut crate::c_types::c_void,
-        output: *mut crate::c_types::c_uchar,
-        output_len: size_t,
-    ) -> crate::c_types::c_int;
-}
-extern "C" {
-    #[doc = " \\brief               The CTR_DRBG checkup routine."]
-    #[doc = ""]
-    #[doc = " \\return              \\c 0 on success."]
-    #[doc = " \\return              \\c 1 on failure."]
-    pub fn mbedtls_ctr_drbg_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
-}
diff --git a/esp-mbedtls-sys/src/include/esp32.rs b/esp-mbedtls-sys/src/include/esp32.rs
new file mode 100644
index 0000000..34a5e23
--- /dev/null
+++ b/esp-mbedtls-sys/src/include/esp32.rs
@@ -0,0 +1,22631 @@
+/* automatically generated by rust-bindgen 0.68.1 */
+
+#![allow(
+    non_camel_case_types,
+    non_snake_case,
+    non_upper_case_globals,
+    dead_code
+)]
+
+#[repr(C)]
+#[derive(Copy, Clone, Debug, Default, Eq, Hash, Ord, PartialEq, PartialOrd)]
+pub struct __BindgenBitfieldUnit<Storage> {
+    storage: Storage,
+}
+impl<Storage> __BindgenBitfieldUnit<Storage> {
+    #[inline]
+    pub const fn new(storage: Storage) -> Self {
+        Self { storage }
+    }
+}
+impl<Storage> __BindgenBitfieldUnit<Storage>
+where
+    Storage: AsRef<[u8]> + AsMut<[u8]>,
+{
+    #[inline]
+    pub fn get_bit(&self, index: usize) -> bool {
+        debug_assert!(index / 8 < self.storage.as_ref().len());
+        let byte_index = index / 8;
+        let byte = self.storage.as_ref()[byte_index];
+        let bit_index = if cfg!(target_endian = "big") {
+            7 - (index % 8)
+        } else {
+            index % 8
+        };
+        let mask = 1 << bit_index;
+        byte & mask == mask
+    }
+    #[inline]
+    pub fn set_bit(&mut self, index: usize, val: bool) {
+        debug_assert!(index / 8 < self.storage.as_ref().len());
+        let byte_index = index / 8;
+        let byte = &mut self.storage.as_mut()[byte_index];
+        let bit_index = if cfg!(target_endian = "big") {
+            7 - (index % 8)
+        } else {
+            index % 8
+        };
+        let mask = 1 << bit_index;
+        if val {
+            *byte |= mask;
+        } else {
+            *byte &= !mask;
+        }
+    }
+    #[inline]
+    pub fn get(&self, bit_offset: usize, bit_width: u8) -> u64 {
+        debug_assert!(bit_width <= 64);
+        debug_assert!(bit_offset / 8 < self.storage.as_ref().len());
+        debug_assert!((bit_offset + (bit_width as usize)) / 8 <= self.storage.as_ref().len());
+        let mut val = 0;
+        for i in 0..(bit_width as usize) {
+            if self.get_bit(i + bit_offset) {
+                let index = if cfg!(target_endian = "big") {
+                    bit_width as usize - 1 - i
+                } else {
+                    i
+                };
+                val |= 1 << index;
+            }
+        }
+        val
+    }
+    #[inline]
+    pub fn set(&mut self, bit_offset: usize, bit_width: u8, val: u64) {
+        debug_assert!(bit_width <= 64);
+        debug_assert!(bit_offset / 8 < self.storage.as_ref().len());
+        debug_assert!((bit_offset + (bit_width as usize)) / 8 <= self.storage.as_ref().len());
+        for i in 0..(bit_width as usize) {
+            let mask = 1 << i;
+            let val_bit_is_set = val & mask == mask;
+            let index = if cfg!(target_endian = "big") {
+                bit_width as usize - 1 - i
+            } else {
+                i
+            };
+            self.set_bit(index + bit_offset, val_bit_is_set);
+        }
+    }
+}
+pub const MBEDTLS_CONFIG_FILE: &[u8; 9] = b"config.h\0";
+pub const MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT: u32 = 0;
+pub const MBEDTLS_SSL_MAX_EARLY_DATA_SIZE: u32 = 1024;
+pub const MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE: u32 = 6000;
+pub const MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH: u32 = 32;
+pub const MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS: u32 = 1;
+pub const MBEDTLS_VERSION_MAJOR: u32 = 3;
+pub const MBEDTLS_VERSION_MINOR: u32 = 4;
+pub const MBEDTLS_VERSION_PATCH: u32 = 0;
+pub const MBEDTLS_VERSION_NUMBER: u32 = 50593792;
+pub const MBEDTLS_VERSION_STRING: &[u8; 6] = b"3.4.0\0";
+pub const MBEDTLS_VERSION_STRING_FULL: &[u8; 15] = b"mbed TLS 3.4.0\0";
+pub const MBEDTLS_PSA_BUILTIN_ALG_CCM: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG: u32 = 1;
+pub const PSA_WANT_ALG_CCM: u32 = 1;
+pub const PSA_WANT_ALG_CCM_STAR_NO_TAG: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_CMAC: u32 = 1;
+pub const PSA_WANT_ALG_CMAC: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_ECDH: u32 = 1;
+pub const PSA_WANT_ALG_ECDH: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_ECDSA: u32 = 1;
+pub const PSA_WANT_ALG_ECDSA: u32 = 1;
+pub const PSA_WANT_ALG_ECDSA_ANY: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA: u32 = 1;
+pub const PSA_WANT_ALG_DETERMINISTIC_ECDSA: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_ECC_KEY_PAIR: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_GCM: u32 = 1;
+pub const PSA_WANT_ALG_GCM: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_HMAC: u32 = 1;
+pub const PSA_WANT_ALG_HMAC: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_HKDF: u32 = 1;
+pub const PSA_WANT_ALG_HKDF: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT: u32 = 1;
+pub const PSA_WANT_ALG_HKDF_EXTRACT: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND: u32 = 1;
+pub const PSA_WANT_ALG_HKDF_EXPAND: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF: u32 = 1;
+pub const PSA_WANT_ALG_TLS12_PRF: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS: u32 = 1;
+pub const PSA_WANT_ALG_TLS12_PSK_TO_MS: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_MD5: u32 = 1;
+pub const PSA_WANT_ALG_MD5: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_PAKE: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_JPAKE: u32 = 1;
+pub const PSA_WANT_ALG_JPAKE: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160: u32 = 1;
+pub const PSA_WANT_ALG_RIPEMD160: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT: u32 = 1;
+pub const PSA_WANT_ALG_RSA_PKCS1V15_CRYPT: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN: u32 = 1;
+pub const PSA_WANT_ALG_RSA_PKCS1V15_SIGN: u32 = 1;
+pub const PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP: u32 = 1;
+pub const PSA_WANT_ALG_RSA_OAEP: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS: u32 = 1;
+pub const PSA_WANT_ALG_RSA_PSS: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_RSA_KEY_PAIR: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_SHA_1: u32 = 1;
+pub const PSA_WANT_ALG_SHA_1: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_SHA_224: u32 = 1;
+pub const PSA_WANT_ALG_SHA_224: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_SHA_256: u32 = 1;
+pub const PSA_WANT_ALG_SHA_256: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_SHA_384: u32 = 1;
+pub const PSA_WANT_ALG_SHA_384: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_SHA_512: u32 = 1;
+pub const PSA_WANT_ALG_SHA_512: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_AES: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_ARIA: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_CAMELLIA: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_DES: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS: u32 = 1;
+pub const PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_CHACHA20: u32 = 1;
+pub const PSA_WANT_ALG_STREAM_CIPHER: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER: u32 = 1;
+pub const PSA_WANT_ALG_CHACHA20_POLY1305: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING: u32 = 1;
+pub const PSA_WANT_ALG_CBC_NO_PADDING: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7: u32 = 1;
+pub const PSA_WANT_ALG_CBC_PKCS7: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING: u32 = 1;
+pub const PSA_WANT_ALG_ECB_NO_PADDING: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_CFB: u32 = 1;
+pub const PSA_WANT_ALG_CFB: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_CTR: u32 = 1;
+pub const PSA_WANT_ALG_CTR: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_OFB: u32 = 1;
+pub const PSA_WANT_ALG_OFB: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256: u32 = 1;
+pub const PSA_HAVE_FULL_ECDSA: u32 = 1;
+pub const PSA_HAVE_FULL_JPAKE: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_DERIVE: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_PASSWORD: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_PASSWORD_HASH: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_RAW_DATA: u32 = 1;
+pub const _LIBC_LIMITS_H_: u32 = 1;
+pub const __NEWLIB_H__: u32 = 1;
+pub const _NEWLIB_VERSION_H__: u32 = 1;
+pub const _NEWLIB_VERSION: &[u8; 6] = b"3.3.0\0";
+pub const __NEWLIB__: u32 = 3;
+pub const __NEWLIB_MINOR__: u32 = 3;
+pub const __NEWLIB_PATCHLEVEL__: u32 = 0;
+pub const _WANT_IO_C99_FORMATS: u32 = 1;
+pub const _WANT_IO_LONG_LONG: u32 = 1;
+pub const _WANT_IO_POS_ARGS: u32 = 1;
+pub const _WANT_REENT_SMALL: u32 = 1;
+pub const _REENT_CHECK_VERIFY: u32 = 1;
+pub const _MB_LEN_MAX: u32 = 1;
+pub const _ICONV_ENABLED: u32 = 1;
+pub const HAVE_INITFINI_ARRAY: u32 = 1;
+pub const _ATEXIT_DYNAMIC_ALLOC: u32 = 1;
+pub const _HAVE_LONG_DOUBLE: u32 = 1;
+pub const _HAVE_CC_INHIBIT_LOOP_TO_LIBCALL: u32 = 1;
+pub const _LDBL_EQ_DBL: u32 = 1;
+pub const _FVWRITE_IN_STREAMIO: u32 = 1;
+pub const _FSEEK_OPTIMIZATION: u32 = 1;
+pub const _UNBUF_STREAM_OPT: u32 = 1;
+pub const _RETARGETABLE_LOCKING: u32 = 1;
+pub const _WANT_USE_LONG_TIME_T: u32 = 1;
+pub const _DEFAULT_SOURCE: u32 = 1;
+pub const _POSIX_SOURCE: u32 = 1;
+pub const _POSIX_C_SOURCE: u32 = 200809;
+pub const _ATFILE_SOURCE: u32 = 1;
+pub const __ATFILE_VISIBLE: u32 = 1;
+pub const __BSD_VISIBLE: u32 = 1;
+pub const __GNU_VISIBLE: u32 = 0;
+pub const __ISO_C_VISIBLE: u32 = 2011;
+pub const __LARGEFILE_VISIBLE: u32 = 0;
+pub const __MISC_VISIBLE: u32 = 1;
+pub const __POSIX_VISIBLE: u32 = 200809;
+pub const __SVID_VISIBLE: u32 = 1;
+pub const __XSI_VISIBLE: u32 = 0;
+pub const __SSP_FORTIFY_LEVEL: u32 = 0;
+pub const _POSIX_THREADS: u32 = 1;
+pub const _POSIX_TIMEOUTS: u32 = 1;
+pub const _POSIX_TIMERS: u32 = 1;
+pub const _POSIX_MONOTONIC_CLOCK: u32 = 200112;
+pub const _POSIX_CLOCK_SELECTION: u32 = 200112;
+pub const _UNIX98_THREAD_MUTEX_ATTRIBUTES: u32 = 1;
+pub const __have_longlong64: u32 = 1;
+pub const __have_long32: u32 = 1;
+pub const ___int8_t_defined: u32 = 1;
+pub const ___int16_t_defined: u32 = 1;
+pub const ___int32_t_defined: u32 = 1;
+pub const ___int64_t_defined: u32 = 1;
+pub const ___int_least8_t_defined: u32 = 1;
+pub const ___int_least16_t_defined: u32 = 1;
+pub const ___int_least32_t_defined: u32 = 1;
+pub const ___int_least64_t_defined: u32 = 1;
+pub const __GNUCLIKE_ASM: u32 = 3;
+pub const __GNUCLIKE___TYPEOF: u32 = 1;
+pub const __GNUCLIKE___OFFSETOF: u32 = 1;
+pub const __GNUCLIKE___SECTION: u32 = 1;
+pub const __GNUCLIKE_CTOR_SECTION_HANDLING: u32 = 1;
+pub const __GNUCLIKE_BUILTIN_CONSTANT_P: u32 = 1;
+pub const __GNUCLIKE_BUILTIN_VARARGS: u32 = 1;
+pub const __GNUCLIKE_BUILTIN_STDARG: u32 = 1;
+pub const __GNUCLIKE_BUILTIN_VAALIST: u32 = 1;
+pub const __GNUC_VA_LIST_COMPATIBILITY: u32 = 1;
+pub const __GNUCLIKE_BUILTIN_NEXT_ARG: u32 = 1;
+pub const __GNUCLIKE_BUILTIN_MEMCPY: u32 = 1;
+pub const __CC_SUPPORTS_INLINE: u32 = 1;
+pub const __CC_SUPPORTS___INLINE: u32 = 1;
+pub const __CC_SUPPORTS___INLINE__: u32 = 1;
+pub const __CC_SUPPORTS___FUNC__: u32 = 1;
+pub const __CC_SUPPORTS_WARNING: u32 = 1;
+pub const __CC_SUPPORTS_VARADIC_XXX: u32 = 1;
+pub const __CC_SUPPORTS_DYNAMIC_ARRAY_INIT: u32 = 1;
+pub const ARG_MAX: u32 = 4096;
+pub const CHILD_MAX: u32 = 40;
+pub const LINK_MAX: u32 = 32767;
+pub const MAX_CANON: u32 = 255;
+pub const MAX_INPUT: u32 = 255;
+pub const NAME_MAX: u32 = 255;
+pub const NGROUPS_MAX: u32 = 16;
+pub const OPEN_MAX: u32 = 64;
+pub const PATH_MAX: u32 = 1024;
+pub const PIPE_BUF: u32 = 512;
+pub const IOV_MAX: u32 = 1024;
+pub const BC_BASE_MAX: u32 = 99;
+pub const BC_DIM_MAX: u32 = 2048;
+pub const BC_SCALE_MAX: u32 = 99;
+pub const BC_STRING_MAX: u32 = 1000;
+pub const COLL_WEIGHTS_MAX: u32 = 0;
+pub const EXPR_NEST_MAX: u32 = 32;
+pub const LINE_MAX: u32 = 2048;
+pub const RE_DUP_MAX: u32 = 255;
+pub const MB_LEN_MAX: u32 = 1;
+pub const NL_ARGMAX: u32 = 32;
+pub const _POSIX2_RE_DUP_MAX: u32 = 255;
+pub const __int20: u32 = 2;
+pub const __int20__: u32 = 2;
+pub const __INT8: &[u8; 3] = b"hh\0";
+pub const __INT16: &[u8; 2] = b"h\0";
+pub const __INT64: &[u8; 3] = b"ll\0";
+pub const __FAST8: &[u8; 3] = b"hh\0";
+pub const __FAST16: &[u8; 2] = b"h\0";
+pub const __FAST64: &[u8; 3] = b"ll\0";
+pub const __LEAST8: &[u8; 3] = b"hh\0";
+pub const __LEAST16: &[u8; 2] = b"h\0";
+pub const __LEAST64: &[u8; 3] = b"ll\0";
+pub const __int8_t_defined: u32 = 1;
+pub const __int16_t_defined: u32 = 1;
+pub const __int32_t_defined: u32 = 1;
+pub const __int64_t_defined: u32 = 1;
+pub const __int_least8_t_defined: u32 = 1;
+pub const __int_least16_t_defined: u32 = 1;
+pub const __int_least32_t_defined: u32 = 1;
+pub const __int_least64_t_defined: u32 = 1;
+pub const __int_fast8_t_defined: u32 = 1;
+pub const __int_fast16_t_defined: u32 = 1;
+pub const __int_fast32_t_defined: u32 = 1;
+pub const __int_fast64_t_defined: u32 = 1;
+pub const WINT_MIN: u32 = 0;
+pub const MBEDTLS_ERR_MPI_FILE_IO_ERROR: i32 = -2;
+pub const MBEDTLS_ERR_MPI_BAD_INPUT_DATA: i32 = -4;
+pub const MBEDTLS_ERR_MPI_INVALID_CHARACTER: i32 = -6;
+pub const MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL: i32 = -8;
+pub const MBEDTLS_ERR_MPI_NEGATIVE_VALUE: i32 = -10;
+pub const MBEDTLS_ERR_MPI_DIVISION_BY_ZERO: i32 = -12;
+pub const MBEDTLS_ERR_MPI_NOT_ACCEPTABLE: i32 = -14;
+pub const MBEDTLS_ERR_MPI_ALLOC_FAILED: i32 = -16;
+pub const MBEDTLS_MPI_MAX_LIMBS: u32 = 10000;
+pub const MBEDTLS_MPI_WINDOW_SIZE: u32 = 2;
+pub const MBEDTLS_MPI_MAX_SIZE: u32 = 1024;
+pub const MBEDTLS_MPI_MAX_BITS: u32 = 8192;
+pub const MBEDTLS_MPI_MAX_BITS_SCALE100: u32 = 819200;
+pub const MBEDTLS_LN_2_DIV_LN_10_SCALE100: u32 = 332;
+pub const MBEDTLS_MPI_RW_BUFFER_SIZE: u32 = 2484;
+pub const MBEDTLS_ERR_ECP_BAD_INPUT_DATA: i32 = -20352;
+pub const MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL: i32 = -20224;
+pub const MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE: i32 = -20096;
+pub const MBEDTLS_ERR_ECP_VERIFY_FAILED: i32 = -19968;
+pub const MBEDTLS_ERR_ECP_ALLOC_FAILED: i32 = -19840;
+pub const MBEDTLS_ERR_ECP_RANDOM_FAILED: i32 = -19712;
+pub const MBEDTLS_ERR_ECP_INVALID_KEY: i32 = -19584;
+pub const MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH: i32 = -19456;
+pub const MBEDTLS_ERR_ECP_IN_PROGRESS: i32 = -19200;
+pub const MBEDTLS_ECP_DP_MAX: u32 = 14;
+pub const MBEDTLS_ECP_WINDOW_SIZE: u32 = 4;
+pub const MBEDTLS_ECP_FIXED_POINT_OPTIM: u32 = 1;
+pub const MBEDTLS_ECP_MAX_BITS: u32 = 521;
+pub const MBEDTLS_ECP_MAX_BYTES: u32 = 66;
+pub const MBEDTLS_ECP_MAX_PT_LEN: u32 = 133;
+pub const MBEDTLS_ECP_PF_UNCOMPRESSED: u32 = 0;
+pub const MBEDTLS_ECP_PF_COMPRESSED: u32 = 1;
+pub const MBEDTLS_ECP_TLS_NAMED_CURVE: u32 = 3;
+pub const MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE: i32 = -20608;
+pub const MBEDTLS_ERR_MD_BAD_INPUT_DATA: i32 = -20736;
+pub const MBEDTLS_ERR_MD_ALLOC_FAILED: i32 = -20864;
+pub const MBEDTLS_ERR_MD_FILE_IO_ERROR: i32 = -20992;
+pub const MBEDTLS_MD_MAX_SIZE: u32 = 64;
+pub const MBEDTLS_MD_MAX_BLOCK_SIZE: u32 = 128;
+pub const MBEDTLS_ERR_RSA_BAD_INPUT_DATA: i32 = -16512;
+pub const MBEDTLS_ERR_RSA_INVALID_PADDING: i32 = -16640;
+pub const MBEDTLS_ERR_RSA_KEY_GEN_FAILED: i32 = -16768;
+pub const MBEDTLS_ERR_RSA_KEY_CHECK_FAILED: i32 = -16896;
+pub const MBEDTLS_ERR_RSA_PUBLIC_FAILED: i32 = -17024;
+pub const MBEDTLS_ERR_RSA_PRIVATE_FAILED: i32 = -17152;
+pub const MBEDTLS_ERR_RSA_VERIFY_FAILED: i32 = -17280;
+pub const MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE: i32 = -17408;
+pub const MBEDTLS_ERR_RSA_RNG_FAILED: i32 = -17536;
+pub const MBEDTLS_RSA_PKCS_V15: u32 = 0;
+pub const MBEDTLS_RSA_PKCS_V21: u32 = 1;
+pub const MBEDTLS_RSA_SIGN: u32 = 1;
+pub const MBEDTLS_RSA_CRYPT: u32 = 2;
+pub const MBEDTLS_RSA_SALT_LEN_ANY: i32 = -1;
+pub const MBEDTLS_ERR_PK_ALLOC_FAILED: i32 = -16256;
+pub const MBEDTLS_ERR_PK_TYPE_MISMATCH: i32 = -16128;
+pub const MBEDTLS_ERR_PK_BAD_INPUT_DATA: i32 = -16000;
+pub const MBEDTLS_ERR_PK_FILE_IO_ERROR: i32 = -15872;
+pub const MBEDTLS_ERR_PK_KEY_INVALID_VERSION: i32 = -15744;
+pub const MBEDTLS_ERR_PK_KEY_INVALID_FORMAT: i32 = -15616;
+pub const MBEDTLS_ERR_PK_UNKNOWN_PK_ALG: i32 = -15488;
+pub const MBEDTLS_ERR_PK_PASSWORD_REQUIRED: i32 = -15360;
+pub const MBEDTLS_ERR_PK_PASSWORD_MISMATCH: i32 = -15232;
+pub const MBEDTLS_ERR_PK_INVALID_PUBKEY: i32 = -15104;
+pub const MBEDTLS_ERR_PK_INVALID_ALG: i32 = -14976;
+pub const MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE: i32 = -14848;
+pub const MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE: i32 = -14720;
+pub const MBEDTLS_ERR_PK_SIG_LEN_MISMATCH: i32 = -14592;
+pub const MBEDTLS_ERR_PK_BUFFER_TOO_SMALL: i32 = -14464;
+pub const MBEDTLS_PK_SIGNATURE_MAX_SIZE: u32 = 0;
+pub const MBEDTLS_PK_DEBUG_MAX_ITEMS: u32 = 3;
+pub const MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE: i32 = -24704;
+pub const MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA: i32 = -24832;
+pub const MBEDTLS_ERR_CIPHER_ALLOC_FAILED: i32 = -24960;
+pub const MBEDTLS_ERR_CIPHER_INVALID_PADDING: i32 = -25088;
+pub const MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED: i32 = -25216;
+pub const MBEDTLS_ERR_CIPHER_AUTH_FAILED: i32 = -25344;
+pub const MBEDTLS_ERR_CIPHER_INVALID_CONTEXT: i32 = -25472;
+pub const MBEDTLS_CIPHER_VARIABLE_IV_LEN: u32 = 1;
+pub const MBEDTLS_CIPHER_VARIABLE_KEY_LEN: u32 = 2;
+pub const MBEDTLS_MAX_IV_LENGTH: u32 = 16;
+pub const MBEDTLS_MAX_BLOCK_LENGTH: u32 = 16;
+pub const MBEDTLS_MAX_KEY_LENGTH: u32 = 64;
+pub const MBEDTLS_TLS_RSA_WITH_NULL_MD5: u32 = 1;
+pub const MBEDTLS_TLS_RSA_WITH_NULL_SHA: u32 = 2;
+pub const MBEDTLS_TLS_PSK_WITH_NULL_SHA: u32 = 44;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA: u32 = 45;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA: u32 = 46;
+pub const MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA: u32 = 47;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA: u32 = 51;
+pub const MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA: u32 = 53;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA: u32 = 57;
+pub const MBEDTLS_TLS_RSA_WITH_NULL_SHA256: u32 = 59;
+pub const MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256: u32 = 60;
+pub const MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256: u32 = 61;
+pub const MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: u32 = 65;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: u32 = 69;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: u32 = 103;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: u32 = 107;
+pub const MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: u32 = 132;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: u32 = 136;
+pub const MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA: u32 = 140;
+pub const MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA: u32 = 141;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA: u32 = 144;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA: u32 = 145;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA: u32 = 148;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA: u32 = 149;
+pub const MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256: u32 = 156;
+pub const MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384: u32 = 157;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: u32 = 158;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: u32 = 159;
+pub const MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256: u32 = 168;
+pub const MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384: u32 = 169;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256: u32 = 170;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384: u32 = 171;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256: u32 = 172;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384: u32 = 173;
+pub const MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256: u32 = 174;
+pub const MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384: u32 = 175;
+pub const MBEDTLS_TLS_PSK_WITH_NULL_SHA256: u32 = 176;
+pub const MBEDTLS_TLS_PSK_WITH_NULL_SHA384: u32 = 177;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256: u32 = 178;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384: u32 = 179;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256: u32 = 180;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384: u32 = 181;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256: u32 = 182;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384: u32 = 183;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256: u32 = 184;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384: u32 = 185;
+pub const MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256: u32 = 186;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256: u32 = 190;
+pub const MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256: u32 = 192;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256: u32 = 196;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA: u32 = 49153;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: u32 = 49156;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: u32 = 49157;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA: u32 = 49158;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: u32 = 49161;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: u32 = 49162;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA: u32 = 49163;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: u32 = 49166;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: u32 = 49167;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA: u32 = 49168;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: u32 = 49171;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: u32 = 49172;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: u32 = 49187;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: u32 = 49188;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256: u32 = 49189;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384: u32 = 49190;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: u32 = 49191;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: u32 = 49192;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256: u32 = 49193;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384: u32 = 49194;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: u32 = 49195;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: u32 = 49196;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256: u32 = 49197;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384: u32 = 49198;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: u32 = 49199;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: u32 = 49200;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256: u32 = 49201;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384: u32 = 49202;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA: u32 = 49205;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA: u32 = 49206;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256: u32 = 49207;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384: u32 = 49208;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA: u32 = 49209;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256: u32 = 49210;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384: u32 = 49211;
+pub const MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256: u32 = 49212;
+pub const MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384: u32 = 49213;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256: u32 = 49220;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384: u32 = 49221;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256: u32 = 49224;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384: u32 = 49225;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256: u32 = 49226;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384: u32 = 49227;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256: u32 = 49228;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384: u32 = 49229;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256: u32 = 49230;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384: u32 = 49231;
+pub const MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256: u32 = 49232;
+pub const MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384: u32 = 49233;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256: u32 = 49234;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384: u32 = 49235;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256: u32 = 49244;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384: u32 = 49245;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256: u32 = 49246;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384: u32 = 49247;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256: u32 = 49248;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384: u32 = 49249;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256: u32 = 49250;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384: u32 = 49251;
+pub const MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256: u32 = 49252;
+pub const MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384: u32 = 49253;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256: u32 = 49254;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384: u32 = 49255;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256: u32 = 49256;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384: u32 = 49257;
+pub const MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256: u32 = 49258;
+pub const MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384: u32 = 49259;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256: u32 = 49260;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384: u32 = 49261;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256: u32 = 49262;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384: u32 = 49263;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256: u32 = 49264;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384: u32 = 49265;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256: u32 = 49266;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384: u32 = 49267;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256: u32 = 49268;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384: u32 = 49269;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256: u32 = 49270;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384: u32 = 49271;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256: u32 = 49272;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384: u32 = 49273;
+pub const MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256: u32 = 49274;
+pub const MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384: u32 = 49275;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256: u32 = 49276;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384: u32 = 49277;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256: u32 = 49286;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384: u32 = 49287;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256: u32 = 49288;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384: u32 = 49289;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256: u32 = 49290;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384: u32 = 49291;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256: u32 = 49292;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384: u32 = 49293;
+pub const MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256: u32 = 49294;
+pub const MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384: u32 = 49295;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256: u32 = 49296;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384: u32 = 49297;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256: u32 = 49298;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384: u32 = 49299;
+pub const MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256: u32 = 49300;
+pub const MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384: u32 = 49301;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256: u32 = 49302;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384: u32 = 49303;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256: u32 = 49304;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384: u32 = 49305;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256: u32 = 49306;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384: u32 = 49307;
+pub const MBEDTLS_TLS_RSA_WITH_AES_128_CCM: u32 = 49308;
+pub const MBEDTLS_TLS_RSA_WITH_AES_256_CCM: u32 = 49309;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM: u32 = 49310;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM: u32 = 49311;
+pub const MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8: u32 = 49312;
+pub const MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8: u32 = 49313;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8: u32 = 49314;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8: u32 = 49315;
+pub const MBEDTLS_TLS_PSK_WITH_AES_128_CCM: u32 = 49316;
+pub const MBEDTLS_TLS_PSK_WITH_AES_256_CCM: u32 = 49317;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM: u32 = 49318;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM: u32 = 49319;
+pub const MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8: u32 = 49320;
+pub const MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8: u32 = 49321;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8: u32 = 49322;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8: u32 = 49323;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM: u32 = 49324;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM: u32 = 49325;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8: u32 = 49326;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8: u32 = 49327;
+pub const MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8: u32 = 49407;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: u32 = 52392;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: u32 = 52393;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256: u32 = 52394;
+pub const MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256: u32 = 52395;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256: u32 = 52396;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256: u32 = 52397;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256: u32 = 52398;
+pub const MBEDTLS_TLS1_3_AES_128_GCM_SHA256: u32 = 4865;
+pub const MBEDTLS_TLS1_3_AES_256_GCM_SHA384: u32 = 4866;
+pub const MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256: u32 = 4867;
+pub const MBEDTLS_TLS1_3_AES_128_CCM_SHA256: u32 = 4868;
+pub const MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256: u32 = 4869;
+pub const MBEDTLS_CIPHERSUITE_WEAK: u32 = 1;
+pub const MBEDTLS_CIPHERSUITE_SHORT_TAG: u32 = 2;
+pub const MBEDTLS_CIPHERSUITE_NODTLS: u32 = 4;
+pub const PSA_CRYPTO_API_VERSION_MAJOR: u32 = 1;
+pub const PSA_CRYPTO_API_VERSION_MINOR: u32 = 0;
+pub const PSA_MAC_TRUNCATION_OFFSET: u32 = 16;
+pub const PSA_AEAD_TAG_LENGTH_OFFSET: u32 = 16;
+pub const PSA_HASH_MAX_SIZE: u32 = 64;
+pub const PSA_HMAC_MAX_HASH_BLOCK_SIZE: u32 = 128;
+pub const PSA_MAC_MAX_SIZE: u32 = 64;
+pub const PSA_AEAD_TAG_MAX_SIZE: u32 = 16;
+pub const PSA_VENDOR_RSA_MAX_KEY_BITS: u32 = 4096;
+pub const PSA_VENDOR_ECC_MAX_CURVE_BITS: u32 = 521;
+pub const PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE: u32 = 128;
+pub const PSA_TLS12_ECJPAKE_TO_PMS_INPUT_SIZE: u32 = 65;
+pub const PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE: u32 = 32;
+pub const PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE: u32 = 16;
+pub const PSA_AEAD_NONCE_MAX_SIZE: u32 = 13;
+pub const PSA_AEAD_FINISH_OUTPUT_MAX_SIZE: u32 = 16;
+pub const PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE: u32 = 16;
+pub const PSA_CIPHER_IV_MAX_SIZE: u32 = 16;
+pub const PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE: u32 = 16;
+pub const MBEDTLS_AES_BLOCK_SIZE: u32 = 16;
+pub const MBEDTLS_DES3_BLOCK_SIZE: u32 = 8;
+pub const MBEDTLS_CIPHER_BLKSIZE_MAX: u32 = 16;
+pub const MBEDTLS_GCM_ENCRYPT: u32 = 1;
+pub const MBEDTLS_GCM_DECRYPT: u32 = 0;
+pub const MBEDTLS_ERR_GCM_AUTH_FAILED: i32 = -18;
+pub const MBEDTLS_ERR_GCM_BAD_INPUT: i32 = -20;
+pub const MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL: i32 = -22;
+pub const MBEDTLS_CCM_DECRYPT: u32 = 0;
+pub const MBEDTLS_CCM_ENCRYPT: u32 = 1;
+pub const MBEDTLS_CCM_STAR_DECRYPT: u32 = 2;
+pub const MBEDTLS_CCM_STAR_ENCRYPT: u32 = 3;
+pub const MBEDTLS_ERR_CCM_BAD_INPUT: i32 = -13;
+pub const MBEDTLS_ERR_CCM_AUTH_FAILED: i32 = -15;
+pub const MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA: i32 = -87;
+pub const MBEDTLS_ERR_CHACHAPOLY_BAD_STATE: i32 = -84;
+pub const MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED: i32 = -86;
+pub const MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA: i32 = -81;
+pub const MBEDTLS_ERR_SHA1_BAD_INPUT_DATA: i32 = -115;
+pub const MBEDTLS_ERR_SHA256_BAD_INPUT_DATA: i32 = -116;
+pub const MBEDTLS_ERR_SHA512_BAD_INPUT_DATA: i32 = -117;
+pub const MBEDTLS_PSA_BUILTIN_CIPHER: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_AEAD: u32 = 1;
+pub const MBEDTLS_PSA_JPAKE_BUFFER_SIZE: u32 = 336;
+pub const PSA_MAX_KEY_BITS: u32 = 65528;
+pub const MBEDTLS_PSA_KA_MASK_DUAL_USE: u32 = 0;
+pub const PSA_CRYPTO_ITS_RANDOM_SEED_UID: u32 = 4294967122;
+pub const MBEDTLS_PSA_KEY_SLOT_COUNT: u32 = 32;
+pub const PSA_PAKE_OPERATION_STAGE_SETUP: u32 = 0;
+pub const PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS: u32 = 1;
+pub const PSA_PAKE_OPERATION_STAGE_COMPUTATION: u32 = 2;
+pub const PSA_PAKE_OUTPUT_MAX_SIZE: u32 = 65;
+pub const PSA_PAKE_INPUT_MAX_SIZE: u32 = 65;
+pub const MBEDTLS_ERR_ASN1_OUT_OF_DATA: i32 = -96;
+pub const MBEDTLS_ERR_ASN1_UNEXPECTED_TAG: i32 = -98;
+pub const MBEDTLS_ERR_ASN1_INVALID_LENGTH: i32 = -100;
+pub const MBEDTLS_ERR_ASN1_LENGTH_MISMATCH: i32 = -102;
+pub const MBEDTLS_ERR_ASN1_INVALID_DATA: i32 = -104;
+pub const MBEDTLS_ERR_ASN1_ALLOC_FAILED: i32 = -106;
+pub const MBEDTLS_ERR_ASN1_BUF_TOO_SMALL: i32 = -108;
+pub const MBEDTLS_ASN1_BOOLEAN: u32 = 1;
+pub const MBEDTLS_ASN1_INTEGER: u32 = 2;
+pub const MBEDTLS_ASN1_BIT_STRING: u32 = 3;
+pub const MBEDTLS_ASN1_OCTET_STRING: u32 = 4;
+pub const MBEDTLS_ASN1_NULL: u32 = 5;
+pub const MBEDTLS_ASN1_OID: u32 = 6;
+pub const MBEDTLS_ASN1_ENUMERATED: u32 = 10;
+pub const MBEDTLS_ASN1_UTF8_STRING: u32 = 12;
+pub const MBEDTLS_ASN1_SEQUENCE: u32 = 16;
+pub const MBEDTLS_ASN1_SET: u32 = 17;
+pub const MBEDTLS_ASN1_PRINTABLE_STRING: u32 = 19;
+pub const MBEDTLS_ASN1_T61_STRING: u32 = 20;
+pub const MBEDTLS_ASN1_IA5_STRING: u32 = 22;
+pub const MBEDTLS_ASN1_UTC_TIME: u32 = 23;
+pub const MBEDTLS_ASN1_GENERALIZED_TIME: u32 = 24;
+pub const MBEDTLS_ASN1_UNIVERSAL_STRING: u32 = 28;
+pub const MBEDTLS_ASN1_BMP_STRING: u32 = 30;
+pub const MBEDTLS_ASN1_PRIMITIVE: u32 = 0;
+pub const MBEDTLS_ASN1_CONSTRUCTED: u32 = 32;
+pub const MBEDTLS_ASN1_CONTEXT_SPECIFIC: u32 = 128;
+pub const MBEDTLS_ASN1_TAG_CLASS_MASK: u32 = 192;
+pub const MBEDTLS_ASN1_TAG_PC_MASK: u32 = 32;
+pub const MBEDTLS_ASN1_TAG_VALUE_MASK: u32 = 31;
+pub const MBEDTLS_X509_MAX_INTERMEDIATE_CA: u32 = 8;
+pub const MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE: i32 = -8320;
+pub const MBEDTLS_ERR_X509_UNKNOWN_OID: i32 = -8448;
+pub const MBEDTLS_ERR_X509_INVALID_FORMAT: i32 = -8576;
+pub const MBEDTLS_ERR_X509_INVALID_VERSION: i32 = -8704;
+pub const MBEDTLS_ERR_X509_INVALID_SERIAL: i32 = -8832;
+pub const MBEDTLS_ERR_X509_INVALID_ALG: i32 = -8960;
+pub const MBEDTLS_ERR_X509_INVALID_NAME: i32 = -9088;
+pub const MBEDTLS_ERR_X509_INVALID_DATE: i32 = -9216;
+pub const MBEDTLS_ERR_X509_INVALID_SIGNATURE: i32 = -9344;
+pub const MBEDTLS_ERR_X509_INVALID_EXTENSIONS: i32 = -9472;
+pub const MBEDTLS_ERR_X509_UNKNOWN_VERSION: i32 = -9600;
+pub const MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG: i32 = -9728;
+pub const MBEDTLS_ERR_X509_SIG_MISMATCH: i32 = -9856;
+pub const MBEDTLS_ERR_X509_CERT_VERIFY_FAILED: i32 = -9984;
+pub const MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT: i32 = -10112;
+pub const MBEDTLS_ERR_X509_BAD_INPUT_DATA: i32 = -10240;
+pub const MBEDTLS_ERR_X509_ALLOC_FAILED: i32 = -10368;
+pub const MBEDTLS_ERR_X509_FILE_IO_ERROR: i32 = -10496;
+pub const MBEDTLS_ERR_X509_BUFFER_TOO_SMALL: i32 = -10624;
+pub const MBEDTLS_ERR_X509_FATAL_ERROR: i32 = -12288;
+pub const MBEDTLS_X509_BADCERT_EXPIRED: u32 = 1;
+pub const MBEDTLS_X509_BADCERT_REVOKED: u32 = 2;
+pub const MBEDTLS_X509_BADCERT_CN_MISMATCH: u32 = 4;
+pub const MBEDTLS_X509_BADCERT_NOT_TRUSTED: u32 = 8;
+pub const MBEDTLS_X509_BADCRL_NOT_TRUSTED: u32 = 16;
+pub const MBEDTLS_X509_BADCRL_EXPIRED: u32 = 32;
+pub const MBEDTLS_X509_BADCERT_MISSING: u32 = 64;
+pub const MBEDTLS_X509_BADCERT_SKIP_VERIFY: u32 = 128;
+pub const MBEDTLS_X509_BADCERT_OTHER: u32 = 256;
+pub const MBEDTLS_X509_BADCERT_FUTURE: u32 = 512;
+pub const MBEDTLS_X509_BADCRL_FUTURE: u32 = 1024;
+pub const MBEDTLS_X509_BADCERT_KEY_USAGE: u32 = 2048;
+pub const MBEDTLS_X509_BADCERT_EXT_KEY_USAGE: u32 = 4096;
+pub const MBEDTLS_X509_BADCERT_NS_CERT_TYPE: u32 = 8192;
+pub const MBEDTLS_X509_BADCERT_BAD_MD: u32 = 16384;
+pub const MBEDTLS_X509_BADCERT_BAD_PK: u32 = 32768;
+pub const MBEDTLS_X509_BADCERT_BAD_KEY: u32 = 65536;
+pub const MBEDTLS_X509_BADCRL_BAD_MD: u32 = 131072;
+pub const MBEDTLS_X509_BADCRL_BAD_PK: u32 = 262144;
+pub const MBEDTLS_X509_BADCRL_BAD_KEY: u32 = 524288;
+pub const MBEDTLS_X509_SAN_OTHER_NAME: u32 = 0;
+pub const MBEDTLS_X509_SAN_RFC822_NAME: u32 = 1;
+pub const MBEDTLS_X509_SAN_DNS_NAME: u32 = 2;
+pub const MBEDTLS_X509_SAN_X400_ADDRESS_NAME: u32 = 3;
+pub const MBEDTLS_X509_SAN_DIRECTORY_NAME: u32 = 4;
+pub const MBEDTLS_X509_SAN_EDI_PARTY_NAME: u32 = 5;
+pub const MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER: u32 = 6;
+pub const MBEDTLS_X509_SAN_IP_ADDRESS: u32 = 7;
+pub const MBEDTLS_X509_SAN_REGISTERED_ID: u32 = 8;
+pub const MBEDTLS_X509_KU_DIGITAL_SIGNATURE: u32 = 128;
+pub const MBEDTLS_X509_KU_NON_REPUDIATION: u32 = 64;
+pub const MBEDTLS_X509_KU_KEY_ENCIPHERMENT: u32 = 32;
+pub const MBEDTLS_X509_KU_DATA_ENCIPHERMENT: u32 = 16;
+pub const MBEDTLS_X509_KU_KEY_AGREEMENT: u32 = 8;
+pub const MBEDTLS_X509_KU_KEY_CERT_SIGN: u32 = 4;
+pub const MBEDTLS_X509_KU_CRL_SIGN: u32 = 2;
+pub const MBEDTLS_X509_KU_ENCIPHER_ONLY: u32 = 1;
+pub const MBEDTLS_X509_KU_DECIPHER_ONLY: u32 = 32768;
+pub const MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT: u32 = 128;
+pub const MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER: u32 = 64;
+pub const MBEDTLS_X509_NS_CERT_TYPE_EMAIL: u32 = 32;
+pub const MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING: u32 = 16;
+pub const MBEDTLS_X509_NS_CERT_TYPE_RESERVED: u32 = 8;
+pub const MBEDTLS_X509_NS_CERT_TYPE_SSL_CA: u32 = 4;
+pub const MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA: u32 = 2;
+pub const MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA: u32 = 1;
+pub const MBEDTLS_X509_FORMAT_DER: u32 = 1;
+pub const MBEDTLS_X509_FORMAT_PEM: u32 = 2;
+pub const MBEDTLS_X509_MAX_DN_NAME_SIZE: u32 = 256;
+pub const MBEDTLS_X509_CRT_VERSION_1: u32 = 0;
+pub const MBEDTLS_X509_CRT_VERSION_2: u32 = 1;
+pub const MBEDTLS_X509_CRT_VERSION_3: u32 = 2;
+pub const MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN: u32 = 20;
+pub const MBEDTLS_X509_RFC5280_UTC_TIME_LEN: u32 = 15;
+pub const MBEDTLS_X509_MAX_FILE_PATH_LEN: u32 = 512;
+pub const MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE: u32 = 10;
+pub const MBEDTLS_ERR_DHM_BAD_INPUT_DATA: i32 = -12416;
+pub const MBEDTLS_ERR_DHM_READ_PARAMS_FAILED: i32 = -12544;
+pub const MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED: i32 = -12672;
+pub const MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED: i32 = -12800;
+pub const MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED: i32 = -12928;
+pub const MBEDTLS_ERR_DHM_CALC_SECRET_FAILED: i32 = -13056;
+pub const MBEDTLS_ERR_DHM_INVALID_FORMAT: i32 = -13184;
+pub const MBEDTLS_ERR_DHM_ALLOC_FAILED: i32 = -13312;
+pub const MBEDTLS_ERR_DHM_FILE_IO_ERROR: i32 = -13440;
+pub const MBEDTLS_ERR_DHM_SET_GROUP_FAILED: i32 = -13696;
+pub const MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS: i32 = -28672;
+pub const MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE: i32 = -28800;
+pub const MBEDTLS_ERR_SSL_BAD_INPUT_DATA: i32 = -28928;
+pub const MBEDTLS_ERR_SSL_INVALID_MAC: i32 = -29056;
+pub const MBEDTLS_ERR_SSL_INVALID_RECORD: i32 = -29184;
+pub const MBEDTLS_ERR_SSL_CONN_EOF: i32 = -29312;
+pub const MBEDTLS_ERR_SSL_DECODE_ERROR: i32 = -29440;
+pub const MBEDTLS_ERR_SSL_NO_RNG: i32 = -29696;
+pub const MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE: i32 = -29824;
+pub const MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION: i32 = -29952;
+pub const MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL: i32 = -30080;
+pub const MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED: i32 = -30208;
+pub const MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED: i32 = -30336;
+pub const MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE: i32 = -30464;
+pub const MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE: i32 = -30592;
+pub const MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME: i32 = -30720;
+pub const MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY: i32 = -30848;
+pub const MBEDTLS_ERR_SSL_BAD_CERTIFICATE: i32 = -31232;
+pub const MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET: i32 = -31488;
+pub const MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA: i32 = -31616;
+pub const MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA: i32 = -31744;
+pub const MBEDTLS_ERR_SSL_ALLOC_FAILED: i32 = -32512;
+pub const MBEDTLS_ERR_SSL_HW_ACCEL_FAILED: i32 = -32640;
+pub const MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH: i32 = -28544;
+pub const MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION: i32 = -28288;
+pub const MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE: i32 = -28160;
+pub const MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED: i32 = -28032;
+pub const MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH: i32 = -27904;
+pub const MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY: i32 = -27776;
+pub const MBEDTLS_ERR_SSL_INTERNAL_ERROR: i32 = -27648;
+pub const MBEDTLS_ERR_SSL_COUNTER_WRAPPING: i32 = -27520;
+pub const MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO: i32 = -27392;
+pub const MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED: i32 = -27264;
+pub const MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL: i32 = -27136;
+pub const MBEDTLS_ERR_SSL_WANT_READ: i32 = -26880;
+pub const MBEDTLS_ERR_SSL_WANT_WRITE: i32 = -26752;
+pub const MBEDTLS_ERR_SSL_TIMEOUT: i32 = -26624;
+pub const MBEDTLS_ERR_SSL_CLIENT_RECONNECT: i32 = -26496;
+pub const MBEDTLS_ERR_SSL_UNEXPECTED_RECORD: i32 = -26368;
+pub const MBEDTLS_ERR_SSL_NON_FATAL: i32 = -26240;
+pub const MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER: i32 = -26112;
+pub const MBEDTLS_ERR_SSL_CONTINUE_PROCESSING: i32 = -25984;
+pub const MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS: i32 = -25856;
+pub const MBEDTLS_ERR_SSL_EARLY_MESSAGE: i32 = -25728;
+pub const MBEDTLS_ERR_SSL_UNEXPECTED_CID: i32 = -24576;
+pub const MBEDTLS_ERR_SSL_VERSION_MISMATCH: i32 = -24320;
+pub const MBEDTLS_ERR_SSL_BAD_CONFIG: i32 = -24192;
+pub const MBEDTLS_SSL_TLS1_3_PSK_MODE_PURE: u32 = 0;
+pub const MBEDTLS_SSL_TLS1_3_PSK_MODE_ECDHE: u32 = 1;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_NONE: u32 = 0;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1: u32 = 18;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1: u32 = 19;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1: u32 = 20;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1: u32 = 21;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1: u32 = 22;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1: u32 = 23;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1: u32 = 24;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1: u32 = 25;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1: u32 = 26;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1: u32 = 27;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1: u32 = 28;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_X25519: u32 = 29;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_X448: u32 = 30;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048: u32 = 256;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072: u32 = 257;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096: u32 = 258;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144: u32 = 259;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192: u32 = 260;
+pub const MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK: u32 = 1;
+pub const MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL: u32 = 2;
+pub const MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL: u32 = 4;
+pub const MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL: u32 = 7;
+pub const MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL: u32 = 5;
+pub const MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL: u32 = 6;
+pub const MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE: u32 = 0;
+pub const MBEDTLS_SSL_MAJOR_VERSION_3: u32 = 3;
+pub const MBEDTLS_SSL_MINOR_VERSION_3: u32 = 3;
+pub const MBEDTLS_SSL_MINOR_VERSION_4: u32 = 4;
+pub const MBEDTLS_SSL_TRANSPORT_STREAM: u32 = 0;
+pub const MBEDTLS_SSL_TRANSPORT_DATAGRAM: u32 = 1;
+pub const MBEDTLS_SSL_MAX_HOST_NAME_LEN: u32 = 255;
+pub const MBEDTLS_SSL_MAX_ALPN_NAME_LEN: u32 = 255;
+pub const MBEDTLS_SSL_MAX_ALPN_LIST_LEN: u32 = 65535;
+pub const MBEDTLS_SSL_MAX_FRAG_LEN_NONE: u32 = 0;
+pub const MBEDTLS_SSL_MAX_FRAG_LEN_512: u32 = 1;
+pub const MBEDTLS_SSL_MAX_FRAG_LEN_1024: u32 = 2;
+pub const MBEDTLS_SSL_MAX_FRAG_LEN_2048: u32 = 3;
+pub const MBEDTLS_SSL_MAX_FRAG_LEN_4096: u32 = 4;
+pub const MBEDTLS_SSL_MAX_FRAG_LEN_INVALID: u32 = 5;
+pub const MBEDTLS_SSL_IS_CLIENT: u32 = 0;
+pub const MBEDTLS_SSL_IS_SERVER: u32 = 1;
+pub const MBEDTLS_SSL_EXTENDED_MS_DISABLED: u32 = 0;
+pub const MBEDTLS_SSL_EXTENDED_MS_ENABLED: u32 = 1;
+pub const MBEDTLS_SSL_CID_DISABLED: u32 = 0;
+pub const MBEDTLS_SSL_CID_ENABLED: u32 = 1;
+pub const MBEDTLS_SSL_ETM_DISABLED: u32 = 0;
+pub const MBEDTLS_SSL_ETM_ENABLED: u32 = 1;
+pub const MBEDTLS_SSL_COMPRESS_NULL: u32 = 0;
+pub const MBEDTLS_SSL_VERIFY_NONE: u32 = 0;
+pub const MBEDTLS_SSL_VERIFY_OPTIONAL: u32 = 1;
+pub const MBEDTLS_SSL_VERIFY_REQUIRED: u32 = 2;
+pub const MBEDTLS_SSL_VERIFY_UNSET: u32 = 3;
+pub const MBEDTLS_SSL_LEGACY_RENEGOTIATION: u32 = 0;
+pub const MBEDTLS_SSL_SECURE_RENEGOTIATION: u32 = 1;
+pub const MBEDTLS_SSL_RENEGOTIATION_DISABLED: u32 = 0;
+pub const MBEDTLS_SSL_RENEGOTIATION_ENABLED: u32 = 1;
+pub const MBEDTLS_SSL_ANTI_REPLAY_DISABLED: u32 = 0;
+pub const MBEDTLS_SSL_ANTI_REPLAY_ENABLED: u32 = 1;
+pub const MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED: i32 = -1;
+pub const MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT: u32 = 16;
+pub const MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION: u32 = 0;
+pub const MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION: u32 = 1;
+pub const MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE: u32 = 2;
+pub const MBEDTLS_SSL_TRUNC_HMAC_DISABLED: u32 = 0;
+pub const MBEDTLS_SSL_TRUNC_HMAC_ENABLED: u32 = 1;
+pub const MBEDTLS_SSL_TRUNCATED_HMAC_LEN: u32 = 10;
+pub const MBEDTLS_SSL_SESSION_TICKETS_DISABLED: u32 = 0;
+pub const MBEDTLS_SSL_SESSION_TICKETS_ENABLED: u32 = 1;
+pub const MBEDTLS_SSL_PRESET_DEFAULT: u32 = 0;
+pub const MBEDTLS_SSL_PRESET_SUITEB: u32 = 2;
+pub const MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED: u32 = 1;
+pub const MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED: u32 = 0;
+pub const MBEDTLS_SSL_EARLY_DATA_DISABLED: u32 = 0;
+pub const MBEDTLS_SSL_EARLY_DATA_ENABLED: u32 = 1;
+pub const MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED: u32 = 0;
+pub const MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED: u32 = 1;
+pub const MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT: u32 = 1;
+pub const MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER: u32 = 0;
+pub const MBEDTLS_SSL_TLS1_3_TICKET_RESUMPTION_KEY_LEN: u32 = 48;
+pub const MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN: u32 = 1000;
+pub const MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX: u32 = 60000;
+pub const MBEDTLS_SSL_IN_CONTENT_LEN: u32 = 16384;
+pub const MBEDTLS_SSL_OUT_CONTENT_LEN: u32 = 16384;
+pub const MBEDTLS_SSL_DTLS_MAX_BUFFERING: u32 = 32768;
+pub const MBEDTLS_SSL_CID_IN_LEN_MAX: u32 = 32;
+pub const MBEDTLS_SSL_CID_OUT_LEN_MAX: u32 = 32;
+pub const MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY: u32 = 16;
+pub const MBEDTLS_SSL_VERIFY_DATA_MAX_LEN: u32 = 12;
+pub const MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO: u32 = 255;
+pub const MBEDTLS_SSL_HASH_NONE: u32 = 0;
+pub const MBEDTLS_SSL_HASH_MD5: u32 = 1;
+pub const MBEDTLS_SSL_HASH_SHA1: u32 = 2;
+pub const MBEDTLS_SSL_HASH_SHA224: u32 = 3;
+pub const MBEDTLS_SSL_HASH_SHA256: u32 = 4;
+pub const MBEDTLS_SSL_HASH_SHA384: u32 = 5;
+pub const MBEDTLS_SSL_HASH_SHA512: u32 = 6;
+pub const MBEDTLS_SSL_SIG_ANON: u32 = 0;
+pub const MBEDTLS_SSL_SIG_RSA: u32 = 1;
+pub const MBEDTLS_SSL_SIG_ECDSA: u32 = 3;
+pub const MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256: u32 = 1025;
+pub const MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384: u32 = 1281;
+pub const MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512: u32 = 1537;
+pub const MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256: u32 = 1027;
+pub const MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384: u32 = 1283;
+pub const MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512: u32 = 1539;
+pub const MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: u32 = 2052;
+pub const MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: u32 = 2053;
+pub const MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: u32 = 2054;
+pub const MBEDTLS_TLS1_3_SIG_ED25519: u32 = 2055;
+pub const MBEDTLS_TLS1_3_SIG_ED448: u32 = 2056;
+pub const MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA256: u32 = 2057;
+pub const MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA384: u32 = 2058;
+pub const MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA512: u32 = 2059;
+pub const MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA1: u32 = 513;
+pub const MBEDTLS_TLS1_3_SIG_ECDSA_SHA1: u32 = 515;
+pub const MBEDTLS_TLS1_3_SIG_NONE: u32 = 0;
+pub const MBEDTLS_SSL_CERT_TYPE_RSA_SIGN: u32 = 1;
+pub const MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN: u32 = 64;
+pub const MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC: u32 = 20;
+pub const MBEDTLS_SSL_MSG_ALERT: u32 = 21;
+pub const MBEDTLS_SSL_MSG_HANDSHAKE: u32 = 22;
+pub const MBEDTLS_SSL_MSG_APPLICATION_DATA: u32 = 23;
+pub const MBEDTLS_SSL_MSG_CID: u32 = 25;
+pub const MBEDTLS_SSL_ALERT_LEVEL_WARNING: u32 = 1;
+pub const MBEDTLS_SSL_ALERT_LEVEL_FATAL: u32 = 2;
+pub const MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY: u32 = 0;
+pub const MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE: u32 = 10;
+pub const MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC: u32 = 20;
+pub const MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED: u32 = 21;
+pub const MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW: u32 = 22;
+pub const MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE: u32 = 30;
+pub const MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE: u32 = 40;
+pub const MBEDTLS_SSL_ALERT_MSG_NO_CERT: u32 = 41;
+pub const MBEDTLS_SSL_ALERT_MSG_BAD_CERT: u32 = 42;
+pub const MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT: u32 = 43;
+pub const MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED: u32 = 44;
+pub const MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED: u32 = 45;
+pub const MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN: u32 = 46;
+pub const MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER: u32 = 47;
+pub const MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA: u32 = 48;
+pub const MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED: u32 = 49;
+pub const MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR: u32 = 50;
+pub const MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR: u32 = 51;
+pub const MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION: u32 = 60;
+pub const MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION: u32 = 70;
+pub const MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY: u32 = 71;
+pub const MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR: u32 = 80;
+pub const MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK: u32 = 86;
+pub const MBEDTLS_SSL_ALERT_MSG_USER_CANCELED: u32 = 90;
+pub const MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION: u32 = 100;
+pub const MBEDTLS_SSL_ALERT_MSG_MISSING_EXTENSION: u32 = 109;
+pub const MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT: u32 = 110;
+pub const MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME: u32 = 112;
+pub const MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY: u32 = 115;
+pub const MBEDTLS_SSL_ALERT_MSG_CERT_REQUIRED: u32 = 116;
+pub const MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL: u32 = 120;
+pub const MBEDTLS_SSL_HS_HELLO_REQUEST: u32 = 0;
+pub const MBEDTLS_SSL_HS_CLIENT_HELLO: u32 = 1;
+pub const MBEDTLS_SSL_HS_SERVER_HELLO: u32 = 2;
+pub const MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST: u32 = 3;
+pub const MBEDTLS_SSL_HS_NEW_SESSION_TICKET: u32 = 4;
+pub const MBEDTLS_SSL_HS_END_OF_EARLY_DATA: u32 = 5;
+pub const MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS: u32 = 8;
+pub const MBEDTLS_SSL_HS_CERTIFICATE: u32 = 11;
+pub const MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE: u32 = 12;
+pub const MBEDTLS_SSL_HS_CERTIFICATE_REQUEST: u32 = 13;
+pub const MBEDTLS_SSL_HS_SERVER_HELLO_DONE: u32 = 14;
+pub const MBEDTLS_SSL_HS_CERTIFICATE_VERIFY: u32 = 15;
+pub const MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE: u32 = 16;
+pub const MBEDTLS_SSL_HS_FINISHED: u32 = 20;
+pub const MBEDTLS_SSL_HS_MESSAGE_HASH: u32 = 254;
+pub const MBEDTLS_TLS_EXT_SERVERNAME: u32 = 0;
+pub const MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME: u32 = 0;
+pub const MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH: u32 = 1;
+pub const MBEDTLS_TLS_EXT_TRUNCATED_HMAC: u32 = 4;
+pub const MBEDTLS_TLS_EXT_STATUS_REQUEST: u32 = 5;
+pub const MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES: u32 = 10;
+pub const MBEDTLS_TLS_EXT_SUPPORTED_GROUPS: u32 = 10;
+pub const MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS: u32 = 11;
+pub const MBEDTLS_TLS_EXT_SIG_ALG: u32 = 13;
+pub const MBEDTLS_TLS_EXT_USE_SRTP: u32 = 14;
+pub const MBEDTLS_TLS_EXT_HEARTBEAT: u32 = 15;
+pub const MBEDTLS_TLS_EXT_ALPN: u32 = 16;
+pub const MBEDTLS_TLS_EXT_SCT: u32 = 18;
+pub const MBEDTLS_TLS_EXT_CLI_CERT_TYPE: u32 = 19;
+pub const MBEDTLS_TLS_EXT_SERV_CERT_TYPE: u32 = 20;
+pub const MBEDTLS_TLS_EXT_PADDING: u32 = 21;
+pub const MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC: u32 = 22;
+pub const MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET: u32 = 23;
+pub const MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT: u32 = 28;
+pub const MBEDTLS_TLS_EXT_SESSION_TICKET: u32 = 35;
+pub const MBEDTLS_TLS_EXT_PRE_SHARED_KEY: u32 = 41;
+pub const MBEDTLS_TLS_EXT_EARLY_DATA: u32 = 42;
+pub const MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS: u32 = 43;
+pub const MBEDTLS_TLS_EXT_COOKIE: u32 = 44;
+pub const MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES: u32 = 45;
+pub const MBEDTLS_TLS_EXT_CERT_AUTH: u32 = 47;
+pub const MBEDTLS_TLS_EXT_OID_FILTERS: u32 = 48;
+pub const MBEDTLS_TLS_EXT_POST_HANDSHAKE_AUTH: u32 = 49;
+pub const MBEDTLS_TLS_EXT_SIG_ALG_CERT: u32 = 50;
+pub const MBEDTLS_TLS_EXT_KEY_SHARE: u32 = 51;
+pub const MBEDTLS_TLS_EXT_CID: u32 = 54;
+pub const MBEDTLS_TLS_EXT_ECJPAKE_KKPP: u32 = 256;
+pub const MBEDTLS_TLS_EXT_RENEGOTIATION_INFO: u32 = 65281;
+pub const MBEDTLS_PSK_MAX_LEN: u32 = 48;
+pub const MBEDTLS_TLS1_3_MD_MAX_SIZE: u32 = 64;
+pub const MBEDTLS_SSL_SEQUENCE_NUMBER_LEN: u32 = 8;
+pub const MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION: u32 = 1;
+pub const MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION: u32 = 4;
+pub const MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA: u32 = 8;
+pub const MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK: u32 = 13;
+pub const MBEDTLS_SSL_UNEXPECTED_CID_IGNORE: u32 = 0;
+pub const MBEDTLS_SSL_UNEXPECTED_CID_FAIL: u32 = 1;
+pub const MBEDTLS_ERR_ENTROPY_SOURCE_FAILED: i32 = -60;
+pub const MBEDTLS_ERR_ENTROPY_MAX_SOURCES: i32 = -62;
+pub const MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED: i32 = -64;
+pub const MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE: i32 = -61;
+pub const MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR: i32 = -63;
+pub const MBEDTLS_ENTROPY_MAX_SOURCES: u32 = 20;
+pub const MBEDTLS_ENTROPY_MAX_GATHER: u32 = 128;
+pub const MBEDTLS_ENTROPY_BLOCK_SIZE: u32 = 64;
+pub const MBEDTLS_ENTROPY_MAX_SEED_SIZE: u32 = 1024;
+pub const MBEDTLS_ENTROPY_SOURCE_MANUAL: u32 = 20;
+pub const MBEDTLS_ENTROPY_SOURCE_STRONG: u32 = 1;
+pub const MBEDTLS_ENTROPY_SOURCE_WEAK: u32 = 0;
+pub const MBEDTLS_PRINTF_SIZET: &[u8; 3] = b"zu\0";
+pub const MBEDTLS_PRINTF_LONGLONG: &[u8; 4] = b"lld\0";
+pub const MBEDTLS_AES_ENCRYPT: u32 = 1;
+pub const MBEDTLS_AES_DECRYPT: u32 = 0;
+pub const MBEDTLS_ERR_AES_INVALID_KEY_LENGTH: i32 = -32;
+pub const MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH: i32 = -34;
+pub const MBEDTLS_ERR_AES_BAD_INPUT_DATA: i32 = -33;
+pub const MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED: i32 = -52;
+pub const MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG: i32 = -54;
+pub const MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG: i32 = -56;
+pub const MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR: i32 = -58;
+pub const MBEDTLS_CTR_DRBG_BLOCKSIZE: u32 = 16;
+pub const MBEDTLS_CTR_DRBG_KEYSIZE: u32 = 32;
+pub const MBEDTLS_CTR_DRBG_KEYBITS: u32 = 256;
+pub const MBEDTLS_CTR_DRBG_SEEDLEN: u32 = 48;
+pub const MBEDTLS_CTR_DRBG_ENTROPY_LEN: u32 = 48;
+pub const MBEDTLS_CTR_DRBG_RESEED_INTERVAL: u32 = 10000;
+pub const MBEDTLS_CTR_DRBG_MAX_INPUT: u32 = 256;
+pub const MBEDTLS_CTR_DRBG_MAX_REQUEST: u32 = 1024;
+pub const MBEDTLS_CTR_DRBG_MAX_SEED_INPUT: u32 = 384;
+pub const MBEDTLS_CTR_DRBG_PR_OFF: u32 = 0;
+pub const MBEDTLS_CTR_DRBG_PR_ON: u32 = 1;
+pub const MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN: u32 = 0;
+pub type __int8_t = crate::c_types::c_schar;
+pub type __uint8_t = crate::c_types::c_uchar;
+pub type __int16_t = crate::c_types::c_short;
+pub type __uint16_t = crate::c_types::c_ushort;
+pub type __int32_t = crate::c_types::c_int;
+pub type __uint32_t = crate::c_types::c_uint;
+pub type __int64_t = crate::c_types::c_longlong;
+pub type __uint64_t = crate::c_types::c_ulonglong;
+pub type __int_least8_t = crate::c_types::c_schar;
+pub type __uint_least8_t = crate::c_types::c_uchar;
+pub type __int_least16_t = crate::c_types::c_short;
+pub type __uint_least16_t = crate::c_types::c_ushort;
+pub type __int_least32_t = crate::c_types::c_int;
+pub type __uint_least32_t = crate::c_types::c_uint;
+pub type __int_least64_t = crate::c_types::c_longlong;
+pub type __uint_least64_t = crate::c_types::c_ulonglong;
+pub type __intmax_t = crate::c_types::c_longlong;
+pub type __uintmax_t = crate::c_types::c_ulonglong;
+pub type __intptr_t = crate::c_types::c_int;
+pub type __uintptr_t = crate::c_types::c_uint;
+pub type wchar_t = crate::c_types::c_uchar;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct max_align_t {
+    pub __clang_max_align_nonce1: crate::c_types::c_longlong,
+    pub __clang_max_align_nonce2: f64,
+}
+pub type intmax_t = __intmax_t;
+pub type uintmax_t = __uintmax_t;
+pub type int_least8_t = __int_least8_t;
+pub type uint_least8_t = __uint_least8_t;
+pub type int_least16_t = __int_least16_t;
+pub type uint_least16_t = __uint_least16_t;
+pub type int_least32_t = __int_least32_t;
+pub type uint_least32_t = __uint_least32_t;
+pub type int_least64_t = __int_least64_t;
+pub type uint_least64_t = __uint_least64_t;
+pub type int_fast8_t = crate::c_types::c_schar;
+pub type uint_fast8_t = crate::c_types::c_uchar;
+pub type int_fast16_t = crate::c_types::c_short;
+pub type uint_fast16_t = crate::c_types::c_ushort;
+pub type int_fast32_t = crate::c_types::c_int;
+pub type uint_fast32_t = crate::c_types::c_uint;
+pub type int_fast64_t = crate::c_types::c_longlong;
+pub type uint_fast64_t = crate::c_types::c_ulonglong;
+pub type mbedtls_iso_c_forbids_empty_translation_units = crate::c_types::c_int;
+extern "C" {
+    /// \brief       Securely zeroize a buffer
+    ///
+    ///              The function is meant to wipe the data contained in a buffer so
+    ///              that it can no longer be recovered even if the program memory
+    ///              is later compromised. Call this function on sensitive data
+    ///              stored on the stack before returning from a function, and on
+    ///              sensitive data stored on the heap before freeing the heap
+    ///              object.
+    ///
+    ///              It is extremely difficult to guarantee that calls to
+    ///              mbedtls_platform_zeroize() are not removed by aggressive
+    ///              compiler optimizations in a portable way. For this reason, Mbed
+    ///              TLS provides the configuration option
+    ///              MBEDTLS_PLATFORM_ZEROIZE_ALT, which allows users to configure
+    ///              mbedtls_platform_zeroize() to use a suitable implementation for
+    ///              their platform and needs
+    ///
+    /// \param buf   Buffer to be zeroized
+    /// \param len   Length of the buffer in bytes
+    pub fn mbedtls_platform_zeroize(buf: *mut crate::c_types::c_void, len: usize);
+}
+pub type mbedtls_mpi_sint = i32;
+pub type mbedtls_mpi_uint = u32;
+pub type mbedtls_t_udbl = u64;
+/// \brief          MPI structure
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_mpi {
+    pub private_s: crate::c_types::c_int,
+    pub private_n: usize,
+    pub private_p: *mut mbedtls_mpi_uint,
+}
+extern "C" {
+    /// \brief           Initialize an MPI context.
+    ///
+    ///                  This makes the MPI ready to be set or freed,
+    ///                  but does not define a value for the MPI.
+    ///
+    /// \param X         The MPI context to initialize. This must not be \c NULL.
+    pub fn mbedtls_mpi_init(X: *mut mbedtls_mpi);
+}
+extern "C" {
+    /// \brief          This function frees the components of an MPI context.
+    ///
+    /// \param X        The MPI context to be cleared. This may be \c NULL,
+    ///                 in which case this function is a no-op. If it is
+    ///                 not \c NULL, it must point to an initialized MPI.
+    pub fn mbedtls_mpi_free(X: *mut mbedtls_mpi);
+}
+extern "C" {
+    /// \brief          Enlarge an MPI to the specified number of limbs.
+    ///
+    /// \note           This function does nothing if the MPI is
+    ///                 already large enough.
+    ///
+    /// \param X        The MPI to grow. It must be initialized.
+    /// \param nblimbs  The target number of limbs.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+    /// \return         Another negative error code on other kinds of failure.
+    pub fn mbedtls_mpi_grow(X: *mut mbedtls_mpi, nblimbs: usize) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function resizes an MPI downwards, keeping at least the
+    ///                 specified number of limbs.
+    ///
+    ///                 If \c X is smaller than \c nblimbs, it is resized up
+    ///                 instead.
+    ///
+    /// \param X        The MPI to shrink. This must point to an initialized MPI.
+    /// \param nblimbs  The minimum number of limbs to keep.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+    ///                 (this can only happen when resizing up).
+    /// \return         Another negative error code on other kinds of failure.
+    pub fn mbedtls_mpi_shrink(X: *mut mbedtls_mpi, nblimbs: usize) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Make a copy of an MPI.
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param Y        The source MPI. This must point to an initialized MPI.
+    ///
+    /// \note           The limb-buffer in the destination MPI is enlarged
+    ///                 if necessary to hold the value in the source MPI.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+    /// \return         Another negative error code on other kinds of failure.
+    pub fn mbedtls_mpi_copy(X: *mut mbedtls_mpi, Y: *const mbedtls_mpi) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Swap the contents of two MPIs.
+    ///
+    /// \param X        The first MPI. It must be initialized.
+    /// \param Y        The second MPI. It must be initialized.
+    pub fn mbedtls_mpi_swap(X: *mut mbedtls_mpi, Y: *mut mbedtls_mpi);
+}
+extern "C" {
+    /// \brief          Perform a safe conditional copy of MPI which doesn't
+    ///                 reveal whether the condition was true or not.
+    ///
+    /// \param X        The MPI to conditionally assign to. This must point
+    ///                 to an initialized MPI.
+    /// \param Y        The MPI to be assigned from. This must point to an
+    ///                 initialized MPI.
+    /// \param assign   The condition deciding whether to perform the
+    ///                 assignment or not. Must be either 0 or 1:
+    ///                 * \c 1: Perform the assignment `X = Y`.
+    ///                 * \c 0: Keep the original value of \p X.
+    ///
+    /// \note           This function is equivalent to
+    ///                      `if( assign ) mbedtls_mpi_copy( X, Y );`
+    ///                 except that it avoids leaking any information about whether
+    ///                 the assignment was done or not (the above code may leak
+    ///                 information through branch prediction and/or memory access
+    ///                 patterns analysis).
+    ///
+    /// \warning        If \p assign is neither 0 nor 1, the result of this function
+    ///                 is indeterminate, and the resulting value in \p X might be
+    ///                 neither its original value nor the value in \p Y.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+    /// \return         Another negative error code on other kinds of failure.
+    pub fn mbedtls_mpi_safe_cond_assign(
+        X: *mut mbedtls_mpi,
+        Y: *const mbedtls_mpi,
+        assign: crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a safe conditional swap which doesn't
+    ///                 reveal whether the condition was true or not.
+    ///
+    /// \param X        The first MPI. This must be initialized.
+    /// \param Y        The second MPI. This must be initialized.
+    /// \param swap     The condition deciding whether to perform
+    ///                 the swap or not. Must be either 0 or 1:
+    ///                 * \c 1: Swap the values of \p X and \p Y.
+    ///                 * \c 0: Keep the original values of \p X and \p Y.
+    ///
+    /// \note           This function is equivalent to
+    ///                      if( swap ) mbedtls_mpi_swap( X, Y );
+    ///                 except that it avoids leaking any information about whether
+    ///                 the swap was done or not (the above code may leak
+    ///                 information through branch prediction and/or memory access
+    ///                 patterns analysis).
+    ///
+    /// \warning        If \p swap is neither 0 nor 1, the result of this function
+    ///                 is indeterminate, and both \p X and \p Y might end up with
+    ///                 values different to either of the original ones.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+    /// \return         Another negative error code on other kinds of failure.
+    pub fn mbedtls_mpi_safe_cond_swap(
+        X: *mut mbedtls_mpi,
+        Y: *mut mbedtls_mpi,
+        swap: crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Store integer value in MPI.
+    ///
+    /// \param X        The MPI to set. This must be initialized.
+    /// \param z        The value to use.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+    /// \return         Another negative error code on other kinds of failure.
+    pub fn mbedtls_mpi_lset(X: *mut mbedtls_mpi, z: mbedtls_mpi_sint) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Get a specific bit from an MPI.
+    ///
+    /// \param X        The MPI to query. This must be initialized.
+    /// \param pos      Zero-based index of the bit to query.
+    ///
+    /// \return         \c 0 or \c 1 on success, depending on whether bit \c pos
+    ///                 of \c X is unset or set.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_mpi_get_bit(X: *const mbedtls_mpi, pos: usize) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Modify a specific bit in an MPI.
+    ///
+    /// \note           This function will grow the target MPI if necessary to set a
+    ///                 bit to \c 1 in a not yet existing limb. It will not grow if
+    ///                 the bit should be set to \c 0.
+    ///
+    /// \param X        The MPI to modify. This must be initialized.
+    /// \param pos      Zero-based index of the bit to modify.
+    /// \param val      The desired value of bit \c pos: \c 0 or \c 1.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+    /// \return         Another negative error code on other kinds of failure.
+    pub fn mbedtls_mpi_set_bit(
+        X: *mut mbedtls_mpi,
+        pos: usize,
+        val: crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Return the number of bits of value \c 0 before the
+    ///                 least significant bit of value \c 1.
+    ///
+    /// \note           This is the same as the zero-based index of
+    ///                 the least significant bit of value \c 1.
+    ///
+    /// \param X        The MPI to query.
+    ///
+    /// \return         The number of bits of value \c 0 before the least significant
+    ///                 bit of value \c 1 in \p X.
+    pub fn mbedtls_mpi_lsb(X: *const mbedtls_mpi) -> usize;
+}
+extern "C" {
+    /// \brief          Return the number of bits up to and including the most
+    ///                 significant bit of value \c 1.
+    ///
+    /// * \note         This is same as the one-based index of the most
+    ///                 significant bit of value \c 1.
+    ///
+    /// \param X        The MPI to query. This must point to an initialized MPI.
+    ///
+    /// \return         The number of bits up to and including the most
+    ///                 significant bit of value \c 1.
+    pub fn mbedtls_mpi_bitlen(X: *const mbedtls_mpi) -> usize;
+}
+extern "C" {
+    /// \brief          Return the total size of an MPI value in bytes.
+    ///
+    /// \param X        The MPI to use. This must point to an initialized MPI.
+    ///
+    /// \note           The value returned by this function may be less than
+    ///                 the number of bytes used to store \p X internally.
+    ///                 This happens if and only if there are trailing bytes
+    ///                 of value zero.
+    ///
+    /// \return         The least number of bytes capable of storing
+    ///                 the absolute value of \p X.
+    pub fn mbedtls_mpi_size(X: *const mbedtls_mpi) -> usize;
+}
+extern "C" {
+    /// \brief          Import an MPI from an ASCII string.
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param radix    The numeric base of the input string.
+    /// \param s        Null-terminated string buffer.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_mpi_read_string(
+        X: *mut mbedtls_mpi,
+        radix: crate::c_types::c_int,
+        s: *const crate::c_types::c_char,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Export an MPI to an ASCII string.
+    ///
+    /// \param X        The source MPI. This must point to an initialized MPI.
+    /// \param radix    The numeric base of the output string.
+    /// \param buf      The buffer to write the string to. This must be writable
+    ///                 buffer of length \p buflen Bytes.
+    /// \param buflen   The available size in Bytes of \p buf.
+    /// \param olen     The address at which to store the length of the string
+    ///                 written, including the  final \c NULL byte. This must
+    ///                 not be \c NULL.
+    ///
+    /// \note           You can call this function with `buflen == 0` to obtain the
+    ///                 minimum required buffer size in `*olen`.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if the target buffer \p buf
+    ///                 is too small to hold the value of \p X in the desired base.
+    ///                 In this case, `*olen` is nonetheless updated to contain the
+    ///                 size of \p buf required for a successful call.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_write_string(
+        X: *const mbedtls_mpi,
+        radix: crate::c_types::c_int,
+        buf: *mut crate::c_types::c_char,
+        buflen: usize,
+        olen: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Import an MPI from unsigned big endian binary data.
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param buf      The input buffer. This must be a readable buffer of length
+    ///                 \p buflen Bytes.
+    /// \param buflen   The length of the input buffer \p p in Bytes.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_read_binary(
+        X: *mut mbedtls_mpi,
+        buf: *const crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Import X from unsigned binary data, little endian
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param buf      The input buffer. This must be a readable buffer of length
+    ///                 \p buflen Bytes.
+    /// \param buflen   The length of the input buffer \p p in Bytes.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_read_binary_le(
+        X: *mut mbedtls_mpi,
+        buf: *const crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Export X into unsigned binary data, big endian.
+    ///                 Always fills the whole buffer, which will start with zeros
+    ///                 if the number is smaller.
+    ///
+    /// \param X        The source MPI. This must point to an initialized MPI.
+    /// \param buf      The output buffer. This must be a writable buffer of length
+    ///                 \p buflen Bytes.
+    /// \param buflen   The size of the output buffer \p buf in Bytes.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't
+    ///                 large enough to hold the value of \p X.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_write_binary(
+        X: *const mbedtls_mpi,
+        buf: *mut crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Export X into unsigned binary data, little endian.
+    ///                 Always fills the whole buffer, which will end with zeros
+    ///                 if the number is smaller.
+    ///
+    /// \param X        The source MPI. This must point to an initialized MPI.
+    /// \param buf      The output buffer. This must be a writable buffer of length
+    ///                 \p buflen Bytes.
+    /// \param buflen   The size of the output buffer \p buf in Bytes.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't
+    ///                 large enough to hold the value of \p X.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_write_binary_le(
+        X: *const mbedtls_mpi,
+        buf: *mut crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a left-shift on an MPI: X <<= count
+    ///
+    /// \param X        The MPI to shift. This must point to an initialized MPI.
+    /// \param count    The number of bits to shift by.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_shift_l(X: *mut mbedtls_mpi, count: usize) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a right-shift on an MPI: X >>= count
+    ///
+    /// \param X        The MPI to shift. This must point to an initialized MPI.
+    /// \param count    The number of bits to shift by.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_shift_r(X: *mut mbedtls_mpi, count: usize) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Compare the absolute values of two MPIs.
+    ///
+    /// \param X        The left-hand MPI. This must point to an initialized MPI.
+    /// \param Y        The right-hand MPI. This must point to an initialized MPI.
+    ///
+    /// \return         \c 1 if `|X|` is greater than `|Y|`.
+    /// \return         \c -1 if `|X|` is lesser than `|Y|`.
+    /// \return         \c 0 if `|X|` is equal to `|Y|`.
+    pub fn mbedtls_mpi_cmp_abs(
+        X: *const mbedtls_mpi,
+        Y: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Compare two MPIs.
+    ///
+    /// \param X        The left-hand MPI. This must point to an initialized MPI.
+    /// \param Y        The right-hand MPI. This must point to an initialized MPI.
+    ///
+    /// \return         \c 1 if \p X is greater than \p Y.
+    /// \return         \c -1 if \p X is lesser than \p Y.
+    /// \return         \c 0 if \p X is equal to \p Y.
+    pub fn mbedtls_mpi_cmp_mpi(
+        X: *const mbedtls_mpi,
+        Y: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Check if an MPI is less than the other in constant time.
+    ///
+    /// \param X        The left-hand MPI. This must point to an initialized MPI
+    ///                 with the same allocated length as Y.
+    /// \param Y        The right-hand MPI. This must point to an initialized MPI
+    ///                 with the same allocated length as X.
+    /// \param ret      The result of the comparison:
+    ///                 \c 1 if \p X is less than \p Y.
+    ///                 \c 0 if \p X is greater than or equal to \p Y.
+    ///
+    /// \return         0 on success.
+    /// \return         MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the allocated length of
+    ///                 the two input MPIs is not the same.
+    pub fn mbedtls_mpi_lt_mpi_ct(
+        X: *const mbedtls_mpi,
+        Y: *const mbedtls_mpi,
+        ret: *mut crate::c_types::c_uint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Compare an MPI with an integer.
+    ///
+    /// \param X        The left-hand MPI. This must point to an initialized MPI.
+    /// \param z        The integer value to compare \p X to.
+    ///
+    /// \return         \c 1 if \p X is greater than \p z.
+    /// \return         \c -1 if \p X is lesser than \p z.
+    /// \return         \c 0 if \p X is equal to \p z.
+    pub fn mbedtls_mpi_cmp_int(X: *const mbedtls_mpi, z: mbedtls_mpi_sint)
+        -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform an unsigned addition of MPIs: X = |A| + |B|
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param A        The first summand. This must point to an initialized MPI.
+    /// \param B        The second summand. This must point to an initialized MPI.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_add_abs(
+        X: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        B: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform an unsigned subtraction of MPIs: X = |A| - |B|
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param A        The minuend. This must point to an initialized MPI.
+    /// \param B        The subtrahend. This must point to an initialized MPI.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p B is greater than \p A.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_sub_abs(
+        X: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        B: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a signed addition of MPIs: X = A + B
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param A        The first summand. This must point to an initialized MPI.
+    /// \param B        The second summand. This must point to an initialized MPI.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_add_mpi(
+        X: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        B: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a signed subtraction of MPIs: X = A - B
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param A        The minuend. This must point to an initialized MPI.
+    /// \param B        The subtrahend. This must point to an initialized MPI.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_sub_mpi(
+        X: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        B: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a signed addition of an MPI and an integer: X = A + b
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param A        The first summand. This must point to an initialized MPI.
+    /// \param b        The second summand.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_add_int(
+        X: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        b: mbedtls_mpi_sint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a signed subtraction of an MPI and an integer:
+    ///                 X = A - b
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param A        The minuend. This must point to an initialized MPI.
+    /// \param b        The subtrahend.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_sub_int(
+        X: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        b: mbedtls_mpi_sint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a multiplication of two MPIs: X = A * B
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param A        The first factor. This must point to an initialized MPI.
+    /// \param B        The second factor. This must point to an initialized MPI.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_mul_mpi(
+        X: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        B: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a multiplication of an MPI with an unsigned integer:
+    ///                 X = A * b
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param A        The first factor. This must point to an initialized MPI.
+    /// \param b        The second factor.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_mul_int(
+        X: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        b: mbedtls_mpi_uint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a division with remainder of two MPIs:
+    ///                 A = Q * B + R
+    ///
+    /// \param Q        The destination MPI for the quotient.
+    ///                 This may be \c NULL if the value of the
+    ///                 quotient is not needed. This must not alias A or B.
+    /// \param R        The destination MPI for the remainder value.
+    ///                 This may be \c NULL if the value of the
+    ///                 remainder is not needed. This must not alias A or B.
+    /// \param A        The dividend. This must point to an initialized MPI.
+    /// \param B        The divisor. This must point to an initialized MPI.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+    /// \return         #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p B equals zero.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_div_mpi(
+        Q: *mut mbedtls_mpi,
+        R: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        B: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a division with remainder of an MPI by an integer:
+    ///                 A = Q * b + R
+    ///
+    /// \param Q        The destination MPI for the quotient.
+    ///                 This may be \c NULL if the value of the
+    ///                 quotient is not needed.  This must not alias A.
+    /// \param R        The destination MPI for the remainder value.
+    ///                 This may be \c NULL if the value of the
+    ///                 remainder is not needed.  This must not alias A.
+    /// \param A        The dividend. This must point to an initialized MPi.
+    /// \param b        The divisor.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+    /// \return         #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p b equals zero.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_div_int(
+        Q: *mut mbedtls_mpi,
+        R: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        b: mbedtls_mpi_sint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a modular reduction. R = A mod B
+    ///
+    /// \param R        The destination MPI for the residue value.
+    ///                 This must point to an initialized MPI.
+    /// \param A        The MPI to compute the residue of.
+    ///                 This must point to an initialized MPI.
+    /// \param B        The base of the modular reduction.
+    ///                 This must point to an initialized MPI.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p B equals zero.
+    /// \return         #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p B is negative.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_mod_mpi(
+        R: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        B: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a modular reduction with respect to an integer.
+    ///                 r = A mod b
+    ///
+    /// \param r        The address at which to store the residue.
+    ///                 This must not be \c NULL.
+    /// \param A        The MPI to compute the residue of.
+    ///                 This must point to an initialized MPi.
+    /// \param b        The integer base of the modular reduction.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p b equals zero.
+    /// \return         #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p b is negative.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_mod_int(
+        r: *mut mbedtls_mpi_uint,
+        A: *const mbedtls_mpi,
+        b: mbedtls_mpi_sint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a sliding-window exponentiation: X = A^E mod N
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    ///                 This must not alias E or N.
+    /// \param A        The base of the exponentiation.
+    ///                 This must point to an initialized MPI.
+    /// \param E        The exponent MPI. This must point to an initialized MPI.
+    /// \param N        The base for the modular reduction. This must point to an
+    ///                 initialized MPI.
+    /// \param prec_RR  A helper MPI depending solely on \p N which can be used to
+    ///                 speed-up multiple modular exponentiations for the same value
+    ///                 of \p N. This may be \c NULL. If it is not \c NULL, it must
+    ///                 point to an initialized MPI. If it hasn't been used after
+    ///                 the call to mbedtls_mpi_init(), this function will compute
+    ///                 the helper value and store it in \p prec_RR for reuse on
+    ///                 subsequent calls to this function. Otherwise, the function
+    ///                 will assume that \p prec_RR holds the helper value set by a
+    ///                 previous call to mbedtls_mpi_exp_mod(), and reuse it.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \c N is negative or
+    ///                 even, or if \c E is negative.
+    /// \return         Another negative error code on different kinds of failures.
+    pub fn mbedtls_mpi_exp_mod(
+        X: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        E: *const mbedtls_mpi,
+        N: *const mbedtls_mpi,
+        prec_RR: *mut mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Fill an MPI with a number of random bytes.
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param size     The number of random bytes to generate.
+    /// \param f_rng    The RNG function to use. This must not be \c NULL.
+    /// \param p_rng    The RNG parameter to be passed to \p f_rng. This may be
+    ///                 \c NULL if \p f_rng doesn't need a context argument.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         Another negative error code on failure.
+    ///
+    /// \note           The bytes obtained from the RNG are interpreted
+    ///                 as a big-endian representation of an MPI; this can
+    ///                 be relevant in applications like deterministic ECDSA.
+    pub fn mbedtls_mpi_fill_random(
+        X: *mut mbedtls_mpi,
+        size: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// Generate a random number uniformly in a range.
+    ///
+    /// This function generates a random number between \p min inclusive and
+    /// \p N exclusive.
+    ///
+    /// The procedure complies with RFC 6979 §3.3 (deterministic ECDSA)
+    /// when the RNG is a suitably parametrized instance of HMAC_DRBG
+    /// and \p min is \c 1.
+    ///
+    /// \note           There are `N - min` possible outputs. The lower bound
+    ///                 \p min can be reached, but the upper bound \p N cannot.
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param min      The minimum value to return.
+    ///                 It must be nonnegative.
+    /// \param N        The upper bound of the range, exclusive.
+    ///                 In other words, this is one plus the maximum value to return.
+    ///                 \p N must be strictly larger than \p min.
+    /// \param f_rng    The RNG function to use. This must not be \c NULL.
+    /// \param p_rng    The RNG parameter to be passed to \p f_rng.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p min or \p N is invalid
+    ///                 or if they are incompatible.
+    /// \return         #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if the implementation was
+    ///                 unable to find a suitable value within a limited number
+    ///                 of attempts. This has a negligible probability if \p N
+    ///                 is significantly larger than \p min, which is the case
+    ///                 for all usual cryptographic applications.
+    /// \return         Another negative error code on failure.
+    pub fn mbedtls_mpi_random(
+        X: *mut mbedtls_mpi,
+        min: mbedtls_mpi_sint,
+        N: *const mbedtls_mpi,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Compute the greatest common divisor: G = gcd(A, B)
+    ///
+    /// \param G        The destination MPI. This must point to an initialized MPI.
+    /// \param A        The first operand. This must point to an initialized MPI.
+    /// \param B        The second operand. This must point to an initialized MPI.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_gcd(
+        G: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        B: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Compute the modular inverse: X = A^-1 mod N
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param A        The MPI to calculate the modular inverse of. This must point
+    ///                 to an initialized MPI.
+    /// \param N        The base of the modular inversion. This must point to an
+    ///                 initialized MPI.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p N is less than
+    ///                 or equal to one.
+    /// \return         #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p has no modular inverse
+    ///                 with respect to \p N.
+    pub fn mbedtls_mpi_inv_mod(
+        X: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        N: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Miller-Rabin primality test.
+    ///
+    /// \warning        If \p X is potentially generated by an adversary, for example
+    ///                 when validating cryptographic parameters that you didn't
+    ///                 generate yourself and that are supposed to be prime, then
+    ///                 \p rounds should be at least the half of the security
+    ///                 strength of the cryptographic algorithm. On the other hand,
+    ///                 if \p X is chosen uniformly or non-adversarially (as is the
+    ///                 case when mbedtls_mpi_gen_prime calls this function), then
+    ///                 \p rounds can be much lower.
+    ///
+    /// \param X        The MPI to check for primality.
+    ///                 This must point to an initialized MPI.
+    /// \param rounds   The number of bases to perform the Miller-Rabin primality
+    ///                 test for. The probability of returning 0 on a composite is
+    ///                 at most 2<sup>-2*\p rounds</sup>.
+    /// \param f_rng    The RNG function to use. This must not be \c NULL.
+    /// \param p_rng    The RNG parameter to be passed to \p f_rng.
+    ///                 This may be \c NULL if \p f_rng doesn't use
+    ///                 a context parameter.
+    ///
+    /// \return         \c 0 if successful, i.e. \p X is probably prime.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p X is not prime.
+    /// \return         Another negative error code on other kinds of failure.
+    pub fn mbedtls_mpi_is_prime_ext(
+        X: *const mbedtls_mpi,
+        rounds: crate::c_types::c_int,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+///< (X-1)/2 is prime too
+pub const mbedtls_mpi_gen_prime_flag_t_MBEDTLS_MPI_GEN_PRIME_FLAG_DH: mbedtls_mpi_gen_prime_flag_t =
+    1;
+///< lower error rate from 2<sup>-80</sup> to 2<sup>-128</sup>
+pub const mbedtls_mpi_gen_prime_flag_t_MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR:
+    mbedtls_mpi_gen_prime_flag_t = 2;
+/// \brief Flags for mbedtls_mpi_gen_prime()
+///
+/// Each of these flags is a constraint on the result X returned by
+/// mbedtls_mpi_gen_prime().
+pub type mbedtls_mpi_gen_prime_flag_t = crate::c_types::c_uint;
+extern "C" {
+    /// \brief          Generate a prime number.
+    ///
+    /// \param X        The destination MPI to store the generated prime in.
+    ///                 This must point to an initialized MPi.
+    /// \param nbits    The required size of the destination MPI in bits.
+    ///                 This must be between \c 3 and #MBEDTLS_MPI_MAX_BITS.
+    /// \param flags    A mask of flags of type #mbedtls_mpi_gen_prime_flag_t.
+    /// \param f_rng    The RNG function to use. This must not be \c NULL.
+    /// \param p_rng    The RNG parameter to be passed to \p f_rng.
+    ///                 This may be \c NULL if \p f_rng doesn't use
+    ///                 a context parameter.
+    ///
+    /// \return         \c 0 if successful, in which case \p X holds a
+    ///                 probably prime number.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if `nbits` is not between
+    ///                 \c 3 and #MBEDTLS_MPI_MAX_BITS.
+    pub fn mbedtls_mpi_gen_prime(
+        X: *mut mbedtls_mpi,
+        nbits: usize,
+        flags: crate::c_types::c_int,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Checkup routine
+    ///
+    /// \return         0 if successful, or 1 if the test failed
+    pub fn mbedtls_mpi_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+///< Curve not defined.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_NONE: mbedtls_ecp_group_id = 0;
+///< Domain parameters for the 192-bit curve defined by FIPS 186-4 and SEC1.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_SECP192R1: mbedtls_ecp_group_id = 1;
+///< Domain parameters for the 224-bit curve defined by FIPS 186-4 and SEC1.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_SECP224R1: mbedtls_ecp_group_id = 2;
+///< Domain parameters for the 256-bit curve defined by FIPS 186-4 and SEC1.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_SECP256R1: mbedtls_ecp_group_id = 3;
+///< Domain parameters for the 384-bit curve defined by FIPS 186-4 and SEC1.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_SECP384R1: mbedtls_ecp_group_id = 4;
+///< Domain parameters for the 521-bit curve defined by FIPS 186-4 and SEC1.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_SECP521R1: mbedtls_ecp_group_id = 5;
+///< Domain parameters for 256-bit Brainpool curve.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_BP256R1: mbedtls_ecp_group_id = 6;
+///< Domain parameters for 384-bit Brainpool curve.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_BP384R1: mbedtls_ecp_group_id = 7;
+///< Domain parameters for 512-bit Brainpool curve.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_BP512R1: mbedtls_ecp_group_id = 8;
+///< Domain parameters for Curve25519.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_CURVE25519: mbedtls_ecp_group_id = 9;
+///< Domain parameters for 192-bit "Koblitz" curve.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_SECP192K1: mbedtls_ecp_group_id = 10;
+///< Domain parameters for 224-bit "Koblitz" curve.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_SECP224K1: mbedtls_ecp_group_id = 11;
+///< Domain parameters for 256-bit "Koblitz" curve.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_SECP256K1: mbedtls_ecp_group_id = 12;
+///< Domain parameters for Curve448.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_CURVE448: mbedtls_ecp_group_id = 13;
+/// Domain-parameter identifiers: curve, subgroup, and generator.
+///
+/// \note Only curves over prime fields are supported.
+///
+/// \warning This library does not support validation of arbitrary domain
+/// parameters. Therefore, only standardized domain parameters from trusted
+/// sources should be used. See mbedtls_ecp_group_load().
+pub type mbedtls_ecp_group_id = crate::c_types::c_uint;
+pub const mbedtls_ecp_curve_type_MBEDTLS_ECP_TYPE_NONE: mbedtls_ecp_curve_type = 0;
+pub const mbedtls_ecp_curve_type_MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS: mbedtls_ecp_curve_type = 1;
+pub const mbedtls_ecp_curve_type_MBEDTLS_ECP_TYPE_MONTGOMERY: mbedtls_ecp_curve_type = 2;
+pub type mbedtls_ecp_curve_type = crate::c_types::c_uint;
+pub const mbedtls_ecp_modulus_type_MBEDTLS_ECP_MOD_NONE: mbedtls_ecp_modulus_type = 0;
+pub const mbedtls_ecp_modulus_type_MBEDTLS_ECP_MOD_COORDINATE: mbedtls_ecp_modulus_type = 1;
+pub const mbedtls_ecp_modulus_type_MBEDTLS_ECP_MOD_SCALAR: mbedtls_ecp_modulus_type = 2;
+pub type mbedtls_ecp_modulus_type = crate::c_types::c_uint;
+/// Curve information, for use by other modules.
+///
+/// The fields of this structure are part of the public API and can be
+/// accessed directly by applications. Future versions of the library may
+/// add extra fields or reorder existing fields.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ecp_curve_info {
+    ///< An internal identifier.
+    pub grp_id: mbedtls_ecp_group_id,
+    ///< The TLS NamedCurve identifier.
+    pub tls_id: u16,
+    ///< The curve size in bits.
+    pub bit_size: u16,
+    ///< A human-friendly name.
+    pub name: *const crate::c_types::c_char,
+}
+/// \brief           The ECP point structure, in Jacobian coordinates.
+///
+/// \note            All functions expect and return points satisfying
+///                  the following condition: <code>Z == 0</code> or
+///                  <code>Z == 1</code>. Other values of \p Z are
+///                  used only by internal functions.
+///                  The point is zero, or "at infinity", if <code>Z == 0</code>.
+///                  Otherwise, \p X and \p Y are its standard (affine)
+///                  coordinates.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ecp_point {
+    pub private_X: mbedtls_mpi,
+    pub private_Y: mbedtls_mpi,
+    pub private_Z: mbedtls_mpi,
+}
+/// \brief           The ECP group structure.
+///
+/// We consider two types of curve equations:
+/// <ul><li>Short Weierstrass: <code>y^2 = x^3 + A x + B mod P</code>
+/// (SEC1 + RFC-4492)</li>
+/// <li>Montgomery: <code>y^2 = x^3 + A x^2 + x mod P</code> (Curve25519,
+/// Curve448)</li></ul>
+/// In both cases, the generator (\p G) for a prime-order subgroup is fixed.
+///
+/// For Short Weierstrass, this subgroup is the whole curve, and its
+/// cardinality is denoted by \p N. Our code requires that \p N is an
+/// odd prime as mbedtls_ecp_mul() requires an odd number, and
+/// mbedtls_ecdsa_sign() requires that it is prime for blinding purposes.
+///
+/// For Montgomery curves, we do not store \p A, but <code>(A + 2) / 4</code>,
+/// which is the quantity used in the formulas. Additionally, \p nbits is
+/// not the size of \p N but the required size for private keys.
+///
+/// If \p modp is NULL, reduction modulo \p P is done using a generic algorithm.
+/// Otherwise, \p modp must point to a function that takes an \p mbedtls_mpi in the
+/// range of <code>0..2^(2*pbits)-1</code>, and transforms it in-place to an integer
+/// which is congruent mod \p P to the given MPI, and is close enough to \p pbits
+/// in size, so that it may be efficiently brought in the 0..P-1 range by a few
+/// additions or subtractions. Therefore, it is only an approximative modular
+/// reduction. It must return 0 on success and non-zero on failure.
+///
+/// \note        Alternative implementations of the ECP module must obey the
+///              following constraints.
+///              * Group IDs must be distinct: if two group structures have
+///                the same ID, then they must be identical.
+///              * The fields \c id, \c P, \c A, \c B, \c G, \c N,
+///                \c pbits and \c nbits must have the same type and semantics
+///                as in the built-in implementation.
+///                They must be available for reading, but direct modification
+///                of these fields does not need to be supported.
+///                They do not need to be at the same offset in the structure.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ecp_group {
+    ///< An internal group identifier.
+    pub id: mbedtls_ecp_group_id,
+    ///< The prime modulus of the base field.
+    pub P: mbedtls_mpi,
+    ///< For Short Weierstrass: \p A in the equation. For
+    ///Montgomery curves: <code>(A + 2) / 4</code>.
+    pub A: mbedtls_mpi,
+    ///< For Short Weierstrass: \p B in the equation.
+    ///For Montgomery curves: unused.
+    pub B: mbedtls_mpi,
+    ///< The generator of the subgroup used.
+    pub G: mbedtls_ecp_point,
+    ///< The order of \p G.
+    pub N: mbedtls_mpi,
+    ///< The number of bits in \p P.
+    pub pbits: usize,
+    ///< For Short Weierstrass: The number of bits in \p P.
+    ///For Montgomery curves: the number of bits in the
+    ///private keys.
+    pub nbits: usize,
+    pub private_h: crate::c_types::c_uint,
+    pub private_modp: ::core::option::Option<
+        unsafe extern "C" fn(arg1: *mut mbedtls_mpi) -> crate::c_types::c_int,
+    >,
+    pub private_t_pre: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut mbedtls_ecp_point,
+            arg2: *mut crate::c_types::c_void,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_t_post: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut mbedtls_ecp_point,
+            arg2: *mut crate::c_types::c_void,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_t_data: *mut crate::c_types::c_void,
+    pub private_T: *mut mbedtls_ecp_point,
+    pub private_T_size: usize,
+}
+pub type mbedtls_ecp_restart_ctx = crate::c_types::c_void;
+/// \brief    The ECP key-pair structure.
+///
+/// A generic key-pair that may be used for ECDSA and fixed ECDH, for example.
+///
+/// \note    Members are deliberately in the same order as in the
+///          ::mbedtls_ecdsa_context structure.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ecp_keypair {
+    pub private_grp: mbedtls_ecp_group,
+    pub private_d: mbedtls_mpi,
+    pub private_Q: mbedtls_ecp_point,
+}
+extern "C" {
+    pub fn mbedtls_ecp_get_type(grp: *const mbedtls_ecp_group) -> mbedtls_ecp_curve_type;
+}
+extern "C" {
+    /// \brief           This function retrieves the information defined in
+    ///                  mbedtls_ecp_curve_info() for all supported curves.
+    ///
+    /// \note            This function returns information about all curves
+    ///                  supported by the library. Some curves may not be
+    ///                  supported for all algorithms. Call mbedtls_ecdh_can_do()
+    ///                  or mbedtls_ecdsa_can_do() to check if a curve is
+    ///                  supported for ECDH or ECDSA.
+    ///
+    /// \return          A statically allocated array. The last entry is 0.
+    pub fn mbedtls_ecp_curve_list() -> *const mbedtls_ecp_curve_info;
+}
+extern "C" {
+    /// \brief           This function retrieves the list of internal group
+    ///                  identifiers of all supported curves in the order of
+    ///                  preference.
+    ///
+    /// \note            This function returns information about all curves
+    ///                  supported by the library. Some curves may not be
+    ///                  supported for all algorithms. Call mbedtls_ecdh_can_do()
+    ///                  or mbedtls_ecdsa_can_do() to check if a curve is
+    ///                  supported for ECDH or ECDSA.
+    ///
+    /// \return          A statically allocated array,
+    ///                  terminated with MBEDTLS_ECP_DP_NONE.
+    pub fn mbedtls_ecp_grp_id_list() -> *const mbedtls_ecp_group_id;
+}
+extern "C" {
+    /// \brief           This function retrieves curve information from an internal
+    ///                  group identifier.
+    ///
+    /// \param grp_id    An \c MBEDTLS_ECP_DP_XXX value.
+    ///
+    /// \return          The associated curve information on success.
+    /// \return          NULL on failure.
+    pub fn mbedtls_ecp_curve_info_from_grp_id(
+        grp_id: mbedtls_ecp_group_id,
+    ) -> *const mbedtls_ecp_curve_info;
+}
+extern "C" {
+    /// \brief           This function retrieves curve information from a TLS
+    ///                  NamedCurve value.
+    ///
+    /// \param tls_id    An \c MBEDTLS_ECP_DP_XXX value.
+    ///
+    /// \return          The associated curve information on success.
+    /// \return          NULL on failure.
+    pub fn mbedtls_ecp_curve_info_from_tls_id(tls_id: u16) -> *const mbedtls_ecp_curve_info;
+}
+extern "C" {
+    /// \brief           This function retrieves curve information from a
+    ///                  human-readable name.
+    ///
+    /// \param name      The human-readable name.
+    ///
+    /// \return          The associated curve information on success.
+    /// \return          NULL on failure.
+    pub fn mbedtls_ecp_curve_info_from_name(
+        name: *const crate::c_types::c_char,
+    ) -> *const mbedtls_ecp_curve_info;
+}
+extern "C" {
+    /// \brief           This function initializes a point as zero.
+    ///
+    /// \param pt        The point to initialize.
+    pub fn mbedtls_ecp_point_init(pt: *mut mbedtls_ecp_point);
+}
+extern "C" {
+    /// \brief           This function initializes an ECP group context
+    ///                  without loading any domain parameters.
+    ///
+    /// \note            After this function is called, domain parameters
+    ///                  for various ECP groups can be loaded through the
+    ///                  mbedtls_ecp_group_load() or mbedtls_ecp_tls_read_group()
+    ///                  functions.
+    pub fn mbedtls_ecp_group_init(grp: *mut mbedtls_ecp_group);
+}
+extern "C" {
+    /// \brief           This function initializes a key pair as an invalid one.
+    ///
+    /// \param key       The key pair to initialize.
+    pub fn mbedtls_ecp_keypair_init(key: *mut mbedtls_ecp_keypair);
+}
+extern "C" {
+    /// \brief           This function frees the components of a point.
+    ///
+    /// \param pt        The point to free.
+    pub fn mbedtls_ecp_point_free(pt: *mut mbedtls_ecp_point);
+}
+extern "C" {
+    /// \brief           This function frees the components of an ECP group.
+    ///
+    /// \param grp       The group to free. This may be \c NULL, in which
+    ///                  case this function returns immediately. If it is not
+    ///                  \c NULL, it must point to an initialized ECP group.
+    pub fn mbedtls_ecp_group_free(grp: *mut mbedtls_ecp_group);
+}
+extern "C" {
+    /// \brief           This function frees the components of a key pair.
+    ///
+    /// \param key       The key pair to free. This may be \c NULL, in which
+    ///                  case this function returns immediately. If it is not
+    ///                  \c NULL, it must point to an initialized ECP key pair.
+    pub fn mbedtls_ecp_keypair_free(key: *mut mbedtls_ecp_keypair);
+}
+extern "C" {
+    /// \brief           This function copies the contents of point \p Q into
+    ///                  point \p P.
+    ///
+    /// \param P         The destination point. This must be initialized.
+    /// \param Q         The source point. This must be initialized.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+    /// \return          Another negative error code for other kinds of failure.
+    pub fn mbedtls_ecp_copy(
+        P: *mut mbedtls_ecp_point,
+        Q: *const mbedtls_ecp_point,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function copies the contents of group \p src into
+    ///                  group \p dst.
+    ///
+    /// \param dst       The destination group. This must be initialized.
+    /// \param src       The source group. This must be initialized.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_group_copy(
+        dst: *mut mbedtls_ecp_group,
+        src: *const mbedtls_ecp_group,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function sets a point to the point at infinity.
+    ///
+    /// \param pt        The point to set. This must be initialized.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_set_zero(pt: *mut mbedtls_ecp_point) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function checks if a point is the point at infinity.
+    ///
+    /// \param pt        The point to test. This must be initialized.
+    ///
+    /// \return          \c 1 if the point is zero.
+    /// \return          \c 0 if the point is non-zero.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_ecp_is_zero(pt: *mut mbedtls_ecp_point) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function compares two points.
+    ///
+    /// \note            This assumes that the points are normalized. Otherwise,
+    ///                  they may compare as "not equal" even if they are.
+    ///
+    /// \param P         The first point to compare. This must be initialized.
+    /// \param Q         The second point to compare. This must be initialized.
+    ///
+    /// \return          \c 0 if the points are equal.
+    /// \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the points are not equal.
+    pub fn mbedtls_ecp_point_cmp(
+        P: *const mbedtls_ecp_point,
+        Q: *const mbedtls_ecp_point,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function imports a non-zero point from two ASCII
+    ///                  strings.
+    ///
+    /// \param P         The destination point. This must be initialized.
+    /// \param radix     The numeric base of the input.
+    /// \param x         The first affine coordinate, as a null-terminated string.
+    /// \param y         The second affine coordinate, as a null-terminated string.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_MPI_XXX error code on failure.
+    pub fn mbedtls_ecp_point_read_string(
+        P: *mut mbedtls_ecp_point,
+        radix: crate::c_types::c_int,
+        x: *const crate::c_types::c_char,
+        y: *const crate::c_types::c_char,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function exports a point into unsigned binary data.
+    ///
+    /// \param grp       The group to which the point should belong.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param P         The point to export. This must be initialized.
+    /// \param format    The point format. This must be either
+    ///                  #MBEDTLS_ECP_PF_COMPRESSED or #MBEDTLS_ECP_PF_UNCOMPRESSED.
+    ///                  (For groups without these formats, this parameter is
+    ///                  ignored. But it still has to be either of the above
+    ///                  values.)
+    /// \param olen      The address at which to store the length of
+    ///                  the output in Bytes. This must not be \c NULL.
+    /// \param buf       The output buffer. This must be a writable buffer
+    ///                  of length \p buflen Bytes.
+    /// \param buflen    The length of the output buffer \p buf in Bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the output buffer
+    ///                  is too small to hold the point.
+    /// \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the point format
+    ///                  or the export for the given group is not implemented.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_point_write_binary(
+        grp: *const mbedtls_ecp_group,
+        P: *const mbedtls_ecp_point,
+        format: crate::c_types::c_int,
+        olen: *mut usize,
+        buf: *mut crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function imports a point from unsigned binary data.
+    ///
+    /// \note            This function does not check that the point actually
+    ///                  belongs to the given group, see mbedtls_ecp_check_pubkey()
+    ///                  for that.
+    ///
+    /// \note            For compressed points, see #MBEDTLS_ECP_PF_COMPRESSED for
+    ///                  limitations.
+    ///
+    /// \param grp       The group to which the point should belong.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param P         The destination context to import the point to.
+    ///                  This must be initialized.
+    /// \param buf       The input buffer. This must be a readable buffer
+    ///                  of length \p ilen Bytes.
+    /// \param ilen      The length of the input buffer \p buf in Bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the input is invalid.
+    /// \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+    /// \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the import for the
+    ///                  given group is not implemented.
+    pub fn mbedtls_ecp_point_read_binary(
+        grp: *const mbedtls_ecp_group,
+        P: *mut mbedtls_ecp_point,
+        buf: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function imports a point from a TLS ECPoint record.
+    ///
+    /// \note            On function return, \p *buf is updated to point immediately
+    ///                  after the ECPoint record.
+    ///
+    /// \param grp       The ECP group to use.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param pt        The destination point.
+    /// \param buf       The address of the pointer to the start of the input buffer.
+    /// \param len       The length of the buffer.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_MPI_XXX error code on initialization
+    ///                  failure.
+    /// \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
+    pub fn mbedtls_ecp_tls_read_point(
+        grp: *const mbedtls_ecp_group,
+        pt: *mut mbedtls_ecp_point,
+        buf: *mut *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function exports a point as a TLS ECPoint record
+    ///                  defined in RFC 4492, Section 5.4.
+    ///
+    /// \param grp       The ECP group to use.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param pt        The point to be exported. This must be initialized.
+    /// \param format    The point format to use. This must be either
+    ///                  #MBEDTLS_ECP_PF_COMPRESSED or #MBEDTLS_ECP_PF_UNCOMPRESSED.
+    /// \param olen      The address at which to store the length in Bytes
+    ///                  of the data written.
+    /// \param buf       The target buffer. This must be a writable buffer of
+    ///                  length \p blen Bytes.
+    /// \param blen      The length of the target buffer \p buf in Bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the input is invalid.
+    /// \return          #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the target buffer
+    ///                  is too small to hold the exported point.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_tls_write_point(
+        grp: *const mbedtls_ecp_group,
+        pt: *const mbedtls_ecp_point,
+        format: crate::c_types::c_int,
+        olen: *mut usize,
+        buf: *mut crate::c_types::c_uchar,
+        blen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function sets up an ECP group context
+    ///                  from a standardized set of domain parameters.
+    ///
+    /// \note            The index should be a value of the NamedCurve enum,
+    ///                  as defined in <em>RFC-4492: Elliptic Curve Cryptography
+    ///                  (ECC) Cipher Suites for Transport Layer Security (TLS)</em>,
+    ///                  usually in the form of an \c MBEDTLS_ECP_DP_XXX macro.
+    ///
+    /// \param grp       The group context to setup. This must be initialized.
+    /// \param id        The identifier of the domain parameter set to load.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if \p id doesn't
+    ///                  correspond to a known group.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_group_load(
+        grp: *mut mbedtls_ecp_group,
+        id: mbedtls_ecp_group_id,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function sets up an ECP group context from a TLS
+    ///                  ECParameters record as defined in RFC 4492, Section 5.4.
+    ///
+    /// \note            The read pointer \p buf is updated to point right after
+    ///                  the ECParameters record on exit.
+    ///
+    /// \param grp       The group context to setup. This must be initialized.
+    /// \param buf       The address of the pointer to the start of the input buffer.
+    /// \param len       The length of the input buffer \c *buf in Bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
+    /// \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the group is not
+    ///                  recognized.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_tls_read_group(
+        grp: *mut mbedtls_ecp_group,
+        buf: *mut *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function extracts an elliptic curve group ID from a
+    ///                  TLS ECParameters record as defined in RFC 4492, Section 5.4.
+    ///
+    /// \note            The read pointer \p buf is updated to point right after
+    ///                  the ECParameters record on exit.
+    ///
+    /// \param grp       The address at which to store the group id.
+    ///                  This must not be \c NULL.
+    /// \param buf       The address of the pointer to the start of the input buffer.
+    /// \param len       The length of the input buffer \c *buf in Bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
+    /// \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the group is not
+    ///                  recognized.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_tls_read_group_id(
+        grp: *mut mbedtls_ecp_group_id,
+        buf: *mut *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function exports an elliptic curve as a TLS
+    ///                  ECParameters record as defined in RFC 4492, Section 5.4.
+    ///
+    /// \param grp       The ECP group to be exported.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param olen      The address at which to store the number of Bytes written.
+    ///                  This must not be \c NULL.
+    /// \param buf       The buffer to write to. This must be a writable buffer
+    ///                  of length \p blen Bytes.
+    /// \param blen      The length of the output buffer \p buf in Bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the output
+    ///                  buffer is too small to hold the exported group.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_tls_write_group(
+        grp: *const mbedtls_ecp_group,
+        olen: *mut usize,
+        buf: *mut crate::c_types::c_uchar,
+        blen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function performs a scalar multiplication of a point
+    ///                  by an integer: \p R = \p m * \p P.
+    ///
+    ///                  It is not thread-safe to use same group in multiple threads.
+    ///
+    /// \note            To prevent timing attacks, this function
+    ///                  executes the exact same sequence of base-field
+    ///                  operations for any valid \p m. It avoids any if-branch or
+    ///                  array index depending on the value of \p m. It also uses
+    ///                  \p f_rng to randomize some intermediate results.
+    ///
+    /// \param grp       The ECP group to use.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param R         The point in which to store the result of the calculation.
+    ///                  This must be initialized.
+    /// \param m         The integer by which to multiply. This must be initialized.
+    /// \param P         The point to multiply. This must be initialized.
+    /// \param f_rng     The RNG function. This must not be \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may be \c
+    ///                  NULL if \p f_rng doesn't need a context.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_INVALID_KEY if \p m is not a valid private
+    ///                  key, or \p P is not a valid public key.
+    /// \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_mul(
+        grp: *mut mbedtls_ecp_group,
+        R: *mut mbedtls_ecp_point,
+        m: *const mbedtls_mpi,
+        P: *const mbedtls_ecp_point,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function performs multiplication of a point by
+    ///                  an integer: \p R = \p m * \p P in a restartable way.
+    ///
+    /// \see             mbedtls_ecp_mul()
+    ///
+    /// \note            This function does the same as \c mbedtls_ecp_mul(), but
+    ///                  it can return early and restart according to the limit set
+    ///                  with \c mbedtls_ecp_set_max_ops() to reduce blocking.
+    ///
+    /// \param grp       The ECP group to use.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param R         The point in which to store the result of the calculation.
+    ///                  This must be initialized.
+    /// \param m         The integer by which to multiply. This must be initialized.
+    /// \param P         The point to multiply. This must be initialized.
+    /// \param f_rng     The RNG function. This must not be \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may be \c
+    ///                  NULL if \p f_rng doesn't need a context.
+    /// \param rs_ctx    The restart context (NULL disables restart).
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_INVALID_KEY if \p m is not a valid private
+    ///                  key, or \p P is not a valid public key.
+    /// \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+    /// \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                  operations was reached: see \c mbedtls_ecp_set_max_ops().
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_mul_restartable(
+        grp: *mut mbedtls_ecp_group,
+        R: *mut mbedtls_ecp_point,
+        m: *const mbedtls_mpi,
+        P: *const mbedtls_ecp_point,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        rs_ctx: *mut mbedtls_ecp_restart_ctx,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function performs multiplication and addition of two
+    ///                  points by integers: \p R = \p m * \p P + \p n * \p Q
+    ///
+    ///                  It is not thread-safe to use same group in multiple threads.
+    ///
+    /// \note            In contrast to mbedtls_ecp_mul(), this function does not
+    ///                  guarantee a constant execution flow and timing.
+    ///
+    /// \note            This function is only defined for short Weierstrass curves.
+    ///                  It may not be included in builds without any short
+    ///                  Weierstrass curve.
+    ///
+    /// \param grp       The ECP group to use.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param R         The point in which to store the result of the calculation.
+    ///                  This must be initialized.
+    /// \param m         The integer by which to multiply \p P.
+    ///                  This must be initialized.
+    /// \param P         The point to multiply by \p m. This must be initialized.
+    /// \param n         The integer by which to multiply \p Q.
+    ///                  This must be initialized.
+    /// \param Q         The point to be multiplied by \p n.
+    ///                  This must be initialized.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_INVALID_KEY if \p m or \p n are not
+    ///                  valid private keys, or \p P or \p Q are not valid public
+    ///                  keys.
+    /// \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+    /// \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if \p grp does not
+    ///                  designate a short Weierstrass curve.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_muladd(
+        grp: *mut mbedtls_ecp_group,
+        R: *mut mbedtls_ecp_point,
+        m: *const mbedtls_mpi,
+        P: *const mbedtls_ecp_point,
+        n: *const mbedtls_mpi,
+        Q: *const mbedtls_ecp_point,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function performs multiplication and addition of two
+    ///                  points by integers: \p R = \p m * \p P + \p n * \p Q in a
+    ///                  restartable way.
+    ///
+    /// \see             \c mbedtls_ecp_muladd()
+    ///
+    /// \note            This function works the same as \c mbedtls_ecp_muladd(),
+    ///                  but it can return early and restart according to the limit
+    ///                  set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
+    ///
+    /// \note            This function is only defined for short Weierstrass curves.
+    ///                  It may not be included in builds without any short
+    ///                  Weierstrass curve.
+    ///
+    /// \param grp       The ECP group to use.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param R         The point in which to store the result of the calculation.
+    ///                  This must be initialized.
+    /// \param m         The integer by which to multiply \p P.
+    ///                  This must be initialized.
+    /// \param P         The point to multiply by \p m. This must be initialized.
+    /// \param n         The integer by which to multiply \p Q.
+    ///                  This must be initialized.
+    /// \param Q         The point to be multiplied by \p n.
+    ///                  This must be initialized.
+    /// \param rs_ctx    The restart context (NULL disables restart).
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_INVALID_KEY if \p m or \p n are not
+    ///                  valid private keys, or \p P or \p Q are not valid public
+    ///                  keys.
+    /// \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+    /// \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if \p grp does not
+    ///                  designate a short Weierstrass curve.
+    /// \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                  operations was reached: see \c mbedtls_ecp_set_max_ops().
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_muladd_restartable(
+        grp: *mut mbedtls_ecp_group,
+        R: *mut mbedtls_ecp_point,
+        m: *const mbedtls_mpi,
+        P: *const mbedtls_ecp_point,
+        n: *const mbedtls_mpi,
+        Q: *const mbedtls_ecp_point,
+        rs_ctx: *mut mbedtls_ecp_restart_ctx,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function checks that a point is a valid public key
+    ///                  on this curve.
+    ///
+    ///                  It only checks that the point is non-zero, has
+    ///                  valid coordinates and lies on the curve. It does not verify
+    ///                  that it is indeed a multiple of \p G. This additional
+    ///                  check is computationally more expensive, is not required
+    ///                  by standards, and should not be necessary if the group
+    ///                  used has a small cofactor. In particular, it is useless for
+    ///                  the NIST groups which all have a cofactor of 1.
+    ///
+    /// \note            This function uses bare components rather than an
+    ///                  ::mbedtls_ecp_keypair structure, to ease use with other
+    ///                  structures, such as ::mbedtls_ecdh_context or
+    ///                  ::mbedtls_ecdsa_context.
+    ///
+    /// \param grp       The ECP group the point should belong to.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param pt        The point to check. This must be initialized.
+    ///
+    /// \return          \c 0 if the point is a valid public key.
+    /// \return          #MBEDTLS_ERR_ECP_INVALID_KEY if the point is not
+    ///                  a valid public key for the given curve.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_check_pubkey(
+        grp: *const mbedtls_ecp_group,
+        pt: *const mbedtls_ecp_point,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function checks that an \p mbedtls_mpi is a
+    ///                  valid private key for this curve.
+    ///
+    /// \note            This function uses bare components rather than an
+    ///                  ::mbedtls_ecp_keypair structure to ease use with other
+    ///                  structures, such as ::mbedtls_ecdh_context or
+    ///                  ::mbedtls_ecdsa_context.
+    ///
+    /// \param grp       The ECP group the private key should belong to.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param d         The integer to check. This must be initialized.
+    ///
+    /// \return          \c 0 if the point is a valid private key.
+    /// \return          #MBEDTLS_ERR_ECP_INVALID_KEY if the point is not a valid
+    ///                  private key for the given curve.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_check_privkey(
+        grp: *const mbedtls_ecp_group,
+        d: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function generates a private key.
+    ///
+    /// \param grp       The ECP group to generate a private key for.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param d         The destination MPI (secret part). This must be initialized.
+    /// \param f_rng     The RNG function. This must not be \c NULL.
+    /// \param p_rng     The RNG parameter to be passed to \p f_rng. This may be
+    ///                  \c NULL if \p f_rng doesn't need a context argument.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
+    ///                  on failure.
+    pub fn mbedtls_ecp_gen_privkey(
+        grp: *const mbedtls_ecp_group,
+        d: *mut mbedtls_mpi,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function generates a keypair with a configurable base
+    ///                  point.
+    ///
+    /// \note            This function uses bare components rather than an
+    ///                  ::mbedtls_ecp_keypair structure to ease use with other
+    ///                  structures, such as ::mbedtls_ecdh_context or
+    ///                  ::mbedtls_ecdsa_context.
+    ///
+    /// \param grp       The ECP group to generate a key pair for.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param G         The base point to use. This must be initialized
+    ///                  and belong to \p grp. It replaces the default base
+    ///                  point \c grp->G used by mbedtls_ecp_gen_keypair().
+    /// \param d         The destination MPI (secret part).
+    ///                  This must be initialized.
+    /// \param Q         The destination point (public part).
+    ///                  This must be initialized.
+    /// \param f_rng     The RNG function. This must not be \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may
+    ///                  be \c NULL if \p f_rng doesn't need a context argument.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
+    ///                  on failure.
+    pub fn mbedtls_ecp_gen_keypair_base(
+        grp: *mut mbedtls_ecp_group,
+        G: *const mbedtls_ecp_point,
+        d: *mut mbedtls_mpi,
+        Q: *mut mbedtls_ecp_point,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function generates an ECP keypair.
+    ///
+    /// \note            This function uses bare components rather than an
+    ///                  ::mbedtls_ecp_keypair structure to ease use with other
+    ///                  structures, such as ::mbedtls_ecdh_context or
+    ///                  ::mbedtls_ecdsa_context.
+    ///
+    /// \param grp       The ECP group to generate a key pair for.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param d         The destination MPI (secret part).
+    ///                  This must be initialized.
+    /// \param Q         The destination point (public part).
+    ///                  This must be initialized.
+    /// \param f_rng     The RNG function. This must not be \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may
+    ///                  be \c NULL if \p f_rng doesn't need a context argument.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
+    ///                  on failure.
+    pub fn mbedtls_ecp_gen_keypair(
+        grp: *mut mbedtls_ecp_group,
+        d: *mut mbedtls_mpi,
+        Q: *mut mbedtls_ecp_point,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function generates an ECP key.
+    ///
+    /// \param grp_id    The ECP group identifier.
+    /// \param key       The destination key. This must be initialized.
+    /// \param f_rng     The RNG function to use. This must not be \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may
+    ///                  be \c NULL if \p f_rng doesn't need a context argument.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
+    ///                  on failure.
+    pub fn mbedtls_ecp_gen_key(
+        grp_id: mbedtls_ecp_group_id,
+        key: *mut mbedtls_ecp_keypair,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function reads an elliptic curve private key.
+    ///
+    /// \param grp_id    The ECP group identifier.
+    /// \param key       The destination key.
+    /// \param buf       The buffer containing the binary representation of the
+    ///                  key. (Big endian integer for Weierstrass curves, byte
+    ///                  string for Montgomery curves.)
+    /// \param buflen    The length of the buffer in bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_INVALID_KEY error if the key is
+    ///                  invalid.
+    /// \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+    /// \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the operation for
+    ///                  the group is not implemented.
+    /// \return          Another negative error code on different kinds of failure.
+    pub fn mbedtls_ecp_read_key(
+        grp_id: mbedtls_ecp_group_id,
+        key: *mut mbedtls_ecp_keypair,
+        buf: *const crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function exports an elliptic curve private key.
+    ///
+    /// \param key       The private key.
+    /// \param buf       The output buffer for containing the binary representation
+    ///                  of the key. (Big endian integer for Weierstrass curves, byte
+    ///                  string for Montgomery curves.)
+    /// \param buflen    The total length of the buffer in bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the \p key
+    ///representation is larger than the available space in \p buf.
+    /// \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the operation for
+    ///                  the group is not implemented.
+    /// \return          Another negative error code on different kinds of failure.
+    pub fn mbedtls_ecp_write_key(
+        key: *mut mbedtls_ecp_keypair,
+        buf: *mut crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function checks that the keypair objects
+    ///                  \p pub and \p prv have the same group and the
+    ///                  same public point, and that the private key in
+    ///                  \p prv is consistent with the public key.
+    ///
+    /// \param pub       The keypair structure holding the public key. This
+    ///                  must be initialized. If it contains a private key, that
+    ///                  part is ignored.
+    /// \param prv       The keypair structure holding the full keypair.
+    ///                  This must be initialized.
+    /// \param f_rng     The RNG function. This must not be \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may be \c
+    ///                  NULL if \p f_rng doesn't need a context.
+    ///
+    /// \return          \c 0 on success, meaning that the keys are valid and match.
+    /// \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the keys are invalid or do not match.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX or an \c MBEDTLS_ERR_MPI_XXX
+    ///                  error code on calculation failure.
+    pub fn mbedtls_ecp_check_pub_priv(
+        pub_: *const mbedtls_ecp_keypair,
+        prv: *const mbedtls_ecp_keypair,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function exports generic key-pair parameters.
+    ///
+    /// \param key       The key pair to export from.
+    /// \param grp       Slot for exported ECP group.
+    ///                  It must point to an initialized ECP group.
+    /// \param d         Slot for the exported secret value.
+    ///                  It must point to an initialized mpi.
+    /// \param Q         Slot for the exported public value.
+    ///                  It must point to an initialized ECP point.
+    ///
+    /// \return          \c 0 on success,
+    /// \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+    /// \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if key id doesn't
+    ///                  correspond to a known group.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_export(
+        key: *const mbedtls_ecp_keypair,
+        grp: *mut mbedtls_ecp_group,
+        d: *mut mbedtls_mpi,
+        Q: *mut mbedtls_ecp_point,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          The ECP checkup routine.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_ecp_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+///< None.
+pub const mbedtls_md_type_t_MBEDTLS_MD_NONE: mbedtls_md_type_t = 0;
+///< The MD5 message digest.
+pub const mbedtls_md_type_t_MBEDTLS_MD_MD5: mbedtls_md_type_t = 1;
+///< The SHA-1 message digest.
+pub const mbedtls_md_type_t_MBEDTLS_MD_SHA1: mbedtls_md_type_t = 2;
+///< The SHA-224 message digest.
+pub const mbedtls_md_type_t_MBEDTLS_MD_SHA224: mbedtls_md_type_t = 3;
+///< The SHA-256 message digest.
+pub const mbedtls_md_type_t_MBEDTLS_MD_SHA256: mbedtls_md_type_t = 4;
+///< The SHA-384 message digest.
+pub const mbedtls_md_type_t_MBEDTLS_MD_SHA384: mbedtls_md_type_t = 5;
+///< The SHA-512 message digest.
+pub const mbedtls_md_type_t_MBEDTLS_MD_SHA512: mbedtls_md_type_t = 6;
+///< The RIPEMD-160 message digest.
+pub const mbedtls_md_type_t_MBEDTLS_MD_RIPEMD160: mbedtls_md_type_t = 7;
+/// \brief     Supported message digests.
+///
+/// \warning   MD5 and SHA-1 are considered weak message digests and
+///            their use constitutes a security risk. We recommend considering
+///            stronger message digests instead.
+pub type mbedtls_md_type_t = crate::c_types::c_uint;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_md_info_t {
+    _unused: [u8; 0],
+}
+pub const mbedtls_md_engine_t_MBEDTLS_MD_ENGINE_LEGACY: mbedtls_md_engine_t = 0;
+pub const mbedtls_md_engine_t_MBEDTLS_MD_ENGINE_PSA: mbedtls_md_engine_t = 1;
+/// Used internally to indicate whether a context uses legacy or PSA.
+///
+/// Internal use only.
+pub type mbedtls_md_engine_t = crate::c_types::c_uint;
+/// The generic message-digest context.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_md_context_t {
+    pub private_md_info: *const mbedtls_md_info_t,
+    pub private_md_ctx: *mut crate::c_types::c_void,
+    pub private_hmac_ctx: *mut crate::c_types::c_void,
+}
+extern "C" {
+    /// \brief           This function returns the message-digest information
+    ///                  associated with the given digest type.
+    ///
+    /// \param md_type   The type of digest to search for.
+    ///
+    /// \return          The message-digest information associated with \p md_type.
+    /// \return          NULL if the associated message-digest information is not found.
+    pub fn mbedtls_md_info_from_type(md_type: mbedtls_md_type_t) -> *const mbedtls_md_info_t;
+}
+extern "C" {
+    /// \brief           This function initializes a message-digest context without
+    ///                  binding it to a particular message-digest algorithm.
+    ///
+    ///                  This function should always be called first. It prepares the
+    ///                  context for mbedtls_md_setup() for binding it to a
+    ///                  message-digest algorithm.
+    pub fn mbedtls_md_init(ctx: *mut mbedtls_md_context_t);
+}
+extern "C" {
+    /// \brief           This function clears the internal structure of \p ctx and
+    ///                  frees any embedded internal structure, but does not free
+    ///                  \p ctx itself.
+    ///
+    ///                  If you have called mbedtls_md_setup() on \p ctx, you must
+    ///                  call mbedtls_md_free() when you are no longer using the
+    ///                  context.
+    ///                  Calling this function if you have previously
+    ///                  called mbedtls_md_init() and nothing else is optional.
+    ///                  You must not call this function if you have not called
+    ///                  mbedtls_md_init().
+    pub fn mbedtls_md_free(ctx: *mut mbedtls_md_context_t);
+}
+extern "C" {
+    /// \brief           This function selects the message digest algorithm to use,
+    ///                  and allocates internal structures.
+    ///
+    ///                  It should be called after mbedtls_md_init() or
+    ///                  mbedtls_md_free(). Makes it necessary to call
+    ///                  mbedtls_md_free() later.
+    ///
+    /// \param ctx       The context to set up.
+    /// \param md_info   The information structure of the message-digest algorithm
+    ///                  to use.
+    /// \param hmac      Defines if HMAC is used. 0: HMAC is not used (saves some memory),
+    ///                  or non-zero: HMAC is used with this context.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+    ///                  failure.
+    /// \return          #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure.
+    pub fn mbedtls_md_setup(
+        ctx: *mut mbedtls_md_context_t,
+        md_info: *const mbedtls_md_info_t,
+        hmac: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function clones the state of a message-digest
+    ///                  context.
+    ///
+    /// \note            You must call mbedtls_md_setup() on \c dst before calling
+    ///                  this function.
+    ///
+    /// \note            The two contexts must have the same type,
+    ///                  for example, both are SHA-256.
+    ///
+    /// \warning         This function clones the message-digest state, not the
+    ///                  HMAC state.
+    ///
+    /// \param dst       The destination context.
+    /// \param src       The context to be cloned.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification failure.
+    /// \return          #MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE if both contexts are
+    ///                  not using the same engine. This can be avoided by moving
+    ///                  the call to psa_crypto_init() before the first call to
+    ///                  mbedtls_md_setup().
+    pub fn mbedtls_md_clone(
+        dst: *mut mbedtls_md_context_t,
+        src: *const mbedtls_md_context_t,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function extracts the message-digest size from the
+    ///                  message-digest information structure.
+    ///
+    /// \param md_info   The information structure of the message-digest algorithm
+    ///                  to use.
+    ///
+    /// \return          The size of the message-digest output in Bytes.
+    pub fn mbedtls_md_get_size(md_info: *const mbedtls_md_info_t) -> crate::c_types::c_uchar;
+}
+extern "C" {
+    /// \brief           This function extracts the message-digest type from the
+    ///                  message-digest information structure.
+    ///
+    /// \param md_info   The information structure of the message-digest algorithm
+    ///                  to use.
+    ///
+    /// \return          The type of the message digest.
+    pub fn mbedtls_md_get_type(md_info: *const mbedtls_md_info_t) -> mbedtls_md_type_t;
+}
+extern "C" {
+    /// \brief           This function starts a message-digest computation.
+    ///
+    ///                  You must call this function after setting up the context
+    ///                  with mbedtls_md_setup(), and before passing data with
+    ///                  mbedtls_md_update().
+    ///
+    /// \param ctx       The generic message-digest context.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+    ///                  failure.
+    pub fn mbedtls_md_starts(ctx: *mut mbedtls_md_context_t) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function feeds an input buffer into an ongoing
+    ///                  message-digest computation.
+    ///
+    ///                  You must call mbedtls_md_starts() before calling this
+    ///                  function. You may call this function multiple times.
+    ///                  Afterwards, call mbedtls_md_finish().
+    ///
+    /// \param ctx       The generic message-digest context.
+    /// \param input     The buffer holding the input data.
+    /// \param ilen      The length of the input data.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+    ///                  failure.
+    pub fn mbedtls_md_update(
+        ctx: *mut mbedtls_md_context_t,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function finishes the digest operation,
+    ///                  and writes the result to the output buffer.
+    ///
+    ///                  Call this function after a call to mbedtls_md_starts(),
+    ///                  followed by any number of calls to mbedtls_md_update().
+    ///                  Afterwards, you may either clear the context with
+    ///                  mbedtls_md_free(), or call mbedtls_md_starts() to reuse
+    ///                  the context for another digest operation with the same
+    ///                  algorithm.
+    ///
+    /// \param ctx       The generic message-digest context.
+    /// \param output    The buffer for the generic message-digest checksum result.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+    ///                  failure.
+    pub fn mbedtls_md_finish(
+        ctx: *mut mbedtls_md_context_t,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function calculates the message-digest of a buffer,
+    ///                 with respect to a configurable message-digest algorithm
+    ///                 in a single call.
+    ///
+    ///                 The result is calculated as
+    ///                 Output = message_digest(input buffer).
+    ///
+    /// \param md_info  The information structure of the message-digest algorithm
+    ///                 to use.
+    /// \param input    The buffer holding the data.
+    /// \param ilen     The length of the input data.
+    /// \param output   The generic message-digest checksum result.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+    ///                 failure.
+    pub fn mbedtls_md(
+        md_info: *const mbedtls_md_info_t,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function returns the list of digests supported by the
+    ///                  generic digest module.
+    ///
+    /// \note            The list starts with the strongest available hashes.
+    ///
+    /// \return          A statically allocated array of digests. Each element
+    ///                  in the returned list is an integer belonging to the
+    ///                  message-digest enumeration #mbedtls_md_type_t.
+    ///                  The last entry is 0.
+    pub fn mbedtls_md_list() -> *const crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function returns the message-digest information
+    ///                  associated with the given digest name.
+    ///
+    /// \param md_name   The name of the digest to search for.
+    ///
+    /// \return          The message-digest information associated with \p md_name.
+    /// \return          NULL if the associated message-digest information is not found.
+    pub fn mbedtls_md_info_from_string(
+        md_name: *const crate::c_types::c_char,
+    ) -> *const mbedtls_md_info_t;
+}
+extern "C" {
+    /// \brief           This function extracts the message-digest name from the
+    ///                  message-digest information structure.
+    ///
+    /// \param md_info   The information structure of the message-digest algorithm
+    ///                  to use.
+    ///
+    /// \return          The name of the message digest.
+    pub fn mbedtls_md_get_name(md_info: *const mbedtls_md_info_t) -> *const crate::c_types::c_char;
+}
+extern "C" {
+    /// \brief           This function returns the message-digest information
+    ///                  from the given context.
+    ///
+    /// \param ctx       The context from which to extract the information.
+    ///                  This must be initialized (or \c NULL).
+    ///
+    /// \return          The message-digest information associated with \p ctx.
+    /// \return          \c NULL if \p ctx is \c NULL.
+    pub fn mbedtls_md_info_from_ctx(ctx: *const mbedtls_md_context_t) -> *const mbedtls_md_info_t;
+}
+extern "C" {
+    /// \brief           This function sets the HMAC key and prepares to
+    ///                  authenticate a new message.
+    ///
+    ///                  Call this function after mbedtls_md_setup(), to use
+    ///                  the MD context for an HMAC calculation, then call
+    ///                  mbedtls_md_hmac_update() to provide the input data, and
+    ///                  mbedtls_md_hmac_finish() to get the HMAC value.
+    ///
+    /// \param ctx       The message digest context containing an embedded HMAC
+    ///                  context.
+    /// \param key       The HMAC secret key.
+    /// \param keylen    The length of the HMAC key in Bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+    ///                  failure.
+    pub fn mbedtls_md_hmac_starts(
+        ctx: *mut mbedtls_md_context_t,
+        key: *const crate::c_types::c_uchar,
+        keylen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function feeds an input buffer into an ongoing HMAC
+    ///                  computation.
+    ///
+    ///                  Call mbedtls_md_hmac_starts() or mbedtls_md_hmac_reset()
+    ///                  before calling this function.
+    ///                  You may call this function multiple times to pass the
+    ///                  input piecewise.
+    ///                  Afterwards, call mbedtls_md_hmac_finish().
+    ///
+    /// \param ctx       The message digest context containing an embedded HMAC
+    ///                  context.
+    /// \param input     The buffer holding the input data.
+    /// \param ilen      The length of the input data.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+    ///                  failure.
+    pub fn mbedtls_md_hmac_update(
+        ctx: *mut mbedtls_md_context_t,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function finishes the HMAC operation, and writes
+    ///                  the result to the output buffer.
+    ///
+    ///                  Call this function after mbedtls_md_hmac_starts() and
+    ///                  mbedtls_md_hmac_update() to get the HMAC value. Afterwards
+    ///                  you may either call mbedtls_md_free() to clear the context,
+    ///                  or call mbedtls_md_hmac_reset() to reuse the context with
+    ///                  the same HMAC key.
+    ///
+    /// \param ctx       The message digest context containing an embedded HMAC
+    ///                  context.
+    /// \param output    The generic HMAC checksum result.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+    ///                  failure.
+    pub fn mbedtls_md_hmac_finish(
+        ctx: *mut mbedtls_md_context_t,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function prepares to authenticate a new message with
+    ///                  the same key as the previous HMAC operation.
+    ///
+    ///                  You may call this function after mbedtls_md_hmac_finish().
+    ///                  Afterwards call mbedtls_md_hmac_update() to pass the new
+    ///                  input.
+    ///
+    /// \param ctx       The message digest context containing an embedded HMAC
+    ///                  context.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+    ///                  failure.
+    pub fn mbedtls_md_hmac_reset(ctx: *mut mbedtls_md_context_t) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function calculates the full generic HMAC
+    ///                 on the input buffer with the provided key.
+    ///
+    ///                 The function allocates the context, performs the
+    ///                 calculation, and frees the context.
+    ///
+    ///                 The HMAC result is calculated as
+    ///                 output = generic HMAC(hmac key, input buffer).
+    ///
+    /// \param md_info  The information structure of the message-digest algorithm
+    ///                 to use.
+    /// \param key      The HMAC secret key.
+    /// \param keylen   The length of the HMAC secret key in Bytes.
+    /// \param input    The buffer holding the input data.
+    /// \param ilen     The length of the input data.
+    /// \param output   The generic HMAC result.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+    ///                 failure.
+    pub fn mbedtls_md_hmac(
+        md_info: *const mbedtls_md_info_t,
+        key: *const crate::c_types::c_uchar,
+        keylen: usize,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+/// \brief   The RSA context structure.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_rsa_context {
+    pub private_ver: crate::c_types::c_int,
+    pub private_len: usize,
+    pub private_N: mbedtls_mpi,
+    pub private_E: mbedtls_mpi,
+    pub private_D: mbedtls_mpi,
+    pub private_P: mbedtls_mpi,
+    pub private_Q: mbedtls_mpi,
+    pub private_DP: mbedtls_mpi,
+    pub private_DQ: mbedtls_mpi,
+    pub private_QP: mbedtls_mpi,
+    pub private_RN: mbedtls_mpi,
+    pub private_RP: mbedtls_mpi,
+    pub private_RQ: mbedtls_mpi,
+    pub private_Vi: mbedtls_mpi,
+    pub private_Vf: mbedtls_mpi,
+    pub private_padding: crate::c_types::c_int,
+    pub private_hash_id: crate::c_types::c_int,
+}
+extern "C" {
+    /// \brief          This function initializes an RSA context.
+    ///
+    /// \note           This function initializes the padding and the hash
+    ///                 identifier to respectively #MBEDTLS_RSA_PKCS_V15 and
+    ///                 #MBEDTLS_MD_NONE. See mbedtls_rsa_set_padding() for more
+    ///                 information about those parameters.
+    ///
+    /// \param ctx      The RSA context to initialize. This must not be \c NULL.
+    pub fn mbedtls_rsa_init(ctx: *mut mbedtls_rsa_context);
+}
+extern "C" {
+    /// \brief          This function sets padding for an already initialized RSA
+    ///                 context.
+    ///
+    /// \note           Set padding to #MBEDTLS_RSA_PKCS_V21 for the RSAES-OAEP
+    ///                 encryption scheme and the RSASSA-PSS signature scheme.
+    ///
+    /// \note           The \p hash_id parameter is ignored when using
+    ///                 #MBEDTLS_RSA_PKCS_V15 padding.
+    ///
+    /// \note           The choice of padding mode is strictly enforced for private
+    ///                 key operations, since there might be security concerns in
+    ///                 mixing padding modes. For public key operations it is
+    ///                 a default value, which can be overridden by calling specific
+    ///                 \c mbedtls_rsa_rsaes_xxx or \c mbedtls_rsa_rsassa_xxx
+    ///                 functions.
+    ///
+    /// \note           The hash selected in \p hash_id is always used for OEAP
+    ///                 encryption. For PSS signatures, it is always used for
+    ///                 making signatures, but can be overridden for verifying them.
+    ///                 If set to #MBEDTLS_MD_NONE, it is always overridden.
+    ///
+    /// \param ctx      The initialized RSA context to be configured.
+    /// \param padding  The padding mode to use. This must be either
+    ///                 #MBEDTLS_RSA_PKCS_V15 or #MBEDTLS_RSA_PKCS_V21.
+    /// \param hash_id  The hash identifier for PSS or OAEP, if \p padding is
+    ///                 #MBEDTLS_RSA_PKCS_V21. #MBEDTLS_MD_NONE is accepted by this
+    ///                 function but may be not suitable for some operations.
+    ///                 Ignored if \p padding is #MBEDTLS_RSA_PKCS_V15.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_RSA_INVALID_PADDING failure:
+    ///                 \p padding or \p hash_id is invalid.
+    pub fn mbedtls_rsa_set_padding(
+        ctx: *mut mbedtls_rsa_context,
+        padding: crate::c_types::c_int,
+        hash_id: mbedtls_md_type_t,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function retrieves padding mode of initialized
+    ///                 RSA context.
+    ///
+    /// \param ctx      The initialized RSA context.
+    ///
+    /// \return         RSA padding mode.
+    pub fn mbedtls_rsa_get_padding_mode(ctx: *const mbedtls_rsa_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function retrieves hash identifier of mbedtls_md_type_t
+    ///                 type.
+    ///
+    /// \param ctx      The initialized RSA context.
+    ///
+    /// \return         Hash identifier of mbedtls_md_type_t type.
+    pub fn mbedtls_rsa_get_md_alg(ctx: *const mbedtls_rsa_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function imports a set of core parameters into an
+    ///                 RSA context.
+    ///
+    /// \note           This function can be called multiple times for successive
+    ///                 imports, if the parameters are not simultaneously present.
+    ///
+    ///                 Any sequence of calls to this function should be followed
+    ///                 by a call to mbedtls_rsa_complete(), which checks and
+    ///                 completes the provided information to a ready-for-use
+    ///                 public or private RSA key.
+    ///
+    /// \note           See mbedtls_rsa_complete() for more information on which
+    ///                 parameters are necessary to set up a private or public
+    ///                 RSA key.
+    ///
+    /// \note           The imported parameters are copied and need not be preserved
+    ///                 for the lifetime of the RSA context being set up.
+    ///
+    /// \param ctx      The initialized RSA context to store the parameters in.
+    /// \param N        The RSA modulus. This may be \c NULL.
+    /// \param P        The first prime factor of \p N. This may be \c NULL.
+    /// \param Q        The second prime factor of \p N. This may be \c NULL.
+    /// \param D        The private exponent. This may be \c NULL.
+    /// \param E        The public exponent. This may be \c NULL.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A non-zero error code on failure.
+    pub fn mbedtls_rsa_import(
+        ctx: *mut mbedtls_rsa_context,
+        N: *const mbedtls_mpi,
+        P: *const mbedtls_mpi,
+        Q: *const mbedtls_mpi,
+        D: *const mbedtls_mpi,
+        E: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function imports core RSA parameters, in raw big-endian
+    ///                 binary format, into an RSA context.
+    ///
+    /// \note           This function can be called multiple times for successive
+    ///                 imports, if the parameters are not simultaneously present.
+    ///
+    ///                 Any sequence of calls to this function should be followed
+    ///                 by a call to mbedtls_rsa_complete(), which checks and
+    ///                 completes the provided information to a ready-for-use
+    ///                 public or private RSA key.
+    ///
+    /// \note           See mbedtls_rsa_complete() for more information on which
+    ///                 parameters are necessary to set up a private or public
+    ///                 RSA key.
+    ///
+    /// \note           The imported parameters are copied and need not be preserved
+    ///                 for the lifetime of the RSA context being set up.
+    ///
+    /// \param ctx      The initialized RSA context to store the parameters in.
+    /// \param N        The RSA modulus. This may be \c NULL.
+    /// \param N_len    The Byte length of \p N; it is ignored if \p N == NULL.
+    /// \param P        The first prime factor of \p N. This may be \c NULL.
+    /// \param P_len    The Byte length of \p P; it is ignored if \p P == NULL.
+    /// \param Q        The second prime factor of \p N. This may be \c NULL.
+    /// \param Q_len    The Byte length of \p Q; it is ignored if \p Q == NULL.
+    /// \param D        The private exponent. This may be \c NULL.
+    /// \param D_len    The Byte length of \p D; it is ignored if \p D == NULL.
+    /// \param E        The public exponent. This may be \c NULL.
+    /// \param E_len    The Byte length of \p E; it is ignored if \p E == NULL.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A non-zero error code on failure.
+    pub fn mbedtls_rsa_import_raw(
+        ctx: *mut mbedtls_rsa_context,
+        N: *const crate::c_types::c_uchar,
+        N_len: usize,
+        P: *const crate::c_types::c_uchar,
+        P_len: usize,
+        Q: *const crate::c_types::c_uchar,
+        Q_len: usize,
+        D: *const crate::c_types::c_uchar,
+        D_len: usize,
+        E: *const crate::c_types::c_uchar,
+        E_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function completes an RSA context from
+    ///                 a set of imported core parameters.
+    ///
+    ///                 To setup an RSA public key, precisely \p N and \p E
+    ///                 must have been imported.
+    ///
+    ///                 To setup an RSA private key, sufficient information must
+    ///                 be present for the other parameters to be derivable.
+    ///
+    ///                 The default implementation supports the following:
+    ///                 <ul><li>Derive \p P, \p Q from \p N, \p D, \p E.</li>
+    ///                 <li>Derive \p N, \p D from \p P, \p Q, \p E.</li></ul>
+    ///                 Alternative implementations need not support these.
+    ///
+    ///                 If this function runs successfully, it guarantees that
+    ///                 the RSA context can be used for RSA operations without
+    ///                 the risk of failure or crash.
+    ///
+    /// \warning        This function need not perform consistency checks
+    ///                 for the imported parameters. In particular, parameters that
+    ///                 are not needed by the implementation might be silently
+    ///                 discarded and left unchecked. To check the consistency
+    ///                 of the key material, see mbedtls_rsa_check_privkey().
+    ///
+    /// \param ctx      The initialized RSA context holding imported parameters.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the attempted derivations
+    ///                 failed.
+    pub fn mbedtls_rsa_complete(ctx: *mut mbedtls_rsa_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function exports the core parameters of an RSA key.
+    ///
+    ///                 If this function runs successfully, the non-NULL buffers
+    ///                 pointed to by \p N, \p P, \p Q, \p D, and \p E are fully
+    ///                 written, with additional unused space filled leading by
+    ///                 zero Bytes.
+    ///
+    ///                 Possible reasons for returning
+    ///                 #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED:<ul>
+    ///                 <li>An alternative RSA implementation is in use, which
+    ///                 stores the key externally, and either cannot or should
+    ///                 not export it into RAM.</li>
+    ///                 <li>A SW or HW implementation might not support a certain
+    ///                 deduction. For example, \p P, \p Q from \p N, \p D,
+    ///                 and \p E if the former are not part of the
+    ///                 implementation.</li></ul>
+    ///
+    ///                 If the function fails due to an unsupported operation,
+    ///                 the RSA context stays intact and remains usable.
+    ///
+    /// \param ctx      The initialized RSA context.
+    /// \param N        The MPI to hold the RSA modulus.
+    ///                 This may be \c NULL if this field need not be exported.
+    /// \param P        The MPI to hold the first prime factor of \p N.
+    ///                 This may be \c NULL if this field need not be exported.
+    /// \param Q        The MPI to hold the second prime factor of \p N.
+    ///                 This may be \c NULL if this field need not be exported.
+    /// \param D        The MPI to hold the private exponent.
+    ///                 This may be \c NULL if this field need not be exported.
+    /// \param E        The MPI to hold the public exponent.
+    ///                 This may be \c NULL if this field need not be exported.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED if exporting the
+    ///                 requested parameters cannot be done due to missing
+    ///                 functionality or because of security policies.
+    /// \return         A non-zero return code on any other failure.
+    pub fn mbedtls_rsa_export(
+        ctx: *const mbedtls_rsa_context,
+        N: *mut mbedtls_mpi,
+        P: *mut mbedtls_mpi,
+        Q: *mut mbedtls_mpi,
+        D: *mut mbedtls_mpi,
+        E: *mut mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function exports core parameters of an RSA key
+    ///                 in raw big-endian binary format.
+    ///
+    ///                 If this function runs successfully, the non-NULL buffers
+    ///                 pointed to by \p N, \p P, \p Q, \p D, and \p E are fully
+    ///                 written, with additional unused space filled leading by
+    ///                 zero Bytes.
+    ///
+    ///                 Possible reasons for returning
+    ///                 #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED:<ul>
+    ///                 <li>An alternative RSA implementation is in use, which
+    ///                 stores the key externally, and either cannot or should
+    ///                 not export it into RAM.</li>
+    ///                 <li>A SW or HW implementation might not support a certain
+    ///                 deduction. For example, \p P, \p Q from \p N, \p D,
+    ///                 and \p E if the former are not part of the
+    ///                 implementation.</li></ul>
+    ///                 If the function fails due to an unsupported operation,
+    ///                 the RSA context stays intact and remains usable.
+    ///
+    /// \note           The length parameters are ignored if the corresponding
+    ///                 buffer pointers are NULL.
+    ///
+    /// \param ctx      The initialized RSA context.
+    /// \param N        The Byte array to store the RSA modulus,
+    ///                 or \c NULL if this field need not be exported.
+    /// \param N_len    The size of the buffer for the modulus.
+    /// \param P        The Byte array to hold the first prime factor of \p N,
+    ///                 or \c NULL if this field need not be exported.
+    /// \param P_len    The size of the buffer for the first prime factor.
+    /// \param Q        The Byte array to hold the second prime factor of \p N,
+    ///                 or \c NULL if this field need not be exported.
+    /// \param Q_len    The size of the buffer for the second prime factor.
+    /// \param D        The Byte array to hold the private exponent,
+    ///                 or \c NULL if this field need not be exported.
+    /// \param D_len    The size of the buffer for the private exponent.
+    /// \param E        The Byte array to hold the public exponent,
+    ///                 or \c NULL if this field need not be exported.
+    /// \param E_len    The size of the buffer for the public exponent.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED if exporting the
+    ///                 requested parameters cannot be done due to missing
+    ///                 functionality or because of security policies.
+    /// \return         A non-zero return code on any other failure.
+    pub fn mbedtls_rsa_export_raw(
+        ctx: *const mbedtls_rsa_context,
+        N: *mut crate::c_types::c_uchar,
+        N_len: usize,
+        P: *mut crate::c_types::c_uchar,
+        P_len: usize,
+        Q: *mut crate::c_types::c_uchar,
+        Q_len: usize,
+        D: *mut crate::c_types::c_uchar,
+        D_len: usize,
+        E: *mut crate::c_types::c_uchar,
+        E_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function exports CRT parameters of a private RSA key.
+    ///
+    /// \note           Alternative RSA implementations not using CRT-parameters
+    ///                 internally can implement this function based on
+    ///                 mbedtls_rsa_deduce_opt().
+    ///
+    /// \param ctx      The initialized RSA context.
+    /// \param DP       The MPI to hold \c D modulo `P-1`,
+    ///                 or \c NULL if it need not be exported.
+    /// \param DQ       The MPI to hold \c D modulo `Q-1`,
+    ///                 or \c NULL if it need not be exported.
+    /// \param QP       The MPI to hold modular inverse of \c Q modulo \c P,
+    ///                 or \c NULL if it need not be exported.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A non-zero error code on failure.
+    pub fn mbedtls_rsa_export_crt(
+        ctx: *const mbedtls_rsa_context,
+        DP: *mut mbedtls_mpi,
+        DQ: *mut mbedtls_mpi,
+        QP: *mut mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function retrieves the length of RSA modulus in Bytes.
+    ///
+    /// \param ctx      The initialized RSA context.
+    ///
+    /// \return         The length of the RSA modulus in Bytes.
+    pub fn mbedtls_rsa_get_len(ctx: *const mbedtls_rsa_context) -> usize;
+}
+extern "C" {
+    /// \brief          This function generates an RSA keypair.
+    ///
+    /// \note           mbedtls_rsa_init() must be called before this function,
+    ///                 to set up the RSA context.
+    ///
+    /// \param ctx      The initialized RSA context used to hold the key.
+    /// \param f_rng    The RNG function to be used for key generation.
+    ///                 This is mandatory and must not be \c NULL.
+    /// \param p_rng    The RNG context to be passed to \p f_rng.
+    ///                 This may be \c NULL if \p f_rng doesn't need a context.
+    /// \param nbits    The size of the public key in bits.
+    /// \param exponent The public exponent to use. For example, \c 65537.
+    ///                 This must be odd and greater than \c 1.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_gen_key(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        nbits: crate::c_types::c_uint,
+        exponent: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function checks if a context contains at least an RSA
+    ///                 public key.
+    ///
+    ///                 If the function runs successfully, it is guaranteed that
+    ///                 enough information is present to perform an RSA public key
+    ///                 operation using mbedtls_rsa_public().
+    ///
+    /// \param ctx      The initialized RSA context to check.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_check_pubkey(ctx: *const mbedtls_rsa_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief      This function checks if a context contains an RSA private key
+    ///             and perform basic consistency checks.
+    ///
+    /// \note       The consistency checks performed by this function not only
+    ///             ensure that mbedtls_rsa_private() can be called successfully
+    ///             on the given context, but that the various parameters are
+    ///             mutually consistent with high probability, in the sense that
+    ///             mbedtls_rsa_public() and mbedtls_rsa_private() are inverses.
+    ///
+    /// \warning    This function should catch accidental misconfigurations
+    ///             like swapping of parameters, but it cannot establish full
+    ///             trust in neither the quality nor the consistency of the key
+    ///             material that was used to setup the given RSA context:
+    ///             <ul><li>Consistency: Imported parameters that are irrelevant
+    ///             for the implementation might be silently dropped. If dropped,
+    ///             the current function does not have access to them,
+    ///             and therefore cannot check them. See mbedtls_rsa_complete().
+    ///             If you want to check the consistency of the entire
+    ///             content of a PKCS1-encoded RSA private key, for example, you
+    ///             should use mbedtls_rsa_validate_params() before setting
+    ///             up the RSA context.
+    ///             Additionally, if the implementation performs empirical checks,
+    ///             these checks substantiate but do not guarantee consistency.</li>
+    ///             <li>Quality: This function is not expected to perform
+    ///             extended quality assessments like checking that the prime
+    ///             factors are safe. Additionally, it is the responsibility of the
+    ///             user to ensure the trustworthiness of the source of his RSA
+    ///             parameters, which goes beyond what is effectively checkable
+    ///             by the library.</li></ul>
+    ///
+    /// \param ctx  The initialized RSA context to check.
+    ///
+    /// \return     \c 0 on success.
+    /// \return     An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_check_privkey(ctx: *const mbedtls_rsa_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function checks a public-private RSA key pair.
+    ///
+    ///                 It checks each of the contexts, and makes sure they match.
+    ///
+    /// \param pub      The initialized RSA context holding the public key.
+    /// \param prv      The initialized RSA context holding the private key.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_check_pub_priv(
+        pub_: *const mbedtls_rsa_context,
+        prv: *const mbedtls_rsa_context,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs an RSA public key operation.
+    ///
+    /// \param ctx      The initialized RSA context to use.
+    /// \param input    The input buffer. This must be a readable buffer
+    ///                 of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    /// \param output   The output buffer. This must be a writable buffer
+    ///                 of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    ///
+    /// \note           This function does not handle message padding.
+    ///
+    /// \note           Make sure to set \p input[0] = 0 or ensure that
+    ///                 input is smaller than \p N.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_public(
+        ctx: *mut mbedtls_rsa_context,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs an RSA private key operation.
+    ///
+    /// \note           Blinding is used if and only if a PRNG is provided.
+    ///
+    /// \note           If blinding is used, both the base of exponentiation
+    ///                 and the exponent are blinded, providing protection
+    ///                 against some side-channel attacks.
+    ///
+    /// \warning        It is deprecated and a security risk to not provide
+    ///                 a PRNG here and thereby prevent the use of blinding.
+    ///                 Future versions of the library may enforce the presence
+    ///                 of a PRNG.
+    ///
+    /// \param ctx      The initialized RSA context to use.
+    /// \param f_rng    The RNG function, used for blinding. It is mandatory.
+    /// \param p_rng    The RNG context to pass to \p f_rng. This may be \c NULL
+    ///                 if \p f_rng doesn't need a context.
+    /// \param input    The input buffer. This must be a readable buffer
+    ///                 of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    /// \param output   The output buffer. This must be a writable buffer
+    ///                 of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_private(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function adds the message padding, then performs an RSA
+    ///                 operation.
+    ///
+    ///                 It is the generic wrapper for performing a PKCS#1 encryption
+    ///                 operation.
+    ///
+    /// \param ctx      The initialized RSA context to use.
+    /// \param f_rng    The RNG to use. It is used for padding generation
+    ///                 and it is mandatory.
+    /// \param p_rng    The RNG context to be passed to \p f_rng. May be
+    ///                 \c NULL if \p f_rng doesn't need a context argument.
+    /// \param ilen     The length of the plaintext in Bytes.
+    /// \param input    The input data to encrypt. This must be a readable
+    ///                 buffer of size \p ilen Bytes. It may be \c NULL if
+    ///                 `ilen == 0`.
+    /// \param output   The output buffer. This must be a writable buffer
+    ///                 of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_pkcs1_encrypt(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        ilen: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs a PKCS#1 v1.5 encryption operation
+    ///                 (RSAES-PKCS1-v1_5-ENCRYPT).
+    ///
+    /// \param ctx      The initialized RSA context to use.
+    /// \param f_rng    The RNG function to use. It is mandatory and used for
+    ///                 padding generation.
+    /// \param p_rng    The RNG context to be passed to \p f_rng. This may
+    ///                 be \c NULL if \p f_rng doesn't need a context argument.
+    /// \param ilen     The length of the plaintext in Bytes.
+    /// \param input    The input data to encrypt. This must be a readable
+    ///                 buffer of size \p ilen Bytes. It may be \c NULL if
+    ///                 `ilen == 0`.
+    /// \param output   The output buffer. This must be a writable buffer
+    ///                 of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_rsaes_pkcs1_v15_encrypt(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        ilen: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief            This function performs a PKCS#1 v2.1 OAEP encryption
+    ///                   operation (RSAES-OAEP-ENCRYPT).
+    ///
+    /// \note             The output buffer must be as large as the size
+    ///                   of ctx->N. For example, 128 Bytes if RSA-1024 is used.
+    ///
+    /// \param ctx        The initialized RSA context to use.
+    /// \param f_rng      The RNG function to use. This is needed for padding
+    ///                   generation and is mandatory.
+    /// \param p_rng      The RNG context to be passed to \p f_rng. This may
+    ///                   be \c NULL if \p f_rng doesn't need a context argument.
+    /// \param label      The buffer holding the custom label to use.
+    ///                   This must be a readable buffer of length \p label_len
+    ///                   Bytes. It may be \c NULL if \p label_len is \c 0.
+    /// \param label_len  The length of the label in Bytes.
+    /// \param ilen       The length of the plaintext buffer \p input in Bytes.
+    /// \param input      The input data to encrypt. This must be a readable
+    ///                   buffer of size \p ilen Bytes. It may be \c NULL if
+    ///                   `ilen == 0`.
+    /// \param output     The output buffer. This must be a writable buffer
+    ///                   of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                   for an 2048-bit RSA modulus.
+    ///
+    /// \return           \c 0 on success.
+    /// \return           An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_rsaes_oaep_encrypt(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        label: *const crate::c_types::c_uchar,
+        label_len: usize,
+        ilen: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs an RSA operation, then removes the
+    ///                 message padding.
+    ///
+    ///                 It is the generic wrapper for performing a PKCS#1 decryption
+    ///                 operation.
+    ///
+    /// \note           The output buffer length \c output_max_len should be
+    ///                 as large as the size \p ctx->len of \p ctx->N (for example,
+    ///                 128 Bytes if RSA-1024 is used) to be able to hold an
+    ///                 arbitrary decrypted message. If it is not large enough to
+    ///                 hold the decryption of the particular ciphertext provided,
+    ///                 the function returns \c MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
+    ///
+    /// \param ctx      The initialized RSA context to use.
+    /// \param f_rng    The RNG function. This is used for blinding and is
+    ///                 mandatory; see mbedtls_rsa_private() for more.
+    /// \param p_rng    The RNG context to be passed to \p f_rng. This may be
+    ///                 \c NULL if \p f_rng doesn't need a context.
+    /// \param olen     The address at which to store the length of
+    ///                 the plaintext. This must not be \c NULL.
+    /// \param input    The ciphertext buffer. This must be a readable buffer
+    ///                 of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    /// \param output   The buffer used to hold the plaintext. This must
+    ///                 be a writable buffer of length \p output_max_len Bytes.
+    /// \param output_max_len The length in Bytes of the output buffer \p output.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_pkcs1_decrypt(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        olen: *mut usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+        output_max_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs a PKCS#1 v1.5 decryption
+    ///                 operation (RSAES-PKCS1-v1_5-DECRYPT).
+    ///
+    /// \note           The output buffer length \c output_max_len should be
+    ///                 as large as the size \p ctx->len of \p ctx->N, for example,
+    ///                 128 Bytes if RSA-1024 is used, to be able to hold an
+    ///                 arbitrary decrypted message. If it is not large enough to
+    ///                 hold the decryption of the particular ciphertext provided,
+    ///                 the function returns #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
+    ///
+    /// \param ctx      The initialized RSA context to use.
+    /// \param f_rng    The RNG function. This is used for blinding and is
+    ///                 mandatory; see mbedtls_rsa_private() for more.
+    /// \param p_rng    The RNG context to be passed to \p f_rng. This may be
+    ///                 \c NULL if \p f_rng doesn't need a context.
+    /// \param olen     The address at which to store the length of
+    ///                 the plaintext. This must not be \c NULL.
+    /// \param input    The ciphertext buffer. This must be a readable buffer
+    ///                 of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    /// \param output   The buffer used to hold the plaintext. This must
+    ///                 be a writable buffer of length \p output_max_len Bytes.
+    /// \param output_max_len The length in Bytes of the output buffer \p output.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_rsaes_pkcs1_v15_decrypt(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        olen: *mut usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+        output_max_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief            This function performs a PKCS#1 v2.1 OAEP decryption
+    ///                   operation (RSAES-OAEP-DECRYPT).
+    ///
+    /// \note             The output buffer length \c output_max_len should be
+    ///                   as large as the size \p ctx->len of \p ctx->N, for
+    ///                   example, 128 Bytes if RSA-1024 is used, to be able to
+    ///                   hold an arbitrary decrypted message. If it is not
+    ///                   large enough to hold the decryption of the particular
+    ///                   ciphertext provided, the function returns
+    ///                   #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
+    ///
+    /// \param ctx        The initialized RSA context to use.
+    /// \param f_rng      The RNG function. This is used for blinding and is
+    ///                   mandatory.
+    /// \param p_rng      The RNG context to be passed to \p f_rng. This may be
+    ///                   \c NULL if \p f_rng doesn't need a context.
+    /// \param label      The buffer holding the custom label to use.
+    ///                   This must be a readable buffer of length \p label_len
+    ///                   Bytes. It may be \c NULL if \p label_len is \c 0.
+    /// \param label_len  The length of the label in Bytes.
+    /// \param olen       The address at which to store the length of
+    ///                   the plaintext. This must not be \c NULL.
+    /// \param input      The ciphertext buffer. This must be a readable buffer
+    ///                   of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                   for an 2048-bit RSA modulus.
+    /// \param output     The buffer used to hold the plaintext. This must
+    ///                   be a writable buffer of length \p output_max_len Bytes.
+    /// \param output_max_len The length in Bytes of the output buffer \p output.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_rsaes_oaep_decrypt(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        label: *const crate::c_types::c_uchar,
+        label_len: usize,
+        olen: *mut usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+        output_max_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs a private RSA operation to sign
+    ///                 a message digest using PKCS#1.
+    ///
+    ///                 It is the generic wrapper for performing a PKCS#1
+    ///                 signature.
+    ///
+    /// \note           The \p sig buffer must be as large as the size
+    ///                 of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
+    ///
+    /// \note           For PKCS#1 v2.1 encoding, see comments on
+    ///                 mbedtls_rsa_rsassa_pss_sign() for details on
+    ///                 \p md_alg and \p hash_id.
+    ///
+    /// \param ctx      The initialized RSA context to use.
+    /// \param f_rng    The RNG function to use. This is mandatory and
+    ///                 must not be \c NULL.
+    /// \param p_rng    The RNG context to be passed to \p f_rng. This may be \c NULL
+    ///                 if \p f_rng doesn't need a context argument.
+    /// \param md_alg   The message-digest algorithm used to hash the original data.
+    ///                 Use #MBEDTLS_MD_NONE for signing raw data.
+    /// \param hashlen  The length of the message digest or raw data in Bytes.
+    ///                 If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+    ///                 output length of the corresponding hash algorithm.
+    /// \param hash     The buffer holding the message digest or raw data.
+    ///                 This must be a readable buffer of at least \p hashlen Bytes.
+    /// \param sig      The buffer to hold the signature. This must be a writable
+    ///                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus. A buffer length of
+    ///                 #MBEDTLS_MPI_MAX_SIZE is always safe.
+    ///
+    /// \return         \c 0 if the signing operation was successful.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_pkcs1_sign(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        md_alg: mbedtls_md_type_t,
+        hashlen: crate::c_types::c_uint,
+        hash: *const crate::c_types::c_uchar,
+        sig: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs a PKCS#1 v1.5 signature
+    ///                 operation (RSASSA-PKCS1-v1_5-SIGN).
+    ///
+    /// \param ctx      The initialized RSA context to use.
+    /// \param f_rng    The RNG function. This is used for blinding and is
+    ///                 mandatory; see mbedtls_rsa_private() for more.
+    /// \param p_rng    The RNG context to be passed to \p f_rng. This may be \c NULL
+    ///                 if \p f_rng doesn't need a context argument.
+    /// \param md_alg   The message-digest algorithm used to hash the original data.
+    ///                 Use #MBEDTLS_MD_NONE for signing raw data.
+    /// \param hashlen  The length of the message digest or raw data in Bytes.
+    ///                 If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+    ///                 output length of the corresponding hash algorithm.
+    /// \param hash     The buffer holding the message digest or raw data.
+    ///                 This must be a readable buffer of at least \p hashlen Bytes.
+    /// \param sig      The buffer to hold the signature. This must be a writable
+    ///                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus. A buffer length of
+    ///                 #MBEDTLS_MPI_MAX_SIZE is always safe.
+    ///
+    /// \return         \c 0 if the signing operation was successful.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_rsassa_pkcs1_v15_sign(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        md_alg: mbedtls_md_type_t,
+        hashlen: crate::c_types::c_uint,
+        hash: *const crate::c_types::c_uchar,
+        sig: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs a PKCS#1 v2.1 PSS signature
+    ///                 operation (RSASSA-PSS-SIGN).
+    ///
+    /// \note           The \c hash_id set in \p ctx by calling
+    ///                 mbedtls_rsa_set_padding() selects the hash used for the
+    ///                 encoding operation and for the mask generation function
+    ///                 (MGF1). For more details on the encoding operation and the
+    ///                 mask generation function, consult <em>RFC-3447: Public-Key
+    ///                 Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography
+    ///                 Specifications</em>.
+    ///
+    /// \note           This function enforces that the provided salt length complies
+    ///                 with FIPS 186-4 §5.5 (e) and RFC 8017 (PKCS#1 v2.2) §9.1.1
+    ///                 step 3. The constraint is that the hash length plus the salt
+    ///                 length plus 2 bytes must be at most the key length. If this
+    ///                 constraint is not met, this function returns
+    ///                 #MBEDTLS_ERR_RSA_BAD_INPUT_DATA.
+    ///
+    /// \param ctx      The initialized RSA context to use.
+    /// \param f_rng    The RNG function. It is mandatory and must not be \c NULL.
+    /// \param p_rng    The RNG context to be passed to \p f_rng. This may be \c NULL
+    ///                 if \p f_rng doesn't need a context argument.
+    /// \param md_alg   The message-digest algorithm used to hash the original data.
+    ///                 Use #MBEDTLS_MD_NONE for signing raw data.
+    /// \param hashlen  The length of the message digest or raw data in Bytes.
+    ///                 If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+    ///                 output length of the corresponding hash algorithm.
+    /// \param hash     The buffer holding the message digest or raw data.
+    ///                 This must be a readable buffer of at least \p hashlen Bytes.
+    /// \param saltlen  The length of the salt that should be used.
+    ///                 If passed #MBEDTLS_RSA_SALT_LEN_ANY, the function will use
+    ///                 the largest possible salt length up to the hash length,
+    ///                 which is the largest permitted by some standards including
+    ///                 FIPS 186-4 §5.5.
+    /// \param sig      The buffer to hold the signature. This must be a writable
+    ///                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus. A buffer length of
+    ///                 #MBEDTLS_MPI_MAX_SIZE is always safe.
+    ///
+    /// \return         \c 0 if the signing operation was successful.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_rsassa_pss_sign_ext(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        md_alg: mbedtls_md_type_t,
+        hashlen: crate::c_types::c_uint,
+        hash: *const crate::c_types::c_uchar,
+        saltlen: crate::c_types::c_int,
+        sig: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs a PKCS#1 v2.1 PSS signature
+    ///                 operation (RSASSA-PSS-SIGN).
+    ///
+    /// \note           The \c hash_id set in \p ctx by calling
+    ///                 mbedtls_rsa_set_padding() selects the hash used for the
+    ///                 encoding operation and for the mask generation function
+    ///                 (MGF1). For more details on the encoding operation and the
+    ///                 mask generation function, consult <em>RFC-3447: Public-Key
+    ///                 Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography
+    ///                 Specifications</em>.
+    ///
+    /// \note           This function always uses the maximum possible salt size,
+    ///                 up to the length of the payload hash. This choice of salt
+    ///                 size complies with FIPS 186-4 §5.5 (e) and RFC 8017 (PKCS#1
+    ///                 v2.2) §9.1.1 step 3. Furthermore this function enforces a
+    ///                 minimum salt size which is the hash size minus 2 bytes. If
+    ///                 this minimum size is too large given the key size (the salt
+    ///                 size, plus the hash size, plus 2 bytes must be no more than
+    ///                 the key size in bytes), this function returns
+    ///                 #MBEDTLS_ERR_RSA_BAD_INPUT_DATA.
+    ///
+    /// \param ctx      The initialized RSA context to use.
+    /// \param f_rng    The RNG function. It is mandatory and must not be \c NULL.
+    /// \param p_rng    The RNG context to be passed to \p f_rng. This may be \c NULL
+    ///                 if \p f_rng doesn't need a context argument.
+    /// \param md_alg   The message-digest algorithm used to hash the original data.
+    ///                 Use #MBEDTLS_MD_NONE for signing raw data.
+    /// \param hashlen  The length of the message digest or raw data in Bytes.
+    ///                 If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+    ///                 output length of the corresponding hash algorithm.
+    /// \param hash     The buffer holding the message digest or raw data.
+    ///                 This must be a readable buffer of at least \p hashlen Bytes.
+    /// \param sig      The buffer to hold the signature. This must be a writable
+    ///                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus. A buffer length of
+    ///                 #MBEDTLS_MPI_MAX_SIZE is always safe.
+    ///
+    /// \return         \c 0 if the signing operation was successful.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_rsassa_pss_sign(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        md_alg: mbedtls_md_type_t,
+        hashlen: crate::c_types::c_uint,
+        hash: *const crate::c_types::c_uchar,
+        sig: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs a public RSA operation and checks
+    ///                 the message digest.
+    ///
+    ///                 This is the generic wrapper for performing a PKCS#1
+    ///                 verification.
+    ///
+    /// \note           For PKCS#1 v2.1 encoding, see comments on
+    ///                 mbedtls_rsa_rsassa_pss_verify() about \p md_alg and
+    ///                 \p hash_id.
+    ///
+    /// \param ctx      The initialized RSA public key context to use.
+    /// \param md_alg   The message-digest algorithm used to hash the original data.
+    ///                 Use #MBEDTLS_MD_NONE for signing raw data.
+    /// \param hashlen  The length of the message digest or raw data in Bytes.
+    ///                 If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+    ///                 output length of the corresponding hash algorithm.
+    /// \param hash     The buffer holding the message digest or raw data.
+    ///                 This must be a readable buffer of at least \p hashlen Bytes.
+    /// \param sig      The buffer holding the signature. This must be a readable
+    ///                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    ///
+    /// \return         \c 0 if the verify operation was successful.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_pkcs1_verify(
+        ctx: *mut mbedtls_rsa_context,
+        md_alg: mbedtls_md_type_t,
+        hashlen: crate::c_types::c_uint,
+        hash: *const crate::c_types::c_uchar,
+        sig: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs a PKCS#1 v1.5 verification
+    ///                 operation (RSASSA-PKCS1-v1_5-VERIFY).
+    ///
+    /// \param ctx      The initialized RSA public key context to use.
+    /// \param md_alg   The message-digest algorithm used to hash the original data.
+    ///                 Use #MBEDTLS_MD_NONE for signing raw data.
+    /// \param hashlen  The length of the message digest or raw data in Bytes.
+    ///                 If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+    ///                 output length of the corresponding hash algorithm.
+    /// \param hash     The buffer holding the message digest or raw data.
+    ///                 This must be a readable buffer of at least \p hashlen Bytes.
+    /// \param sig      The buffer holding the signature. This must be a readable
+    ///                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    ///
+    /// \return         \c 0 if the verify operation was successful.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_rsassa_pkcs1_v15_verify(
+        ctx: *mut mbedtls_rsa_context,
+        md_alg: mbedtls_md_type_t,
+        hashlen: crate::c_types::c_uint,
+        hash: *const crate::c_types::c_uchar,
+        sig: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs a PKCS#1 v2.1 PSS verification
+    ///                 operation (RSASSA-PSS-VERIFY).
+    ///
+    /// \note           The \c hash_id set in \p ctx by calling
+    ///                 mbedtls_rsa_set_padding() selects the hash used for the
+    ///                 encoding operation and for the mask generation function
+    ///                 (MGF1). For more details on the encoding operation and the
+    ///                 mask generation function, consult <em>RFC-3447: Public-Key
+    ///                 Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography
+    ///                 Specifications</em>. If the \c hash_id set in \p ctx by
+    ///                 mbedtls_rsa_set_padding() is #MBEDTLS_MD_NONE, the \p md_alg
+    ///                 parameter is used.
+    ///
+    /// \param ctx      The initialized RSA public key context to use.
+    /// \param md_alg   The message-digest algorithm used to hash the original data.
+    ///                 Use #MBEDTLS_MD_NONE for signing raw data.
+    /// \param hashlen  The length of the message digest or raw data in Bytes.
+    ///                 If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+    ///                 output length of the corresponding hash algorithm.
+    /// \param hash     The buffer holding the message digest or raw data.
+    ///                 This must be a readable buffer of at least \p hashlen Bytes.
+    /// \param sig      The buffer holding the signature. This must be a readable
+    ///                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    ///
+    /// \return         \c 0 if the verify operation was successful.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_rsassa_pss_verify(
+        ctx: *mut mbedtls_rsa_context,
+        md_alg: mbedtls_md_type_t,
+        hashlen: crate::c_types::c_uint,
+        hash: *const crate::c_types::c_uchar,
+        sig: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs a PKCS#1 v2.1 PSS verification
+    ///                 operation (RSASSA-PSS-VERIFY).
+    ///
+    /// \note           The \p sig buffer must be as large as the size
+    ///                 of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
+    ///
+    /// \note           The \c hash_id set in \p ctx by mbedtls_rsa_set_padding() is
+    ///                 ignored.
+    ///
+    /// \param ctx      The initialized RSA public key context to use.
+    /// \param md_alg   The message-digest algorithm used to hash the original data.
+    ///                 Use #MBEDTLS_MD_NONE for signing raw data.
+    /// \param hashlen  The length of the message digest or raw data in Bytes.
+    ///                 If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+    ///                 output length of the corresponding hash algorithm.
+    /// \param hash     The buffer holding the message digest or raw data.
+    ///                 This must be a readable buffer of at least \p hashlen Bytes.
+    /// \param mgf1_hash_id      The message digest algorithm used for the
+    ///                          verification operation and the mask generation
+    ///                          function (MGF1). For more details on the encoding
+    ///                          operation and the mask generation function, consult
+    ///                          <em>RFC-3447: Public-Key Cryptography Standards
+    ///                          (PKCS) #1 v2.1: RSA Cryptography
+    ///                          Specifications</em>.
+    /// \param expected_salt_len The length of the salt used in padding. Use
+    ///                          #MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length.
+    /// \param sig      The buffer holding the signature. This must be a readable
+    ///                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    ///
+    /// \return         \c 0 if the verify operation was successful.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_rsassa_pss_verify_ext(
+        ctx: *mut mbedtls_rsa_context,
+        md_alg: mbedtls_md_type_t,
+        hashlen: crate::c_types::c_uint,
+        hash: *const crate::c_types::c_uchar,
+        mgf1_hash_id: mbedtls_md_type_t,
+        expected_salt_len: crate::c_types::c_int,
+        sig: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function copies the components of an RSA context.
+    ///
+    /// \param dst      The destination context. This must be initialized.
+    /// \param src      The source context. This must be initialized.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure.
+    pub fn mbedtls_rsa_copy(
+        dst: *mut mbedtls_rsa_context,
+        src: *const mbedtls_rsa_context,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function frees the components of an RSA key.
+    ///
+    /// \param ctx      The RSA context to free. May be \c NULL, in which case
+    ///                 this function is a no-op. If it is not \c NULL, it must
+    ///                 point to an initialized RSA context.
+    pub fn mbedtls_rsa_free(ctx: *mut mbedtls_rsa_context);
+}
+extern "C" {
+    /// \brief          The RSA checkup routine.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_rsa_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+/// \brief           The ECDSA context structure.
+///
+/// \warning         Performing multiple operations concurrently on the same
+///                  ECDSA context is not supported; objects of this type
+///                  should not be shared between multiple threads.
+///
+/// \note            pk_wrap module assumes that "ecdsa_context" is identical
+///                  to "ecp_keypair" (see for example structure
+///                  "mbedtls_eckey_info" where ECDSA sign/verify functions
+///                  are used also for EC key)
+pub type mbedtls_ecdsa_context = mbedtls_ecp_keypair;
+pub type mbedtls_ecdsa_restart_ctx = crate::c_types::c_void;
+extern "C" {
+    /// \brief          This function checks whether a given group can be used
+    ///                 for ECDSA.
+    ///
+    /// \param gid      The ECP group ID to check.
+    ///
+    /// \return         \c 1 if the group can be used, \c 0 otherwise
+    pub fn mbedtls_ecdsa_can_do(gid: mbedtls_ecp_group_id) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function computes the ECDSA signature of a
+    ///                  previously-hashed message.
+    ///
+    /// \note            The deterministic version implemented in
+    ///                  mbedtls_ecdsa_sign_det_ext() is usually preferred.
+    ///
+    /// \note            If the bitlength of the message hash is larger than the
+    ///                  bitlength of the group order, then the hash is truncated
+    ///                  as defined in <em>Standards for Efficient Cryptography Group
+    ///                  (SECG): SEC1 Elliptic Curve Cryptography</em>, section
+    ///                  4.1.3, step 5.
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param grp       The context for the elliptic curve to use.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param r         The MPI context in which to store the first part
+    ///                  the signature. This must be initialized.
+    /// \param s         The MPI context in which to store the second part
+    ///                  the signature. This must be initialized.
+    /// \param d         The private signing key. This must be initialized.
+    /// \param buf       The content to be signed. This is usually the hash of
+    ///                  the original data to be signed. This must be a readable
+    ///                  buffer of length \p blen Bytes. It may be \c NULL if
+    ///                  \p blen is zero.
+    /// \param blen      The length of \p buf in Bytes.
+    /// \param f_rng     The RNG function. This must not be \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may be
+    ///                  \c NULL if \p f_rng doesn't need a context parameter.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX
+    ///                  or \c MBEDTLS_MPI_XXX error code on failure.
+    pub fn mbedtls_ecdsa_sign(
+        grp: *mut mbedtls_ecp_group,
+        r: *mut mbedtls_mpi,
+        s: *mut mbedtls_mpi,
+        d: *const mbedtls_mpi,
+        buf: *const crate::c_types::c_uchar,
+        blen: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function computes the ECDSA signature of a
+    ///                  previously-hashed message, deterministic version.
+    ///
+    ///                  For more information, see <em>RFC-6979: Deterministic
+    ///                  Usage of the Digital Signature Algorithm (DSA) and Elliptic
+    ///                  Curve Digital Signature Algorithm (ECDSA)</em>.
+    ///
+    /// \note            If the bitlength of the message hash is larger than the
+    ///                  bitlength of the group order, then the hash is truncated as
+    ///                  defined in <em>Standards for Efficient Cryptography Group
+    ///                  (SECG): SEC1 Elliptic Curve Cryptography</em>, section
+    ///                  4.1.3, step 5.
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param grp           The context for the elliptic curve to use.
+    ///                      This must be initialized and have group parameters
+    ///                      set, for example through mbedtls_ecp_group_load().
+    /// \param r             The MPI context in which to store the first part
+    ///                      the signature. This must be initialized.
+    /// \param s             The MPI context in which to store the second part
+    ///                      the signature. This must be initialized.
+    /// \param d             The private signing key. This must be initialized
+    ///                      and setup, for example through mbedtls_ecp_gen_privkey().
+    /// \param buf           The hashed content to be signed. This must be a readable
+    ///                      buffer of length \p blen Bytes. It may be \c NULL if
+    ///                      \p blen is zero.
+    /// \param blen          The length of \p buf in Bytes.
+    /// \param md_alg        The hash algorithm used to hash the original data.
+    /// \param f_rng_blind   The RNG function used for blinding. This must not be
+    ///                      \c NULL.
+    /// \param p_rng_blind   The RNG context to be passed to \p f_rng. This may be
+    ///                      \c NULL if \p f_rng doesn't need a context parameter.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
+    ///                  error code on failure.
+    pub fn mbedtls_ecdsa_sign_det_ext(
+        grp: *mut mbedtls_ecp_group,
+        r: *mut mbedtls_mpi,
+        s: *mut mbedtls_mpi,
+        d: *const mbedtls_mpi,
+        buf: *const crate::c_types::c_uchar,
+        blen: usize,
+        md_alg: mbedtls_md_type_t,
+        f_rng_blind: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng_blind: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function computes the ECDSA signature of a
+    ///                      previously-hashed message, in a restartable way.
+    ///
+    /// \note                The deterministic version implemented in
+    ///                      mbedtls_ecdsa_sign_det_restartable() is usually
+    ///                      preferred.
+    ///
+    /// \note                This function is like \c mbedtls_ecdsa_sign() but
+    ///                      it can return early and restart according to the
+    ///                      limit set with \c mbedtls_ecp_set_max_ops() to
+    ///                      reduce blocking.
+    ///
+    /// \note                If the bitlength of the message hash is larger
+    ///                      than the bitlength of the group order, then the
+    ///                      hash is truncated as defined in <em>Standards for
+    ///                      Efficient Cryptography Group (SECG): SEC1 Elliptic
+    ///                      Curve Cryptography</em>, section 4.1.3, step 5.
+    ///
+    /// \see                 ecp.h
+    ///
+    /// \param grp           The context for the elliptic curve to use.
+    ///                      This must be initialized and have group parameters
+    ///                      set, for example through mbedtls_ecp_group_load().
+    /// \param r             The MPI context in which to store the first part
+    ///                      the signature. This must be initialized.
+    /// \param s             The MPI context in which to store the second part
+    ///                      the signature. This must be initialized.
+    /// \param d             The private signing key. This must be initialized
+    ///                      and setup, for example through
+    ///                      mbedtls_ecp_gen_privkey().
+    /// \param buf           The hashed content to be signed. This must be a readable
+    ///                      buffer of length \p blen Bytes. It may be \c NULL if
+    ///                      \p blen is zero.
+    /// \param blen          The length of \p buf in Bytes.
+    /// \param f_rng         The RNG function. This must not be \c NULL.
+    /// \param p_rng         The RNG context to be passed to \p f_rng. This may be
+    ///                      \c NULL if \p f_rng doesn't need a context parameter.
+    /// \param f_rng_blind   The RNG function used for blinding. This must not be
+    ///                      \c NULL.
+    /// \param p_rng_blind   The RNG context to be passed to \p f_rng. This may be
+    ///                      \c NULL if \p f_rng doesn't need a context parameter.
+    /// \param rs_ctx        The restart context to use. This may be \c NULL
+    ///                      to disable restarting. If it is not \c NULL, it
+    ///                      must point to an initialized restart context.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                      operations was reached: see \c
+    ///                      mbedtls_ecp_set_max_ops().
+    /// \return              Another \c MBEDTLS_ERR_ECP_XXX, \c
+    ///                      MBEDTLS_ERR_MPI_XXX or \c MBEDTLS_ERR_ASN1_XXX
+    ///                      error code on failure.
+    pub fn mbedtls_ecdsa_sign_restartable(
+        grp: *mut mbedtls_ecp_group,
+        r: *mut mbedtls_mpi,
+        s: *mut mbedtls_mpi,
+        d: *const mbedtls_mpi,
+        buf: *const crate::c_types::c_uchar,
+        blen: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        f_rng_blind: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng_blind: *mut crate::c_types::c_void,
+        rs_ctx: *mut mbedtls_ecdsa_restart_ctx,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function computes the ECDSA signature of a
+    ///                      previously-hashed message, in a restartable way.
+    ///
+    /// \note                This function is like \c
+    ///                      mbedtls_ecdsa_sign_det_ext() but it can return
+    ///                      early and restart according to the limit set with
+    ///                      \c mbedtls_ecp_set_max_ops() to reduce blocking.
+    ///
+    /// \note                If the bitlength of the message hash is larger
+    ///                      than the bitlength of the group order, then the
+    ///                      hash is truncated as defined in <em>Standards for
+    ///                      Efficient Cryptography Group (SECG): SEC1 Elliptic
+    ///                      Curve Cryptography</em>, section 4.1.3, step 5.
+    ///
+    /// \see                 ecp.h
+    ///
+    /// \param grp           The context for the elliptic curve to use.
+    ///                      This must be initialized and have group parameters
+    ///                      set, for example through mbedtls_ecp_group_load().
+    /// \param r             The MPI context in which to store the first part
+    ///                      the signature. This must be initialized.
+    /// \param s             The MPI context in which to store the second part
+    ///                      the signature. This must be initialized.
+    /// \param d             The private signing key. This must be initialized
+    ///                      and setup, for example through
+    ///                      mbedtls_ecp_gen_privkey().
+    /// \param buf           The hashed content to be signed. This must be a readable
+    ///                      buffer of length \p blen Bytes. It may be \c NULL if
+    ///                      \p blen is zero.
+    /// \param blen          The length of \p buf in Bytes.
+    /// \param f_rng_blind   The RNG function used for blinding. This must not be
+    ///                      \c NULL.
+    /// \param p_rng_blind   The RNG context to be passed to \p f_rng. This may be
+    ///                      \c NULL if \p f_rng doesn't need a context parameter.
+    /// \param rs_ctx        The restart context to use. This may be \c NULL
+    ///                      to disable restarting. If it is not \c NULL, it
+    ///                      must point to an initialized restart context.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                      operations was reached: see \c
+    ///                      mbedtls_ecp_set_max_ops().
+    /// \return              Another \c MBEDTLS_ERR_ECP_XXX, \c
+    ///                      MBEDTLS_ERR_MPI_XXX or \c MBEDTLS_ERR_ASN1_XXX
+    ///                      error code on failure.
+    pub fn mbedtls_ecdsa_sign_det_restartable(
+        grp: *mut mbedtls_ecp_group,
+        r: *mut mbedtls_mpi,
+        s: *mut mbedtls_mpi,
+        d: *const mbedtls_mpi,
+        buf: *const crate::c_types::c_uchar,
+        blen: usize,
+        md_alg: mbedtls_md_type_t,
+        f_rng_blind: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng_blind: *mut crate::c_types::c_void,
+        rs_ctx: *mut mbedtls_ecdsa_restart_ctx,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function verifies the ECDSA signature of a
+    ///                  previously-hashed message.
+    ///
+    /// \note            If the bitlength of the message hash is larger than the
+    ///                  bitlength of the group order, then the hash is truncated as
+    ///                  defined in <em>Standards for Efficient Cryptography Group
+    ///                  (SECG): SEC1 Elliptic Curve Cryptography</em>, section
+    ///                  4.1.4, step 3.
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param grp       The ECP group to use.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param buf       The hashed content that was signed. This must be a readable
+    ///                  buffer of length \p blen Bytes. It may be \c NULL if
+    ///                  \p blen is zero.
+    /// \param blen      The length of \p buf in Bytes.
+    /// \param Q         The public key to use for verification. This must be
+    ///                  initialized and setup.
+    /// \param r         The first integer of the signature.
+    ///                  This must be initialized.
+    /// \param s         The second integer of the signature.
+    ///                  This must be initialized.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
+    ///                  error code on failure.
+    pub fn mbedtls_ecdsa_verify(
+        grp: *mut mbedtls_ecp_group,
+        buf: *const crate::c_types::c_uchar,
+        blen: usize,
+        Q: *const mbedtls_ecp_point,
+        r: *const mbedtls_mpi,
+        s: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function verifies the ECDSA signature of a
+    ///                  previously-hashed message, in a restartable manner
+    ///
+    /// \note            If the bitlength of the message hash is larger than the
+    ///                  bitlength of the group order, then the hash is truncated as
+    ///                  defined in <em>Standards for Efficient Cryptography Group
+    ///                  (SECG): SEC1 Elliptic Curve Cryptography</em>, section
+    ///                  4.1.4, step 3.
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param grp       The ECP group to use.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param buf       The hashed content that was signed. This must be a readable
+    ///                  buffer of length \p blen Bytes. It may be \c NULL if
+    ///                  \p blen is zero.
+    /// \param blen      The length of \p buf in Bytes.
+    /// \param Q         The public key to use for verification. This must be
+    ///                  initialized and setup.
+    /// \param r         The first integer of the signature.
+    ///                  This must be initialized.
+    /// \param s         The second integer of the signature.
+    ///                  This must be initialized.
+    /// \param rs_ctx    The restart context to use. This may be \c NULL to disable
+    ///                  restarting. If it is not \c NULL, it must point to an
+    ///                  initialized restart context.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                  operations was reached: see \c mbedtls_ecp_set_max_ops().
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
+    ///                  error code on failure.
+    pub fn mbedtls_ecdsa_verify_restartable(
+        grp: *mut mbedtls_ecp_group,
+        buf: *const crate::c_types::c_uchar,
+        blen: usize,
+        Q: *const mbedtls_ecp_point,
+        r: *const mbedtls_mpi,
+        s: *const mbedtls_mpi,
+        rs_ctx: *mut mbedtls_ecdsa_restart_ctx,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function computes the ECDSA signature and writes it
+    ///                  to a buffer, serialized as defined in <em>RFC-4492:
+    ///                  Elliptic Curve Cryptography (ECC) Cipher Suites for
+    ///                  Transport Layer Security (TLS)</em>.
+    ///
+    /// \warning         It is not thread-safe to use the same context in
+    ///                  multiple threads.
+    ///
+    /// \note            The deterministic version is used if
+    ///                  #MBEDTLS_ECDSA_DETERMINISTIC is defined. For more
+    ///                  information, see <em>RFC-6979: Deterministic Usage
+    ///                  of the Digital Signature Algorithm (DSA) and Elliptic
+    ///                  Curve Digital Signature Algorithm (ECDSA)</em>.
+    ///
+    /// \note            If the bitlength of the message hash is larger than the
+    ///                  bitlength of the group order, then the hash is truncated as
+    ///                  defined in <em>Standards for Efficient Cryptography Group
+    ///                  (SECG): SEC1 Elliptic Curve Cryptography</em>, section
+    ///                  4.1.3, step 5.
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param ctx       The ECDSA context to use. This must be initialized
+    ///                  and have a group and private key bound to it, for example
+    ///                  via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair().
+    /// \param md_alg    The message digest that was used to hash the message.
+    /// \param hash      The message hash to be signed. This must be a readable
+    ///                  buffer of length \p blen Bytes.
+    /// \param hlen      The length of the hash \p hash in Bytes.
+    /// \param sig       The buffer to which to write the signature. This must be a
+    ///                  writable buffer of length at least twice as large as the
+    ///                  size of the curve used, plus 9. For example, 73 Bytes if
+    ///                  a 256-bit curve is used. A buffer length of
+    ///                  #MBEDTLS_ECDSA_MAX_LEN is always safe.
+    /// \param sig_size  The size of the \p sig buffer in bytes.
+    /// \param slen      The address at which to store the actual length of
+    ///                  the signature written. Must not be \c NULL.
+    /// \param f_rng     The RNG function. This must not be \c NULL if
+    ///                  #MBEDTLS_ECDSA_DETERMINISTIC is unset. Otherwise,
+    ///                  it is used only for blinding and may be set to \c NULL, but
+    ///                  doing so is DEPRECATED.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may be
+    ///                  \c NULL if \p f_rng is \c NULL or doesn't use a context.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
+    ///                  \c MBEDTLS_ERR_ASN1_XXX error code on failure.
+    pub fn mbedtls_ecdsa_write_signature(
+        ctx: *mut mbedtls_ecdsa_context,
+        md_alg: mbedtls_md_type_t,
+        hash: *const crate::c_types::c_uchar,
+        hlen: usize,
+        sig: *mut crate::c_types::c_uchar,
+        sig_size: usize,
+        slen: *mut usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function computes the ECDSA signature and writes it
+    ///                  to a buffer, in a restartable way.
+    ///
+    /// \see             \c mbedtls_ecdsa_write_signature()
+    ///
+    /// \note            This function is like \c mbedtls_ecdsa_write_signature()
+    ///                  but it can return early and restart according to the limit
+    ///                  set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
+    ///
+    /// \param ctx       The ECDSA context to use. This must be initialized
+    ///                  and have a group and private key bound to it, for example
+    ///                  via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair().
+    /// \param md_alg    The message digest that was used to hash the message.
+    /// \param hash      The message hash to be signed. This must be a readable
+    ///                  buffer of length \p blen Bytes.
+    /// \param hlen      The length of the hash \p hash in Bytes.
+    /// \param sig       The buffer to which to write the signature. This must be a
+    ///                  writable buffer of length at least twice as large as the
+    ///                  size of the curve used, plus 9. For example, 73 Bytes if
+    ///                  a 256-bit curve is used. A buffer length of
+    ///                  #MBEDTLS_ECDSA_MAX_LEN is always safe.
+    /// \param sig_size  The size of the \p sig buffer in bytes.
+    /// \param slen      The address at which to store the actual length of
+    ///                  the signature written. Must not be \c NULL.
+    /// \param f_rng     The RNG function. This must not be \c NULL if
+    ///                  #MBEDTLS_ECDSA_DETERMINISTIC is unset. Otherwise,
+    ///                  it is unused and may be set to \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may be
+    ///                  \c NULL if \p f_rng is \c NULL or doesn't use a context.
+    /// \param rs_ctx    The restart context to use. This may be \c NULL to disable
+    ///                  restarting. If it is not \c NULL, it must point to an
+    ///                  initialized restart context.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                  operations was reached: see \c mbedtls_ecp_set_max_ops().
+    /// \return          Another \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
+    ///                  \c MBEDTLS_ERR_ASN1_XXX error code on failure.
+    pub fn mbedtls_ecdsa_write_signature_restartable(
+        ctx: *mut mbedtls_ecdsa_context,
+        md_alg: mbedtls_md_type_t,
+        hash: *const crate::c_types::c_uchar,
+        hlen: usize,
+        sig: *mut crate::c_types::c_uchar,
+        sig_size: usize,
+        slen: *mut usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        rs_ctx: *mut mbedtls_ecdsa_restart_ctx,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function reads and verifies an ECDSA signature.
+    ///
+    /// \note            If the bitlength of the message hash is larger than the
+    ///                  bitlength of the group order, then the hash is truncated as
+    ///                  defined in <em>Standards for Efficient Cryptography Group
+    ///                  (SECG): SEC1 Elliptic Curve Cryptography</em>, section
+    ///                  4.1.4, step 3.
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param ctx       The ECDSA context to use. This must be initialized
+    ///                  and have a group and public key bound to it.
+    /// \param hash      The message hash that was signed. This must be a readable
+    ///                  buffer of length \p size Bytes.
+    /// \param hlen      The size of the hash \p hash.
+    /// \param sig       The signature to read and verify. This must be a readable
+    ///                  buffer of length \p slen Bytes.
+    /// \param slen      The size of \p sig in Bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid.
+    /// \return          #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if there is a valid
+    ///                  signature in \p sig, but its length is less than \p siglen.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
+    ///                  error code on failure for any other reason.
+    pub fn mbedtls_ecdsa_read_signature(
+        ctx: *mut mbedtls_ecdsa_context,
+        hash: *const crate::c_types::c_uchar,
+        hlen: usize,
+        sig: *const crate::c_types::c_uchar,
+        slen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function reads and verifies an ECDSA signature,
+    ///                  in a restartable way.
+    ///
+    /// \see             \c mbedtls_ecdsa_read_signature()
+    ///
+    /// \note            This function is like \c mbedtls_ecdsa_read_signature()
+    ///                  but it can return early and restart according to the limit
+    ///                  set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
+    ///
+    /// \param ctx       The ECDSA context to use. This must be initialized
+    ///                  and have a group and public key bound to it.
+    /// \param hash      The message hash that was signed. This must be a readable
+    ///                  buffer of length \p size Bytes.
+    /// \param hlen      The size of the hash \p hash.
+    /// \param sig       The signature to read and verify. This must be a readable
+    ///                  buffer of length \p slen Bytes.
+    /// \param slen      The size of \p sig in Bytes.
+    /// \param rs_ctx    The restart context to use. This may be \c NULL to disable
+    ///                  restarting. If it is not \c NULL, it must point to an
+    ///                  initialized restart context.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid.
+    /// \return          #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if there is a valid
+    ///                  signature in \p sig, but its length is less than \p siglen.
+    /// \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                  operations was reached: see \c mbedtls_ecp_set_max_ops().
+    /// \return          Another \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
+    ///                  error code on failure for any other reason.
+    pub fn mbedtls_ecdsa_read_signature_restartable(
+        ctx: *mut mbedtls_ecdsa_context,
+        hash: *const crate::c_types::c_uchar,
+        hlen: usize,
+        sig: *const crate::c_types::c_uchar,
+        slen: usize,
+        rs_ctx: *mut mbedtls_ecdsa_restart_ctx,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function generates an ECDSA keypair on the given curve.
+    ///
+    /// \see            ecp.h
+    ///
+    /// \param ctx      The ECDSA context to store the keypair in.
+    ///                 This must be initialized.
+    /// \param gid      The elliptic curve to use. One of the various
+    ///                 \c MBEDTLS_ECP_DP_XXX macros depending on configuration.
+    /// \param f_rng    The RNG function to use. This must not be \c NULL.
+    /// \param p_rng    The RNG context to be passed to \p f_rng. This may be
+    ///                 \c NULL if \p f_rng doesn't need a context argument.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_ECP_XXX code on failure.
+    pub fn mbedtls_ecdsa_genkey(
+        ctx: *mut mbedtls_ecdsa_context,
+        gid: mbedtls_ecp_group_id,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function sets up an ECDSA context from an EC key pair.
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param ctx       The ECDSA context to setup. This must be initialized.
+    /// \param key       The EC key to use. This must be initialized and hold
+    ///                  a private-public key pair or a public key. In the former
+    ///                  case, the ECDSA context may be used for signature creation
+    ///                  and verification after this call. In the latter case, it
+    ///                  may be used for signature verification.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX code on failure.
+    pub fn mbedtls_ecdsa_from_keypair(
+        ctx: *mut mbedtls_ecdsa_context,
+        key: *const mbedtls_ecp_keypair,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function initializes an ECDSA context.
+    ///
+    /// \param ctx       The ECDSA context to initialize.
+    ///                  This must not be \c NULL.
+    pub fn mbedtls_ecdsa_init(ctx: *mut mbedtls_ecdsa_context);
+}
+extern "C" {
+    /// \brief           This function frees an ECDSA context.
+    ///
+    /// \param ctx       The ECDSA context to free. This may be \c NULL,
+    ///                  in which case this function does nothing. If it
+    ///                  is not \c NULL, it must be initialized.
+    pub fn mbedtls_ecdsa_free(ctx: *mut mbedtls_ecdsa_context);
+}
+pub const mbedtls_pk_type_t_MBEDTLS_PK_NONE: mbedtls_pk_type_t = 0;
+pub const mbedtls_pk_type_t_MBEDTLS_PK_RSA: mbedtls_pk_type_t = 1;
+pub const mbedtls_pk_type_t_MBEDTLS_PK_ECKEY: mbedtls_pk_type_t = 2;
+pub const mbedtls_pk_type_t_MBEDTLS_PK_ECKEY_DH: mbedtls_pk_type_t = 3;
+pub const mbedtls_pk_type_t_MBEDTLS_PK_ECDSA: mbedtls_pk_type_t = 4;
+pub const mbedtls_pk_type_t_MBEDTLS_PK_RSA_ALT: mbedtls_pk_type_t = 5;
+pub const mbedtls_pk_type_t_MBEDTLS_PK_RSASSA_PSS: mbedtls_pk_type_t = 6;
+pub const mbedtls_pk_type_t_MBEDTLS_PK_OPAQUE: mbedtls_pk_type_t = 7;
+/// \brief          Public key types
+pub type mbedtls_pk_type_t = crate::c_types::c_uint;
+/// \brief           Options for RSASSA-PSS signature verification.
+///                  See \c mbedtls_rsa_rsassa_pss_verify_ext()
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_pk_rsassa_pss_options {
+    /// The digest to use for MGF1 in PSS.
+    ///
+    /// \note When #MBEDTLS_USE_PSA_CRYPTO is enabled and #MBEDTLS_RSA_C is
+    ///       disabled, this must be equal to the \c md_alg argument passed
+    ///       to mbedtls_pk_verify_ext(). In a future version of the library,
+    ///       this constraint may apply whenever #MBEDTLS_USE_PSA_CRYPTO is
+    ///       enabled regardless of the status of #MBEDTLS_RSA_C.
+    pub mgf1_hash_id: mbedtls_md_type_t,
+    /// The expected length of the salt, in bytes. This may be
+    /// #MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length.
+    ///
+    /// \note When #MBEDTLS_USE_PSA_CRYPTO is enabled, only
+    ///       #MBEDTLS_RSA_SALT_LEN_ANY is valid. Any other value may be
+    ///       ignored (allowing any salt length).
+    pub expected_salt_len: crate::c_types::c_int,
+}
+pub const mbedtls_pk_debug_type_MBEDTLS_PK_DEBUG_NONE: mbedtls_pk_debug_type = 0;
+pub const mbedtls_pk_debug_type_MBEDTLS_PK_DEBUG_MPI: mbedtls_pk_debug_type = 1;
+pub const mbedtls_pk_debug_type_MBEDTLS_PK_DEBUG_ECP: mbedtls_pk_debug_type = 2;
+/// \brief           Types for interfacing with the debug module
+pub type mbedtls_pk_debug_type = crate::c_types::c_uint;
+/// \brief           Item to send to the debug module
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_pk_debug_item {
+    pub private_type: mbedtls_pk_debug_type,
+    pub private_name: *const crate::c_types::c_char,
+    pub private_value: *mut crate::c_types::c_void,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_pk_info_t {
+    _unused: [u8; 0],
+}
+/// \brief           Public key container
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_pk_context {
+    pub private_pk_info: *const mbedtls_pk_info_t,
+    pub private_pk_ctx: *mut crate::c_types::c_void,
+}
+pub type mbedtls_pk_restart_ctx = crate::c_types::c_void;
+/// \brief           Types for RSA-alt abstraction
+pub type mbedtls_pk_rsa_alt_decrypt_func = ::core::option::Option<
+    unsafe extern "C" fn(
+        ctx: *mut crate::c_types::c_void,
+        olen: *mut usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+        output_max_len: usize,
+    ) -> crate::c_types::c_int,
+>;
+pub type mbedtls_pk_rsa_alt_sign_func = ::core::option::Option<
+    unsafe extern "C" fn(
+        ctx: *mut crate::c_types::c_void,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        md_alg: mbedtls_md_type_t,
+        hashlen: crate::c_types::c_uint,
+        hash: *const crate::c_types::c_uchar,
+        sig: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int,
+>;
+pub type mbedtls_pk_rsa_alt_key_len_func =
+    ::core::option::Option<unsafe extern "C" fn(ctx: *mut crate::c_types::c_void) -> usize>;
+extern "C" {
+    /// \brief           Return information associated with the given PK type
+    ///
+    /// \param pk_type   PK type to search for.
+    ///
+    /// \return          The PK info associated with the type or NULL if not found.
+    pub fn mbedtls_pk_info_from_type(pk_type: mbedtls_pk_type_t) -> *const mbedtls_pk_info_t;
+}
+extern "C" {
+    /// \brief           Initialize a #mbedtls_pk_context (as NONE).
+    ///
+    /// \param ctx       The context to initialize.
+    ///                  This must not be \c NULL.
+    pub fn mbedtls_pk_init(ctx: *mut mbedtls_pk_context);
+}
+extern "C" {
+    /// \brief           Free the components of a #mbedtls_pk_context.
+    ///
+    /// \param ctx       The context to clear. It must have been initialized.
+    ///                  If this is \c NULL, this function does nothing.
+    ///
+    /// \note            For contexts that have been set up with
+    ///                  mbedtls_pk_setup_opaque(), this does not free the underlying
+    ///                  PSA key and you still need to call psa_destroy_key()
+    ///                  independently if you want to destroy that key.
+    pub fn mbedtls_pk_free(ctx: *mut mbedtls_pk_context);
+}
+extern "C" {
+    /// \brief           Initialize a PK context with the information given
+    ///                  and allocates the type-specific PK subcontext.
+    ///
+    /// \param ctx       Context to initialize. It must not have been set
+    ///                  up yet (type #MBEDTLS_PK_NONE).
+    /// \param info      Information to use
+    ///
+    /// \return          0 on success,
+    ///                  MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input,
+    ///                  MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure.
+    ///
+    /// \note            For contexts holding an RSA-alt key, use
+    ///                  \c mbedtls_pk_setup_rsa_alt() instead.
+    pub fn mbedtls_pk_setup(
+        ctx: *mut mbedtls_pk_context,
+        info: *const mbedtls_pk_info_t,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Initialize an RSA-alt context
+    ///
+    /// \param ctx       Context to initialize. It must not have been set
+    ///                  up yet (type #MBEDTLS_PK_NONE).
+    /// \param key       RSA key pointer
+    /// \param decrypt_func  Decryption function
+    /// \param sign_func     Signing function
+    /// \param key_len_func  Function returning key length in bytes
+    ///
+    /// \return          0 on success, or MBEDTLS_ERR_PK_BAD_INPUT_DATA if the
+    ///                  context wasn't already initialized as RSA_ALT.
+    ///
+    /// \note            This function replaces \c mbedtls_pk_setup() for RSA-alt.
+    pub fn mbedtls_pk_setup_rsa_alt(
+        ctx: *mut mbedtls_pk_context,
+        key: *mut crate::c_types::c_void,
+        decrypt_func: mbedtls_pk_rsa_alt_decrypt_func,
+        sign_func: mbedtls_pk_rsa_alt_sign_func,
+        key_len_func: mbedtls_pk_rsa_alt_key_len_func,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Get the size in bits of the underlying key
+    ///
+    /// \param ctx       The context to query. It must have been initialized.
+    ///
+    /// \return          Key size in bits, or 0 on error
+    pub fn mbedtls_pk_get_bitlen(ctx: *const mbedtls_pk_context) -> usize;
+}
+extern "C" {
+    /// \brief           Tell if a context can do the operation given by type
+    ///
+    /// \param ctx       The context to query. It must have been initialized.
+    /// \param type      The desired type.
+    ///
+    /// \return          1 if the context can do operations on the given type.
+    /// \return          0 if the context cannot do the operations on the given
+    ///                  type. This is always the case for a context that has
+    ///                  been initialized but not set up, or that has been
+    ///                  cleared with mbedtls_pk_free().
+    pub fn mbedtls_pk_can_do(
+        ctx: *const mbedtls_pk_context,
+        type_: mbedtls_pk_type_t,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Verify signature (including padding if relevant).
+    ///
+    /// \param ctx       The PK context to use. It must have been set up.
+    /// \param md_alg    Hash algorithm used.
+    ///                  This can be #MBEDTLS_MD_NONE if the signature algorithm
+    ///                  does not rely on a hash algorithm (non-deterministic
+    ///                  ECDSA, RSA PKCS#1 v1.5).
+    ///                  For PKCS#1 v1.5, if \p md_alg is #MBEDTLS_MD_NONE, then
+    ///                  \p hash is the DigestInfo structure used by RFC 8017
+    ///                  &sect;9.2 steps 3&ndash;6. If \p md_alg is a valid hash
+    ///                  algorithm then \p hash is the digest itself, and this
+    ///                  function calculates the DigestInfo encoding internally.
+    /// \param hash      Hash of the message to sign
+    /// \param hash_len  Hash length
+    /// \param sig       Signature to verify
+    /// \param sig_len   Signature length
+    ///
+    /// \return          0 on success (signature is valid),
+    ///                  #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid
+    ///                  signature in sig but its length is less than \p siglen,
+    ///                  or a specific error code.
+    ///
+    /// \note            For RSA keys, the default padding type is PKCS#1 v1.5.
+    ///                  Use \c mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, ... )
+    ///                  to verify RSASSA_PSS signatures.
+    pub fn mbedtls_pk_verify(
+        ctx: *mut mbedtls_pk_context,
+        md_alg: mbedtls_md_type_t,
+        hash: *const crate::c_types::c_uchar,
+        hash_len: usize,
+        sig: *const crate::c_types::c_uchar,
+        sig_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Restartable version of \c mbedtls_pk_verify()
+    ///
+    /// \note            Performs the same job as \c mbedtls_pk_verify(), but can
+    ///                  return early and restart according to the limit set with
+    ///                  \c mbedtls_ecp_set_max_ops() to reduce blocking for ECC
+    ///                  operations. For RSA, same as \c mbedtls_pk_verify().
+    ///
+    /// \param ctx       The PK context to use. It must have been set up.
+    /// \param md_alg    Hash algorithm used (see notes)
+    /// \param hash      Hash of the message to sign
+    /// \param hash_len  Hash length or 0 (see notes)
+    /// \param sig       Signature to verify
+    /// \param sig_len   Signature length
+    /// \param rs_ctx    Restart context (NULL to disable restart)
+    ///
+    /// \return          See \c mbedtls_pk_verify(), or
+    /// \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                  operations was reached: see \c mbedtls_ecp_set_max_ops().
+    pub fn mbedtls_pk_verify_restartable(
+        ctx: *mut mbedtls_pk_context,
+        md_alg: mbedtls_md_type_t,
+        hash: *const crate::c_types::c_uchar,
+        hash_len: usize,
+        sig: *const crate::c_types::c_uchar,
+        sig_len: usize,
+        rs_ctx: *mut mbedtls_pk_restart_ctx,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Verify signature, with options.
+    ///                  (Includes verification of the padding depending on type.)
+    ///
+    /// \param type      Signature type (inc. possible padding type) to verify
+    /// \param options   Pointer to type-specific options, or NULL
+    /// \param ctx       The PK context to use. It must have been set up.
+    /// \param md_alg    Hash algorithm used (see notes)
+    /// \param hash      Hash of the message to sign
+    /// \param hash_len  Hash length or 0 (see notes)
+    /// \param sig       Signature to verify
+    /// \param sig_len   Signature length
+    ///
+    /// \return          0 on success (signature is valid),
+    ///                  #MBEDTLS_ERR_PK_TYPE_MISMATCH if the PK context can't be
+    ///                  used for this type of signatures,
+    ///                  #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid
+    ///                  signature in sig but its length is less than \p siglen,
+    ///                  or a specific error code.
+    ///
+    /// \note            If hash_len is 0, then the length associated with md_alg
+    ///                  is used instead, or an error returned if it is invalid.
+    ///
+    /// \note            md_alg may be MBEDTLS_MD_NONE, only if hash_len != 0
+    ///
+    /// \note            If type is MBEDTLS_PK_RSASSA_PSS, then options must point
+    ///                  to a mbedtls_pk_rsassa_pss_options structure,
+    ///                  otherwise it must be NULL. Note that if
+    ///                  #MBEDTLS_USE_PSA_CRYPTO is defined, the salt length is not
+    ///                  verified as PSA_ALG_RSA_PSS_ANY_SALT is used.
+    pub fn mbedtls_pk_verify_ext(
+        type_: mbedtls_pk_type_t,
+        options: *const crate::c_types::c_void,
+        ctx: *mut mbedtls_pk_context,
+        md_alg: mbedtls_md_type_t,
+        hash: *const crate::c_types::c_uchar,
+        hash_len: usize,
+        sig: *const crate::c_types::c_uchar,
+        sig_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Make signature, including padding if relevant.
+    ///
+    /// \param ctx       The PK context to use. It must have been set up
+    ///                  with a private key.
+    /// \param md_alg    Hash algorithm used (see notes)
+    /// \param hash      Hash of the message to sign
+    /// \param hash_len  Hash length
+    /// \param sig       Place to write the signature.
+    ///                  It must have enough room for the signature.
+    ///                  #MBEDTLS_PK_SIGNATURE_MAX_SIZE is always enough.
+    ///                  You may use a smaller buffer if it is large enough
+    ///                  given the key type.
+    /// \param sig_size  The size of the \p sig buffer in bytes.
+    /// \param sig_len   On successful return,
+    ///                  the number of bytes written to \p sig.
+    /// \param f_rng     RNG function, must not be \c NULL.
+    /// \param p_rng     RNG parameter
+    ///
+    /// \return          0 on success, or a specific error code.
+    ///
+    /// \note            For RSA keys, the default padding type is PKCS#1 v1.5.
+    ///                  There is no interface in the PK module to make RSASSA-PSS
+    ///                  signatures yet.
+    ///
+    /// \note            For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0.
+    ///                  For ECDSA, md_alg may never be MBEDTLS_MD_NONE.
+    pub fn mbedtls_pk_sign(
+        ctx: *mut mbedtls_pk_context,
+        md_alg: mbedtls_md_type_t,
+        hash: *const crate::c_types::c_uchar,
+        hash_len: usize,
+        sig: *mut crate::c_types::c_uchar,
+        sig_size: usize,
+        sig_len: *mut usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Make signature given a signature type.
+    ///
+    /// \param pk_type   Signature type.
+    /// \param ctx       The PK context to use. It must have been set up
+    ///                  with a private key.
+    /// \param md_alg    Hash algorithm used (see notes)
+    /// \param hash      Hash of the message to sign
+    /// \param hash_len  Hash length
+    /// \param sig       Place to write the signature.
+    ///                  It must have enough room for the signature.
+    ///                  #MBEDTLS_PK_SIGNATURE_MAX_SIZE is always enough.
+    ///                  You may use a smaller buffer if it is large enough
+    ///                  given the key type.
+    /// \param sig_size  The size of the \p sig buffer in bytes.
+    /// \param sig_len   On successful return,
+    ///                  the number of bytes written to \p sig.
+    /// \param f_rng     RNG function, must not be \c NULL.
+    /// \param p_rng     RNG parameter
+    ///
+    /// \return          0 on success, or a specific error code.
+    ///
+    /// \note            When \p pk_type is #MBEDTLS_PK_RSASSA_PSS,
+    ///                  see #PSA_ALG_RSA_PSS for a description of PSS options used.
+    ///
+    /// \note            For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0.
+    ///                  For ECDSA, md_alg may never be MBEDTLS_MD_NONE.
+    pub fn mbedtls_pk_sign_ext(
+        pk_type: mbedtls_pk_type_t,
+        ctx: *mut mbedtls_pk_context,
+        md_alg: mbedtls_md_type_t,
+        hash: *const crate::c_types::c_uchar,
+        hash_len: usize,
+        sig: *mut crate::c_types::c_uchar,
+        sig_size: usize,
+        sig_len: *mut usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Restartable version of \c mbedtls_pk_sign()
+    ///
+    /// \note            Performs the same job as \c mbedtls_pk_sign(), but can
+    ///                  return early and restart according to the limit set with
+    ///                  \c mbedtls_ecp_set_max_ops() to reduce blocking for ECC
+    ///                  operations. For RSA, same as \c mbedtls_pk_sign().
+    ///
+    /// \param ctx       The PK context to use. It must have been set up
+    ///                  with a private key.
+    /// \param md_alg    Hash algorithm used (see notes for mbedtls_pk_sign())
+    /// \param hash      Hash of the message to sign
+    /// \param hash_len  Hash length
+    /// \param sig       Place to write the signature.
+    ///                  It must have enough room for the signature.
+    ///                  #MBEDTLS_PK_SIGNATURE_MAX_SIZE is always enough.
+    ///                  You may use a smaller buffer if it is large enough
+    ///                  given the key type.
+    /// \param sig_size  The size of the \p sig buffer in bytes.
+    /// \param sig_len   On successful return,
+    ///                  the number of bytes written to \p sig.
+    /// \param f_rng     RNG function, must not be \c NULL.
+    /// \param p_rng     RNG parameter
+    /// \param rs_ctx    Restart context (NULL to disable restart)
+    ///
+    /// \return          See \c mbedtls_pk_sign().
+    /// \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                  operations was reached: see \c mbedtls_ecp_set_max_ops().
+    pub fn mbedtls_pk_sign_restartable(
+        ctx: *mut mbedtls_pk_context,
+        md_alg: mbedtls_md_type_t,
+        hash: *const crate::c_types::c_uchar,
+        hash_len: usize,
+        sig: *mut crate::c_types::c_uchar,
+        sig_size: usize,
+        sig_len: *mut usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        rs_ctx: *mut mbedtls_pk_restart_ctx,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Decrypt message (including padding if relevant).
+    ///
+    /// \param ctx       The PK context to use. It must have been set up
+    ///                  with a private key.
+    /// \param input     Input to decrypt
+    /// \param ilen      Input size
+    /// \param output    Decrypted output
+    /// \param olen      Decrypted message length
+    /// \param osize     Size of the output buffer
+    /// \param f_rng     RNG function, must not be \c NULL.
+    /// \param p_rng     RNG parameter
+    ///
+    /// \note            For RSA keys, the default padding type is PKCS#1 v1.5.
+    ///
+    /// \return          0 on success, or a specific error code.
+    pub fn mbedtls_pk_decrypt(
+        ctx: *mut mbedtls_pk_context,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+        olen: *mut usize,
+        osize: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Encrypt message (including padding if relevant).
+    ///
+    /// \param ctx       The PK context to use. It must have been set up.
+    /// \param input     Message to encrypt
+    /// \param ilen      Message size
+    /// \param output    Encrypted output
+    /// \param olen      Encrypted output length
+    /// \param osize     Size of the output buffer
+    /// \param f_rng     RNG function, must not be \c NULL.
+    /// \param p_rng     RNG parameter
+    ///
+    /// \note            \p f_rng is used for padding generation.
+    ///
+    /// \note            For RSA keys, the default padding type is PKCS#1 v1.5.
+    ///
+    /// \return          0 on success, or a specific error code.
+    pub fn mbedtls_pk_encrypt(
+        ctx: *mut mbedtls_pk_context,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+        olen: *mut usize,
+        osize: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Check if a public-private pair of keys matches.
+    ///
+    /// \param pub       Context holding a public key.
+    /// \param prv       Context holding a private (and public) key.
+    /// \param f_rng     RNG function, must not be \c NULL.
+    /// \param p_rng     RNG parameter
+    ///
+    /// \return          \c 0 on success (keys were checked and match each other).
+    /// \return          #MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE if the keys could not
+    ///                  be checked - in that case they may or may not match.
+    /// \return          #MBEDTLS_ERR_PK_BAD_INPUT_DATA if a context is invalid.
+    /// \return          Another non-zero value if the keys do not match.
+    pub fn mbedtls_pk_check_pair(
+        pub_: *const mbedtls_pk_context,
+        prv: *const mbedtls_pk_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Export debug information
+    ///
+    /// \param ctx       The PK context to use. It must have been initialized.
+    /// \param items     Place to write debug items
+    ///
+    /// \return          0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA
+    pub fn mbedtls_pk_debug(
+        ctx: *const mbedtls_pk_context,
+        items: *mut mbedtls_pk_debug_item,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Access the type name
+    ///
+    /// \param ctx       The PK context to use. It must have been initialized.
+    ///
+    /// \return          Type name on success, or "invalid PK"
+    pub fn mbedtls_pk_get_name(ctx: *const mbedtls_pk_context) -> *const crate::c_types::c_char;
+}
+extern "C" {
+    /// \brief           Get the key type
+    ///
+    /// \param ctx       The PK context to use. It must have been initialized.
+    ///
+    /// \return          Type on success.
+    /// \return          #MBEDTLS_PK_NONE for a context that has not been set up.
+    pub fn mbedtls_pk_get_type(ctx: *const mbedtls_pk_context) -> mbedtls_pk_type_t;
+}
+extern "C" {
+    /// \ingroup pk_module */
+    ////**
+    /// \brief           Parse a private key in PEM or DER format
+    ///
+    /// \note            If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+    ///                  subsystem must have been initialized by calling
+    ///                  psa_crypto_init() before calling this function.
+    ///
+    /// \param ctx       The PK context to fill. It must have been initialized
+    ///                  but not set up.
+    /// \param key       Input buffer to parse.
+    ///                  The buffer must contain the input exactly, with no
+    ///                  extra trailing material. For PEM, the buffer must
+    ///                  contain a null-terminated string.
+    /// \param keylen    Size of \b key in bytes.
+    ///                  For PEM data, this includes the terminating null byte,
+    ///                  so \p keylen must be equal to `strlen(key) + 1`.
+    /// \param pwd       Optional password for decryption.
+    ///                  Pass \c NULL if expecting a non-encrypted key.
+    ///                  Pass a string of \p pwdlen bytes if expecting an encrypted
+    ///                  key; a non-encrypted key will also be accepted.
+    ///                  The empty password is not supported.
+    /// \param pwdlen    Size of the password in bytes.
+    ///                  Ignored if \p pwd is \c NULL.
+    /// \param f_rng     RNG function, must not be \c NULL. Used for blinding.
+    /// \param p_rng     RNG parameter
+    ///
+    /// \note            On entry, ctx must be empty, either freshly initialised
+    ///                  with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
+    ///                  specific key type, check the result with mbedtls_pk_can_do().
+    ///
+    /// \note            The key is also checked for correctness.
+    ///
+    /// \return          0 if successful, or a specific PK or PEM error code
+    pub fn mbedtls_pk_parse_key(
+        ctx: *mut mbedtls_pk_context,
+        key: *const crate::c_types::c_uchar,
+        keylen: usize,
+        pwd: *const crate::c_types::c_uchar,
+        pwdlen: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \ingroup pk_module */
+    ////**
+    /// \brief           Parse a public key in PEM or DER format
+    ///
+    /// \note            If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+    ///                  subsystem must have been initialized by calling
+    ///                  psa_crypto_init() before calling this function.
+    ///
+    /// \param ctx       The PK context to fill. It must have been initialized
+    ///                  but not set up.
+    /// \param key       Input buffer to parse.
+    ///                  The buffer must contain the input exactly, with no
+    ///                  extra trailing material. For PEM, the buffer must
+    ///                  contain a null-terminated string.
+    /// \param keylen    Size of \b key in bytes.
+    ///                  For PEM data, this includes the terminating null byte,
+    ///                  so \p keylen must be equal to `strlen(key) + 1`.
+    ///
+    /// \note            On entry, ctx must be empty, either freshly initialised
+    ///                  with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
+    ///                  specific key type, check the result with mbedtls_pk_can_do().
+    ///
+    /// \note            For compressed points, see #MBEDTLS_ECP_PF_COMPRESSED for
+    ///                  limitations.
+    ///
+    /// \note            The key is also checked for correctness.
+    ///
+    /// \return          0 if successful, or a specific PK or PEM error code
+    pub fn mbedtls_pk_parse_public_key(
+        ctx: *mut mbedtls_pk_context,
+        key: *const crate::c_types::c_uchar,
+        keylen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Write a private key to a PKCS#1 or SEC1 DER structure
+    ///                  Note: data is written at the end of the buffer! Use the
+    ///                        return value to determine where you should start
+    ///                        using the buffer
+    ///
+    /// \param ctx       PK context which must contain a valid private key.
+    /// \param buf       buffer to write to
+    /// \param size      size of the buffer
+    ///
+    /// \return          length of data written if successful, or a specific
+    ///                  error code
+    pub fn mbedtls_pk_write_key_der(
+        ctx: *const mbedtls_pk_context,
+        buf: *mut crate::c_types::c_uchar,
+        size: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Write a public key to a SubjectPublicKeyInfo DER structure
+    ///                  Note: data is written at the end of the buffer! Use the
+    ///                        return value to determine where you should start
+    ///                        using the buffer
+    ///
+    /// \param ctx       PK context which must contain a valid public or private key.
+    /// \param buf       buffer to write to
+    /// \param size      size of the buffer
+    ///
+    /// \return          length of data written if successful, or a specific
+    ///                  error code
+    pub fn mbedtls_pk_write_pubkey_der(
+        ctx: *const mbedtls_pk_context,
+        buf: *mut crate::c_types::c_uchar,
+        size: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Write a public key to a PEM string
+    ///
+    /// \param ctx       PK context which must contain a valid public or private key.
+    /// \param buf       Buffer to write to. The output includes a
+    ///                  terminating null byte.
+    /// \param size      Size of the buffer in bytes.
+    ///
+    /// \return          0 if successful, or a specific error code
+    pub fn mbedtls_pk_write_pubkey_pem(
+        ctx: *const mbedtls_pk_context,
+        buf: *mut crate::c_types::c_uchar,
+        size: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Write a private key to a PKCS#1 or SEC1 PEM string
+    ///
+    /// \param ctx       PK context which must contain a valid private key.
+    /// \param buf       Buffer to write to. The output includes a
+    ///                  terminating null byte.
+    /// \param size      Size of the buffer in bytes.
+    ///
+    /// \return          0 if successful, or a specific error code
+    pub fn mbedtls_pk_write_key_pem(
+        ctx: *const mbedtls_pk_context,
+        buf: *mut crate::c_types::c_uchar,
+        size: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Parse a SubjectPublicKeyInfo DER structure
+    ///
+    /// \param p         the position in the ASN.1 data
+    /// \param end       end of the buffer
+    /// \param pk        The PK context to fill. It must have been initialized
+    ///                  but not set up.
+    ///
+    /// \return          0 if successful, or a specific PK error code
+    pub fn mbedtls_pk_parse_subpubkey(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        pk: *mut mbedtls_pk_context,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Write a subjectPublicKey to ASN.1 data
+    ///                  Note: function works backwards in data buffer
+    ///
+    /// \param p         reference to current position pointer
+    /// \param start     start of the buffer (for bounds-checking)
+    /// \param key       PK context which must contain a valid public or private key.
+    ///
+    /// \return          the length written or a negative error code
+    pub fn mbedtls_pk_write_pubkey(
+        p: *mut *mut crate::c_types::c_uchar,
+        start: *mut crate::c_types::c_uchar,
+        key: *const mbedtls_pk_context,
+    ) -> crate::c_types::c_int;
+}
+///< Placeholder to mark the end of cipher ID lists.
+pub const mbedtls_cipher_id_t_MBEDTLS_CIPHER_ID_NONE: mbedtls_cipher_id_t = 0;
+///< The identity cipher, treated as a stream cipher.
+pub const mbedtls_cipher_id_t_MBEDTLS_CIPHER_ID_NULL: mbedtls_cipher_id_t = 1;
+///< The AES cipher.
+pub const mbedtls_cipher_id_t_MBEDTLS_CIPHER_ID_AES: mbedtls_cipher_id_t = 2;
+///< The DES cipher. \warning DES is considered weak.
+pub const mbedtls_cipher_id_t_MBEDTLS_CIPHER_ID_DES: mbedtls_cipher_id_t = 3;
+///< The Triple DES cipher. \warning 3DES is considered weak.
+pub const mbedtls_cipher_id_t_MBEDTLS_CIPHER_ID_3DES: mbedtls_cipher_id_t = 4;
+///< The Camellia cipher.
+pub const mbedtls_cipher_id_t_MBEDTLS_CIPHER_ID_CAMELLIA: mbedtls_cipher_id_t = 5;
+///< The Aria cipher.
+pub const mbedtls_cipher_id_t_MBEDTLS_CIPHER_ID_ARIA: mbedtls_cipher_id_t = 6;
+///< The ChaCha20 cipher.
+pub const mbedtls_cipher_id_t_MBEDTLS_CIPHER_ID_CHACHA20: mbedtls_cipher_id_t = 7;
+/// \brief     Supported cipher types.
+///
+/// \warning   DES/3DES are considered weak ciphers and their use
+///            constitutes a security risk. We recommend considering stronger
+///            ciphers instead.
+pub type mbedtls_cipher_id_t = crate::c_types::c_uint;
+///< Placeholder to mark the end of cipher-pair lists.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_NONE: mbedtls_cipher_type_t = 0;
+///< The identity stream cipher.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_NULL: mbedtls_cipher_type_t = 1;
+///< AES cipher with 128-bit ECB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_ECB: mbedtls_cipher_type_t = 2;
+///< AES cipher with 192-bit ECB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_ECB: mbedtls_cipher_type_t = 3;
+///< AES cipher with 256-bit ECB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_ECB: mbedtls_cipher_type_t = 4;
+///< AES cipher with 128-bit CBC mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_CBC: mbedtls_cipher_type_t = 5;
+///< AES cipher with 192-bit CBC mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_CBC: mbedtls_cipher_type_t = 6;
+///< AES cipher with 256-bit CBC mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_CBC: mbedtls_cipher_type_t = 7;
+///< AES cipher with 128-bit CFB128 mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_CFB128: mbedtls_cipher_type_t = 8;
+///< AES cipher with 192-bit CFB128 mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_CFB128: mbedtls_cipher_type_t = 9;
+///< AES cipher with 256-bit CFB128 mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_CFB128: mbedtls_cipher_type_t = 10;
+///< AES cipher with 128-bit CTR mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_CTR: mbedtls_cipher_type_t = 11;
+///< AES cipher with 192-bit CTR mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_CTR: mbedtls_cipher_type_t = 12;
+///< AES cipher with 256-bit CTR mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_CTR: mbedtls_cipher_type_t = 13;
+///< AES cipher with 128-bit GCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_GCM: mbedtls_cipher_type_t = 14;
+///< AES cipher with 192-bit GCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_GCM: mbedtls_cipher_type_t = 15;
+///< AES cipher with 256-bit GCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_GCM: mbedtls_cipher_type_t = 16;
+///< Camellia cipher with 128-bit ECB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_128_ECB: mbedtls_cipher_type_t = 17;
+///< Camellia cipher with 192-bit ECB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_192_ECB: mbedtls_cipher_type_t = 18;
+///< Camellia cipher with 256-bit ECB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_256_ECB: mbedtls_cipher_type_t = 19;
+///< Camellia cipher with 128-bit CBC mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_128_CBC: mbedtls_cipher_type_t = 20;
+///< Camellia cipher with 192-bit CBC mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_192_CBC: mbedtls_cipher_type_t = 21;
+///< Camellia cipher with 256-bit CBC mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_256_CBC: mbedtls_cipher_type_t = 22;
+///< Camellia cipher with 128-bit CFB128 mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_128_CFB128: mbedtls_cipher_type_t = 23;
+///< Camellia cipher with 192-bit CFB128 mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_192_CFB128: mbedtls_cipher_type_t = 24;
+///< Camellia cipher with 256-bit CFB128 mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_256_CFB128: mbedtls_cipher_type_t = 25;
+///< Camellia cipher with 128-bit CTR mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_128_CTR: mbedtls_cipher_type_t = 26;
+///< Camellia cipher with 192-bit CTR mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_192_CTR: mbedtls_cipher_type_t = 27;
+///< Camellia cipher with 256-bit CTR mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_256_CTR: mbedtls_cipher_type_t = 28;
+///< Camellia cipher with 128-bit GCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_128_GCM: mbedtls_cipher_type_t = 29;
+///< Camellia cipher with 192-bit GCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_192_GCM: mbedtls_cipher_type_t = 30;
+///< Camellia cipher with 256-bit GCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_256_GCM: mbedtls_cipher_type_t = 31;
+///< DES cipher with ECB mode. \warning DES is considered weak.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_DES_ECB: mbedtls_cipher_type_t = 32;
+///< DES cipher with CBC mode. \warning DES is considered weak.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_DES_CBC: mbedtls_cipher_type_t = 33;
+///< DES cipher with EDE ECB mode. \warning 3DES is considered weak.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_DES_EDE_ECB: mbedtls_cipher_type_t = 34;
+///< DES cipher with EDE CBC mode. \warning 3DES is considered weak.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_DES_EDE_CBC: mbedtls_cipher_type_t = 35;
+///< DES cipher with EDE3 ECB mode. \warning 3DES is considered weak.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_DES_EDE3_ECB: mbedtls_cipher_type_t = 36;
+///< DES cipher with EDE3 CBC mode. \warning 3DES is considered weak.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_DES_EDE3_CBC: mbedtls_cipher_type_t = 37;
+///< AES cipher with 128-bit CCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_CCM: mbedtls_cipher_type_t = 38;
+///< AES cipher with 192-bit CCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_CCM: mbedtls_cipher_type_t = 39;
+///< AES cipher with 256-bit CCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_CCM: mbedtls_cipher_type_t = 40;
+///< AES cipher with 128-bit CCM_STAR_NO_TAG mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG: mbedtls_cipher_type_t = 41;
+///< AES cipher with 192-bit CCM_STAR_NO_TAG mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG: mbedtls_cipher_type_t = 42;
+///< AES cipher with 256-bit CCM_STAR_NO_TAG mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG: mbedtls_cipher_type_t = 43;
+///< Camellia cipher with 128-bit CCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_128_CCM: mbedtls_cipher_type_t = 44;
+///< Camellia cipher with 192-bit CCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_192_CCM: mbedtls_cipher_type_t = 45;
+///< Camellia cipher with 256-bit CCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_256_CCM: mbedtls_cipher_type_t = 46;
+///< Camellia cipher with 128-bit CCM_STAR_NO_TAG mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG: mbedtls_cipher_type_t =
+    47;
+///< Camellia cipher with 192-bit CCM_STAR_NO_TAG mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG: mbedtls_cipher_type_t =
+    48;
+///< Camellia cipher with 256-bit CCM_STAR_NO_TAG mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG: mbedtls_cipher_type_t =
+    49;
+///< Aria cipher with 128-bit key and ECB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_128_ECB: mbedtls_cipher_type_t = 50;
+///< Aria cipher with 192-bit key and ECB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_192_ECB: mbedtls_cipher_type_t = 51;
+///< Aria cipher with 256-bit key and ECB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_256_ECB: mbedtls_cipher_type_t = 52;
+///< Aria cipher with 128-bit key and CBC mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_128_CBC: mbedtls_cipher_type_t = 53;
+///< Aria cipher with 192-bit key and CBC mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_192_CBC: mbedtls_cipher_type_t = 54;
+///< Aria cipher with 256-bit key and CBC mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_256_CBC: mbedtls_cipher_type_t = 55;
+///< Aria cipher with 128-bit key and CFB-128 mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_128_CFB128: mbedtls_cipher_type_t = 56;
+///< Aria cipher with 192-bit key and CFB-128 mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_192_CFB128: mbedtls_cipher_type_t = 57;
+///< Aria cipher with 256-bit key and CFB-128 mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_256_CFB128: mbedtls_cipher_type_t = 58;
+///< Aria cipher with 128-bit key and CTR mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_128_CTR: mbedtls_cipher_type_t = 59;
+///< Aria cipher with 192-bit key and CTR mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_192_CTR: mbedtls_cipher_type_t = 60;
+///< Aria cipher with 256-bit key and CTR mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_256_CTR: mbedtls_cipher_type_t = 61;
+///< Aria cipher with 128-bit key and GCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_128_GCM: mbedtls_cipher_type_t = 62;
+///< Aria cipher with 192-bit key and GCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_192_GCM: mbedtls_cipher_type_t = 63;
+///< Aria cipher with 256-bit key and GCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_256_GCM: mbedtls_cipher_type_t = 64;
+///< Aria cipher with 128-bit key and CCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_128_CCM: mbedtls_cipher_type_t = 65;
+///< Aria cipher with 192-bit key and CCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_192_CCM: mbedtls_cipher_type_t = 66;
+///< Aria cipher with 256-bit key and CCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_256_CCM: mbedtls_cipher_type_t = 67;
+///< Aria cipher with 128-bit key and CCM_STAR_NO_TAG mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG: mbedtls_cipher_type_t = 68;
+///< Aria cipher with 192-bit key and CCM_STAR_NO_TAG mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG: mbedtls_cipher_type_t = 69;
+///< Aria cipher with 256-bit key and CCM_STAR_NO_TAG mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG: mbedtls_cipher_type_t = 70;
+///< AES 128-bit cipher in OFB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_OFB: mbedtls_cipher_type_t = 71;
+///< AES 192-bit cipher in OFB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_OFB: mbedtls_cipher_type_t = 72;
+///< AES 256-bit cipher in OFB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_OFB: mbedtls_cipher_type_t = 73;
+///< AES 128-bit cipher in XTS block mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_XTS: mbedtls_cipher_type_t = 74;
+///< AES 256-bit cipher in XTS block mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_XTS: mbedtls_cipher_type_t = 75;
+///< ChaCha20 stream cipher.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CHACHA20: mbedtls_cipher_type_t = 76;
+///< ChaCha20-Poly1305 AEAD cipher.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CHACHA20_POLY1305: mbedtls_cipher_type_t = 77;
+///< AES cipher with 128-bit NIST KW mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_KW: mbedtls_cipher_type_t = 78;
+///< AES cipher with 192-bit NIST KW mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_KW: mbedtls_cipher_type_t = 79;
+///< AES cipher with 256-bit NIST KW mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_KW: mbedtls_cipher_type_t = 80;
+///< AES cipher with 128-bit NIST KWP mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_KWP: mbedtls_cipher_type_t = 81;
+///< AES cipher with 192-bit NIST KWP mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_KWP: mbedtls_cipher_type_t = 82;
+///< AES cipher with 256-bit NIST KWP mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_KWP: mbedtls_cipher_type_t = 83;
+/// \brief     Supported {cipher type, cipher mode} pairs.
+///
+/// \warning   DES/3DES are considered weak ciphers and their use
+///            constitutes a security risk. We recommend considering stronger
+///            ciphers instead.
+pub type mbedtls_cipher_type_t = crate::c_types::c_uint;
+///< None.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_NONE: mbedtls_cipher_mode_t = 0;
+///< The ECB cipher mode.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_ECB: mbedtls_cipher_mode_t = 1;
+///< The CBC cipher mode.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_CBC: mbedtls_cipher_mode_t = 2;
+///< The CFB cipher mode.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_CFB: mbedtls_cipher_mode_t = 3;
+///< The OFB cipher mode.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_OFB: mbedtls_cipher_mode_t = 4;
+///< The CTR cipher mode.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_CTR: mbedtls_cipher_mode_t = 5;
+///< The GCM cipher mode.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_GCM: mbedtls_cipher_mode_t = 6;
+///< The stream cipher mode.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_STREAM: mbedtls_cipher_mode_t = 7;
+///< The CCM cipher mode.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_CCM: mbedtls_cipher_mode_t = 8;
+///< The CCM*-no-tag cipher mode.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_CCM_STAR_NO_TAG: mbedtls_cipher_mode_t = 9;
+///< The XTS cipher mode.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_XTS: mbedtls_cipher_mode_t = 10;
+///< The ChaCha-Poly cipher mode.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_CHACHAPOLY: mbedtls_cipher_mode_t = 11;
+///< The SP800-38F KW mode
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_KW: mbedtls_cipher_mode_t = 12;
+///< The SP800-38F KWP mode
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_KWP: mbedtls_cipher_mode_t = 13;
+/// Supported cipher modes.
+pub type mbedtls_cipher_mode_t = crate::c_types::c_uint;
+///< PKCS7 padding (default).
+pub const mbedtls_cipher_padding_t_MBEDTLS_PADDING_PKCS7: mbedtls_cipher_padding_t = 0;
+///< ISO/IEC 7816-4 padding.
+pub const mbedtls_cipher_padding_t_MBEDTLS_PADDING_ONE_AND_ZEROS: mbedtls_cipher_padding_t = 1;
+///< ANSI X.923 padding.
+pub const mbedtls_cipher_padding_t_MBEDTLS_PADDING_ZEROS_AND_LEN: mbedtls_cipher_padding_t = 2;
+///< Zero padding (not reversible).
+pub const mbedtls_cipher_padding_t_MBEDTLS_PADDING_ZEROS: mbedtls_cipher_padding_t = 3;
+///< Never pad (full blocks only).
+pub const mbedtls_cipher_padding_t_MBEDTLS_PADDING_NONE: mbedtls_cipher_padding_t = 4;
+/// Supported cipher padding types.
+pub type mbedtls_cipher_padding_t = crate::c_types::c_uint;
+pub const mbedtls_operation_t_MBEDTLS_OPERATION_NONE: mbedtls_operation_t = -1;
+pub const mbedtls_operation_t_MBEDTLS_DECRYPT: mbedtls_operation_t = 0;
+pub const mbedtls_operation_t_MBEDTLS_ENCRYPT: mbedtls_operation_t = 1;
+/// Type of operation.
+pub type mbedtls_operation_t = crate::c_types::c_int;
+/// Undefined key length.
+pub const MBEDTLS_KEY_LENGTH_NONE: _bindgen_ty_1 = 0;
+/// Key length, in bits (including parity), for DES keys. \warning DES is considered weak.
+pub const MBEDTLS_KEY_LENGTH_DES: _bindgen_ty_1 = 64;
+/// Key length in bits, including parity, for DES in two-key EDE. \warning 3DES is considered weak.
+pub const MBEDTLS_KEY_LENGTH_DES_EDE: _bindgen_ty_1 = 128;
+/// Key length in bits, including parity, for DES in three-key EDE. \warning 3DES is considered weak.
+pub const MBEDTLS_KEY_LENGTH_DES_EDE3: _bindgen_ty_1 = 192;
+pub type _bindgen_ty_1 = crate::c_types::c_uint;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_cipher_base_t {
+    _unused: [u8; 0],
+}
+/// Cipher information. Allows calling cipher functions
+/// in a generic way.
+///
+/// \note        The library does not support custom cipher info structures,
+///              only built-in structures returned by the functions
+///              mbedtls_cipher_info_from_string(),
+///              mbedtls_cipher_info_from_type(),
+///              mbedtls_cipher_info_from_values(),
+///              mbedtls_cipher_info_from_psa().
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_cipher_info_t {
+    pub private_type: mbedtls_cipher_type_t,
+    pub private_mode: mbedtls_cipher_mode_t,
+    pub private_key_bitlen: crate::c_types::c_uint,
+    pub private_name: *const crate::c_types::c_char,
+    pub private_iv_size: crate::c_types::c_uint,
+    pub private_flags: crate::c_types::c_int,
+    pub private_block_size: crate::c_types::c_uint,
+    pub private_base: *const mbedtls_cipher_base_t,
+}
+/// Generic cipher context.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_cipher_context_t {
+    pub private_cipher_info: *const mbedtls_cipher_info_t,
+    pub private_key_bitlen: crate::c_types::c_int,
+    pub private_operation: mbedtls_operation_t,
+    pub private_add_padding: ::core::option::Option<
+        unsafe extern "C" fn(output: *mut crate::c_types::c_uchar, olen: usize, data_len: usize),
+    >,
+    pub private_get_padding: ::core::option::Option<
+        unsafe extern "C" fn(
+            input: *mut crate::c_types::c_uchar,
+            ilen: usize,
+            data_len: *mut usize,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_unprocessed_data: [crate::c_types::c_uchar; 16usize],
+    pub private_unprocessed_len: usize,
+    pub private_iv: [crate::c_types::c_uchar; 16usize],
+    pub private_iv_size: usize,
+    pub private_cipher_ctx: *mut crate::c_types::c_void,
+    pub private_cmac_ctx: *mut mbedtls_cmac_context_t,
+}
+extern "C" {
+    /// \brief This function retrieves the list of ciphers supported
+    ///        by the generic cipher module.
+    ///
+    ///        For any cipher identifier in the returned list, you can
+    ///        obtain the corresponding generic cipher information structure
+    ///        via mbedtls_cipher_info_from_type(), which can then be used
+    ///        to prepare a cipher context via mbedtls_cipher_setup().
+    ///
+    ///
+    /// \return      A statically-allocated array of cipher identifiers
+    ///              of type cipher_type_t. The last entry is zero.
+    pub fn mbedtls_cipher_list() -> *const crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function retrieves the cipher-information
+    ///                      structure associated with the given cipher name.
+    ///
+    /// \param cipher_name   Name of the cipher to search for. This must not be
+    ///                      \c NULL.
+    ///
+    /// \return              The cipher information structure associated with the
+    ///                      given \p cipher_name.
+    /// \return              \c NULL if the associated cipher information is not found.
+    pub fn mbedtls_cipher_info_from_string(
+        cipher_name: *const crate::c_types::c_char,
+    ) -> *const mbedtls_cipher_info_t;
+}
+extern "C" {
+    /// \brief               This function retrieves the cipher-information
+    ///                      structure associated with the given cipher type.
+    ///
+    /// \param cipher_type   Type of the cipher to search for.
+    ///
+    /// \return              The cipher information structure associated with the
+    ///                      given \p cipher_type.
+    /// \return              \c NULL if the associated cipher information is not found.
+    pub fn mbedtls_cipher_info_from_type(
+        cipher_type: mbedtls_cipher_type_t,
+    ) -> *const mbedtls_cipher_info_t;
+}
+extern "C" {
+    /// \brief               This function retrieves the cipher-information
+    ///                      structure associated with the given cipher ID,
+    ///                      key size and mode.
+    ///
+    /// \param cipher_id     The ID of the cipher to search for. For example,
+    ///                      #MBEDTLS_CIPHER_ID_AES.
+    /// \param key_bitlen    The length of the key in bits.
+    /// \param mode          The cipher mode. For example, #MBEDTLS_MODE_CBC.
+    ///
+    /// \return              The cipher information structure associated with the
+    ///                      given \p cipher_id.
+    /// \return              \c NULL if the associated cipher information is not found.
+    pub fn mbedtls_cipher_info_from_values(
+        cipher_id: mbedtls_cipher_id_t,
+        key_bitlen: crate::c_types::c_int,
+        mode: mbedtls_cipher_mode_t,
+    ) -> *const mbedtls_cipher_info_t;
+}
+extern "C" {
+    /// \brief               This function initializes a \p cipher_context as NONE.
+    ///
+    /// \param ctx           The context to be initialized. This must not be \c NULL.
+    pub fn mbedtls_cipher_init(ctx: *mut mbedtls_cipher_context_t);
+}
+extern "C" {
+    /// \brief               This function frees and clears the cipher-specific
+    ///                      context of \p ctx. Freeing \p ctx itself remains the
+    ///                      responsibility of the caller.
+    ///
+    /// \param ctx           The context to be freed. If this is \c NULL, the
+    ///                      function has no effect, otherwise this must point to an
+    ///                      initialized context.
+    pub fn mbedtls_cipher_free(ctx: *mut mbedtls_cipher_context_t);
+}
+extern "C" {
+    /// \brief               This function prepares a cipher context for
+    ///                      use with the given cipher primitive.
+    ///
+    /// \note                After calling this function, you should call
+    ///                      mbedtls_cipher_setkey() and, if the mode uses padding,
+    ///                      mbedtls_cipher_set_padding_mode(), then for each
+    ///                      message to encrypt or decrypt with this key, either:
+    ///                      - mbedtls_cipher_crypt() for one-shot processing with
+    ///                      non-AEAD modes;
+    ///                      - mbedtls_cipher_auth_encrypt_ext() or
+    ///                      mbedtls_cipher_auth_decrypt_ext() for one-shot
+    ///                      processing with AEAD modes or NIST_KW;
+    ///                      - for multi-part processing, see the documentation of
+    ///                      mbedtls_cipher_reset().
+    ///
+    /// \param ctx           The context to prepare. This must be initialized by
+    ///                      a call to mbedtls_cipher_init() first.
+    /// \param cipher_info   The cipher to use.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+    ///                      parameter-verification failure.
+    /// \return              #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
+    ///                      cipher-specific context fails.
+    pub fn mbedtls_cipher_setup(
+        ctx: *mut mbedtls_cipher_context_t,
+        cipher_info: *const mbedtls_cipher_info_t,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function sets the key to use with the given context.
+    ///
+    /// \param ctx           The generic cipher context. This must be initialized and
+    ///                      bound to a cipher information structure.
+    /// \param key           The key to use. This must be a readable buffer of at
+    ///                      least \p key_bitlen Bits.
+    /// \param key_bitlen    The key length to use, in Bits.
+    /// \param operation     The operation that the key will be used for:
+    ///                      #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+    ///                      parameter-verification failure.
+    /// \return              A cipher-specific error code on failure.
+    pub fn mbedtls_cipher_setkey(
+        ctx: *mut mbedtls_cipher_context_t,
+        key: *const crate::c_types::c_uchar,
+        key_bitlen: crate::c_types::c_int,
+        operation: mbedtls_operation_t,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function sets the padding mode, for cipher modes
+    ///                      that use padding.
+    ///
+    ///                      The default passing mode is PKCS7 padding.
+    ///
+    /// \param ctx           The generic cipher context. This must be initialized and
+    ///                      bound to a cipher information structure.
+    /// \param mode          The padding mode.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
+    ///                      if the selected padding mode is not supported.
+    /// \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode
+    ///                      does not support padding.
+    pub fn mbedtls_cipher_set_padding_mode(
+        ctx: *mut mbedtls_cipher_context_t,
+        mode: mbedtls_cipher_padding_t,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function sets the initialization vector (IV)
+    ///                  or nonce.
+    ///
+    /// \note            Some ciphers do not use IVs nor nonce. For these
+    ///                  ciphers, this function has no effect.
+    ///
+    /// \note            For #MBEDTLS_CIPHER_CHACHA20, the nonce length must
+    ///                  be 12, and the initial counter value is 0.
+    ///
+    /// \note            For #MBEDTLS_CIPHER_CHACHA20_POLY1305, the nonce length
+    ///                  must be 12.
+    ///
+    /// \param ctx       The generic cipher context. This must be initialized and
+    ///                  bound to a cipher information structure.
+    /// \param iv        The IV to use, or NONCE_COUNTER for CTR-mode ciphers. This
+    ///                  must be a readable buffer of at least \p iv_len Bytes.
+    /// \param iv_len    The IV length for ciphers with variable-size IV.
+    ///                  This parameter is discarded by ciphers with fixed-size IV.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+    ///                  parameter-verification failure.
+    pub fn mbedtls_cipher_set_iv(
+        ctx: *mut mbedtls_cipher_context_t,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief         This function resets the cipher state.
+    ///
+    /// \note          With non-AEAD ciphers, the order of calls for each message
+    ///                is as follows:
+    ///                1. mbedtls_cipher_set_iv() if the mode uses an IV/nonce.
+    ///                2. mbedtls_cipher_reset()
+    ///                3. mbedtls_cipher_update() one or more times
+    ///                4. mbedtls_cipher_finish()
+    ///                .
+    ///                This sequence can be repeated to encrypt or decrypt multiple
+    ///                messages with the same key.
+    ///
+    /// \note          With AEAD ciphers, the order of calls for each message
+    ///                is as follows:
+    ///                1. mbedtls_cipher_set_iv() if the mode uses an IV/nonce.
+    ///                2. mbedtls_cipher_reset()
+    ///                3. mbedtls_cipher_update_ad()
+    ///                4. mbedtls_cipher_update() one or more times
+    ///                5. mbedtls_cipher_finish()
+    ///                6. mbedtls_cipher_check_tag() (for decryption) or
+    ///                mbedtls_cipher_write_tag() (for encryption).
+    ///                .
+    ///                This sequence can be repeated to encrypt or decrypt multiple
+    ///                messages with the same key.
+    ///
+    /// \param ctx     The generic cipher context. This must be bound to a key.
+    ///
+    /// \return        \c 0 on success.
+    /// \return        #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+    ///                parameter-verification failure.
+    pub fn mbedtls_cipher_reset(ctx: *mut mbedtls_cipher_context_t) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function adds additional data for AEAD ciphers.
+    ///                      Currently supported with GCM and ChaCha20+Poly1305.
+    ///
+    /// \param ctx           The generic cipher context. This must be initialized.
+    /// \param ad            The additional data to use. This must be a readable
+    ///                      buffer of at least \p ad_len Bytes.
+    /// \param ad_len        The length of \p ad in Bytes.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              A specific error code on failure.
+    pub fn mbedtls_cipher_update_ad(
+        ctx: *mut mbedtls_cipher_context_t,
+        ad: *const crate::c_types::c_uchar,
+        ad_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               The generic cipher update function. It encrypts or
+    ///                      decrypts using the given cipher context. Writes as
+    ///                      many block-sized blocks of data as possible to output.
+    ///                      Any data that cannot be written immediately is either
+    ///                      added to the next block, or flushed when
+    ///                      mbedtls_cipher_finish() is called.
+    ///                      Exception: For MBEDTLS_MODE_ECB, expects a single block
+    ///                      in size. For example, 16 Bytes for AES.
+    ///
+    /// \param ctx           The generic cipher context. This must be initialized and
+    ///                      bound to a key.
+    /// \param input         The buffer holding the input data. This must be a
+    ///                      readable buffer of at least \p ilen Bytes.
+    /// \param ilen          The length of the input data.
+    /// \param output        The buffer for the output data. This must be able to
+    ///                      hold at least `ilen + block_size`. This must not be the
+    ///                      same buffer as \p input.
+    /// \param olen          The length of the output data, to be updated with the
+    ///                      actual number of Bytes written. This must not be
+    ///                      \c NULL.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+    ///                      parameter-verification failure.
+    /// \return              #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an
+    ///                      unsupported mode for a cipher.
+    /// \return              A cipher-specific error code on failure.
+    pub fn mbedtls_cipher_update(
+        ctx: *mut mbedtls_cipher_context_t,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+        olen: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               The generic cipher finalization function. If data still
+    ///                      needs to be flushed from an incomplete block, the data
+    ///                      contained in it is padded to the size of
+    ///                      the last block, and written to the \p output buffer.
+    ///
+    /// \param ctx           The generic cipher context. This must be initialized and
+    ///                      bound to a key.
+    /// \param output        The buffer to write data to. This needs to be a writable
+    ///                      buffer of at least \p block_size Bytes.
+    /// \param olen          The length of the data written to the \p output buffer.
+    ///                      This may not be \c NULL.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+    ///                      parameter-verification failure.
+    /// \return              #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED on decryption
+    ///                      expecting a full block but not receiving one.
+    /// \return              #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
+    ///                      while decrypting.
+    /// \return              A cipher-specific error code on failure.
+    pub fn mbedtls_cipher_finish(
+        ctx: *mut mbedtls_cipher_context_t,
+        output: *mut crate::c_types::c_uchar,
+        olen: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function writes a tag for AEAD ciphers.
+    ///                      Currently supported with GCM and ChaCha20+Poly1305.
+    ///                      This must be called after mbedtls_cipher_finish().
+    ///
+    /// \param ctx           The generic cipher context. This must be initialized,
+    ///                      bound to a key, and have just completed a cipher
+    ///                      operation through mbedtls_cipher_finish() the tag for
+    ///                      which should be written.
+    /// \param tag           The buffer to write the tag to. This must be a writable
+    ///                      buffer of at least \p tag_len Bytes.
+    /// \param tag_len       The length of the tag to write.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              A specific error code on failure.
+    pub fn mbedtls_cipher_write_tag(
+        ctx: *mut mbedtls_cipher_context_t,
+        tag: *mut crate::c_types::c_uchar,
+        tag_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function checks the tag for AEAD ciphers.
+    ///                      Currently supported with GCM and ChaCha20+Poly1305.
+    ///                      This must be called after mbedtls_cipher_finish().
+    ///
+    /// \param ctx           The generic cipher context. This must be initialized.
+    /// \param tag           The buffer holding the tag. This must be a readable
+    ///                      buffer of at least \p tag_len Bytes.
+    /// \param tag_len       The length of the tag to check.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              A specific error code on failure.
+    pub fn mbedtls_cipher_check_tag(
+        ctx: *mut mbedtls_cipher_context_t,
+        tag: *const crate::c_types::c_uchar,
+        tag_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               The generic all-in-one encryption/decryption function,
+    ///                      for all ciphers except AEAD constructs.
+    ///
+    /// \param ctx           The generic cipher context. This must be initialized.
+    /// \param iv            The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
+    ///                      This must be a readable buffer of at least \p iv_len
+    ///                      Bytes.
+    /// \param iv_len        The IV length for ciphers with variable-size IV.
+    ///                      This parameter is discarded by ciphers with fixed-size
+    ///                      IV.
+    /// \param input         The buffer holding the input data. This must be a
+    ///                      readable buffer of at least \p ilen Bytes.
+    /// \param ilen          The length of the input data in Bytes.
+    /// \param output        The buffer for the output data. This must be able to
+    ///                      hold at least `ilen + block_size`. This must not be the
+    ///                      same buffer as \p input.
+    /// \param olen          The length of the output data, to be updated with the
+    ///                      actual number of Bytes written. This must not be
+    ///                      \c NULL.
+    ///
+    /// \note                Some ciphers do not use IVs nor nonce. For these
+    ///                      ciphers, use \p iv = NULL and \p iv_len = 0.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+    ///                      parameter-verification failure.
+    /// \return              #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED on decryption
+    ///                      expecting a full block but not receiving one.
+    /// \return              #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
+    ///                      while decrypting.
+    /// \return              A cipher-specific error code on failure.
+    pub fn mbedtls_cipher_crypt(
+        ctx: *mut mbedtls_cipher_context_t,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+        olen: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               The authenticated encryption (AEAD/NIST_KW) function.
+    ///
+    /// \note                For AEAD modes, the tag will be appended to the
+    ///                      ciphertext, as recommended by RFC 5116.
+    ///                      (NIST_KW doesn't have a separate tag.)
+    ///
+    /// \param ctx           The generic cipher context. This must be initialized and
+    ///                      bound to a key, with an AEAD algorithm or NIST_KW.
+    /// \param iv            The nonce to use. This must be a readable buffer of
+    ///                      at least \p iv_len Bytes and may be \c NULL if \p
+    ///                      iv_len is \c 0.
+    /// \param iv_len        The length of the nonce. For AEAD ciphers, this must
+    ///                      satisfy the constraints imposed by the cipher used.
+    ///                      For NIST_KW, this must be \c 0.
+    /// \param ad            The additional data to authenticate. This must be a
+    ///                      readable buffer of at least \p ad_len Bytes, and may
+    ///                      be \c NULL is \p ad_len is \c 0.
+    /// \param ad_len        The length of \p ad. For NIST_KW, this must be \c 0.
+    /// \param input         The buffer holding the input data. This must be a
+    ///                      readable buffer of at least \p ilen Bytes, and may be
+    ///                      \c NULL if \p ilen is \c 0.
+    /// \param ilen          The length of the input data.
+    /// \param output        The buffer for the output data. This must be a
+    ///                      writable buffer of at least \p output_len Bytes, and
+    ///                      must not be \c NULL.
+    /// \param output_len    The length of the \p output buffer in Bytes. For AEAD
+    ///                      ciphers, this must be at least \p ilen + \p tag_len.
+    ///                      For NIST_KW, this must be at least \p ilen + 8
+    ///                      (rounded up to a multiple of 8 if KWP is used);
+    ///                      \p ilen + 15 is always a safe value.
+    /// \param olen          This will be filled with the actual number of Bytes
+    ///                      written to the \p output buffer. This must point to a
+    ///                      writable object of type \c size_t.
+    /// \param tag_len       The desired length of the authentication tag. For AEAD
+    ///                      ciphers, this must match the constraints imposed by
+    ///                      the cipher used, and in particular must not be \c 0.
+    ///                      For NIST_KW, this must be \c 0.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+    ///                      parameter-verification failure.
+    /// \return              A cipher-specific error code on failure.
+    pub fn mbedtls_cipher_auth_encrypt_ext(
+        ctx: *mut mbedtls_cipher_context_t,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+        ad: *const crate::c_types::c_uchar,
+        ad_len: usize,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+        output_len: usize,
+        olen: *mut usize,
+        tag_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               The authenticated encryption (AEAD/NIST_KW) function.
+    ///
+    /// \note                If the data is not authentic, then the output buffer
+    ///                      is zeroed out to prevent the unauthentic plaintext being
+    ///                      used, making this interface safer.
+    ///
+    /// \note                For AEAD modes, the tag must be appended to the
+    ///                      ciphertext, as recommended by RFC 5116.
+    ///                      (NIST_KW doesn't have a separate tag.)
+    ///
+    /// \param ctx           The generic cipher context. This must be initialized and
+    ///                      bound to a key, with an AEAD algorithm or NIST_KW.
+    /// \param iv            The nonce to use. This must be a readable buffer of
+    ///                      at least \p iv_len Bytes and may be \c NULL if \p
+    ///                      iv_len is \c 0.
+    /// \param iv_len        The length of the nonce. For AEAD ciphers, this must
+    ///                      satisfy the constraints imposed by the cipher used.
+    ///                      For NIST_KW, this must be \c 0.
+    /// \param ad            The additional data to authenticate. This must be a
+    ///                      readable buffer of at least \p ad_len Bytes, and may
+    ///                      be \c NULL is \p ad_len is \c 0.
+    /// \param ad_len        The length of \p ad. For NIST_KW, this must be \c 0.
+    /// \param input         The buffer holding the input data. This must be a
+    ///                      readable buffer of at least \p ilen Bytes, and may be
+    ///                      \c NULL if \p ilen is \c 0.
+    /// \param ilen          The length of the input data. For AEAD ciphers this
+    ///                      must be at least \p tag_len. For NIST_KW this must be
+    ///                      at least \c 8.
+    /// \param output        The buffer for the output data. This must be a
+    ///                      writable buffer of at least \p output_len Bytes, and
+    ///                      may be \c NULL if \p output_len is \c 0.
+    /// \param output_len    The length of the \p output buffer in Bytes. For AEAD
+    ///                      ciphers, this must be at least \p ilen - \p tag_len.
+    ///                      For NIST_KW, this must be at least \p ilen - 8.
+    /// \param olen          This will be filled with the actual number of Bytes
+    ///                      written to the \p output buffer. This must point to a
+    ///                      writable object of type \c size_t.
+    /// \param tag_len       The actual length of the authentication tag. For AEAD
+    ///                      ciphers, this must match the constraints imposed by
+    ///                      the cipher used, and in particular must not be \c 0.
+    ///                      For NIST_KW, this must be \c 0.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+    ///                      parameter-verification failure.
+    /// \return              #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic.
+    /// \return              A cipher-specific error code on failure.
+    pub fn mbedtls_cipher_auth_decrypt_ext(
+        ctx: *mut mbedtls_cipher_context_t,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+        ad: *const crate::c_types::c_uchar,
+        ad_len: usize,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+        output_len: usize,
+        olen: *mut usize,
+        tag_len: usize,
+    ) -> crate::c_types::c_int;
+}
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_NONE: mbedtls_key_exchange_type_t = 0;
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_RSA: mbedtls_key_exchange_type_t = 1;
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_DHE_RSA: mbedtls_key_exchange_type_t = 2;
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: mbedtls_key_exchange_type_t =
+    3;
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
+    mbedtls_key_exchange_type_t = 4;
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_PSK: mbedtls_key_exchange_type_t = 5;
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_DHE_PSK: mbedtls_key_exchange_type_t = 6;
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_RSA_PSK: mbedtls_key_exchange_type_t = 7;
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: mbedtls_key_exchange_type_t =
+    8;
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_ECDH_RSA: mbedtls_key_exchange_type_t =
+    9;
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: mbedtls_key_exchange_type_t =
+    10;
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_ECJPAKE: mbedtls_key_exchange_type_t =
+    11;
+pub type mbedtls_key_exchange_type_t = crate::c_types::c_uint;
+/// \brief   This structure is used for storing ciphersuite information
+///
+/// \note    members are defined using integral types instead of enums
+///          in order to pack structure and reduce memory usage by internal
+///          \c ciphersuite_definitions[]
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ssl_ciphersuite_t {
+    pub private_id: crate::c_types::c_int,
+    pub private_name: *const crate::c_types::c_char,
+    pub private_cipher: u8,
+    pub private_mac: u8,
+    pub private_key_exchange: u8,
+    pub private_flags: u8,
+    pub private_min_tls_version: u16,
+    pub private_max_tls_version: u16,
+}
+extern "C" {
+    pub fn mbedtls_ssl_list_ciphersuites() -> *const crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_ssl_ciphersuite_from_string(
+        ciphersuite_name: *const crate::c_types::c_char,
+    ) -> *const mbedtls_ssl_ciphersuite_t;
+}
+extern "C" {
+    pub fn mbedtls_ssl_ciphersuite_from_id(
+        ciphersuite_id: crate::c_types::c_int,
+    ) -> *const mbedtls_ssl_ciphersuite_t;
+}
+extern "C" {
+    pub fn mbedtls_ssl_get_ciphersuite_sig_pk_alg(
+        info: *const mbedtls_ssl_ciphersuite_t,
+    ) -> mbedtls_pk_type_t;
+}
+extern "C" {
+    pub fn mbedtls_ssl_get_ciphersuite_sig_alg(
+        info: *const mbedtls_ssl_ciphersuite_t,
+    ) -> mbedtls_pk_type_t;
+}
+extern "C" {
+    pub fn mbedtls_ssl_ciphersuite_uses_ec(
+        info: *const mbedtls_ssl_ciphersuite_t,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_ssl_ciphersuite_uses_psk(
+        info: *const mbedtls_ssl_ciphersuite_t,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(
+        info: *const mbedtls_ssl_ciphersuite_t,
+    ) -> usize;
+}
+/// The type of the context passed to mbedtls_psa_external_get_random().
+///
+/// Mbed TLS initializes the context to all-bits-zero before calling
+/// mbedtls_psa_external_get_random() for the first time.
+///
+/// The definition of this type in the Mbed TLS source code is for
+/// demonstration purposes. Implementers of mbedtls_psa_external_get_random()
+/// are expected to replace it with a custom definition.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_psa_external_random_context_t {
+    pub private_opaque: [usize; 2usize],
+}
+pub type psa_status_t = i32;
+/// \brief Encoding of a key type.
+///
+/// Values of this type are generally constructed by macros called
+/// `PSA_KEY_TYPE_xxx`.
+///
+/// \note Values of this type are encoded in the persistent key store.
+///       Any changes to existing values will require bumping the storage
+///       format version and providing a translation when reading the old
+///       format.
+pub type psa_key_type_t = u16;
+/// The type of PSA elliptic curve family identifiers.
+///
+/// Values of this type are generally constructed by macros called
+/// `PSA_ECC_FAMILY_xxx`.
+///
+/// The curve identifier is required to create an ECC key using the
+/// PSA_KEY_TYPE_ECC_KEY_PAIR() or PSA_KEY_TYPE_ECC_PUBLIC_KEY()
+/// macros.
+///
+/// Values defined by this standard will never be in the range 0x80-0xff.
+/// Vendors who define additional families must use an encoding in this range.
+///
+/// \note Values of this type are encoded in the persistent key store.
+///       Any changes to existing values will require bumping the storage
+///       format version and providing a translation when reading the old
+///       format.
+pub type psa_ecc_family_t = u8;
+/// The type of PSA Diffie-Hellman group family identifiers.
+///
+/// Values of this type are generally constructed by macros called
+/// `PSA_DH_FAMILY_xxx`.
+///
+/// The group identifier is required to create a Diffie-Hellman key using the
+/// PSA_KEY_TYPE_DH_KEY_PAIR() or PSA_KEY_TYPE_DH_PUBLIC_KEY()
+/// macros.
+///
+/// Values defined by this standard will never be in the range 0x80-0xff.
+/// Vendors who define additional families must use an encoding in this range.
+///
+/// \note Values of this type are encoded in the persistent key store.
+///       Any changes to existing values will require bumping the storage
+///       format version and providing a translation when reading the old
+///       format.
+pub type psa_dh_family_t = u8;
+/// \brief Encoding of a cryptographic algorithm.
+///
+/// Values of this type are generally constructed by macros called
+/// `PSA_ALG_xxx`.
+///
+/// For algorithms that can be applied to multiple key types, this type
+/// does not encode the key type. For example, for symmetric ciphers
+/// based on a block cipher, #psa_algorithm_t encodes the block cipher
+/// mode and the padding mode while the block cipher itself is encoded
+/// via #psa_key_type_t.
+///
+/// \note Values of this type are encoded in the persistent key store.
+///       Any changes to existing values will require bumping the storage
+///       format version and providing a translation when reading the old
+///       format.
+pub type psa_algorithm_t = u32;
+/// Encoding of key lifetimes.
+///
+/// The lifetime of a key indicates where it is stored and what system actions
+/// may create and destroy it.
+///
+/// Lifetime values have the following structure:
+/// - Bits 0-7 (#PSA_KEY_LIFETIME_GET_PERSISTENCE(\c lifetime)):
+///   persistence level. This value indicates what device management
+///   actions can cause it to be destroyed. In particular, it indicates
+///   whether the key is _volatile_ or _persistent_.
+///   See ::psa_key_persistence_t for more information.
+/// - Bits 8-31 (#PSA_KEY_LIFETIME_GET_LOCATION(\c lifetime)):
+///   location indicator. This value indicates which part of the system
+///   has access to the key material and can perform operations using the key.
+///   See ::psa_key_location_t for more information.
+///
+/// Volatile keys are automatically destroyed when the application instance
+/// terminates or on a power reset of the device. Persistent keys are
+/// preserved until the application explicitly destroys them or until an
+/// integration-specific device management event occurs (for example,
+/// a factory reset).
+///
+/// Persistent keys have a key identifier of type #mbedtls_svc_key_id_t.
+/// This identifier remains valid throughout the lifetime of the key,
+/// even if the application instance that created the key terminates.
+/// The application can call psa_open_key() to open a persistent key that
+/// it created previously.
+///
+/// The default lifetime of a key is #PSA_KEY_LIFETIME_VOLATILE. The lifetime
+/// #PSA_KEY_LIFETIME_PERSISTENT is supported if persistent storage is
+/// available. Other lifetime values may be supported depending on the
+/// library configuration.
+///
+/// Values of this type are generally constructed by macros called
+/// `PSA_KEY_LIFETIME_xxx`.
+///
+/// \note Values of this type are encoded in the persistent key store.
+///       Any changes to existing values will require bumping the storage
+///       format version and providing a translation when reading the old
+///       format.
+pub type psa_key_lifetime_t = u32;
+/// Encoding of key persistence levels.
+///
+/// What distinguishes different persistence levels is what device management
+/// events may cause keys to be destroyed. _Volatile_ keys are destroyed
+/// by a power reset. Persistent keys may be destroyed by events such as
+/// a transfer of ownership or a factory reset. What management events
+/// actually affect persistent keys at different levels is outside the
+/// scope of the PSA Cryptography specification.
+///
+/// The PSA Cryptography specification defines the following values of
+/// persistence levels:
+/// - \c 0 = #PSA_KEY_PERSISTENCE_VOLATILE: volatile key.
+///   A volatile key is automatically destroyed by the implementation when
+///   the application instance terminates. In particular, a volatile key
+///   is automatically destroyed on a power reset of the device.
+/// - \c 1 = #PSA_KEY_PERSISTENCE_DEFAULT:
+///   persistent key with a default lifetime.
+/// - \c 2-254: currently not supported by Mbed TLS.
+/// - \c 255 = #PSA_KEY_PERSISTENCE_READ_ONLY:
+///   read-only or write-once key.
+///   A key with this persistence level cannot be destroyed.
+///   Mbed TLS does not currently offer a way to create such keys, but
+///   integrations of Mbed TLS can use it for built-in keys that the
+///   application cannot modify (for example, a hardware unique key (HUK)).
+///
+/// \note Key persistence levels are 8-bit values. Key management
+///       interfaces operate on lifetimes (type ::psa_key_lifetime_t) which
+///       encode the persistence as the lower 8 bits of a 32-bit value.
+///
+/// \note Values of this type are encoded in the persistent key store.
+///       Any changes to existing values will require bumping the storage
+///       format version and providing a translation when reading the old
+///       format.
+pub type psa_key_persistence_t = u8;
+/// Encoding of key location indicators.
+///
+/// If an integration of Mbed TLS can make calls to external
+/// cryptoprocessors such as secure elements, the location of a key
+/// indicates which secure element performs the operations on the key.
+/// Depending on the design of the secure element, the key
+/// material may be stored either in the secure element, or
+/// in wrapped (encrypted) form alongside the key metadata in the
+/// primary local storage.
+///
+/// The PSA Cryptography API specification defines the following values of
+/// location indicators:
+/// - \c 0: primary local storage.
+///   This location is always available.
+///   The primary local storage is typically the same storage area that
+///   contains the key metadata.
+/// - \c 1: primary secure element.
+///   Integrations of Mbed TLS should support this value if there is a secure
+///   element attached to the operating environment.
+///   As a guideline, secure elements may provide higher resistance against
+///   side channel and physical attacks than the primary local storage, but may
+///   have restrictions on supported key types, sizes, policies and operations
+///   and may have different performance characteristics.
+/// - \c 2-0x7fffff: other locations defined by a PSA specification.
+///   The PSA Cryptography API does not currently assign any meaning to these
+///   locations, but future versions of that specification or other PSA
+///   specifications may do so.
+/// - \c 0x800000-0xffffff: vendor-defined locations.
+///   No PSA specification will assign a meaning to locations in this range.
+///
+/// \note Key location indicators are 24-bit values. Key management
+///       interfaces operate on lifetimes (type ::psa_key_lifetime_t) which
+///       encode the location as the upper 24 bits of a 32-bit value.
+///
+/// \note Values of this type are encoded in the persistent key store.
+///       Any changes to existing values will require bumping the storage
+///       format version and providing a translation when reading the old
+///       format.
+pub type psa_key_location_t = u32;
+/// Encoding of identifiers of persistent keys.
+///
+/// - Applications may freely choose key identifiers in the range
+///   #PSA_KEY_ID_USER_MIN to #PSA_KEY_ID_USER_MAX.
+/// - The implementation may define additional key identifiers in the range
+///   #PSA_KEY_ID_VENDOR_MIN to #PSA_KEY_ID_VENDOR_MAX.
+/// - 0 is reserved as an invalid key identifier.
+/// - Key identifiers outside these ranges are reserved for future use.
+///
+/// \note Values of this type are encoded in the persistent key store.
+///       Any changes to how values are allocated must require careful
+///       consideration to allow backward compatibility.
+pub type psa_key_id_t = u32;
+pub type mbedtls_svc_key_id_t = psa_key_id_t;
+/// \brief Encoding of permitted usage on a key.
+///
+/// Values of this type are generally constructed as bitwise-ors of macros
+/// called `PSA_KEY_USAGE_xxx`.
+///
+/// \note Values of this type are encoded in the persistent key store.
+///       Any changes to existing values will require bumping the storage
+///       format version and providing a translation when reading the old
+///       format.
+pub type psa_key_usage_t = u32;
+/// The type of a structure containing key attributes.
+///
+/// This is an opaque structure that can represent the metadata of a key
+/// object. Metadata that can be stored in attributes includes:
+/// - The location of the key in storage, indicated by its key identifier
+///   and its lifetime.
+/// - The key's policy, comprising usage flags and a specification of
+///   the permitted algorithm(s).
+/// - Information about the key itself: the key type and its size.
+/// - Additional implementation-defined attributes.
+///
+/// The actual key material is not considered an attribute of a key.
+/// Key attributes do not contain information that is generally considered
+/// highly confidential.
+///
+/// An attribute structure works like a simple data structure where each function
+/// `psa_set_key_xxx` sets a field and the corresponding function
+/// `psa_get_key_xxx` retrieves the value of the corresponding field.
+/// However, a future version of the library  may report values that are
+/// equivalent to the original one, but have a different encoding. Invalid
+/// values may be mapped to different, also invalid values.
+///
+/// An attribute structure may contain references to auxiliary resources,
+/// for example pointers to allocated memory or indirect references to
+/// pre-calculated values. In order to free such resources, the application
+/// must call psa_reset_key_attributes(). As an exception, calling
+/// psa_reset_key_attributes() on an attribute structure is optional if
+/// the structure has only been modified by the following functions
+/// since it was initialized or last reset with psa_reset_key_attributes():
+/// - psa_set_key_id()
+/// - psa_set_key_lifetime()
+/// - psa_set_key_type()
+/// - psa_set_key_bits()
+/// - psa_set_key_usage_flags()
+/// - psa_set_key_algorithm()
+///
+/// Before calling any function on a key attribute structure, the application
+/// must initialize it by any of the following means:
+/// - Set the structure to all-bits-zero, for example:
+///   \code
+///   psa_key_attributes_t attributes;
+///   memset(&attributes, 0, sizeof(attributes));
+///   \endcode
+/// - Initialize the structure to logical zero values, for example:
+///   \code
+///   psa_key_attributes_t attributes = {0};
+///   \endcode
+/// - Initialize the structure to the initializer #PSA_KEY_ATTRIBUTES_INIT,
+///   for example:
+///   \code
+///   psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+///   \endcode
+/// - Assign the result of the function psa_key_attributes_init()
+///   to the structure, for example:
+///   \code
+///   psa_key_attributes_t attributes;
+///   attributes = psa_key_attributes_init();
+///   \endcode
+///
+/// A freshly initialized attribute structure contains the following
+/// values:
+///
+/// - lifetime: #PSA_KEY_LIFETIME_VOLATILE.
+/// - key identifier: 0 (which is not a valid key identifier).
+/// - type: \c 0 (meaning that the type is unspecified).
+/// - key size: \c 0 (meaning that the size is unspecified).
+/// - usage flags: \c 0 (which allows no usage except exporting a public key).
+/// - algorithm: \c 0 (which allows no cryptographic usage, but allows
+///   exporting).
+///
+/// A typical sequence to create a key is as follows:
+/// -# Create and initialize an attribute structure.
+/// -# If the key is persistent, call psa_set_key_id().
+///    Also call psa_set_key_lifetime() to place the key in a non-default
+///    location.
+/// -# Set the key policy with psa_set_key_usage_flags() and
+///    psa_set_key_algorithm().
+/// -# Set the key type with psa_set_key_type().
+///    Skip this step if copying an existing key with psa_copy_key().
+/// -# When generating a random key with psa_generate_key() or deriving a key
+///    with psa_key_derivation_output_key(), set the desired key size with
+///    psa_set_key_bits().
+/// -# Call a key creation function: psa_import_key(), psa_generate_key(),
+///    psa_key_derivation_output_key() or psa_copy_key(). This function reads
+///    the attribute structure, creates a key with these attributes, and
+///    outputs a key identifier to the newly created key.
+/// -# The attribute structure is now no longer necessary.
+///    You may call psa_reset_key_attributes(), although this is optional
+///    with the workflow presented here because the attributes currently
+///    defined in this specification do not require any additional resources
+///    beyond the structure itself.
+///
+/// A typical sequence to query a key's attributes is as follows:
+/// -# Call psa_get_key_attributes().
+/// -# Call `psa_get_key_xxx` functions to retrieve the attribute(s) that
+///    you are interested in.
+/// -# Call psa_reset_key_attributes() to free any resources that may be
+///    used by the attribute structure.
+///
+/// Once a key has been created, it is impossible to change its attributes.
+pub type psa_key_attributes_t = psa_key_attributes_s;
+/// \brief Encoding of the step of a key derivation.
+///
+/// Values of this type are generally constructed by macros called
+/// `PSA_KEY_DERIVATION_INPUT_xxx`.
+pub type psa_key_derivation_step_t = u16;
+extern "C" {
+    /// \brief Library initialization.
+    ///
+    /// Applications must call this function before calling any other
+    /// function in this module.
+    ///
+    /// Applications may call this function more than once. Once a call
+    /// succeeds, subsequent calls are guaranteed to succeed.
+    ///
+    /// If the application calls other functions before calling psa_crypto_init(),
+    /// the behavior is undefined. Implementations are encouraged to either perform
+    /// the operation as if the library had been initialized or to return
+    /// #PSA_ERROR_BAD_STATE or some other applicable error. In particular,
+    /// implementations should not return a success status if the lack of
+    /// initialization may have security implications, for example due to improper
+    /// seeding of the random number generator.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    pub fn psa_crypto_init() -> psa_status_t;
+}
+extern "C" {
+    /// Retrieve the attributes of a key.
+    ///
+    /// This function first resets the attribute structure as with
+    /// psa_reset_key_attributes(). It then copies the attributes of
+    /// the given key into the given attribute structure.
+    ///
+    /// \note This function may allocate memory or other resources.
+    ///       Once you have called this function on an attribute structure,
+    ///       you must call psa_reset_key_attributes() to free these resources.
+    ///
+    /// \param[in] key               Identifier of the key to query.
+    /// \param[in,out] attributes    On success, the attributes of the key.
+    ///                              On failure, equivalent to a
+    ///                              freshly-initialized structure.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_get_key_attributes(
+        key: mbedtls_svc_key_id_t,
+        attributes: *mut psa_key_attributes_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Reset a key attribute structure to a freshly initialized state.
+    ///
+    /// You must initialize the attribute structure as described in the
+    /// documentation of the type #psa_key_attributes_t before calling this
+    /// function. Once the structure has been initialized, you may call this
+    /// function at any time.
+    ///
+    /// This function frees any auxiliary resources that the structure
+    /// may contain.
+    ///
+    /// \param[in,out] attributes    The attribute structure to reset.
+    pub fn psa_reset_key_attributes(attributes: *mut psa_key_attributes_t);
+}
+extern "C" {
+    /// Remove non-essential copies of key material from memory.
+    ///
+    /// If the key identifier designates a volatile key, this functions does not do
+    /// anything and returns successfully.
+    ///
+    /// If the key identifier designates a persistent key, then this function will
+    /// free all resources associated with the key in volatile memory. The key
+    /// data in persistent storage is not affected and the key can still be used.
+    ///
+    /// \param key Identifier of the key to purge.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         The key material will have been removed from memory if it is not
+    ///         currently required.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not a valid key identifier.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_purge_key(key: mbedtls_svc_key_id_t) -> psa_status_t;
+}
+extern "C" {
+    /// Make a copy of a key.
+    ///
+    /// Copy key material from one location to another.
+    ///
+    /// This function is primarily useful to copy a key from one location
+    /// to another, since it populates a key using the material from
+    /// another key which may have a different lifetime.
+    ///
+    /// This function may be used to share a key with a different party,
+    /// subject to implementation-defined restrictions on key sharing.
+    ///
+    /// The policy on the source key must have the usage flag
+    /// #PSA_KEY_USAGE_COPY set.
+    /// This flag is sufficient to permit the copy if the key has the lifetime
+    /// #PSA_KEY_LIFETIME_VOLATILE or #PSA_KEY_LIFETIME_PERSISTENT.
+    /// Some secure elements do not provide a way to copy a key without
+    /// making it extractable from the secure element. If a key is located
+    /// in such a secure element, then the key must have both usage flags
+    /// #PSA_KEY_USAGE_COPY and #PSA_KEY_USAGE_EXPORT in order to make
+    /// a copy of the key outside the secure element.
+    ///
+    /// The resulting key may only be used in a way that conforms to
+    /// both the policy of the original key and the policy specified in
+    /// the \p attributes parameter:
+    /// - The usage flags on the resulting key are the bitwise-and of the
+    ///   usage flags on the source policy and the usage flags in \p attributes.
+    /// - If both allow the same algorithm or wildcard-based
+    ///   algorithm policy, the resulting key has the same algorithm policy.
+    /// - If either of the policies allows an algorithm and the other policy
+    ///   allows a wildcard-based algorithm policy that includes this algorithm,
+    ///   the resulting key allows the same algorithm.
+    /// - If the policies do not allow any algorithm in common, this function
+    ///   fails with the status #PSA_ERROR_INVALID_ARGUMENT.
+    ///
+    /// The effect of this function on implementation-defined attributes is
+    /// implementation-defined.
+    ///
+    /// \param source_key        The key to copy. It must allow the usage
+    ///                          #PSA_KEY_USAGE_COPY. If a private or secret key is
+    ///                          being copied outside of a secure element it must
+    ///                          also allow #PSA_KEY_USAGE_EXPORT.
+    /// \param[in] attributes    The attributes for the new key.
+    ///                          They are used as follows:
+    ///                          - The key type and size may be 0. If either is
+    ///                            nonzero, it must match the corresponding
+    ///                            attribute of the source key.
+    ///                          - The key location (the lifetime and, for
+    ///                            persistent keys, the key identifier) is
+    ///                            used directly.
+    ///                          - The policy constraints (usage flags and
+    ///                            algorithm policy) are combined from
+    ///                            the source key and \p attributes so that
+    ///                            both sets of restrictions apply, as
+    ///                            described in the documentation of this function.
+    /// \param[out] target_key   On success, an identifier for the newly created
+    ///                          key. For persistent keys, this is the key
+    ///                          identifier defined in \p attributes.
+    ///                          \c 0 on failure.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_HANDLE
+    ///         \p source_key is invalid.
+    /// \retval #PSA_ERROR_ALREADY_EXISTS
+    ///         This is an attempt to create a persistent key, and there is
+    ///         already a persistent key with the given identifier.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The lifetime or identifier in \p attributes are invalid, or
+    ///         the policy constraints on the source and specified in
+    ///         \p attributes are incompatible, or
+    ///         \p attributes specifies a key type or key size
+    ///         which does not match the attributes of the source key.
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The source key does not have the #PSA_KEY_USAGE_COPY usage flag, or
+    ///         the source key is not exportable and its lifetime does not
+    ///         allow copying it to the target's lifetime.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_copy_key(
+        source_key: mbedtls_svc_key_id_t,
+        attributes: *const psa_key_attributes_t,
+        target_key: *mut mbedtls_svc_key_id_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Destroy a key.
+    ///
+    /// This function destroys a key from both volatile
+    /// memory and, if applicable, non-volatile storage. Implementations shall
+    /// make a best effort to ensure that the key material cannot be recovered.
+    ///
+    /// This function also erases any metadata such as policies and frees
+    /// resources associated with the key.
+    ///
+    /// If a key is currently in use in a multipart operation, then destroying the
+    /// key will cause the multipart operation to fail.
+    ///
+    /// \param key  Identifier of the key to erase. If this is \c 0, do nothing and
+    ///             return #PSA_SUCCESS.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         \p key was a valid identifier and the key material that it
+    ///         referred to has been erased. Alternatively, \p key is \c 0.
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The key cannot be erased because it is
+    ///         read-only, either due to a policy or due to physical restrictions.
+    /// \retval #PSA_ERROR_INVALID_HANDLE
+    ///         \p key is not a valid identifier nor \c 0.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE
+    ///         There was a failure in communication with the cryptoprocessor.
+    ///         The key material may still be present in the cryptoprocessor.
+    /// \retval #PSA_ERROR_DATA_INVALID
+    ///         This error is typically a result of either storage corruption on a
+    ///         cleartext storage backend, or an attempt to read data that was
+    ///         written by an incompatible version of the library.
+    /// \retval #PSA_ERROR_STORAGE_FAILURE
+    ///         The storage is corrupted. Implementations shall make a best effort
+    ///         to erase key material even in this stage, however applications
+    ///         should be aware that it may be impossible to guarantee that the
+    ///         key material is not recoverable in such cases.
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED
+    ///         An unexpected condition which is not a storage corruption or
+    ///         a communication failure occurred. The cryptoprocessor may have
+    ///         been compromised.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_destroy_key(key: mbedtls_svc_key_id_t) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Import a key in binary format.
+    ///
+    /// This function supports any output from psa_export_key(). Refer to the
+    /// documentation of psa_export_public_key() for the format of public keys
+    /// and to the documentation of psa_export_key() for the format for
+    /// other key types.
+    ///
+    /// The key data determines the key size. The attributes may optionally
+    /// specify a key size; in this case it must match the size determined
+    /// from the key data. A key size of 0 in \p attributes indicates that
+    /// the key size is solely determined by the key data.
+    ///
+    /// Implementations must reject an attempt to import a key of size 0.
+    ///
+    /// This specification supports a single format for each key type.
+    /// Implementations may support other formats as long as the standard
+    /// format is supported. Implementations that support other formats
+    /// should ensure that the formats are clearly unambiguous so as to
+    /// minimize the risk that an invalid input is accidentally interpreted
+    /// according to a different format.
+    ///
+    /// \param[in] attributes    The attributes for the new key.
+    ///                          The key size is always determined from the
+    ///                          \p data buffer.
+    ///                          If the key size in \p attributes is nonzero,
+    ///                          it must be equal to the size from \p data.
+    /// \param[out] key          On success, an identifier to the newly created key.
+    ///                          For persistent keys, this is the key identifier
+    ///                          defined in \p attributes.
+    ///                          \c 0 on failure.
+    /// \param[in] data    Buffer containing the key data. The content of this
+    ///                    buffer is interpreted according to the type declared
+    ///                    in \p attributes.
+    ///                    All implementations must support at least the format
+    ///                    described in the documentation
+    ///                    of psa_export_key() or psa_export_public_key() for
+    ///                    the chosen type. Implementations may allow other
+    ///                    formats, but should be conservative: implementations
+    ///                    should err on the side of rejecting content if it
+    ///                    may be erroneous (e.g. wrong type or truncated data).
+    /// \param data_length Size of the \p data buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    ///         If the key is persistent, the key material and the key's metadata
+    ///         have been saved to persistent storage.
+    /// \retval #PSA_ERROR_ALREADY_EXISTS
+    ///         This is an attempt to create a persistent key, and there is
+    ///         already a persistent key with the given identifier.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         The key type or key size is not supported, either by the
+    ///         implementation in general or in this particular persistent location.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The key attributes, as a whole, are invalid, or
+    ///         the key data is not correctly formatted, or
+    ///         the size in \p attributes is nonzero and does not match the size
+    ///         of the key data.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_import_key(
+        attributes: *const psa_key_attributes_t,
+        data: *const u8,
+        data_length: usize,
+        key: *mut mbedtls_svc_key_id_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Export a key in binary format.
+    ///
+    /// The output of this function can be passed to psa_import_key() to
+    /// create an equivalent object.
+    ///
+    /// If the implementation of psa_import_key() supports other formats
+    /// beyond the format specified here, the output from psa_export_key()
+    /// must use the representation specified here, not the original
+    /// representation.
+    ///
+    /// For standard key types, the output format is as follows:
+    ///
+    /// - For symmetric keys (including MAC keys), the format is the
+    ///   raw bytes of the key.
+    /// - For DES, the key data consists of 8 bytes. The parity bits must be
+    ///   correct.
+    /// - For Triple-DES, the format is the concatenation of the
+    ///   two or three DES keys.
+    /// - For RSA key pairs (#PSA_KEY_TYPE_RSA_KEY_PAIR), the format
+    ///   is the non-encrypted DER encoding of the representation defined by
+    ///   PKCS\#1 (RFC 8017) as `RSAPrivateKey`, version 0.
+    ///   ```
+    ///   RSAPrivateKey ::= SEQUENCE {
+    ///       version             INTEGER,  -- must be 0
+    ///       modulus             INTEGER,  -- n
+    ///       publicExponent      INTEGER,  -- e
+    ///       privateExponent     INTEGER,  -- d
+    ///       prime1              INTEGER,  -- p
+    ///       prime2              INTEGER,  -- q
+    ///       exponent1           INTEGER,  -- d mod (p-1)
+    ///       exponent2           INTEGER,  -- d mod (q-1)
+    ///       coefficient         INTEGER,  -- (inverse of q) mod p
+    ///   }
+    ///   ```
+    /// - For elliptic curve key pairs (key types for which
+    ///   #PSA_KEY_TYPE_IS_ECC_KEY_PAIR is true), the format is
+    ///   a representation of the private value as a `ceiling(m/8)`-byte string
+    ///   where `m` is the bit size associated with the curve, i.e. the bit size
+    ///   of the order of the curve's coordinate field. This byte string is
+    ///   in little-endian order for Montgomery curves (curve types
+    ///   `PSA_ECC_FAMILY_CURVEXXX`), and in big-endian order for Weierstrass
+    ///   curves (curve types `PSA_ECC_FAMILY_SECTXXX`, `PSA_ECC_FAMILY_SECPXXX`
+    ///   and `PSA_ECC_FAMILY_BRAINPOOL_PXXX`).
+    ///   For Weierstrass curves, this is the content of the `privateKey` field of
+    ///   the `ECPrivateKey` format defined by RFC 5915.  For Montgomery curves,
+    ///   the format is defined by RFC 7748, and output is masked according to §5.
+    ///   For twisted Edwards curves, the private key is as defined by RFC 8032
+    ///   (a 32-byte string for Edwards25519, a 57-byte string for Edwards448).
+    /// - For Diffie-Hellman key exchange key pairs (key types for which
+    ///   #PSA_KEY_TYPE_IS_DH_KEY_PAIR is true), the
+    ///   format is the representation of the private key `x` as a big-endian byte
+    ///   string. The length of the byte string is the private key size in bytes
+    ///   (leading zeroes are not stripped).
+    /// - For public keys (key types for which #PSA_KEY_TYPE_IS_PUBLIC_KEY is
+    ///   true), the format is the same as for psa_export_public_key().
+    ///
+    /// The policy on the key must have the usage flag #PSA_KEY_USAGE_EXPORT set.
+    ///
+    /// \param key               Identifier of the key to export. It must allow the
+    ///                          usage #PSA_KEY_USAGE_EXPORT, unless it is a public
+    ///                          key.
+    /// \param[out] data         Buffer where the key data is to be written.
+    /// \param data_size         Size of the \p data buffer in bytes.
+    /// \param[out] data_length  On success, the number of bytes
+    ///                          that make up the key data.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The key does not have the #PSA_KEY_USAGE_EXPORT flag.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p data buffer is too small. You can determine a
+    ///         sufficient buffer size by calling
+    ///         #PSA_EXPORT_KEY_OUTPUT_SIZE(\c type, \c bits)
+    ///         where \c type is the key type
+    ///         and \c bits is the key size in bits.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_export_key(
+        key: mbedtls_svc_key_id_t,
+        data: *mut u8,
+        data_size: usize,
+        data_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Export a public key or the public part of a key pair in binary format.
+    ///
+    /// The output of this function can be passed to psa_import_key() to
+    /// create an object that is equivalent to the public key.
+    ///
+    /// This specification supports a single format for each key type.
+    /// Implementations may support other formats as long as the standard
+    /// format is supported. Implementations that support other formats
+    /// should ensure that the formats are clearly unambiguous so as to
+    /// minimize the risk that an invalid input is accidentally interpreted
+    /// according to a different format.
+    ///
+    /// For standard key types, the output format is as follows:
+    /// - For RSA public keys (#PSA_KEY_TYPE_RSA_PUBLIC_KEY), the DER encoding of
+    ///   the representation defined by RFC 3279 &sect;2.3.1 as `RSAPublicKey`.
+    ///   ```
+    ///   RSAPublicKey ::= SEQUENCE {
+    ///      modulus            INTEGER,    -- n
+    ///      publicExponent     INTEGER  }  -- e
+    ///   ```
+    /// - For elliptic curve keys on a twisted Edwards curve (key types for which
+    ///   #PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY is true and #PSA_KEY_TYPE_ECC_GET_FAMILY
+    ///   returns #PSA_ECC_FAMILY_TWISTED_EDWARDS), the public key is as defined
+    ///   by RFC 8032
+    ///   (a 32-byte string for Edwards25519, a 57-byte string for Edwards448).
+    /// - For other elliptic curve public keys (key types for which
+    ///   #PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY is true), the format is the uncompressed
+    ///   representation defined by SEC1 &sect;2.3.3 as the content of an ECPoint.
+    ///   Let `m` be the bit size associated with the curve, i.e. the bit size of
+    ///   `q` for a curve over `F_q`. The representation consists of:
+    ///      - The byte 0x04;
+    ///      - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
+    ///      - `y_P` as a `ceiling(m/8)`-byte string, big-endian.
+    /// - For Diffie-Hellman key exchange public keys (key types for which
+    ///   #PSA_KEY_TYPE_IS_DH_PUBLIC_KEY is true),
+    ///   the format is the representation of the public key `y = g^x mod p` as a
+    ///   big-endian byte string. The length of the byte string is the length of the
+    ///   base prime `p` in bytes.
+    ///
+    /// Exporting a public key object or the public part of a key pair is
+    /// always permitted, regardless of the key's usage flags.
+    ///
+    /// \param key               Identifier of the key to export.
+    /// \param[out] data         Buffer where the key data is to be written.
+    /// \param data_size         Size of the \p data buffer in bytes.
+    /// \param[out] data_length  On success, the number of bytes
+    ///                          that make up the key data.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The key is neither a public key nor a key pair.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p data buffer is too small. You can determine a
+    ///         sufficient buffer size by calling
+    ///         #PSA_EXPORT_KEY_OUTPUT_SIZE(#PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(\c type), \c bits)
+    ///         where \c type is the key type
+    ///         and \c bits is the key size in bits.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_export_public_key(
+        key: mbedtls_svc_key_id_t,
+        data: *mut u8,
+        data_size: usize,
+        data_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Calculate the hash (digest) of a message.
+    ///
+    /// \note To verify the hash of a message against an
+    ///       expected value, use psa_hash_compare() instead.
+    ///
+    /// \param alg               The hash algorithm to compute (\c PSA_ALG_XXX value
+    ///                          such that #PSA_ALG_IS_HASH(\p alg) is true).
+    /// \param[in] input         Buffer containing the message to hash.
+    /// \param input_length      Size of the \p input buffer in bytes.
+    /// \param[out] hash         Buffer where the hash is to be written.
+    /// \param hash_size         Size of the \p hash buffer in bytes.
+    /// \param[out] hash_length  On success, the number of bytes
+    ///                          that make up the hash value. This is always
+    ///                          #PSA_HASH_LENGTH(\p alg).
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not a hash algorithm.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         \p hash_size is too small
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_hash_compute(
+        alg: psa_algorithm_t,
+        input: *const u8,
+        input_length: usize,
+        hash: *mut u8,
+        hash_size: usize,
+        hash_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Calculate the hash (digest) of a message and compare it with a
+    /// reference value.
+    ///
+    /// \param alg               The hash algorithm to compute (\c PSA_ALG_XXX value
+    ///                          such that #PSA_ALG_IS_HASH(\p alg) is true).
+    /// \param[in] input         Buffer containing the message to hash.
+    /// \param input_length      Size of the \p input buffer in bytes.
+    /// \param[out] hash         Buffer containing the expected hash value.
+    /// \param hash_length       Size of the \p hash buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         The expected hash is identical to the actual hash of the input.
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The hash of the message was calculated successfully, but it
+    ///         differs from the expected hash.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not a hash algorithm.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p input_length or \p hash_length do not match the hash size for \p alg
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_hash_compare(
+        alg: psa_algorithm_t,
+        input: *const u8,
+        input_length: usize,
+        hash: *const u8,
+        hash_length: usize,
+    ) -> psa_status_t;
+}
+/// The type of the state data structure for multipart hash operations.
+///
+/// Before calling any function on a hash operation object, the application must
+/// initialize it by any of the following means:
+/// - Set the structure to all-bits-zero, for example:
+///   \code
+///   psa_hash_operation_t operation;
+///   memset(&operation, 0, sizeof(operation));
+///   \endcode
+/// - Initialize the structure to logical zero values, for example:
+///   \code
+///   psa_hash_operation_t operation = {0};
+///   \endcode
+/// - Initialize the structure to the initializer #PSA_HASH_OPERATION_INIT,
+///   for example:
+///   \code
+///   psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
+///   \endcode
+/// - Assign the result of the function psa_hash_operation_init()
+///   to the structure, for example:
+///   \code
+///   psa_hash_operation_t operation;
+///   operation = psa_hash_operation_init();
+///   \endcode
+///
+/// This is an implementation-defined \c struct. Applications should not
+/// make any assumptions about the content of this structure.
+/// Implementation details can change in future versions without notice.
+pub type psa_hash_operation_t = psa_hash_operation_s;
+extern "C" {
+    /// Set up a multipart hash operation.
+    ///
+    /// The sequence of operations to calculate a hash (message digest)
+    /// is as follows:
+    /// -# Allocate an operation object which will be passed to all the functions
+    ///    listed here.
+    /// -# Initialize the operation object with one of the methods described in the
+    ///    documentation for #psa_hash_operation_t, e.g. #PSA_HASH_OPERATION_INIT.
+    /// -# Call psa_hash_setup() to specify the algorithm.
+    /// -# Call psa_hash_update() zero, one or more times, passing a fragment
+    ///    of the message each time. The hash that is calculated is the hash
+    ///    of the concatenation of these messages in order.
+    /// -# To calculate the hash, call psa_hash_finish().
+    ///    To compare the hash with an expected value, call psa_hash_verify().
+    ///
+    /// If an error occurs at any step after a call to psa_hash_setup(), the
+    /// operation will need to be reset by a call to psa_hash_abort(). The
+    /// application may call psa_hash_abort() at any time after the operation
+    /// has been initialized.
+    ///
+    /// After a successful call to psa_hash_setup(), the application must
+    /// eventually terminate the operation. The following events terminate an
+    /// operation:
+    /// - A successful call to psa_hash_finish() or psa_hash_verify().
+    /// - A call to psa_hash_abort().
+    ///
+    /// \param[in,out] operation The operation object to set up. It must have
+    ///                          been initialized as per the documentation for
+    ///                          #psa_hash_operation_t and not yet in use.
+    /// \param alg               The hash algorithm to compute (\c PSA_ALG_XXX value
+    ///                          such that #PSA_ALG_IS_HASH(\p alg) is true).
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not a supported hash algorithm.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p alg is not a hash algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be inactive), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_hash_setup(
+        operation: *mut psa_hash_operation_t,
+        alg: psa_algorithm_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Add a message fragment to a multipart hash operation.
+    ///
+    /// The application must call psa_hash_setup() before calling this function.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_hash_abort().
+    ///
+    /// \param[in,out] operation Active hash operation.
+    /// \param[in] input         Buffer containing the message fragment to hash.
+    /// \param input_length      Size of the \p input buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_hash_update(
+        operation: *mut psa_hash_operation_t,
+        input: *const u8,
+        input_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Finish the calculation of the hash of a message.
+    ///
+    /// The application must call psa_hash_setup() before calling this function.
+    /// This function calculates the hash of the message formed by concatenating
+    /// the inputs passed to preceding calls to psa_hash_update().
+    ///
+    /// When this function returns successfully, the operation becomes inactive.
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_hash_abort().
+    ///
+    /// \warning Applications should not call this function if they expect
+    ///          a specific value for the hash. Call psa_hash_verify() instead.
+    ///          Beware that comparing integrity or authenticity data such as
+    ///          hash values with a function such as \c memcmp is risky
+    ///          because the time taken by the comparison may leak information
+    ///          about the hashed data which could allow an attacker to guess
+    ///          a valid hash and thereby bypass security controls.
+    ///
+    /// \param[in,out] operation     Active hash operation.
+    /// \param[out] hash             Buffer where the hash is to be written.
+    /// \param hash_size             Size of the \p hash buffer in bytes.
+    /// \param[out] hash_length      On success, the number of bytes
+    ///                              that make up the hash value. This is always
+    ///                              #PSA_HASH_LENGTH(\c alg) where \c alg is the
+    ///                              hash algorithm that is calculated.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p hash buffer is too small. You can determine a
+    ///         sufficient buffer size by calling #PSA_HASH_LENGTH(\c alg)
+    ///         where \c alg is the hash algorithm that is calculated.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_hash_finish(
+        operation: *mut psa_hash_operation_t,
+        hash: *mut u8,
+        hash_size: usize,
+        hash_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Finish the calculation of the hash of a message and compare it with
+    /// an expected value.
+    ///
+    /// The application must call psa_hash_setup() before calling this function.
+    /// This function calculates the hash of the message formed by concatenating
+    /// the inputs passed to preceding calls to psa_hash_update(). It then
+    /// compares the calculated hash with the expected hash passed as a
+    /// parameter to this function.
+    ///
+    /// When this function returns successfully, the operation becomes inactive.
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_hash_abort().
+    ///
+    /// \note Implementations shall make the best effort to ensure that the
+    /// comparison between the actual hash and the expected hash is performed
+    /// in constant time.
+    ///
+    /// \param[in,out] operation     Active hash operation.
+    /// \param[in] hash              Buffer containing the expected hash value.
+    /// \param hash_length           Size of the \p hash buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         The expected hash is identical to the actual hash of the message.
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The hash of the message was calculated successfully, but it
+    ///         differs from the expected hash.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_hash_verify(
+        operation: *mut psa_hash_operation_t,
+        hash: *const u8,
+        hash_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Abort a hash operation.
+    ///
+    /// Aborting an operation frees all associated resources except for the
+    /// \p operation structure itself. Once aborted, the operation object
+    /// can be reused for another operation by calling
+    /// psa_hash_setup() again.
+    ///
+    /// You may call this function any time after the operation object has
+    /// been initialized by one of the methods described in #psa_hash_operation_t.
+    ///
+    /// In particular, calling psa_hash_abort() after the operation has been
+    /// terminated by a call to psa_hash_abort(), psa_hash_finish() or
+    /// psa_hash_verify() is safe and has no effect.
+    ///
+    /// \param[in,out] operation     Initialized hash operation.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_hash_abort(operation: *mut psa_hash_operation_t) -> psa_status_t;
+}
+extern "C" {
+    /// Clone a hash operation.
+    ///
+    /// This function copies the state of an ongoing hash operation to
+    /// a new operation object. In other words, this function is equivalent
+    /// to calling psa_hash_setup() on \p target_operation with the same
+    /// algorithm that \p source_operation was set up for, then
+    /// psa_hash_update() on \p target_operation with the same input that
+    /// that was passed to \p source_operation. After this function returns, the
+    /// two objects are independent, i.e. subsequent calls involving one of
+    /// the objects do not affect the other object.
+    ///
+    /// \param[in] source_operation      The active hash operation to clone.
+    /// \param[in,out] target_operation  The operation object to set up.
+    ///                                  It must be initialized but not active.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The \p source_operation state is not valid (it must be active), or
+    ///         the \p target_operation state is not valid (it must be inactive), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_hash_clone(
+        source_operation: *const psa_hash_operation_t,
+        target_operation: *mut psa_hash_operation_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Calculate the MAC (message authentication code) of a message.
+    ///
+    /// \note To verify the MAC of a message against an
+    ///       expected value, use psa_mac_verify() instead.
+    ///       Beware that comparing integrity or authenticity data such as
+    ///       MAC values with a function such as \c memcmp is risky
+    ///       because the time taken by the comparison may leak information
+    ///       about the MAC value which could allow an attacker to guess
+    ///       a valid MAC and thereby bypass security controls.
+    ///
+    /// \param key               Identifier of the key to use for the operation. It
+    ///                          must allow the usage PSA_KEY_USAGE_SIGN_MESSAGE.
+    /// \param alg               The MAC algorithm to compute (\c PSA_ALG_XXX value
+    ///                          such that #PSA_ALG_IS_MAC(\p alg) is true).
+    /// \param[in] input         Buffer containing the input message.
+    /// \param input_length      Size of the \p input buffer in bytes.
+    /// \param[out] mac          Buffer where the MAC value is to be written.
+    /// \param mac_size          Size of the \p mac buffer in bytes.
+    /// \param[out] mac_length   On success, the number of bytes
+    ///                          that make up the MAC value.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not compatible with \p alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not a MAC algorithm.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         \p mac_size is too small
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE
+    ///         The key could not be retrieved from storage.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_mac_compute(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        input: *const u8,
+        input_length: usize,
+        mac: *mut u8,
+        mac_size: usize,
+        mac_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Calculate the MAC of a message and compare it with a reference value.
+    ///
+    /// \param key               Identifier of the key to use for the operation. It
+    ///                          must allow the usage PSA_KEY_USAGE_VERIFY_MESSAGE.
+    /// \param alg               The MAC algorithm to compute (\c PSA_ALG_XXX value
+    ///                          such that #PSA_ALG_IS_MAC(\p alg) is true).
+    /// \param[in] input         Buffer containing the input message.
+    /// \param input_length      Size of the \p input buffer in bytes.
+    /// \param[out] mac          Buffer containing the expected MAC value.
+    /// \param mac_length        Size of the \p mac buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         The expected MAC is identical to the actual MAC of the input.
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The MAC of the message was calculated successfully, but it
+    ///         differs from the expected value.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not compatible with \p alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not a MAC algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE
+    ///         The key could not be retrieved from storage.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_mac_verify(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        input: *const u8,
+        input_length: usize,
+        mac: *const u8,
+        mac_length: usize,
+    ) -> psa_status_t;
+}
+/// The type of the state data structure for multipart MAC operations.
+///
+/// Before calling any function on a MAC operation object, the application must
+/// initialize it by any of the following means:
+/// - Set the structure to all-bits-zero, for example:
+///   \code
+///   psa_mac_operation_t operation;
+///   memset(&operation, 0, sizeof(operation));
+///   \endcode
+/// - Initialize the structure to logical zero values, for example:
+///   \code
+///   psa_mac_operation_t operation = {0};
+///   \endcode
+/// - Initialize the structure to the initializer #PSA_MAC_OPERATION_INIT,
+///   for example:
+///   \code
+///   psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+///   \endcode
+/// - Assign the result of the function psa_mac_operation_init()
+///   to the structure, for example:
+///   \code
+///   psa_mac_operation_t operation;
+///   operation = psa_mac_operation_init();
+///   \endcode
+///
+///
+/// This is an implementation-defined \c struct. Applications should not
+/// make any assumptions about the content of this structure.
+/// Implementation details can change in future versions without notice.
+pub type psa_mac_operation_t = psa_mac_operation_s;
+extern "C" {
+    /// Set up a multipart MAC calculation operation.
+    ///
+    /// This function sets up the calculation of the MAC
+    /// (message authentication code) of a byte string.
+    /// To verify the MAC of a message against an
+    /// expected value, use psa_mac_verify_setup() instead.
+    ///
+    /// The sequence of operations to calculate a MAC is as follows:
+    /// -# Allocate an operation object which will be passed to all the functions
+    ///    listed here.
+    /// -# Initialize the operation object with one of the methods described in the
+    ///    documentation for #psa_mac_operation_t, e.g. #PSA_MAC_OPERATION_INIT.
+    /// -# Call psa_mac_sign_setup() to specify the algorithm and key.
+    /// -# Call psa_mac_update() zero, one or more times, passing a fragment
+    ///    of the message each time. The MAC that is calculated is the MAC
+    ///    of the concatenation of these messages in order.
+    /// -# At the end of the message, call psa_mac_sign_finish() to finish
+    ///    calculating the MAC value and retrieve it.
+    ///
+    /// If an error occurs at any step after a call to psa_mac_sign_setup(), the
+    /// operation will need to be reset by a call to psa_mac_abort(). The
+    /// application may call psa_mac_abort() at any time after the operation
+    /// has been initialized.
+    ///
+    /// After a successful call to psa_mac_sign_setup(), the application must
+    /// eventually terminate the operation through one of the following methods:
+    /// - A successful call to psa_mac_sign_finish().
+    /// - A call to psa_mac_abort().
+    ///
+    /// \param[in,out] operation The operation object to set up. It must have
+    ///                          been initialized as per the documentation for
+    ///                          #psa_mac_operation_t and not yet in use.
+    /// \param key               Identifier of the key to use for the operation. It
+    ///                          must remain valid until the operation terminates.
+    ///                          It must allow the usage PSA_KEY_USAGE_SIGN_MESSAGE.
+    /// \param alg               The MAC algorithm to compute (\c PSA_ALG_XXX value
+    ///                          such that #PSA_ALG_IS_MAC(\p alg) is true).
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not compatible with \p alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not a MAC algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE
+    ///         The key could not be retrieved from storage.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be inactive), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_mac_sign_setup(
+        operation: *mut psa_mac_operation_t,
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Set up a multipart MAC verification operation.
+    ///
+    /// This function sets up the verification of the MAC
+    /// (message authentication code) of a byte string against an expected value.
+    ///
+    /// The sequence of operations to verify a MAC is as follows:
+    /// -# Allocate an operation object which will be passed to all the functions
+    ///    listed here.
+    /// -# Initialize the operation object with one of the methods described in the
+    ///    documentation for #psa_mac_operation_t, e.g. #PSA_MAC_OPERATION_INIT.
+    /// -# Call psa_mac_verify_setup() to specify the algorithm and key.
+    /// -# Call psa_mac_update() zero, one or more times, passing a fragment
+    ///    of the message each time. The MAC that is calculated is the MAC
+    ///    of the concatenation of these messages in order.
+    /// -# At the end of the message, call psa_mac_verify_finish() to finish
+    ///    calculating the actual MAC of the message and verify it against
+    ///    the expected value.
+    ///
+    /// If an error occurs at any step after a call to psa_mac_verify_setup(), the
+    /// operation will need to be reset by a call to psa_mac_abort(). The
+    /// application may call psa_mac_abort() at any time after the operation
+    /// has been initialized.
+    ///
+    /// After a successful call to psa_mac_verify_setup(), the application must
+    /// eventually terminate the operation through one of the following methods:
+    /// - A successful call to psa_mac_verify_finish().
+    /// - A call to psa_mac_abort().
+    ///
+    /// \param[in,out] operation The operation object to set up. It must have
+    ///                          been initialized as per the documentation for
+    ///                          #psa_mac_operation_t and not yet in use.
+    /// \param key               Identifier of the key to use for the operation. It
+    ///                          must remain valid until the operation terminates.
+    ///                          It must allow the usage
+    ///                          PSA_KEY_USAGE_VERIFY_MESSAGE.
+    /// \param alg               The MAC algorithm to compute (\c PSA_ALG_XXX value
+    ///                          such that #PSA_ALG_IS_MAC(\p alg) is true).
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \c key is not compatible with \c alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \c alg is not supported or is not a MAC algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE
+    ///         The key could not be retrieved from storage.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be inactive), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_mac_verify_setup(
+        operation: *mut psa_mac_operation_t,
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Add a message fragment to a multipart MAC operation.
+    ///
+    /// The application must call psa_mac_sign_setup() or psa_mac_verify_setup()
+    /// before calling this function.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_mac_abort().
+    ///
+    /// \param[in,out] operation Active MAC operation.
+    /// \param[in] input         Buffer containing the message fragment to add to
+    ///                          the MAC calculation.
+    /// \param input_length      Size of the \p input buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_mac_update(
+        operation: *mut psa_mac_operation_t,
+        input: *const u8,
+        input_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Finish the calculation of the MAC of a message.
+    ///
+    /// The application must call psa_mac_sign_setup() before calling this function.
+    /// This function calculates the MAC of the message formed by concatenating
+    /// the inputs passed to preceding calls to psa_mac_update().
+    ///
+    /// When this function returns successfully, the operation becomes inactive.
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_mac_abort().
+    ///
+    /// \warning Applications should not call this function if they expect
+    ///          a specific value for the MAC. Call psa_mac_verify_finish() instead.
+    ///          Beware that comparing integrity or authenticity data such as
+    ///          MAC values with a function such as \c memcmp is risky
+    ///          because the time taken by the comparison may leak information
+    ///          about the MAC value which could allow an attacker to guess
+    ///          a valid MAC and thereby bypass security controls.
+    ///
+    /// \param[in,out] operation Active MAC operation.
+    /// \param[out] mac          Buffer where the MAC value is to be written.
+    /// \param mac_size          Size of the \p mac buffer in bytes.
+    /// \param[out] mac_length   On success, the number of bytes
+    ///                          that make up the MAC value. This is always
+    ///                          #PSA_MAC_LENGTH(\c key_type, \c key_bits, \c alg)
+    ///                          where \c key_type and \c key_bits are the type and
+    ///                          bit-size respectively of the key and \c alg is the
+    ///                          MAC algorithm that is calculated.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p mac buffer is too small. You can determine a
+    ///         sufficient buffer size by calling PSA_MAC_LENGTH().
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be an active mac sign
+    ///         operation), or the library has not been previously initialized
+    ///         by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_mac_sign_finish(
+        operation: *mut psa_mac_operation_t,
+        mac: *mut u8,
+        mac_size: usize,
+        mac_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Finish the calculation of the MAC of a message and compare it with
+    /// an expected value.
+    ///
+    /// The application must call psa_mac_verify_setup() before calling this function.
+    /// This function calculates the MAC of the message formed by concatenating
+    /// the inputs passed to preceding calls to psa_mac_update(). It then
+    /// compares the calculated MAC with the expected MAC passed as a
+    /// parameter to this function.
+    ///
+    /// When this function returns successfully, the operation becomes inactive.
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_mac_abort().
+    ///
+    /// \note Implementations shall make the best effort to ensure that the
+    /// comparison between the actual MAC and the expected MAC is performed
+    /// in constant time.
+    ///
+    /// \param[in,out] operation Active MAC operation.
+    /// \param[in] mac           Buffer containing the expected MAC value.
+    /// \param mac_length        Size of the \p mac buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         The expected MAC is identical to the actual MAC of the message.
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The MAC of the message was calculated successfully, but it
+    ///         differs from the expected MAC.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be an active mac verify
+    ///         operation), or the library has not been previously initialized
+    ///         by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_mac_verify_finish(
+        operation: *mut psa_mac_operation_t,
+        mac: *const u8,
+        mac_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Abort a MAC operation.
+    ///
+    /// Aborting an operation frees all associated resources except for the
+    /// \p operation structure itself. Once aborted, the operation object
+    /// can be reused for another operation by calling
+    /// psa_mac_sign_setup() or psa_mac_verify_setup() again.
+    ///
+    /// You may call this function any time after the operation object has
+    /// been initialized by one of the methods described in #psa_mac_operation_t.
+    ///
+    /// In particular, calling psa_mac_abort() after the operation has been
+    /// terminated by a call to psa_mac_abort(), psa_mac_sign_finish() or
+    /// psa_mac_verify_finish() is safe and has no effect.
+    ///
+    /// \param[in,out] operation Initialized MAC operation.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_mac_abort(operation: *mut psa_mac_operation_t) -> psa_status_t;
+}
+extern "C" {
+    /// Encrypt a message using a symmetric cipher.
+    ///
+    /// This function encrypts a message with a random IV (initialization
+    /// vector). Use the multipart operation interface with a
+    /// #psa_cipher_operation_t object to provide other forms of IV.
+    ///
+    /// \param key                   Identifier of the key to use for the operation.
+    ///                              It must allow the usage #PSA_KEY_USAGE_ENCRYPT.
+    /// \param alg                   The cipher algorithm to compute
+    ///                              (\c PSA_ALG_XXX value such that
+    ///                              #PSA_ALG_IS_CIPHER(\p alg) is true).
+    /// \param[in] input             Buffer containing the message to encrypt.
+    /// \param input_length          Size of the \p input buffer in bytes.
+    /// \param[out] output           Buffer where the output is to be written.
+    ///                              The output contains the IV followed by
+    ///                              the ciphertext proper.
+    /// \param output_size           Size of the \p output buffer in bytes.
+    /// \param[out] output_length    On success, the number of bytes
+    ///                              that make up the output.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not compatible with \p alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not a cipher algorithm.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_cipher_encrypt(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        input: *const u8,
+        input_length: usize,
+        output: *mut u8,
+        output_size: usize,
+        output_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Decrypt a message using a symmetric cipher.
+    ///
+    /// This function decrypts a message encrypted with a symmetric cipher.
+    ///
+    /// \param key                   Identifier of the key to use for the operation.
+    ///                              It must remain valid until the operation
+    ///                              terminates. It must allow the usage
+    ///                              #PSA_KEY_USAGE_DECRYPT.
+    /// \param alg                   The cipher algorithm to compute
+    ///                              (\c PSA_ALG_XXX value such that
+    ///                              #PSA_ALG_IS_CIPHER(\p alg) is true).
+    /// \param[in] input             Buffer containing the message to decrypt.
+    ///                              This consists of the IV followed by the
+    ///                              ciphertext proper.
+    /// \param input_length          Size of the \p input buffer in bytes.
+    /// \param[out] output           Buffer where the plaintext is to be written.
+    /// \param output_size           Size of the \p output buffer in bytes.
+    /// \param[out] output_length    On success, the number of bytes
+    ///                              that make up the output.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not compatible with \p alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not a cipher algorithm.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_cipher_decrypt(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        input: *const u8,
+        input_length: usize,
+        output: *mut u8,
+        output_size: usize,
+        output_length: *mut usize,
+    ) -> psa_status_t;
+}
+/// The type of the state data structure for multipart cipher operations.
+///
+/// Before calling any function on a cipher operation object, the application
+/// must initialize it by any of the following means:
+/// - Set the structure to all-bits-zero, for example:
+///   \code
+///   psa_cipher_operation_t operation;
+///   memset(&operation, 0, sizeof(operation));
+///   \endcode
+/// - Initialize the structure to logical zero values, for example:
+///   \code
+///   psa_cipher_operation_t operation = {0};
+///   \endcode
+/// - Initialize the structure to the initializer #PSA_CIPHER_OPERATION_INIT,
+///   for example:
+///   \code
+///   psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+///   \endcode
+/// - Assign the result of the function psa_cipher_operation_init()
+///   to the structure, for example:
+///   \code
+///   psa_cipher_operation_t operation;
+///   operation = psa_cipher_operation_init();
+///   \endcode
+///
+/// This is an implementation-defined \c struct. Applications should not
+/// make any assumptions about the content of this structure.
+/// Implementation details can change in future versions without notice.
+pub type psa_cipher_operation_t = psa_cipher_operation_s;
+extern "C" {
+    /// Set the key for a multipart symmetric encryption operation.
+    ///
+    /// The sequence of operations to encrypt a message with a symmetric cipher
+    /// is as follows:
+    /// -# Allocate an operation object which will be passed to all the functions
+    ///    listed here.
+    /// -# Initialize the operation object with one of the methods described in the
+    ///    documentation for #psa_cipher_operation_t, e.g.
+    ///    #PSA_CIPHER_OPERATION_INIT.
+    /// -# Call psa_cipher_encrypt_setup() to specify the algorithm and key.
+    /// -# Call either psa_cipher_generate_iv() or psa_cipher_set_iv() to
+    ///    generate or set the IV (initialization vector). You should use
+    ///    psa_cipher_generate_iv() unless the protocol you are implementing
+    ///    requires a specific IV value.
+    /// -# Call psa_cipher_update() zero, one or more times, passing a fragment
+    ///    of the message each time.
+    /// -# Call psa_cipher_finish().
+    ///
+    /// If an error occurs at any step after a call to psa_cipher_encrypt_setup(),
+    /// the operation will need to be reset by a call to psa_cipher_abort(). The
+    /// application may call psa_cipher_abort() at any time after the operation
+    /// has been initialized.
+    ///
+    /// After a successful call to psa_cipher_encrypt_setup(), the application must
+    /// eventually terminate the operation. The following events terminate an
+    /// operation:
+    /// - A successful call to psa_cipher_finish().
+    /// - A call to psa_cipher_abort().
+    ///
+    /// \param[in,out] operation     The operation object to set up. It must have
+    ///                              been initialized as per the documentation for
+    ///                              #psa_cipher_operation_t and not yet in use.
+    /// \param key                   Identifier of the key to use for the operation.
+    ///                              It must remain valid until the operation
+    ///                              terminates. It must allow the usage
+    ///                              #PSA_KEY_USAGE_ENCRYPT.
+    /// \param alg                   The cipher algorithm to compute
+    ///                              (\c PSA_ALG_XXX value such that
+    ///                              #PSA_ALG_IS_CIPHER(\p alg) is true).
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not compatible with \p alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not a cipher algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be inactive), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_cipher_encrypt_setup(
+        operation: *mut psa_cipher_operation_t,
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Set the key for a multipart symmetric decryption operation.
+    ///
+    /// The sequence of operations to decrypt a message with a symmetric cipher
+    /// is as follows:
+    /// -# Allocate an operation object which will be passed to all the functions
+    ///    listed here.
+    /// -# Initialize the operation object with one of the methods described in the
+    ///    documentation for #psa_cipher_operation_t, e.g.
+    ///    #PSA_CIPHER_OPERATION_INIT.
+    /// -# Call psa_cipher_decrypt_setup() to specify the algorithm and key.
+    /// -# Call psa_cipher_set_iv() with the IV (initialization vector) for the
+    ///    decryption. If the IV is prepended to the ciphertext, you can call
+    ///    psa_cipher_update() on a buffer containing the IV followed by the
+    ///    beginning of the message.
+    /// -# Call psa_cipher_update() zero, one or more times, passing a fragment
+    ///    of the message each time.
+    /// -# Call psa_cipher_finish().
+    ///
+    /// If an error occurs at any step after a call to psa_cipher_decrypt_setup(),
+    /// the operation will need to be reset by a call to psa_cipher_abort(). The
+    /// application may call psa_cipher_abort() at any time after the operation
+    /// has been initialized.
+    ///
+    /// After a successful call to psa_cipher_decrypt_setup(), the application must
+    /// eventually terminate the operation. The following events terminate an
+    /// operation:
+    /// - A successful call to psa_cipher_finish().
+    /// - A call to psa_cipher_abort().
+    ///
+    /// \param[in,out] operation     The operation object to set up. It must have
+    ///                              been initialized as per the documentation for
+    ///                              #psa_cipher_operation_t and not yet in use.
+    /// \param key                   Identifier of the key to use for the operation.
+    ///                              It must remain valid until the operation
+    ///                              terminates. It must allow the usage
+    ///                              #PSA_KEY_USAGE_DECRYPT.
+    /// \param alg                   The cipher algorithm to compute
+    ///                              (\c PSA_ALG_XXX value such that
+    ///                              #PSA_ALG_IS_CIPHER(\p alg) is true).
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not compatible with \p alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not a cipher algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be inactive), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_cipher_decrypt_setup(
+        operation: *mut psa_cipher_operation_t,
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Generate an IV for a symmetric encryption operation.
+    ///
+    /// This function generates a random IV (initialization vector), nonce
+    /// or initial counter value for the encryption operation as appropriate
+    /// for the chosen algorithm, key type and key size.
+    ///
+    /// The application must call psa_cipher_encrypt_setup() before
+    /// calling this function.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_cipher_abort().
+    ///
+    /// \param[in,out] operation     Active cipher operation.
+    /// \param[out] iv               Buffer where the generated IV is to be written.
+    /// \param iv_size               Size of the \p iv buffer in bytes.
+    /// \param[out] iv_length        On success, the number of bytes of the
+    ///                              generated IV.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p iv buffer is too small.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active, with no IV set),
+    ///         or the library has not been previously initialized
+    ///         by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_cipher_generate_iv(
+        operation: *mut psa_cipher_operation_t,
+        iv: *mut u8,
+        iv_size: usize,
+        iv_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Set the IV for a symmetric encryption or decryption operation.
+    ///
+    /// This function sets the IV (initialization vector), nonce
+    /// or initial counter value for the encryption or decryption operation.
+    ///
+    /// The application must call psa_cipher_encrypt_setup() before
+    /// calling this function.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_cipher_abort().
+    ///
+    /// \note When encrypting, applications should use psa_cipher_generate_iv()
+    /// instead of this function, unless implementing a protocol that requires
+    /// a non-random IV.
+    ///
+    /// \param[in,out] operation     Active cipher operation.
+    /// \param[in] iv                Buffer containing the IV to use.
+    /// \param iv_length             Size of the IV in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The size of \p iv is not acceptable for the chosen algorithm,
+    ///         or the chosen algorithm does not use an IV.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be an active cipher
+    ///         encrypt operation, with no IV set), or the library has not been
+    ///         previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_cipher_set_iv(
+        operation: *mut psa_cipher_operation_t,
+        iv: *const u8,
+        iv_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Encrypt or decrypt a message fragment in an active cipher operation.
+    ///
+    /// Before calling this function, you must:
+    /// 1. Call either psa_cipher_encrypt_setup() or psa_cipher_decrypt_setup().
+    ///    The choice of setup function determines whether this function
+    ///    encrypts or decrypts its input.
+    /// 2. If the algorithm requires an IV, call psa_cipher_generate_iv()
+    ///    (recommended when encrypting) or psa_cipher_set_iv().
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_cipher_abort().
+    ///
+    /// \param[in,out] operation     Active cipher operation.
+    /// \param[in] input             Buffer containing the message fragment to
+    ///                              encrypt or decrypt.
+    /// \param input_length          Size of the \p input buffer in bytes.
+    /// \param[out] output           Buffer where the output is to be written.
+    /// \param output_size           Size of the \p output buffer in bytes.
+    /// \param[out] output_length    On success, the number of bytes
+    ///                              that make up the returned output.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p output buffer is too small.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active, with an IV set
+    ///         if required for the algorithm), or the library has not been
+    ///         previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_cipher_update(
+        operation: *mut psa_cipher_operation_t,
+        input: *const u8,
+        input_length: usize,
+        output: *mut u8,
+        output_size: usize,
+        output_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Finish encrypting or decrypting a message in a cipher operation.
+    ///
+    /// The application must call psa_cipher_encrypt_setup() or
+    /// psa_cipher_decrypt_setup() before calling this function. The choice
+    /// of setup function determines whether this function encrypts or
+    /// decrypts its input.
+    ///
+    /// This function finishes the encryption or decryption of the message
+    /// formed by concatenating the inputs passed to preceding calls to
+    /// psa_cipher_update().
+    ///
+    /// When this function returns successfully, the operation becomes inactive.
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_cipher_abort().
+    ///
+    /// \param[in,out] operation     Active cipher operation.
+    /// \param[out] output           Buffer where the output is to be written.
+    /// \param output_size           Size of the \p output buffer in bytes.
+    /// \param[out] output_length    On success, the number of bytes
+    ///                              that make up the returned output.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The total input size passed to this operation is not valid for
+    ///         this particular algorithm. For example, the algorithm is a based
+    ///         on block cipher and requires a whole number of blocks, but the
+    ///         total input size is not a multiple of the block size.
+    /// \retval #PSA_ERROR_INVALID_PADDING
+    ///         This is a decryption operation for an algorithm that includes
+    ///         padding, and the ciphertext does not contain valid padding.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p output buffer is too small.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active, with an IV set
+    ///         if required for the algorithm), or the library has not been
+    ///         previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_cipher_finish(
+        operation: *mut psa_cipher_operation_t,
+        output: *mut u8,
+        output_size: usize,
+        output_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Abort a cipher operation.
+    ///
+    /// Aborting an operation frees all associated resources except for the
+    /// \p operation structure itself. Once aborted, the operation object
+    /// can be reused for another operation by calling
+    /// psa_cipher_encrypt_setup() or psa_cipher_decrypt_setup() again.
+    ///
+    /// You may call this function any time after the operation object has
+    /// been initialized as described in #psa_cipher_operation_t.
+    ///
+    /// In particular, calling psa_cipher_abort() after the operation has been
+    /// terminated by a call to psa_cipher_abort() or psa_cipher_finish()
+    /// is safe and has no effect.
+    ///
+    /// \param[in,out] operation     Initialized cipher operation.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_cipher_abort(operation: *mut psa_cipher_operation_t) -> psa_status_t;
+}
+extern "C" {
+    /// Process an authenticated encryption operation.
+    ///
+    /// \param key                     Identifier of the key to use for the
+    ///                                operation. It must allow the usage
+    ///                                #PSA_KEY_USAGE_ENCRYPT.
+    /// \param alg                     The AEAD algorithm to compute
+    ///                                (\c PSA_ALG_XXX value such that
+    ///                                #PSA_ALG_IS_AEAD(\p alg) is true).
+    /// \param[in] nonce               Nonce or IV to use.
+    /// \param nonce_length            Size of the \p nonce buffer in bytes.
+    /// \param[in] additional_data     Additional data that will be authenticated
+    ///                                but not encrypted.
+    /// \param additional_data_length  Size of \p additional_data in bytes.
+    /// \param[in] plaintext           Data that will be authenticated and
+    ///                                encrypted.
+    /// \param plaintext_length        Size of \p plaintext in bytes.
+    /// \param[out] ciphertext         Output buffer for the authenticated and
+    ///                                encrypted data. The additional data is not
+    ///                                part of this output. For algorithms where the
+    ///                                encrypted data and the authentication tag
+    ///                                are defined as separate outputs, the
+    ///                                authentication tag is appended to the
+    ///                                encrypted data.
+    /// \param ciphertext_size         Size of the \p ciphertext buffer in bytes.
+    ///                                This must be appropriate for the selected
+    ///                                algorithm and key:
+    ///                                - A sufficient output size is
+    ///                                  #PSA_AEAD_ENCRYPT_OUTPUT_SIZE(\c key_type,
+    ///                                  \p alg, \p plaintext_length) where
+    ///                                  \c key_type is the type of \p key.
+    ///                                - #PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(\p
+    ///                                  plaintext_length) evaluates to the maximum
+    ///                                  ciphertext size of any supported AEAD
+    ///                                  encryption.
+    /// \param[out] ciphertext_length  On success, the size of the output
+    ///                                in the \p ciphertext buffer.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not compatible with \p alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not an AEAD algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         \p ciphertext_size is too small.
+    ///         #PSA_AEAD_ENCRYPT_OUTPUT_SIZE(\c key_type, \p alg,
+    ///         \p plaintext_length) or
+    ///         #PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(\p plaintext_length) can be used to
+    ///         determine the required buffer size.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_encrypt(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        nonce: *const u8,
+        nonce_length: usize,
+        additional_data: *const u8,
+        additional_data_length: usize,
+        plaintext: *const u8,
+        plaintext_length: usize,
+        ciphertext: *mut u8,
+        ciphertext_size: usize,
+        ciphertext_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Process an authenticated decryption operation.
+    ///
+    /// \param key                     Identifier of the key to use for the
+    ///                                operation. It must allow the usage
+    ///                                #PSA_KEY_USAGE_DECRYPT.
+    /// \param alg                     The AEAD algorithm to compute
+    ///                                (\c PSA_ALG_XXX value such that
+    ///                                #PSA_ALG_IS_AEAD(\p alg) is true).
+    /// \param[in] nonce               Nonce or IV to use.
+    /// \param nonce_length            Size of the \p nonce buffer in bytes.
+    /// \param[in] additional_data     Additional data that has been authenticated
+    ///                                but not encrypted.
+    /// \param additional_data_length  Size of \p additional_data in bytes.
+    /// \param[in] ciphertext          Data that has been authenticated and
+    ///                                encrypted. For algorithms where the
+    ///                                encrypted data and the authentication tag
+    ///                                are defined as separate inputs, the buffer
+    ///                                must contain the encrypted data followed
+    ///                                by the authentication tag.
+    /// \param ciphertext_length       Size of \p ciphertext in bytes.
+    /// \param[out] plaintext          Output buffer for the decrypted data.
+    /// \param plaintext_size          Size of the \p plaintext buffer in bytes.
+    ///                                This must be appropriate for the selected
+    ///                                algorithm and key:
+    ///                                - A sufficient output size is
+    ///                                  #PSA_AEAD_DECRYPT_OUTPUT_SIZE(\c key_type,
+    ///                                  \p alg, \p ciphertext_length) where
+    ///                                  \c key_type is the type of \p key.
+    ///                                - #PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(\p
+    ///                                  ciphertext_length) evaluates to the maximum
+    ///                                  plaintext size of any supported AEAD
+    ///                                  decryption.
+    /// \param[out] plaintext_length   On success, the size of the output
+    ///                                in the \p plaintext buffer.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The ciphertext is not authentic.
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not compatible with \p alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not an AEAD algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         \p plaintext_size is too small.
+    ///         #PSA_AEAD_DECRYPT_OUTPUT_SIZE(\c key_type, \p alg,
+    ///         \p ciphertext_length) or
+    ///         #PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(\p ciphertext_length) can be used
+    ///         to determine the required buffer size.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_decrypt(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        nonce: *const u8,
+        nonce_length: usize,
+        additional_data: *const u8,
+        additional_data_length: usize,
+        ciphertext: *const u8,
+        ciphertext_length: usize,
+        plaintext: *mut u8,
+        plaintext_size: usize,
+        plaintext_length: *mut usize,
+    ) -> psa_status_t;
+}
+/// The type of the state data structure for multipart AEAD operations.
+///
+/// Before calling any function on an AEAD operation object, the application
+/// must initialize it by any of the following means:
+/// - Set the structure to all-bits-zero, for example:
+///   \code
+///   psa_aead_operation_t operation;
+///   memset(&operation, 0, sizeof(operation));
+///   \endcode
+/// - Initialize the structure to logical zero values, for example:
+///   \code
+///   psa_aead_operation_t operation = {0};
+///   \endcode
+/// - Initialize the structure to the initializer #PSA_AEAD_OPERATION_INIT,
+///   for example:
+///   \code
+///   psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
+///   \endcode
+/// - Assign the result of the function psa_aead_operation_init()
+///   to the structure, for example:
+///   \code
+///   psa_aead_operation_t operation;
+///   operation = psa_aead_operation_init();
+///   \endcode
+///
+/// This is an implementation-defined \c struct. Applications should not
+/// make any assumptions about the content of this structure.
+/// Implementation details can change in future versions without notice.
+pub type psa_aead_operation_t = psa_aead_operation_s;
+extern "C" {
+    /// Set the key for a multipart authenticated encryption operation.
+    ///
+    /// The sequence of operations to encrypt a message with authentication
+    /// is as follows:
+    /// -# Allocate an operation object which will be passed to all the functions
+    ///    listed here.
+    /// -# Initialize the operation object with one of the methods described in the
+    ///    documentation for #psa_aead_operation_t, e.g.
+    ///    #PSA_AEAD_OPERATION_INIT.
+    /// -# Call psa_aead_encrypt_setup() to specify the algorithm and key.
+    /// -# If needed, call psa_aead_set_lengths() to specify the length of the
+    ///    inputs to the subsequent calls to psa_aead_update_ad() and
+    ///    psa_aead_update(). See the documentation of psa_aead_set_lengths()
+    ///    for details.
+    /// -# Call either psa_aead_generate_nonce() or psa_aead_set_nonce() to
+    ///    generate or set the nonce. You should use
+    ///    psa_aead_generate_nonce() unless the protocol you are implementing
+    ///    requires a specific nonce value.
+    /// -# Call psa_aead_update_ad() zero, one or more times, passing a fragment
+    ///    of the non-encrypted additional authenticated data each time.
+    /// -# Call psa_aead_update() zero, one or more times, passing a fragment
+    ///    of the message to encrypt each time.
+    /// -# Call psa_aead_finish().
+    ///
+    /// If an error occurs at any step after a call to psa_aead_encrypt_setup(),
+    /// the operation will need to be reset by a call to psa_aead_abort(). The
+    /// application may call psa_aead_abort() at any time after the operation
+    /// has been initialized.
+    ///
+    /// After a successful call to psa_aead_encrypt_setup(), the application must
+    /// eventually terminate the operation. The following events terminate an
+    /// operation:
+    /// - A successful call to psa_aead_finish().
+    /// - A call to psa_aead_abort().
+    ///
+    /// \param[in,out] operation     The operation object to set up. It must have
+    ///                              been initialized as per the documentation for
+    ///                              #psa_aead_operation_t and not yet in use.
+    /// \param key                   Identifier of the key to use for the operation.
+    ///                              It must remain valid until the operation
+    ///                              terminates. It must allow the usage
+    ///                              #PSA_KEY_USAGE_ENCRYPT.
+    /// \param alg                   The AEAD algorithm to compute
+    ///                              (\c PSA_ALG_XXX value such that
+    ///                              #PSA_ALG_IS_AEAD(\p alg) is true).
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be inactive), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not compatible with \p alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not an AEAD algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_encrypt_setup(
+        operation: *mut psa_aead_operation_t,
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Set the key for a multipart authenticated decryption operation.
+    ///
+    /// The sequence of operations to decrypt a message with authentication
+    /// is as follows:
+    /// -# Allocate an operation object which will be passed to all the functions
+    ///    listed here.
+    /// -# Initialize the operation object with one of the methods described in the
+    ///    documentation for #psa_aead_operation_t, e.g.
+    ///    #PSA_AEAD_OPERATION_INIT.
+    /// -# Call psa_aead_decrypt_setup() to specify the algorithm and key.
+    /// -# If needed, call psa_aead_set_lengths() to specify the length of the
+    ///    inputs to the subsequent calls to psa_aead_update_ad() and
+    ///    psa_aead_update(). See the documentation of psa_aead_set_lengths()
+    ///    for details.
+    /// -# Call psa_aead_set_nonce() with the nonce for the decryption.
+    /// -# Call psa_aead_update_ad() zero, one or more times, passing a fragment
+    ///    of the non-encrypted additional authenticated data each time.
+    /// -# Call psa_aead_update() zero, one or more times, passing a fragment
+    ///    of the ciphertext to decrypt each time.
+    /// -# Call psa_aead_verify().
+    ///
+    /// If an error occurs at any step after a call to psa_aead_decrypt_setup(),
+    /// the operation will need to be reset by a call to psa_aead_abort(). The
+    /// application may call psa_aead_abort() at any time after the operation
+    /// has been initialized.
+    ///
+    /// After a successful call to psa_aead_decrypt_setup(), the application must
+    /// eventually terminate the operation. The following events terminate an
+    /// operation:
+    /// - A successful call to psa_aead_verify().
+    /// - A call to psa_aead_abort().
+    ///
+    /// \param[in,out] operation     The operation object to set up. It must have
+    ///                              been initialized as per the documentation for
+    ///                              #psa_aead_operation_t and not yet in use.
+    /// \param key                   Identifier of the key to use for the operation.
+    ///                              It must remain valid until the operation
+    ///                              terminates. It must allow the usage
+    ///                              #PSA_KEY_USAGE_DECRYPT.
+    /// \param alg                   The AEAD algorithm to compute
+    ///                              (\c PSA_ALG_XXX value such that
+    ///                              #PSA_ALG_IS_AEAD(\p alg) is true).
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not compatible with \p alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not an AEAD algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be inactive), or the
+    ///         library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_decrypt_setup(
+        operation: *mut psa_aead_operation_t,
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Generate a random nonce for an authenticated encryption operation.
+    ///
+    /// This function generates a random nonce for the authenticated encryption
+    /// operation with an appropriate size for the chosen algorithm, key type
+    /// and key size.
+    ///
+    /// The application must call psa_aead_encrypt_setup() before
+    /// calling this function.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_aead_abort().
+    ///
+    /// \param[in,out] operation     Active AEAD operation.
+    /// \param[out] nonce            Buffer where the generated nonce is to be
+    ///                              written.
+    /// \param nonce_size            Size of the \p nonce buffer in bytes.
+    /// \param[out] nonce_length     On success, the number of bytes of the
+    ///                              generated nonce.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p nonce buffer is too small.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be an active aead encrypt
+    ///         operation, with no nonce set), or the library has not been
+    ///         previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_generate_nonce(
+        operation: *mut psa_aead_operation_t,
+        nonce: *mut u8,
+        nonce_size: usize,
+        nonce_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Set the nonce for an authenticated encryption or decryption operation.
+    ///
+    /// This function sets the nonce for the authenticated
+    /// encryption or decryption operation.
+    ///
+    /// The application must call psa_aead_encrypt_setup() or
+    /// psa_aead_decrypt_setup() before calling this function.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_aead_abort().
+    ///
+    /// \note When encrypting, applications should use psa_aead_generate_nonce()
+    /// instead of this function, unless implementing a protocol that requires
+    /// a non-random IV.
+    ///
+    /// \param[in,out] operation     Active AEAD operation.
+    /// \param[in] nonce             Buffer containing the nonce to use.
+    /// \param nonce_length          Size of the nonce in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The size of \p nonce is not acceptable for the chosen algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active, with no nonce
+    ///         set), or the library has not been previously initialized
+    ///         by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_set_nonce(
+        operation: *mut psa_aead_operation_t,
+        nonce: *const u8,
+        nonce_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Declare the lengths of the message and additional data for AEAD.
+    ///
+    /// The application must call this function before calling
+    /// psa_aead_update_ad() or psa_aead_update() if the algorithm for
+    /// the operation requires it. If the algorithm does not require it,
+    /// calling this function is optional, but if this function is called
+    /// then the implementation must enforce the lengths.
+    ///
+    /// You may call this function before or after setting the nonce with
+    /// psa_aead_set_nonce() or psa_aead_generate_nonce().
+    ///
+    /// - For #PSA_ALG_CCM, calling this function is required.
+    /// - For the other AEAD algorithms defined in this specification, calling
+    ///   this function is not required.
+    /// - For vendor-defined algorithm, refer to the vendor documentation.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_aead_abort().
+    ///
+    /// \param[in,out] operation     Active AEAD operation.
+    /// \param ad_length             Size of the non-encrypted additional
+    ///                              authenticated data in bytes.
+    /// \param plaintext_length      Size of the plaintext to encrypt in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         At least one of the lengths is not acceptable for the chosen
+    ///         algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active, and
+    ///         psa_aead_update_ad() and psa_aead_update() must not have been
+    ///         called yet), or the library has not been previously initialized
+    ///         by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_set_lengths(
+        operation: *mut psa_aead_operation_t,
+        ad_length: usize,
+        plaintext_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Pass additional data to an active AEAD operation.
+    ///
+    /// Additional data is authenticated, but not encrypted.
+    ///
+    /// You may call this function multiple times to pass successive fragments
+    /// of the additional data. You may not call this function after passing
+    /// data to encrypt or decrypt with psa_aead_update().
+    ///
+    /// Before calling this function, you must:
+    /// 1. Call either psa_aead_encrypt_setup() or psa_aead_decrypt_setup().
+    /// 2. Set the nonce with psa_aead_generate_nonce() or psa_aead_set_nonce().
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_aead_abort().
+    ///
+    /// \warning When decrypting, until psa_aead_verify() has returned #PSA_SUCCESS,
+    ///          there is no guarantee that the input is valid. Therefore, until
+    ///          you have called psa_aead_verify() and it has returned #PSA_SUCCESS,
+    ///          treat the input as untrusted and prepare to undo any action that
+    ///          depends on the input if psa_aead_verify() returns an error status.
+    ///
+    /// \param[in,out] operation     Active AEAD operation.
+    /// \param[in] input             Buffer containing the fragment of
+    ///                              additional data.
+    /// \param input_length          Size of the \p input buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The total input length overflows the additional data length that
+    ///         was previously specified with psa_aead_set_lengths().
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active, have a nonce
+    ///         set, have lengths set if required by the algorithm, and
+    ///         psa_aead_update() must not have been called yet), or the library
+    ///         has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_update_ad(
+        operation: *mut psa_aead_operation_t,
+        input: *const u8,
+        input_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Encrypt or decrypt a message fragment in an active AEAD operation.
+    ///
+    /// Before calling this function, you must:
+    /// 1. Call either psa_aead_encrypt_setup() or psa_aead_decrypt_setup().
+    ///    The choice of setup function determines whether this function
+    ///    encrypts or decrypts its input.
+    /// 2. Set the nonce with psa_aead_generate_nonce() or psa_aead_set_nonce().
+    /// 3. Call psa_aead_update_ad() to pass all the additional data.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_aead_abort().
+    ///
+    /// \warning When decrypting, until psa_aead_verify() has returned #PSA_SUCCESS,
+    ///          there is no guarantee that the input is valid. Therefore, until
+    ///          you have called psa_aead_verify() and it has returned #PSA_SUCCESS:
+    ///          - Do not use the output in any way other than storing it in a
+    ///            confidential location. If you take any action that depends
+    ///            on the tentative decrypted data, this action will need to be
+    ///            undone if the input turns out not to be valid. Furthermore,
+    ///            if an adversary can observe that this action took place
+    ///            (for example through timing), they may be able to use this
+    ///            fact as an oracle to decrypt any message encrypted with the
+    ///            same key.
+    ///          - In particular, do not copy the output anywhere but to a
+    ///            memory or storage space that you have exclusive access to.
+    ///
+    /// This function does not require the input to be aligned to any
+    /// particular block boundary. If the implementation can only process
+    /// a whole block at a time, it must consume all the input provided, but
+    /// it may delay the end of the corresponding output until a subsequent
+    /// call to psa_aead_update(), psa_aead_finish() or psa_aead_verify()
+    /// provides sufficient input. The amount of data that can be delayed
+    /// in this way is bounded by #PSA_AEAD_UPDATE_OUTPUT_SIZE.
+    ///
+    /// \param[in,out] operation     Active AEAD operation.
+    /// \param[in] input             Buffer containing the message fragment to
+    ///                              encrypt or decrypt.
+    /// \param input_length          Size of the \p input buffer in bytes.
+    /// \param[out] output           Buffer where the output is to be written.
+    /// \param output_size           Size of the \p output buffer in bytes.
+    ///                              This must be appropriate for the selected
+    ///                                algorithm and key:
+    ///                                - A sufficient output size is
+    ///                                  #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c key_type,
+    ///                                  \c alg, \p input_length) where
+    ///                                  \c key_type is the type of key and \c alg is
+    ///                                  the algorithm that were used to set up the
+    ///                                  operation.
+    ///                                - #PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(\p
+    ///                                  input_length) evaluates to the maximum
+    ///                                  output size of any supported AEAD
+    ///                                  algorithm.
+    /// \param[out] output_length    On success, the number of bytes
+    ///                              that make up the returned output.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p output buffer is too small.
+    ///         #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c key_type, \c alg, \p input_length) or
+    ///         #PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(\p input_length) can be used to
+    ///         determine the required buffer size.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The total length of input to psa_aead_update_ad() so far is
+    ///         less than the additional data length that was previously
+    ///         specified with psa_aead_set_lengths(), or
+    ///         the total input length overflows the plaintext length that
+    ///         was previously specified with psa_aead_set_lengths().
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active, have a nonce
+    ///         set, and have lengths set if required by the algorithm), or the
+    ///         library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_update(
+        operation: *mut psa_aead_operation_t,
+        input: *const u8,
+        input_length: usize,
+        output: *mut u8,
+        output_size: usize,
+        output_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Finish encrypting a message in an AEAD operation.
+    ///
+    /// The operation must have been set up with psa_aead_encrypt_setup().
+    ///
+    /// This function finishes the authentication of the additional data
+    /// formed by concatenating the inputs passed to preceding calls to
+    /// psa_aead_update_ad() with the plaintext formed by concatenating the
+    /// inputs passed to preceding calls to psa_aead_update().
+    ///
+    /// This function has two output buffers:
+    /// - \p ciphertext contains trailing ciphertext that was buffered from
+    ///   preceding calls to psa_aead_update().
+    /// - \p tag contains the authentication tag.
+    ///
+    /// When this function returns successfully, the operation becomes inactive.
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_aead_abort().
+    ///
+    /// \param[in,out] operation     Active AEAD operation.
+    /// \param[out] ciphertext       Buffer where the last part of the ciphertext
+    ///                              is to be written.
+    /// \param ciphertext_size       Size of the \p ciphertext buffer in bytes.
+    ///                              This must be appropriate for the selected
+    ///                              algorithm and key:
+    ///                              - A sufficient output size is
+    ///                                #PSA_AEAD_FINISH_OUTPUT_SIZE(\c key_type,
+    ///                                \c alg) where \c key_type is the type of key
+    ///                                and \c alg is the algorithm that were used to
+    ///                                set up the operation.
+    ///                              - #PSA_AEAD_FINISH_OUTPUT_MAX_SIZE evaluates to
+    ///                                the maximum output size of any supported AEAD
+    ///                                algorithm.
+    /// \param[out] ciphertext_length On success, the number of bytes of
+    ///                              returned ciphertext.
+    /// \param[out] tag              Buffer where the authentication tag is
+    ///                              to be written.
+    /// \param tag_size              Size of the \p tag buffer in bytes.
+    ///                              This must be appropriate for the selected
+    ///                              algorithm and key:
+    ///                              - The exact tag size is #PSA_AEAD_TAG_LENGTH(\c
+    ///                                key_type, \c key_bits, \c alg) where
+    ///                                \c key_type and \c key_bits are the type and
+    ///                                bit-size of the key, and \c alg is the
+    ///                                algorithm that were used in the call to
+    ///                                psa_aead_encrypt_setup().
+    ///                              - #PSA_AEAD_TAG_MAX_SIZE evaluates to the
+    ///                                maximum tag size of any supported AEAD
+    ///                                algorithm.
+    /// \param[out] tag_length       On success, the number of bytes
+    ///                              that make up the returned tag.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p ciphertext or \p tag buffer is too small.
+    ///         #PSA_AEAD_FINISH_OUTPUT_SIZE(\c key_type, \c alg) or
+    ///         #PSA_AEAD_FINISH_OUTPUT_MAX_SIZE can be used to determine the
+    ///         required \p ciphertext buffer size. #PSA_AEAD_TAG_LENGTH(\c key_type,
+    ///         \c key_bits, \c alg) or #PSA_AEAD_TAG_MAX_SIZE can be used to
+    ///         determine the required \p tag buffer size.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The total length of input to psa_aead_update_ad() so far is
+    ///         less than the additional data length that was previously
+    ///         specified with psa_aead_set_lengths(), or
+    ///         the total length of input to psa_aead_update() so far is
+    ///         less than the plaintext length that was previously
+    ///         specified with psa_aead_set_lengths().
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be an active encryption
+    ///         operation with a nonce set), or the library has not been previously
+    ///         initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_finish(
+        operation: *mut psa_aead_operation_t,
+        ciphertext: *mut u8,
+        ciphertext_size: usize,
+        ciphertext_length: *mut usize,
+        tag: *mut u8,
+        tag_size: usize,
+        tag_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Finish authenticating and decrypting a message in an AEAD operation.
+    ///
+    /// The operation must have been set up with psa_aead_decrypt_setup().
+    ///
+    /// This function finishes the authenticated decryption of the message
+    /// components:
+    ///
+    /// -  The additional data consisting of the concatenation of the inputs
+    ///    passed to preceding calls to psa_aead_update_ad().
+    /// -  The ciphertext consisting of the concatenation of the inputs passed to
+    ///    preceding calls to psa_aead_update().
+    /// -  The tag passed to this function call.
+    ///
+    /// If the authentication tag is correct, this function outputs any remaining
+    /// plaintext and reports success. If the authentication tag is not correct,
+    /// this function returns #PSA_ERROR_INVALID_SIGNATURE.
+    ///
+    /// When this function returns successfully, the operation becomes inactive.
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_aead_abort().
+    ///
+    /// \note Implementations shall make the best effort to ensure that the
+    /// comparison between the actual tag and the expected tag is performed
+    /// in constant time.
+    ///
+    /// \param[in,out] operation     Active AEAD operation.
+    /// \param[out] plaintext        Buffer where the last part of the plaintext
+    ///                              is to be written. This is the remaining data
+    ///                              from previous calls to psa_aead_update()
+    ///                              that could not be processed until the end
+    ///                              of the input.
+    /// \param plaintext_size        Size of the \p plaintext buffer in bytes.
+    ///                              This must be appropriate for the selected algorithm and key:
+    ///                              - A sufficient output size is
+    ///                                #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c key_type,
+    ///                                \c alg) where \c key_type is the type of key
+    ///                                and \c alg is the algorithm that were used to
+    ///                                set up the operation.
+    ///                              - #PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE evaluates to
+    ///                                the maximum output size of any supported AEAD
+    ///                                algorithm.
+    /// \param[out] plaintext_length On success, the number of bytes of
+    ///                              returned plaintext.
+    /// \param[in] tag               Buffer containing the authentication tag.
+    /// \param tag_length            Size of the \p tag buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The calculations were successful, but the authentication tag is
+    ///         not correct.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p plaintext buffer is too small.
+    ///         #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c key_type, \c alg) or
+    ///         #PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE can be used to determine the
+    ///         required buffer size.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The total length of input to psa_aead_update_ad() so far is
+    ///         less than the additional data length that was previously
+    ///         specified with psa_aead_set_lengths(), or
+    ///         the total length of input to psa_aead_update() so far is
+    ///         less than the plaintext length that was previously
+    ///         specified with psa_aead_set_lengths().
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be an active decryption
+    ///         operation with a nonce set), or the library has not been previously
+    ///         initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_verify(
+        operation: *mut psa_aead_operation_t,
+        plaintext: *mut u8,
+        plaintext_size: usize,
+        plaintext_length: *mut usize,
+        tag: *const u8,
+        tag_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Abort an AEAD operation.
+    ///
+    /// Aborting an operation frees all associated resources except for the
+    /// \p operation structure itself. Once aborted, the operation object
+    /// can be reused for another operation by calling
+    /// psa_aead_encrypt_setup() or psa_aead_decrypt_setup() again.
+    ///
+    /// You may call this function any time after the operation object has
+    /// been initialized as described in #psa_aead_operation_t.
+    ///
+    /// In particular, calling psa_aead_abort() after the operation has been
+    /// terminated by a call to psa_aead_abort(), psa_aead_finish() or
+    /// psa_aead_verify() is safe and has no effect.
+    ///
+    /// \param[in,out] operation     Initialized AEAD operation.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_abort(operation: *mut psa_aead_operation_t) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Sign a message with a private key. For hash-and-sign algorithms,
+    ///        this includes the hashing step.
+    ///
+    /// \note To perform a multi-part hash-and-sign signature algorithm, first use
+    ///       a multi-part hash operation and then pass the resulting hash to
+    ///       psa_sign_hash(). PSA_ALG_GET_HASH(\p alg) can be used to determine the
+    ///       hash algorithm to use.
+    ///
+    /// \param[in]  key              Identifier of the key to use for the operation.
+    ///                              It must be an asymmetric key pair. The key must
+    ///                              allow the usage #PSA_KEY_USAGE_SIGN_MESSAGE.
+    /// \param[in]  alg              An asymmetric signature algorithm (PSA_ALG_XXX
+    ///                              value such that #PSA_ALG_IS_SIGN_MESSAGE(\p alg)
+    ///                              is true), that is compatible with the type of
+    ///                              \p key.
+    /// \param[in]  input            The input message to sign.
+    /// \param[in]  input_length     Size of the \p input buffer in bytes.
+    /// \param[out] signature        Buffer where the signature is to be written.
+    /// \param[in]  signature_size   Size of the \p signature buffer in bytes. This
+    ///                              must be appropriate for the selected
+    ///                              algorithm and key:
+    ///                              - The required signature size is
+    ///                                #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
+    ///                                where \c key_type and \c key_bits are the type and
+    ///                                bit-size respectively of key.
+    ///                              - #PSA_SIGNATURE_MAX_SIZE evaluates to the
+    ///                                maximum signature size of any supported
+    ///                                signature algorithm.
+    /// \param[out] signature_length On success, the number of bytes that make up
+    ///                              the returned signature value.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The key does not have the #PSA_KEY_USAGE_SIGN_MESSAGE flag,
+    ///         or it does not permit the requested algorithm.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p signature buffer is too small. You can
+    ///         determine a sufficient buffer size by calling
+    ///         #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
+    ///         where \c key_type and \c key_bits are the type and bit-size
+    ///         respectively of \p key.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_sign_message(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        input: *const u8,
+        input_length: usize,
+        signature: *mut u8,
+        signature_size: usize,
+        signature_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Verify the signature of a message with a public key, using
+    ///         a hash-and-sign verification algorithm.
+    ///
+    /// \note To perform a multi-part hash-and-sign signature verification
+    ///       algorithm, first use a multi-part hash operation to hash the message
+    ///       and then pass the resulting hash to psa_verify_hash().
+    ///       PSA_ALG_GET_HASH(\p alg) can be used to determine the hash algorithm
+    ///       to use.
+    ///
+    /// \param[in]  key              Identifier of the key to use for the operation.
+    ///                              It must be a public key or an asymmetric key
+    ///                              pair. The key must allow the usage
+    ///                              #PSA_KEY_USAGE_VERIFY_MESSAGE.
+    /// \param[in]  alg              An asymmetric signature algorithm (PSA_ALG_XXX
+    ///                              value such that #PSA_ALG_IS_SIGN_MESSAGE(\p alg)
+    ///                              is true), that is compatible with the type of
+    ///                              \p key.
+    /// \param[in]  input            The message whose signature is to be verified.
+    /// \param[in]  input_length     Size of the \p input buffer in bytes.
+    /// \param[out] signature        Buffer containing the signature to verify.
+    /// \param[in]  signature_length Size of the \p signature buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The key does not have the #PSA_KEY_USAGE_SIGN_MESSAGE flag,
+    ///         or it does not permit the requested algorithm.
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The calculation was performed successfully, but the passed signature
+    ///         is not a valid signature.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_verify_message(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        input: *const u8,
+        input_length: usize,
+        signature: *const u8,
+        signature_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Sign a hash or short message with a private key.
+    ///
+    /// Note that to perform a hash-and-sign signature algorithm, you must
+    /// first calculate the hash by calling psa_hash_setup(), psa_hash_update()
+    /// and psa_hash_finish(), or alternatively by calling psa_hash_compute().
+    /// Then pass the resulting hash as the \p hash
+    /// parameter to this function. You can use #PSA_ALG_SIGN_GET_HASH(\p alg)
+    /// to determine the hash algorithm to use.
+    ///
+    /// \param key                   Identifier of the key to use for the operation.
+    ///                              It must be an asymmetric key pair. The key must
+    ///                              allow the usage #PSA_KEY_USAGE_SIGN_HASH.
+    /// \param alg                   A signature algorithm (PSA_ALG_XXX
+    ///                              value such that #PSA_ALG_IS_SIGN_HASH(\p alg)
+    ///                              is true), that is compatible with
+    ///                              the type of \p key.
+    /// \param[in] hash              The hash or message to sign.
+    /// \param hash_length           Size of the \p hash buffer in bytes.
+    /// \param[out] signature        Buffer where the signature is to be written.
+    /// \param signature_size        Size of the \p signature buffer in bytes.
+    /// \param[out] signature_length On success, the number of bytes
+    ///                              that make up the returned signature value.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p signature buffer is too small. You can
+    ///         determine a sufficient buffer size by calling
+    ///         #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
+    ///         where \c key_type and \c key_bits are the type and bit-size
+    ///         respectively of \p key.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_sign_hash(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        hash: *const u8,
+        hash_length: usize,
+        signature: *mut u8,
+        signature_size: usize,
+        signature_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Verify the signature of a hash or short message using a public key.
+    ///
+    /// Note that to perform a hash-and-sign signature algorithm, you must
+    /// first calculate the hash by calling psa_hash_setup(), psa_hash_update()
+    /// and psa_hash_finish(), or alternatively by calling psa_hash_compute().
+    /// Then pass the resulting hash as the \p hash
+    /// parameter to this function. You can use #PSA_ALG_SIGN_GET_HASH(\p alg)
+    /// to determine the hash algorithm to use.
+    ///
+    /// \param key               Identifier of the key to use for the operation. It
+    ///                          must be a public key or an asymmetric key pair. The
+    ///                          key must allow the usage
+    ///                          #PSA_KEY_USAGE_VERIFY_HASH.
+    /// \param alg               A signature algorithm (PSA_ALG_XXX
+    ///                          value such that #PSA_ALG_IS_SIGN_HASH(\p alg)
+    ///                          is true), that is compatible with
+    ///                          the type of \p key.
+    /// \param[in] hash          The hash or message whose signature is to be
+    ///                          verified.
+    /// \param hash_length       Size of the \p hash buffer in bytes.
+    /// \param[in] signature     Buffer containing the signature to verify.
+    /// \param signature_length  Size of the \p signature buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         The signature is valid.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The calculation was performed successfully, but the passed
+    ///         signature is not a valid signature.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_verify_hash(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        hash: *const u8,
+        hash_length: usize,
+        signature: *const u8,
+        signature_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Encrypt a short message with a public key.
+    ///
+    /// \param key                   Identifier of the key to use for the operation.
+    ///                              It must be a public key or an asymmetric key
+    ///                              pair. It must allow the usage
+    ///                              #PSA_KEY_USAGE_ENCRYPT.
+    /// \param alg                   An asymmetric encryption algorithm that is
+    ///                              compatible with the type of \p key.
+    /// \param[in] input             The message to encrypt.
+    /// \param input_length          Size of the \p input buffer in bytes.
+    /// \param[in] salt              A salt or label, if supported by the
+    ///                              encryption algorithm.
+    ///                              If the algorithm does not support a
+    ///                              salt, pass \c NULL.
+    ///                              If the algorithm supports an optional
+    ///                              salt and you do not want to pass a salt,
+    ///                              pass \c NULL.
+    ///
+    ///                              - For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is
+    ///                                supported.
+    /// \param salt_length           Size of the \p salt buffer in bytes.
+    ///                              If \p salt is \c NULL, pass 0.
+    /// \param[out] output           Buffer where the encrypted message is to
+    ///                              be written.
+    /// \param output_size           Size of the \p output buffer in bytes.
+    /// \param[out] output_length    On success, the number of bytes
+    ///                              that make up the returned output.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p output buffer is too small. You can
+    ///         determine a sufficient buffer size by calling
+    ///         #PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
+    ///         where \c key_type and \c key_bits are the type and bit-size
+    ///         respectively of \p key.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_asymmetric_encrypt(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        input: *const u8,
+        input_length: usize,
+        salt: *const u8,
+        salt_length: usize,
+        output: *mut u8,
+        output_size: usize,
+        output_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Decrypt a short message with a private key.
+    ///
+    /// \param key                   Identifier of the key to use for the operation.
+    ///                              It must be an asymmetric key pair. It must
+    ///                              allow the usage #PSA_KEY_USAGE_DECRYPT.
+    /// \param alg                   An asymmetric encryption algorithm that is
+    ///                              compatible with the type of \p key.
+    /// \param[in] input             The message to decrypt.
+    /// \param input_length          Size of the \p input buffer in bytes.
+    /// \param[in] salt              A salt or label, if supported by the
+    ///                              encryption algorithm.
+    ///                              If the algorithm does not support a
+    ///                              salt, pass \c NULL.
+    ///                              If the algorithm supports an optional
+    ///                              salt and you do not want to pass a salt,
+    ///                              pass \c NULL.
+    ///
+    ///                              - For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is
+    ///                                supported.
+    /// \param salt_length           Size of the \p salt buffer in bytes.
+    ///                              If \p salt is \c NULL, pass 0.
+    /// \param[out] output           Buffer where the decrypted message is to
+    ///                              be written.
+    /// \param output_size           Size of the \c output buffer in bytes.
+    /// \param[out] output_length    On success, the number of bytes
+    ///                              that make up the returned output.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p output buffer is too small. You can
+    ///         determine a sufficient buffer size by calling
+    ///         #PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
+    ///         where \c key_type and \c key_bits are the type and bit-size
+    ///         respectively of \p key.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+    /// \retval #PSA_ERROR_INVALID_PADDING \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_asymmetric_decrypt(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        input: *const u8,
+        input_length: usize,
+        salt: *const u8,
+        salt_length: usize,
+        output: *mut u8,
+        output_size: usize,
+        output_length: *mut usize,
+    ) -> psa_status_t;
+}
+/// The type of the state data structure for key derivation operations.
+///
+/// Before calling any function on a key derivation operation object, the
+/// application must initialize it by any of the following means:
+/// - Set the structure to all-bits-zero, for example:
+///   \code
+///   psa_key_derivation_operation_t operation;
+///   memset(&operation, 0, sizeof(operation));
+///   \endcode
+/// - Initialize the structure to logical zero values, for example:
+///   \code
+///   psa_key_derivation_operation_t operation = {0};
+///   \endcode
+/// - Initialize the structure to the initializer #PSA_KEY_DERIVATION_OPERATION_INIT,
+///   for example:
+///   \code
+///   psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+///   \endcode
+/// - Assign the result of the function psa_key_derivation_operation_init()
+///   to the structure, for example:
+///   \code
+///   psa_key_derivation_operation_t operation;
+///   operation = psa_key_derivation_operation_init();
+///   \endcode
+///
+/// This is an implementation-defined \c struct. Applications should not
+/// make any assumptions about the content of this structure.
+/// Implementation details can change in future versions without notice.
+pub type psa_key_derivation_operation_t = psa_key_derivation_s;
+extern "C" {
+    /// Set up a key derivation operation.
+    ///
+    /// A key derivation algorithm takes some inputs and uses them to generate
+    /// a byte stream in a deterministic way.
+    /// This byte stream can be used to produce keys and other
+    /// cryptographic material.
+    ///
+    /// To derive a key:
+    /// -# Start with an initialized object of type #psa_key_derivation_operation_t.
+    /// -# Call psa_key_derivation_setup() to select the algorithm.
+    /// -# Provide the inputs for the key derivation by calling
+    ///    psa_key_derivation_input_bytes() or psa_key_derivation_input_key()
+    ///    as appropriate. Which inputs are needed, in what order, and whether
+    ///    they may be keys and if so of what type depends on the algorithm.
+    /// -# Optionally set the operation's maximum capacity with
+    ///    psa_key_derivation_set_capacity(). You may do this before, in the middle
+    ///    of or after providing inputs. For some algorithms, this step is mandatory
+    ///    because the output depends on the maximum capacity.
+    /// -# To derive a key, call psa_key_derivation_output_key().
+    ///    To derive a byte string for a different purpose, call
+    ///    psa_key_derivation_output_bytes().
+    ///    Successive calls to these functions use successive output bytes
+    ///    calculated by the key derivation algorithm.
+    /// -# Clean up the key derivation operation object with
+    ///    psa_key_derivation_abort().
+    ///
+    /// If this function returns an error, the key derivation operation object is
+    /// not changed.
+    ///
+    /// If an error occurs at any step after a call to psa_key_derivation_setup(),
+    /// the operation will need to be reset by a call to psa_key_derivation_abort().
+    ///
+    /// Implementations must reject an attempt to derive a key of size 0.
+    ///
+    /// \param[in,out] operation       The key derivation operation object
+    ///                                to set up. It must
+    ///                                have been initialized but not set up yet.
+    /// \param alg                     The key derivation algorithm to compute
+    ///                                (\c PSA_ALG_XXX value such that
+    ///                                #PSA_ALG_IS_KEY_DERIVATION(\p alg) is true).
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \c alg is not a key derivation algorithm.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \c alg is not supported or is not a key derivation algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be inactive), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_setup(
+        operation: *mut psa_key_derivation_operation_t,
+        alg: psa_algorithm_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Retrieve the current capacity of a key derivation operation.
+    ///
+    /// The capacity of a key derivation is the maximum number of bytes that it can
+    /// return. When you get *N* bytes of output from a key derivation operation,
+    /// this reduces its capacity by *N*.
+    ///
+    /// \param[in] operation     The operation to query.
+    /// \param[out] capacity     On success, the capacity of the operation.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_get_capacity(
+        operation: *const psa_key_derivation_operation_t,
+        capacity: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Set the maximum capacity of a key derivation operation.
+    ///
+    /// The capacity of a key derivation operation is the maximum number of bytes
+    /// that the key derivation operation can return from this point onwards.
+    ///
+    /// \param[in,out] operation The key derivation operation object to modify.
+    /// \param capacity          The new capacity of the operation.
+    ///                          It must be less or equal to the operation's
+    ///                          current capacity.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p capacity is larger than the operation's current capacity.
+    ///         In this case, the operation object remains valid and its capacity
+    ///         remains unchanged.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active), or the
+    ///         library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_set_capacity(
+        operation: *mut psa_key_derivation_operation_t,
+        capacity: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Provide an input for key derivation or key agreement.
+    ///
+    /// Which inputs are required and in what order depends on the algorithm.
+    /// Refer to the documentation of each key derivation or key agreement
+    /// algorithm for information.
+    ///
+    /// This function passes direct inputs, which is usually correct for
+    /// non-secret inputs. To pass a secret input, which should be in a key
+    /// object, call psa_key_derivation_input_key() instead of this function.
+    /// Refer to the documentation of individual step types
+    /// (`PSA_KEY_DERIVATION_INPUT_xxx` values of type ::psa_key_derivation_step_t)
+    /// for more information.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_key_derivation_abort().
+    ///
+    /// \param[in,out] operation       The key derivation operation object to use.
+    ///                                It must have been set up with
+    ///                                psa_key_derivation_setup() and must not
+    ///                                have produced any output yet.
+    /// \param step                    Which step the input data is for.
+    /// \param[in] data                Input data to use.
+    /// \param data_length             Size of the \p data buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \c step is not compatible with the operation's algorithm, or
+    ///         \c step does not allow direct inputs.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid for this input \p step, or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_input_bytes(
+        operation: *mut psa_key_derivation_operation_t,
+        step: psa_key_derivation_step_t,
+        data: *const u8,
+        data_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Provide a numeric input for key derivation or key agreement.
+    ///
+    /// Which inputs are required and in what order depends on the algorithm.
+    /// However, when an algorithm requires a particular order, numeric inputs
+    /// usually come first as they tend to be configuration parameters.
+    /// Refer to the documentation of each key derivation or key agreement
+    /// algorithm for information.
+    ///
+    /// This function is used for inputs which are fixed-size non-negative
+    /// integers.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_key_derivation_abort().
+    ///
+    /// \param[in,out] operation       The key derivation operation object to use.
+    ///                                It must have been set up with
+    ///                                psa_key_derivation_setup() and must not
+    ///                                have produced any output yet.
+    /// \param step                    Which step the input data is for.
+    /// \param[in] value               The value of the numeric input.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \c step is not compatible with the operation's algorithm, or
+    ///         \c step does not allow numeric inputs.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid for this input \p step, or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_input_integer(
+        operation: *mut psa_key_derivation_operation_t,
+        step: psa_key_derivation_step_t,
+        value: u64,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Provide an input for key derivation in the form of a key.
+    ///
+    /// Which inputs are required and in what order depends on the algorithm.
+    /// Refer to the documentation of each key derivation or key agreement
+    /// algorithm for information.
+    ///
+    /// This function obtains input from a key object, which is usually correct for
+    /// secret inputs or for non-secret personalization strings kept in the key
+    /// store. To pass a non-secret parameter which is not in the key store,
+    /// call psa_key_derivation_input_bytes() instead of this function.
+    /// Refer to the documentation of individual step types
+    /// (`PSA_KEY_DERIVATION_INPUT_xxx` values of type ::psa_key_derivation_step_t)
+    /// for more information.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_key_derivation_abort().
+    ///
+    /// \param[in,out] operation       The key derivation operation object to use.
+    ///                                It must have been set up with
+    ///                                psa_key_derivation_setup() and must not
+    ///                                have produced any output yet.
+    /// \param step                    Which step the input data is for.
+    /// \param key                     Identifier of the key. It must have an
+    ///                                appropriate type for step and must allow the
+    ///                                usage #PSA_KEY_USAGE_DERIVE or
+    ///                                #PSA_KEY_USAGE_VERIFY_DERIVATION (see note)
+    ///                                and the algorithm used by the operation.
+    ///
+    /// \note Once all inputs steps are completed, the operations will allow:
+    /// - psa_key_derivation_output_bytes() if each input was either a direct input
+    ///   or  a key with #PSA_KEY_USAGE_DERIVE set;
+    /// - psa_key_derivation_output_key() if the input for step
+    ///   #PSA_KEY_DERIVATION_INPUT_SECRET or #PSA_KEY_DERIVATION_INPUT_PASSWORD
+    ///   was from a key slot with #PSA_KEY_USAGE_DERIVE and each other input was
+    ///   either a direct input or a key with #PSA_KEY_USAGE_DERIVE set;
+    /// - psa_key_derivation_verify_bytes() if each input was either a direct input
+    ///   or  a key with #PSA_KEY_USAGE_VERIFY_DERIVATION set;
+    /// - psa_key_derivation_verify_key() under the same conditions as
+    ///   psa_key_derivation_verify_bytes().
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The key allows neither #PSA_KEY_USAGE_DERIVE nor
+    ///         #PSA_KEY_USAGE_VERIFY_DERIVATION, or it doesn't allow this
+    ///         algorithm.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \c step is not compatible with the operation's algorithm, or
+    ///         \c step does not allow key inputs of the given type
+    ///         or does not allow key inputs at all.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid for this input \p step, or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_input_key(
+        operation: *mut psa_key_derivation_operation_t,
+        step: psa_key_derivation_step_t,
+        key: mbedtls_svc_key_id_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Perform a key agreement and use the shared secret as input to a key
+    /// derivation.
+    ///
+    /// A key agreement algorithm takes two inputs: a private key \p private_key
+    /// a public key \p peer_key.
+    /// The result of this function is passed as input to a key derivation.
+    /// The output of this key derivation can be extracted by reading from the
+    /// resulting operation to produce keys and other cryptographic material.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_key_derivation_abort().
+    ///
+    /// \param[in,out] operation       The key derivation operation object to use.
+    ///                                It must have been set up with
+    ///                                psa_key_derivation_setup() with a
+    ///                                key agreement and derivation algorithm
+    ///                                \c alg (\c PSA_ALG_XXX value such that
+    ///                                #PSA_ALG_IS_KEY_AGREEMENT(\c alg) is true
+    ///                                and #PSA_ALG_IS_RAW_KEY_AGREEMENT(\c alg)
+    ///                                is false).
+    ///                                The operation must be ready for an
+    ///                                input of the type given by \p step.
+    /// \param step                    Which step the input data is for.
+    /// \param private_key             Identifier of the private key to use. It must
+    ///                                allow the usage #PSA_KEY_USAGE_DERIVE.
+    /// \param[in] peer_key      Public key of the peer. The peer key must be in the
+    ///                          same format that psa_import_key() accepts for the
+    ///                          public key type corresponding to the type of
+    ///                          private_key. That is, this function performs the
+    ///                          equivalent of
+    ///                          #psa_import_key(...,
+    ///                          `peer_key`, `peer_key_length`) where
+    ///                          with key attributes indicating the public key
+    ///                          type corresponding to the type of `private_key`.
+    ///                          For example, for EC keys, this means that peer_key
+    ///                          is interpreted as a point on the curve that the
+    ///                          private key is on. The standard formats for public
+    ///                          keys are documented in the documentation of
+    ///                          psa_export_public_key().
+    /// \param peer_key_length         Size of \p peer_key in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \c private_key is not compatible with \c alg,
+    ///         or \p peer_key is not valid for \c alg or not compatible with
+    ///         \c private_key, or \c step does not allow an input resulting
+    ///         from a key agreement.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \c alg is not supported or is not a key derivation algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid for this key agreement \p step,
+    ///         or the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_key_agreement(
+        operation: *mut psa_key_derivation_operation_t,
+        step: psa_key_derivation_step_t,
+        private_key: mbedtls_svc_key_id_t,
+        peer_key: *const u8,
+        peer_key_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Read some data from a key derivation operation.
+    ///
+    /// This function calculates output bytes from a key derivation algorithm and
+    /// return those bytes.
+    /// If you view the key derivation's output as a stream of bytes, this
+    /// function destructively reads the requested number of bytes from the
+    /// stream.
+    /// The operation's capacity decreases by the number of bytes read.
+    ///
+    /// If this function returns an error status other than
+    /// #PSA_ERROR_INSUFFICIENT_DATA, the operation enters an error
+    /// state and must be aborted by calling psa_key_derivation_abort().
+    ///
+    /// \param[in,out] operation The key derivation operation object to read from.
+    /// \param[out] output       Buffer where the output will be written.
+    /// \param output_length     Number of bytes to output.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         One of the inputs was a key whose policy didn't allow
+    ///         #PSA_KEY_USAGE_DERIVE.
+    /// \retval #PSA_ERROR_INSUFFICIENT_DATA
+    ///                          The operation's capacity was less than
+    ///                          \p output_length bytes. Note that in this case,
+    ///                          no output is written to the output buffer.
+    ///                          The operation's capacity is set to 0, thus
+    ///                          subsequent calls to this function will not
+    ///                          succeed, even with a smaller output buffer.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active and completed
+    ///         all required input steps), or the library has not been previously
+    ///         initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_output_bytes(
+        operation: *mut psa_key_derivation_operation_t,
+        output: *mut u8,
+        output_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Derive a key from an ongoing key derivation operation.
+    ///
+    /// This function calculates output bytes from a key derivation algorithm
+    /// and uses those bytes to generate a key deterministically.
+    /// The key's location, usage policy, type and size are taken from
+    /// \p attributes.
+    ///
+    /// If you view the key derivation's output as a stream of bytes, this
+    /// function destructively reads as many bytes as required from the
+    /// stream.
+    /// The operation's capacity decreases by the number of bytes read.
+    ///
+    /// If this function returns an error status other than
+    /// #PSA_ERROR_INSUFFICIENT_DATA, the operation enters an error
+    /// state and must be aborted by calling psa_key_derivation_abort().
+    ///
+    /// How much output is produced and consumed from the operation, and how
+    /// the key is derived, depends on the key type and on the key size
+    /// (denoted \c bits below):
+    ///
+    /// - For key types for which the key is an arbitrary sequence of bytes
+    ///   of a given size, this function is functionally equivalent to
+    ///   calling #psa_key_derivation_output_bytes
+    ///   and passing the resulting output to #psa_import_key.
+    ///   However, this function has a security benefit:
+    ///   if the implementation provides an isolation boundary then
+    ///   the key material is not exposed outside the isolation boundary.
+    ///   As a consequence, for these key types, this function always consumes
+    ///   exactly (\c bits / 8) bytes from the operation.
+    ///   The following key types defined in this specification follow this scheme:
+    ///
+    ///     - #PSA_KEY_TYPE_AES;
+    ///     - #PSA_KEY_TYPE_ARIA;
+    ///     - #PSA_KEY_TYPE_CAMELLIA;
+    ///     - #PSA_KEY_TYPE_DERIVE;
+    ///     - #PSA_KEY_TYPE_HMAC;
+    ///     - #PSA_KEY_TYPE_PASSWORD_HASH.
+    ///
+    /// - For ECC keys on a Montgomery elliptic curve
+    ///   (#PSA_KEY_TYPE_ECC_KEY_PAIR(\c curve) where \c curve designates a
+    ///   Montgomery curve), this function always draws a byte string whose
+    ///   length is determined by the curve, and sets the mandatory bits
+    ///   accordingly. That is:
+    ///
+    ///     - Curve25519 (#PSA_ECC_FAMILY_MONTGOMERY, 255 bits): draw a 32-byte
+    ///       string and process it as specified in RFC 7748 &sect;5.
+    ///     - Curve448 (#PSA_ECC_FAMILY_MONTGOMERY, 448 bits): draw a 56-byte
+    ///       string and process it as specified in RFC 7748 &sect;5.
+    ///
+    /// - For key types for which the key is represented by a single sequence of
+    ///   \c bits bits with constraints as to which bit sequences are acceptable,
+    ///   this function draws a byte string of length (\c bits / 8) bytes rounded
+    ///   up to the nearest whole number of bytes. If the resulting byte string
+    ///   is acceptable, it becomes the key, otherwise the drawn bytes are discarded.
+    ///   This process is repeated until an acceptable byte string is drawn.
+    ///   The byte string drawn from the operation is interpreted as specified
+    ///   for the output produced by psa_export_key().
+    ///   The following key types defined in this specification follow this scheme:
+    ///
+    ///     - #PSA_KEY_TYPE_DES.
+    ///       Force-set the parity bits, but discard forbidden weak keys.
+    ///       For 2-key and 3-key triple-DES, the three keys are generated
+    ///       successively (for example, for 3-key triple-DES,
+    ///       if the first 8 bytes specify a weak key and the next 8 bytes do not,
+    ///       discard the first 8 bytes, use the next 8 bytes as the first key,
+    ///       and continue reading output from the operation to derive the other
+    ///       two keys).
+    ///     - Finite-field Diffie-Hellman keys (#PSA_KEY_TYPE_DH_KEY_PAIR(\c group)
+    ///       where \c group designates any Diffie-Hellman group) and
+    ///       ECC keys on a Weierstrass elliptic curve
+    ///       (#PSA_KEY_TYPE_ECC_KEY_PAIR(\c curve) where \c curve designates a
+    ///       Weierstrass curve).
+    ///       For these key types, interpret the byte string as integer
+    ///       in big-endian order. Discard it if it is not in the range
+    ///       [0, *N* - 2] where *N* is the boundary of the private key domain
+    ///       (the prime *p* for Diffie-Hellman, the subprime *q* for DSA,
+    ///       or the order of the curve's base point for ECC).
+    ///       Add 1 to the resulting integer and use this as the private key *x*.
+    ///       This method allows compliance to NIST standards, specifically
+    ///       the methods titled "key-pair generation by testing candidates"
+    ///       in NIST SP 800-56A &sect;5.6.1.1.4 for Diffie-Hellman,
+    ///       in FIPS 186-4 &sect;B.1.2 for DSA, and
+    ///       in NIST SP 800-56A &sect;5.6.1.2.2 or
+    ///       FIPS 186-4 &sect;B.4.2 for elliptic curve keys.
+    ///
+    /// - For other key types, including #PSA_KEY_TYPE_RSA_KEY_PAIR,
+    ///   the way in which the operation output is consumed is
+    ///   implementation-defined.
+    ///
+    /// In all cases, the data that is read is discarded from the operation.
+    /// The operation's capacity is decreased by the number of bytes read.
+    ///
+    /// For algorithms that take an input step #PSA_KEY_DERIVATION_INPUT_SECRET,
+    /// the input to that step must be provided with psa_key_derivation_input_key().
+    /// Future versions of this specification may include additional restrictions
+    /// on the derived key based on the attributes and strength of the secret key.
+    ///
+    /// \param[in] attributes    The attributes for the new key.
+    ///                          If the key type to be created is
+    ///                          #PSA_KEY_TYPE_PASSWORD_HASH then the algorithm in
+    ///                          the policy must be the same as in the current
+    ///                          operation.
+    /// \param[in,out] operation The key derivation operation object to read from.
+    /// \param[out] key          On success, an identifier for the newly created
+    ///                          key. For persistent keys, this is the key
+    ///                          identifier defined in \p attributes.
+    ///                          \c 0 on failure.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    ///         If the key is persistent, the key material and the key's metadata
+    ///         have been saved to persistent storage.
+    /// \retval #PSA_ERROR_ALREADY_EXISTS
+    ///         This is an attempt to create a persistent key, and there is
+    ///         already a persistent key with the given identifier.
+    /// \retval #PSA_ERROR_INSUFFICIENT_DATA
+    ///         There was not enough data to create the desired key.
+    ///         Note that in this case, no output is written to the output buffer.
+    ///         The operation's capacity is set to 0, thus subsequent calls to
+    ///         this function will not succeed, even with a smaller output buffer.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         The key type or key size is not supported, either by the
+    ///         implementation in general or in this particular location.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The provided key attributes are not valid for the operation.
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The #PSA_KEY_DERIVATION_INPUT_SECRET or
+    ///         #PSA_KEY_DERIVATION_INPUT_PASSWORD input was not provided through a
+    ///         key; or one of the inputs was a key whose policy didn't allow
+    ///         #PSA_KEY_USAGE_DERIVE.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active and completed
+    ///         all required input steps), or the library has not been previously
+    ///         initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_output_key(
+        attributes: *const psa_key_attributes_t,
+        operation: *mut psa_key_derivation_operation_t,
+        key: *mut mbedtls_svc_key_id_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Compare output data from a key derivation operation to an expected value.
+    ///
+    /// This function calculates output bytes from a key derivation algorithm and
+    /// compares those bytes to an expected value in constant time.
+    /// If you view the key derivation's output as a stream of bytes, this
+    /// function destructively reads the expected number of bytes from the
+    /// stream before comparing them.
+    /// The operation's capacity decreases by the number of bytes read.
+    ///
+    /// This is functionally equivalent to the following code:
+    /// \code
+    /// psa_key_derivation_output_bytes(operation, tmp, output_length);
+    /// if (memcmp(output, tmp, output_length) != 0)
+    ///     return PSA_ERROR_INVALID_SIGNATURE;
+    /// \endcode
+    /// except (1) it works even if the key's policy does not allow outputting the
+    /// bytes, and (2) the comparison will be done in constant time.
+    ///
+    /// If this function returns an error status other than
+    /// #PSA_ERROR_INSUFFICIENT_DATA or #PSA_ERROR_INVALID_SIGNATURE,
+    /// the operation enters an error state and must be aborted by calling
+    /// psa_key_derivation_abort().
+    ///
+    /// \param[in,out] operation The key derivation operation object to read from.
+    /// \param[in] expected_output Buffer containing the expected derivation output.
+    /// \param output_length     Length of the expected output; this is also the
+    ///                          number of bytes that will be read.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The output was read successfully, but it differs from the expected
+    ///         output.
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         One of the inputs was a key whose policy didn't allow
+    ///         #PSA_KEY_USAGE_VERIFY_DERIVATION.
+    /// \retval #PSA_ERROR_INSUFFICIENT_DATA
+    ///                          The operation's capacity was less than
+    ///                          \p output_length bytes. Note that in this case,
+    ///                          the operation's capacity is set to 0, thus
+    ///                          subsequent calls to this function will not
+    ///                          succeed, even with a smaller expected output.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active and completed
+    ///         all required input steps), or the library has not been previously
+    ///         initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_verify_bytes(
+        operation: *mut psa_key_derivation_operation_t,
+        expected_output: *const u8,
+        output_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Compare output data from a key derivation operation to an expected value
+    /// stored in a key object.
+    ///
+    /// This function calculates output bytes from a key derivation algorithm and
+    /// compares those bytes to an expected value, provided as key of type
+    /// #PSA_KEY_TYPE_PASSWORD_HASH.
+    /// If you view the key derivation's output as a stream of bytes, this
+    /// function destructively reads the number of bytes corresponding to the
+    /// length of the expected value from the stream before comparing them.
+    /// The operation's capacity decreases by the number of bytes read.
+    ///
+    /// This is functionally equivalent to exporting the key and calling
+    /// psa_key_derivation_verify_bytes() on the result, except that it
+    /// works even if the key cannot be exported.
+    ///
+    /// If this function returns an error status other than
+    /// #PSA_ERROR_INSUFFICIENT_DATA or #PSA_ERROR_INVALID_SIGNATURE,
+    /// the operation enters an error state and must be aborted by calling
+    /// psa_key_derivation_abort().
+    ///
+    /// \param[in,out] operation The key derivation operation object to read from.
+    /// \param[in] expected      A key of type #PSA_KEY_TYPE_PASSWORD_HASH
+    ///                          containing the expected output. Its policy must
+    ///                          include the #PSA_KEY_USAGE_VERIFY_DERIVATION flag
+    ///                          and the permitted algorithm must match the
+    ///                          operation. The value of this key was likely
+    ///                          computed by a previous call to
+    ///                          psa_key_derivation_output_key().
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The output was read successfully, but if differs from the expected
+    ///         output.
+    /// \retval #PSA_ERROR_INVALID_HANDLE
+    ///         The key passed as the expected value does not exist.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The key passed as the expected value has an invalid type.
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The key passed as the expected value does not allow this usage or
+    ///         this algorithm; or one of the inputs was a key whose policy didn't
+    ///         allow #PSA_KEY_USAGE_VERIFY_DERIVATION.
+    /// \retval #PSA_ERROR_INSUFFICIENT_DATA
+    ///                          The operation's capacity was less than
+    ///                          the length of the expected value. In this case,
+    ///                          the operation's capacity is set to 0, thus
+    ///                          subsequent calls to this function will not
+    ///                          succeed, even with a smaller expected output.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active and completed
+    ///         all required input steps), or the library has not been previously
+    ///         initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_verify_key(
+        operation: *mut psa_key_derivation_operation_t,
+        expected: psa_key_id_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Abort a key derivation operation.
+    ///
+    /// Aborting an operation frees all associated resources except for the \c
+    /// operation structure itself. Once aborted, the operation object can be reused
+    /// for another operation by calling psa_key_derivation_setup() again.
+    ///
+    /// This function may be called at any time after the operation
+    /// object has been initialized as described in #psa_key_derivation_operation_t.
+    ///
+    /// In particular, it is valid to call psa_key_derivation_abort() twice, or to
+    /// call psa_key_derivation_abort() on an operation that has not been set up.
+    ///
+    /// \param[in,out] operation    The operation to abort.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_abort(operation: *mut psa_key_derivation_operation_t)
+        -> psa_status_t;
+}
+extern "C" {
+    /// Perform a key agreement and return the raw shared secret.
+    ///
+    /// \warning The raw result of a key agreement algorithm such as finite-field
+    /// Diffie-Hellman or elliptic curve Diffie-Hellman has biases and should
+    /// not be used directly as key material. It should instead be passed as
+    /// input to a key derivation algorithm. To chain a key agreement with
+    /// a key derivation, use psa_key_derivation_key_agreement() and other
+    /// functions from the key derivation interface.
+    ///
+    /// \param alg                     The key agreement algorithm to compute
+    ///                                (\c PSA_ALG_XXX value such that
+    ///                                #PSA_ALG_IS_RAW_KEY_AGREEMENT(\p alg)
+    ///                                is true).
+    /// \param private_key             Identifier of the private key to use. It must
+    ///                                allow the usage #PSA_KEY_USAGE_DERIVE.
+    /// \param[in] peer_key            Public key of the peer. It must be
+    ///                                in the same format that psa_import_key()
+    ///                                accepts. The standard formats for public
+    ///                                keys are documented in the documentation
+    ///                                of psa_export_public_key().
+    /// \param peer_key_length         Size of \p peer_key in bytes.
+    /// \param[out] output             Buffer where the decrypted message is to
+    ///                                be written.
+    /// \param output_size             Size of the \c output buffer in bytes.
+    /// \param[out] output_length      On success, the number of bytes
+    ///                                that make up the returned output.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p alg is not a key agreement algorithm, or
+    ///         \p private_key is not compatible with \p alg,
+    ///         or \p peer_key is not valid for \p alg or not compatible with
+    ///         \p private_key.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         \p output_size is too small
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not a supported key agreement algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_raw_key_agreement(
+        alg: psa_algorithm_t,
+        private_key: mbedtls_svc_key_id_t,
+        peer_key: *const u8,
+        peer_key_length: usize,
+        output: *mut u8,
+        output_size: usize,
+        output_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Generate random bytes.
+    ///
+    /// \warning This function **can** fail! Callers MUST check the return status
+    ///          and MUST NOT use the content of the output buffer if the return
+    ///          status is not #PSA_SUCCESS.
+    ///
+    /// \note    To generate a key, use psa_generate_key() instead.
+    ///
+    /// \param[out] output       Output buffer for the generated data.
+    /// \param output_size       Number of bytes to generate and output.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_generate_random(output: *mut u8, output_size: usize) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Generate a key or key pair.
+    ///
+    /// The key is generated randomly.
+    /// Its location, usage policy, type and size are taken from \p attributes.
+    ///
+    /// Implementations must reject an attempt to generate a key of size 0.
+    ///
+    /// The following type-specific considerations apply:
+    /// - For RSA keys (#PSA_KEY_TYPE_RSA_KEY_PAIR),
+    ///   the public exponent is 65537.
+    ///   The modulus is a product of two probabilistic primes
+    ///   between 2^{n-1} and 2^n where n is the bit size specified in the
+    ///   attributes.
+    ///
+    /// \param[in] attributes    The attributes for the new key.
+    /// \param[out] key          On success, an identifier for the newly created
+    ///                          key. For persistent keys, this is the key
+    ///                          identifier defined in \p attributes.
+    ///                          \c 0 on failure.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    ///         If the key is persistent, the key material and the key's metadata
+    ///         have been saved to persistent storage.
+    /// \retval #PSA_ERROR_ALREADY_EXISTS
+    ///         This is an attempt to create a persistent key, and there is
+    ///         already a persistent key with the given identifier.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_generate_key(
+        attributes: *const psa_key_attributes_t,
+        key: *mut mbedtls_svc_key_id_t,
+    ) -> psa_status_t;
+}
+/// The type of the state data structure for interruptible hash
+///  signing operations.
+///
+/// Before calling any function on a sign hash operation object, the
+/// application must initialize it by any of the following means:
+/// - Set the structure to all-bits-zero, for example:
+///   \code
+///   psa_sign_hash_interruptible_operation_t operation;
+///   memset(&operation, 0, sizeof(operation));
+///   \endcode
+/// - Initialize the structure to logical zero values, for example:
+///   \code
+///   psa_sign_hash_interruptible_operation_t operation = {0};
+///   \endcode
+/// - Initialize the structure to the initializer
+///   #PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT, for example:
+///   \code
+///   psa_sign_hash_interruptible_operation_t operation =
+///   PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT;
+///   \endcode
+/// - Assign the result of the function
+///   psa_sign_hash_interruptible_operation_init() to the structure, for
+///   example:
+///   \code
+///   psa_sign_hash_interruptible_operation_t operation;
+///   operation = psa_sign_hash_interruptible_operation_init();
+///   \endcode
+///
+/// This is an implementation-defined \c struct. Applications should not
+/// make any assumptions about the content of this structure.
+/// Implementation details can change in future versions without notice.
+pub type psa_sign_hash_interruptible_operation_t = psa_sign_hash_interruptible_operation_s;
+/// The type of the state data structure for interruptible hash
+///  verification operations.
+///
+/// Before calling any function on a sign hash operation object, the
+/// application must initialize it by any of the following means:
+/// - Set the structure to all-bits-zero, for example:
+///   \code
+///   psa_verify_hash_interruptible_operation_t operation;
+///   memset(&operation, 0, sizeof(operation));
+///   \endcode
+/// - Initialize the structure to logical zero values, for example:
+///   \code
+///   psa_verify_hash_interruptible_operation_t operation = {0};
+///   \endcode
+/// - Initialize the structure to the initializer
+///   #PSA_VERIFY_HASH_INTERRUPTIBLE_OPERATION_INIT, for example:
+///   \code
+///   psa_verify_hash_interruptible_operation_t operation =
+///   PSA_VERIFY_HASH_INTERRUPTIBLE_OPERATION_INIT;
+///   \endcode
+/// - Assign the result of the function
+///   psa_verify_hash_interruptible_operation_init() to the structure, for
+///   example:
+///   \code
+///   psa_verify_hash_interruptible_operation_t operation;
+///   operation = psa_verify_hash_interruptible_operation_init();
+///   \endcode
+///
+/// This is an implementation-defined \c struct. Applications should not
+/// make any assumptions about the content of this structure.
+/// Implementation details can change in future versions without notice.
+pub type psa_verify_hash_interruptible_operation_t = psa_verify_hash_interruptible_operation_s;
+extern "C" {
+    /// \brief                       Set the maximum number of ops allowed to be
+    ///                              executed by an interruptible function in a
+    ///                              single call.
+    ///
+    /// \warning                     This is a beta API, and thus subject to change
+    ///                              at any point. It is not bound by the usual
+    ///                              interface stability promises.
+    ///
+    /// \note                        The time taken to execute a single op is
+    ///                              implementation specific and depends on
+    ///                              software, hardware, the algorithm, key type and
+    ///                              curve chosen. Even within a single operation,
+    ///                              successive ops can take differing amounts of
+    ///                              time. The only guarantee is that lower values
+    ///                              for \p max_ops means functions will block for a
+    ///                              lesser maximum amount of time. The functions
+    ///                              \c psa_sign_interruptible_get_num_ops() and
+    ///                              \c psa_verify_interruptible_get_num_ops() are
+    ///                              provided to help with tuning this value.
+    ///
+    /// \note                        This value defaults to
+    ///                              #PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED, which
+    ///                              means the whole operation will be done in one
+    ///                              go, regardless of the number of ops required.
+    ///
+    /// \note                        If more ops are needed to complete a
+    ///                              computation, #PSA_OPERATION_INCOMPLETE will be
+    ///                              returned by the function performing the
+    ///                              computation. It is then the caller's
+    ///                              responsibility to either call again with the
+    ///                              same operation context until it returns 0 or an
+    ///                              error code; or to call the relevant abort
+    ///                              function if the answer is no longer required.
+    ///
+    /// \note                        The interpretation of \p max_ops is also
+    ///                              implementation defined. On a hard real time
+    ///                              system, this can indicate a hard deadline, as a
+    ///                              real-time system needs a guarantee of not
+    ///                              spending more than X time, however care must be
+    ///                              taken in such an implementation to avoid the
+    ///                              situation whereby calls just return, not being
+    ///                              able to do any actual work within the allotted
+    ///                              time.  On a non-real-time system, the
+    ///                              implementation can be more relaxed, but again
+    ///                              whether this number should be interpreted as as
+    ///                              hard or soft limit or even whether a less than
+    ///                              or equals as regards to ops executed in a
+    ///                              single call is implementation defined.
+    ///
+    /// \note                        For keys in local storage when no accelerator
+    ///                              driver applies, please see also the
+    ///                              documentation for \c mbedtls_ecp_set_max_ops(),
+    ///                              which is the internal implementation in these
+    ///                              cases.
+    ///
+    /// \warning                     With implementations that interpret this number
+    ///                              as a hard limit, setting this number too small
+    ///                              may result in an infinite loop, whereby each
+    ///                              call results in immediate return with no ops
+    ///                              done (as there is not enough time to execute
+    ///                              any), and thus no result will ever be achieved.
+    ///
+    /// \note                        This only applies to functions whose
+    ///                              documentation mentions they may return
+    ///                              #PSA_OPERATION_INCOMPLETE.
+    ///
+    /// \param max_ops               The maximum number of ops to be executed in a
+    ///                              single call. This can be a number from 0 to
+    ///                              #PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED, where 0
+    ///                              is the least amount of work done per call.
+    pub fn psa_interruptible_set_max_ops(max_ops: u32);
+}
+extern "C" {
+    /// \brief                       Get the maximum number of ops allowed to be
+    ///                              executed by an interruptible function in a
+    ///                              single call. This will return the last
+    ///                              value set by
+    ///                              \c psa_interruptible_set_max_ops() or
+    ///                              #PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED if
+    ///                              that function has never been called.
+    ///
+    /// \warning                     This is a beta API, and thus subject to change
+    ///                              at any point. It is not bound by the usual
+    ///                              interface stability promises.
+    ///
+    /// \return                      Maximum number of ops allowed to be
+    ///                              executed by an interruptible function in a
+    ///                              single call.
+    pub fn psa_interruptible_get_max_ops() -> u32;
+}
+extern "C" {
+    /// \brief                       Get the number of ops that a hash signing
+    ///                              operation has taken so far. If the operation
+    ///                              has completed, then this will represent the
+    ///                              number of ops required for the entire
+    ///                              operation. After initialization or calling
+    ///                              \c psa_sign_hash_interruptible_abort() on
+    ///                              the operation, a value of 0 will be returned.
+    ///
+    /// \note                        This interface is guaranteed re-entrant and
+    ///                              thus may be called from driver code.
+    ///
+    /// \warning                     This is a beta API, and thus subject to change
+    ///                              at any point. It is not bound by the usual
+    ///                              interface stability promises.
+    ///
+    ///                              This is a helper provided to help you tune the
+    ///                              value passed to \c
+    ///                              psa_interruptible_set_max_ops().
+    ///
+    /// \param operation             The \c psa_sign_hash_interruptible_operation_t
+    ///                              to use. This must be initialized first.
+    ///
+    /// \return                      Number of ops that the operation has taken so
+    ///                              far.
+    pub fn psa_sign_hash_get_num_ops(
+        operation: *const psa_sign_hash_interruptible_operation_t,
+    ) -> u32;
+}
+extern "C" {
+    /// \brief                       Get the number of ops that a hash verification
+    ///                              operation has taken so far. If the operation
+    ///                              has completed, then this will represent the
+    ///                              number of ops required for the entire
+    ///                              operation. After initialization or calling \c
+    ///                              psa_verify_hash_interruptible_abort() on the
+    ///                              operation, a value of 0 will be returned.
+    ///
+    /// \warning                     This is a beta API, and thus subject to change
+    ///                              at any point. It is not bound by the usual
+    ///                              interface stability promises.
+    ///
+    ///                              This is a helper provided to help you tune the
+    ///                              value passed to \c
+    ///                              psa_interruptible_set_max_ops().
+    ///
+    /// \param operation             The \c
+    ///                              psa_verify_hash_interruptible_operation_t to
+    ///                              use. This must be initialized first.
+    ///
+    /// \return                      Number of ops that the operation has taken so
+    ///                              far.
+    pub fn psa_verify_hash_get_num_ops(
+        operation: *const psa_verify_hash_interruptible_operation_t,
+    ) -> u32;
+}
+extern "C" {
+    /// \brief                       Start signing a hash or short message with a
+    ///                              private key, in an interruptible manner.
+    ///
+    /// \see                         \c psa_sign_hash_complete()
+    ///
+    /// \warning                     This is a beta API, and thus subject to change
+    ///                              at any point. It is not bound by the usual
+    ///                              interface stability promises.
+    ///
+    /// \note                        This function combined with \c
+    ///                              psa_sign_hash_complete() is equivalent to
+    ///                              \c psa_sign_hash() but
+    ///                              \c psa_sign_hash_complete() can return early and
+    ///                              resume according to the limit set with \c
+    ///                              psa_interruptible_set_max_ops() to reduce the
+    ///                              maximum time spent in a function call.
+    ///
+    /// \note                        Users should call \c psa_sign_hash_complete()
+    ///                              repeatedly on the same context after a
+    ///                              successful call to this function until \c
+    ///                              psa_sign_hash_complete() either returns 0 or an
+    ///                              error. \c psa_sign_hash_complete() will return
+    ///                              #PSA_OPERATION_INCOMPLETE if there is more work
+    ///                              to do. Alternatively users can call
+    ///                              \c psa_sign_hash_abort() at any point if they no
+    ///                              longer want the result.
+    ///
+    /// \note                        If this function returns an error status, the
+    ///                              operation enters an error state and must be
+    ///                              aborted by calling \c psa_sign_hash_abort().
+    ///
+    /// \param[in, out] operation    The \c psa_sign_hash_interruptible_operation_t
+    ///                              to use. This must be initialized first.
+    ///
+    /// \param key                   Identifier of the key to use for the operation.
+    ///                              It must be an asymmetric key pair. The key must
+    ///                              allow the usage #PSA_KEY_USAGE_SIGN_HASH.
+    /// \param alg                   A signature algorithm (\c PSA_ALG_XXX
+    ///                              value such that #PSA_ALG_IS_SIGN_HASH(\p alg)
+    ///                              is true), that is compatible with
+    ///                              the type of \p key.
+    /// \param[in] hash              The hash or message to sign.
+    /// \param hash_length           Size of the \p hash buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         The operation started successfully - call \c psa_sign_hash_complete()
+    ///         with the same context to complete the operation
+    ///
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The key does not have the #PSA_KEY_USAGE_SIGN_HASH flag, or it does
+    ///         not permit the requested algorithm.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         An operation has previously been started on this context, and is
+    ///         still in progress.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_sign_hash_start(
+        operation: *mut psa_sign_hash_interruptible_operation_t,
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        hash: *const u8,
+        hash_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief                       Continue and eventually complete the action of
+    ///                              signing a hash or short message with a private
+    ///                              key, in an interruptible manner.
+    ///
+    /// \see                         \c psa_sign_hash_start()
+    ///
+    /// \warning                     This is a beta API, and thus subject to change
+    ///                              at any point. It is not bound by the usual
+    ///                              interface stability promises.
+    ///
+    /// \note                        This function combined with \c
+    ///                              psa_sign_hash_start() is equivalent to
+    ///                              \c psa_sign_hash() but this function can return
+    ///                              early and resume according to the limit set with
+    ///                              \c psa_interruptible_set_max_ops() to reduce the
+    ///                              maximum time spent in a function call.
+    ///
+    /// \note                        Users should call this function on the same
+    ///                              operation object repeatedly until it either
+    ///                              returns 0 or an error. This function will return
+    ///                              #PSA_OPERATION_INCOMPLETE if there is more work
+    ///                              to do. Alternatively users can call
+    ///                              \c psa_sign_hash_abort() at any point if they no
+    ///                              longer want the result.
+    ///
+    /// \note                        When this function returns successfully, the
+    ///                              operation becomes inactive. If this function
+    ///                              returns an error status, the operation enters an
+    ///                              error state and must be aborted by calling
+    ///                              \c psa_sign_hash_abort().
+    ///
+    /// \param[in, out] operation    The \c psa_sign_hash_interruptible_operation_t
+    ///                              to use. This must be initialized first, and have
+    ///                              had \c psa_sign_hash_start() called with it
+    ///                              first.
+    ///
+    /// \param[out] signature        Buffer where the signature is to be written.
+    /// \param signature_size        Size of the \p signature buffer in bytes. This
+    ///                              must be appropriate for the selected
+    ///                              algorithm and key:
+    ///                              - The required signature size is
+    ///                                #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c
+    ///                                key_bits, \c alg) where \c key_type and \c
+    ///                                key_bits are the type and bit-size
+    ///                                respectively of key.
+    ///                              - #PSA_SIGNATURE_MAX_SIZE evaluates to the
+    ///                                maximum signature size of any supported
+    ///                                signature algorithm.
+    /// \param[out] signature_length On success, the number of bytes that make up
+    ///                              the returned signature value.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Operation completed successfully
+    ///
+    /// \retval #PSA_OPERATION_INCOMPLETE
+    ///         Operation was interrupted due to the setting of \c
+    ///         psa_interruptible_set_max_ops(). There is still work to be done.
+    ///         Call this function again with the same operation object.
+    ///
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p signature buffer is too small. You can
+    ///         determine a sufficient buffer size by calling
+    ///         #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
+    ///         where \c key_type and \c key_bits are the type and bit-size
+    ///         respectively of \p key.
+    ///
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         An operation was not previously started on this context via
+    ///         \c psa_sign_hash_start().
+    ///
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has either not been previously initialized by
+    ///         psa_crypto_init() or you did not previously call
+    ///         psa_sign_hash_start() with this operation object. It is
+    ///         implementation-dependent whether a failure to initialize results in
+    ///         this error code.
+    pub fn psa_sign_hash_complete(
+        operation: *mut psa_sign_hash_interruptible_operation_t,
+        signature: *mut u8,
+        signature_size: usize,
+        signature_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief                       Abort a sign hash operation.
+    ///
+    /// \warning                     This is a beta API, and thus subject to change
+    ///                              at any point. It is not bound by the usual
+    ///                              interface stability promises.
+    ///
+    /// \note                        This function is the only function that clears
+    ///                              the number of ops completed as part of the
+    ///                              operation. Please ensure you copy this value via
+    ///                              \c psa_sign_hash_get_num_ops() if required
+    ///                              before calling.
+    ///
+    /// \note                        Aborting an operation frees all associated
+    ///                              resources except for the \p operation structure
+    ///                              itself. Once aborted, the operation object can
+    ///                              be reused for another operation by calling \c
+    ///                              psa_sign_hash_start() again.
+    ///
+    /// \note                        You may call this function any time after the
+    ///                              operation object has been initialized. In
+    ///                              particular, calling \c psa_sign_hash_abort()
+    ///                              after the operation has already been terminated
+    ///                              by a call to \c psa_sign_hash_abort() or
+    ///                              psa_sign_hash_complete() is safe.
+    ///
+    /// \param[in,out] operation     Initialized sign hash operation.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         The operation was aborted successfully.
+    ///
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_sign_hash_abort(
+        operation: *mut psa_sign_hash_interruptible_operation_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief                       Start reading and verifying a hash or short
+    ///                              message, in an interruptible manner.
+    ///
+    /// \see                         \c psa_verify_hash_complete()
+    ///
+    /// \warning                     This is a beta API, and thus subject to change
+    ///                              at any point. It is not bound by the usual
+    ///                              interface stability promises.
+    ///
+    /// \note                        This function combined with \c
+    ///                              psa_verify_hash_complete() is equivalent to
+    ///                              \c psa_verify_hash() but \c
+    ///                              psa_verify_hash_complete() can return early and
+    ///                              resume according to the limit set with \c
+    ///                              psa_interruptible_set_max_ops() to reduce the
+    ///                              maximum time spent in a function.
+    ///
+    /// \note                        Users should call \c psa_verify_hash_complete()
+    ///                              repeatedly on the same operation object after a
+    ///                              successful call to this function until \c
+    ///                              psa_verify_hash_complete() either returns 0 or
+    ///                              an error. \c psa_verify_hash_complete() will
+    ///                              return #PSA_OPERATION_INCOMPLETE if there is
+    ///                              more work to do. Alternatively users can call
+    ///                              \c psa_verify_hash_abort() at any point if they
+    ///                              no longer want the result.
+    ///
+    /// \note                        If this function returns an error status, the
+    ///                              operation enters an error state and must be
+    ///                              aborted by calling \c psa_verify_hash_abort().
+    ///
+    /// \param[in, out] operation    The \c psa_verify_hash_interruptible_operation_t
+    ///                              to use. This must be initialized first.
+    ///
+    /// \param key                   Identifier of the key to use for the operation.
+    ///                              The key must allow the usage
+    ///                              #PSA_KEY_USAGE_VERIFY_HASH.
+    /// \param alg                   A signature algorithm (\c PSA_ALG_XXX
+    ///                              value such that #PSA_ALG_IS_SIGN_HASH(\p alg)
+    ///                              is true), that is compatible with
+    ///                              the type of \p key.
+    /// \param[in] hash              The hash whose signature is to be verified.
+    /// \param hash_length           Size of the \p hash buffer in bytes.
+    /// \param[in] signature         Buffer containing the signature to verify.
+    /// \param signature_length      Size of the \p signature buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         The operation started successfully - please call \c
+    ///         psa_verify_hash_complete() with the same context to complete the
+    ///         operation.
+    ///
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         Another operation has already been started on this context, and is
+    ///         still in progress.
+    ///
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The key does not have the #PSA_KEY_USAGE_VERIFY_HASH flag, or it does
+    ///         not permit the requested algorithm.
+    ///
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_verify_hash_start(
+        operation: *mut psa_verify_hash_interruptible_operation_t,
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        hash: *const u8,
+        hash_length: usize,
+        signature: *const u8,
+        signature_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief                       Continue and eventually complete the action of
+    ///                              reading and verifying a hash or short message
+    ///                              signed with a private key, in an interruptible
+    ///                              manner.
+    ///
+    /// \see                         \c psa_verify_hash_start()
+    ///
+    /// \warning                     This is a beta API, and thus subject to change
+    ///                              at any point. It is not bound by the usual
+    ///                              interface stability promises.
+    ///
+    /// \note                        This function combined with \c
+    ///                              psa_verify_hash_start() is equivalent to
+    ///                              \c psa_verify_hash() but this function can
+    ///                              return early and resume according to the limit
+    ///                              set with \c psa_interruptible_set_max_ops() to
+    ///                              reduce the maximum time spent in a function
+    ///                              call.
+    ///
+    /// \note                        Users should call this function on the same
+    ///                              operation object repeatedly until it either
+    ///                              returns 0 or an error. This function will return
+    ///                              #PSA_OPERATION_INCOMPLETE if there is more work
+    ///                              to do. Alternatively users can call
+    ///                              \c psa_verify_hash_abort() at any point if they
+    ///                              no longer want the result.
+    ///
+    /// \note                        When this function returns successfully, the
+    ///                              operation becomes inactive. If this function
+    ///                              returns an error status, the operation enters an
+    ///                              error state and must be aborted by calling
+    ///                              \c psa_verify_hash_abort().
+    ///
+    /// \param[in, out] operation    The \c psa_verify_hash_interruptible_operation_t
+    ///                              to use. This must be initialized first, and have
+    ///                              had \c psa_verify_hash_start() called with it
+    ///                              first.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Operation completed successfully, and the passed signature is valid.
+    ///
+    /// \retval #PSA_OPERATION_INCOMPLETE
+    ///         Operation was interrupted due to the setting of \c
+    ///         psa_interruptible_set_max_ops(). There is still work to be done.
+    ///         Call this function again with the same operation object.
+    ///
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The calculation was performed successfully, but the passed
+    ///         signature is not a valid signature.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         An operation was not previously started on this context via
+    ///         \c psa_verify_hash_start().
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has either not been previously initialized by
+    ///         psa_crypto_init() or you did not previously call
+    ///         psa_verify_hash_start() on this object. It is
+    ///         implementation-dependent whether a failure to initialize results in
+    ///         this error code.
+    pub fn psa_verify_hash_complete(
+        operation: *mut psa_verify_hash_interruptible_operation_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief                     Abort a verify hash operation.
+    ///
+    /// \warning                   This is a beta API, and thus subject to change at
+    ///                            any point. It is not bound by the usual interface
+    ///                            stability promises.
+    ///
+    /// \note                      This function is the only function that clears the
+    ///                            number of ops completed as part of the operation.
+    ///                            Please ensure you copy this value via
+    ///                            \c psa_verify_hash_get_num_ops() if required
+    ///                            before calling.
+    ///
+    /// \note                      Aborting an operation frees all associated
+    ///                            resources except for the operation structure
+    ///                            itself. Once aborted, the operation object can be
+    ///                            reused for another operation by calling \c
+    ///                            psa_verify_hash_start() again.
+    ///
+    /// \note                      You may call this function any time after the
+    ///                            operation object has been initialized.
+    ///                            In particular, calling \c psa_verify_hash_abort()
+    ///                            after the operation has already been terminated by
+    ///                            a call to \c psa_verify_hash_abort() or
+    ///                            psa_verify_hash_complete() is safe.
+    ///
+    /// \param[in,out] operation   Initialized verify hash operation.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         The operation was aborted successfully.
+    ///
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_verify_hash_abort(
+        operation: *mut psa_verify_hash_interruptible_operation_t,
+    ) -> psa_status_t;
+}
+/// The CMAC context structure.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_cmac_context_t {
+    pub private_state: [crate::c_types::c_uchar; 16usize],
+    pub private_unprocessed_block: [crate::c_types::c_uchar; 16usize],
+    pub private_unprocessed_len: usize,
+}
+extern "C" {
+    /// \brief               This function starts a new CMAC computation
+    ///                      by setting the CMAC key, and preparing to authenticate
+    ///                      the input data.
+    ///                      It must be called with an initialized cipher context.
+    ///
+    ///                      Once this function has completed, data can be supplied
+    ///                      to the CMAC computation by calling
+    ///                      mbedtls_cipher_cmac_update().
+    ///
+    ///                      To start a CMAC computation using the same key as a previous
+    ///                      CMAC computation, use mbedtls_cipher_cmac_finish().
+    ///
+    /// \note                When the CMAC implementation is supplied by an alternate
+    ///                      implementation (through #MBEDTLS_CMAC_ALT), some ciphers
+    ///                      may not be supported by that implementation, and thus
+    ///                      return an error. Alternate implementations must support
+    ///                      AES-128 and AES-256, and may support AES-192 and 3DES.
+    ///
+    /// \param ctx           The cipher context used for the CMAC operation, initialized
+    ///                      as one of the following types: MBEDTLS_CIPHER_AES_128_ECB,
+    ///                      MBEDTLS_CIPHER_AES_192_ECB, MBEDTLS_CIPHER_AES_256_ECB,
+    ///                      or MBEDTLS_CIPHER_DES_EDE3_ECB.
+    /// \param key           The CMAC key.
+    /// \param keybits       The length of the CMAC key in bits.
+    ///                      Must be supported by the cipher.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              A cipher-specific error code on failure.
+    pub fn mbedtls_cipher_cmac_starts(
+        ctx: *mut mbedtls_cipher_context_t,
+        key: *const crate::c_types::c_uchar,
+        keybits: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function feeds an input buffer into an ongoing CMAC
+    ///                      computation.
+    ///
+    ///                      The CMAC computation must have previously been started
+    ///                      by calling mbedtls_cipher_cmac_starts() or
+    ///                      mbedtls_cipher_cmac_reset().
+    ///
+    ///                      Call this function as many times as needed to input the
+    ///                      data to be authenticated.
+    ///                      Once all of the required data has been input,
+    ///                      call mbedtls_cipher_cmac_finish() to obtain the result
+    ///                      of the CMAC operation.
+    ///
+    /// \param ctx           The cipher context used for the CMAC operation.
+    /// \param input         The buffer holding the input data.
+    /// \param ilen          The length of the input data.
+    ///
+    /// \return             \c 0 on success.
+    /// \return             #MBEDTLS_ERR_MD_BAD_INPUT_DATA
+    ///                     if parameter verification fails.
+    pub fn mbedtls_cipher_cmac_update(
+        ctx: *mut mbedtls_cipher_context_t,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function finishes an ongoing CMAC operation, and
+    ///                      writes the result to the output buffer.
+    ///
+    ///                      It should be followed either by
+    ///                      mbedtls_cipher_cmac_reset(), which starts another CMAC
+    ///                      operation with the same key, or mbedtls_cipher_free(),
+    ///                      which clears the cipher context.
+    ///
+    /// \param ctx           The cipher context used for the CMAC operation.
+    /// \param output        The output buffer for the CMAC checksum result.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_MD_BAD_INPUT_DATA
+    ///                      if parameter verification fails.
+    pub fn mbedtls_cipher_cmac_finish(
+        ctx: *mut mbedtls_cipher_context_t,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function starts a new CMAC operation with the same
+    ///                      key as the previous one.
+    ///
+    ///                      It should be called after finishing the previous CMAC
+    ///                      operation with mbedtls_cipher_cmac_finish().
+    ///                      After calling this function,
+    ///                      call mbedtls_cipher_cmac_update() to supply the new
+    ///                      CMAC operation with data.
+    ///
+    /// \param ctx           The cipher context used for the CMAC operation.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_MD_BAD_INPUT_DATA
+    ///                      if parameter verification fails.
+    pub fn mbedtls_cipher_cmac_reset(ctx: *mut mbedtls_cipher_context_t) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function calculates the full generic CMAC
+    ///                      on the input buffer with the provided key.
+    ///
+    ///                      The function allocates the context, performs the
+    ///                      calculation, and frees the context.
+    ///
+    ///                      The CMAC result is calculated as
+    ///                      output = generic CMAC(cmac key, input buffer).
+    ///
+    /// \note                When the CMAC implementation is supplied by an alternate
+    ///                      implementation (through #MBEDTLS_CMAC_ALT), some ciphers
+    ///                      may not be supported by that implementation, and thus
+    ///                      return an error. Alternate implementations must support
+    ///                      AES-128 and AES-256, and may support AES-192 and 3DES.
+    ///
+    /// \param cipher_info   The cipher information.
+    /// \param key           The CMAC key.
+    /// \param keylen        The length of the CMAC key in bits.
+    /// \param input         The buffer holding the input data.
+    /// \param ilen          The length of the input data.
+    /// \param output        The buffer for the generic CMAC result.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_MD_BAD_INPUT_DATA
+    ///                      if parameter verification fails.
+    pub fn mbedtls_cipher_cmac(
+        cipher_info: *const mbedtls_cipher_info_t,
+        key: *const crate::c_types::c_uchar,
+        keylen: usize,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function implements the AES-CMAC-PRF-128 pseudorandom
+    ///                  function, as defined in
+    ///                  <em>RFC-4615: The Advanced Encryption Standard-Cipher-based
+    ///                  Message Authentication Code-Pseudo-Random Function-128
+    ///                  (AES-CMAC-PRF-128) Algorithm for the Internet Key
+    ///                  Exchange Protocol (IKE).</em>
+    ///
+    /// \param key       The key to use.
+    /// \param key_len   The key length in Bytes.
+    /// \param input     The buffer holding the input data.
+    /// \param in_len    The length of the input data in Bytes.
+    /// \param output    The buffer holding the generated 16 Bytes of
+    ///                  pseudorandom output.
+    ///
+    /// \return          \c 0 on success.
+    pub fn mbedtls_aes_cmac_prf_128(
+        key: *const crate::c_types::c_uchar,
+        key_len: usize,
+        input: *const crate::c_types::c_uchar,
+        in_len: usize,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          The CMAC checkup routine.
+    ///
+    /// \note           In case the CMAC routines are provided by an alternative
+    ///                 implementation (i.e. #MBEDTLS_CMAC_ALT is defined), the
+    ///                 checkup routine will succeed even if the implementation does
+    ///                 not support the less widely used AES-192 or 3DES primitives.
+    ///                 The self-test requires at least AES-128 and AES-256 to be
+    ///                 supported by the underlying implementation.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_cmac_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+/// \brief          The GCM context structure.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_gcm_context {
+    pub private_cipher_ctx: mbedtls_cipher_context_t,
+    pub private_HL: [u64; 16usize],
+    pub private_HH: [u64; 16usize],
+    pub private_len: u64,
+    pub private_add_len: u64,
+    pub private_base_ectr: [crate::c_types::c_uchar; 16usize],
+    pub private_y: [crate::c_types::c_uchar; 16usize],
+    pub private_buf: [crate::c_types::c_uchar; 16usize],
+    pub private_mode: crate::c_types::c_int,
+}
+extern "C" {
+    /// \brief           This function initializes the specified GCM context,
+    ///                  to make references valid, and prepares the context
+    ///                  for mbedtls_gcm_setkey() or mbedtls_gcm_free().
+    ///
+    ///                  The function does not bind the GCM context to a particular
+    ///                  cipher, nor set the key. For this purpose, use
+    ///                  mbedtls_gcm_setkey().
+    ///
+    /// \param ctx       The GCM context to initialize. This must not be \c NULL.
+    pub fn mbedtls_gcm_init(ctx: *mut mbedtls_gcm_context);
+}
+extern "C" {
+    /// \brief           This function associates a GCM context with a
+    ///                  cipher algorithm and a key.
+    ///
+    /// \param ctx       The GCM context. This must be initialized.
+    /// \param cipher    The 128-bit block cipher to use.
+    /// \param key       The encryption key. This must be a readable buffer of at
+    ///                  least \p keybits bits.
+    /// \param keybits   The key size in bits. Valid options are:
+    ///                  <ul><li>128 bits</li>
+    ///                  <li>192 bits</li>
+    ///                  <li>256 bits</li></ul>
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A cipher-specific error code on failure.
+    pub fn mbedtls_gcm_setkey(
+        ctx: *mut mbedtls_gcm_context,
+        cipher: mbedtls_cipher_id_t,
+        key: *const crate::c_types::c_uchar,
+        keybits: crate::c_types::c_uint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function performs GCM encryption or decryption of a buffer.
+    ///
+    /// \note            For encryption, the output buffer can be the same as the
+    ///                  input buffer. For decryption, the output buffer cannot be
+    ///                  the same as input buffer. If the buffers overlap, the output
+    ///                  buffer must trail at least 8 Bytes behind the input buffer.
+    ///
+    /// \warning         When this function performs a decryption, it outputs the
+    ///                  authentication tag and does not verify that the data is
+    ///                  authentic. You should use this function to perform encryption
+    ///                  only. For decryption, use mbedtls_gcm_auth_decrypt() instead.
+    ///
+    /// \param ctx       The GCM context to use for encryption or decryption. This
+    ///                  must be initialized.
+    /// \param mode      The operation to perform:
+    ///                  - #MBEDTLS_GCM_ENCRYPT to perform authenticated encryption.
+    ///                    The ciphertext is written to \p output and the
+    ///                    authentication tag is written to \p tag.
+    ///                  - #MBEDTLS_GCM_DECRYPT to perform decryption.
+    ///                    The plaintext is written to \p output and the
+    ///                    authentication tag is written to \p tag.
+    ///                    Note that this mode is not recommended, because it does
+    ///                    not verify the authenticity of the data. For this reason,
+    ///                    you should use mbedtls_gcm_auth_decrypt() instead of
+    ///                    calling this function in decryption mode.
+    /// \param length    The length of the input data, which is equal to the length
+    ///                  of the output data.
+    /// \param iv        The initialization vector. This must be a readable buffer of
+    ///                  at least \p iv_len Bytes.
+    /// \param iv_len    The length of the IV.
+    /// \param add       The buffer holding the additional data. This must be of at
+    ///                  least that size in Bytes.
+    /// \param add_len   The length of the additional data.
+    /// \param input     The buffer holding the input data. If \p length is greater
+    ///                  than zero, this must be a readable buffer of at least that
+    ///                  size in Bytes.
+    /// \param output    The buffer for holding the output data. If \p length is greater
+    ///                  than zero, this must be a writable buffer of at least that
+    ///                  size in Bytes.
+    /// \param tag_len   The length of the tag to generate.
+    /// \param tag       The buffer for holding the tag. This must be a writable
+    ///                  buffer of at least \p tag_len Bytes.
+    ///
+    /// \return          \c 0 if the encryption or decryption was performed
+    ///                  successfully. Note that in #MBEDTLS_GCM_DECRYPT mode,
+    ///                  this does not indicate that the data is authentic.
+    /// \return          #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths or pointers are
+    ///                  not valid or a cipher-specific error code if the encryption
+    ///                  or decryption failed.
+    pub fn mbedtls_gcm_crypt_and_tag(
+        ctx: *mut mbedtls_gcm_context,
+        mode: crate::c_types::c_int,
+        length: usize,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+        add: *const crate::c_types::c_uchar,
+        add_len: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+        tag_len: usize,
+        tag: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function performs a GCM authenticated decryption of a
+    ///                  buffer.
+    ///
+    /// \note            For decryption, the output buffer cannot be the same as
+    ///                  input buffer. If the buffers overlap, the output buffer
+    ///                  must trail at least 8 Bytes behind the input buffer.
+    ///
+    /// \param ctx       The GCM context. This must be initialized.
+    /// \param length    The length of the ciphertext to decrypt, which is also
+    ///                  the length of the decrypted plaintext.
+    /// \param iv        The initialization vector. This must be a readable buffer
+    ///                  of at least \p iv_len Bytes.
+    /// \param iv_len    The length of the IV.
+    /// \param add       The buffer holding the additional data. This must be of at
+    ///                  least that size in Bytes.
+    /// \param add_len   The length of the additional data.
+    /// \param tag       The buffer holding the tag to verify. This must be a
+    ///                  readable buffer of at least \p tag_len Bytes.
+    /// \param tag_len   The length of the tag to verify.
+    /// \param input     The buffer holding the ciphertext. If \p length is greater
+    ///                  than zero, this must be a readable buffer of at least that
+    ///                  size.
+    /// \param output    The buffer for holding the decrypted plaintext. If \p length
+    ///                  is greater than zero, this must be a writable buffer of at
+    ///                  least that size.
+    ///
+    /// \return          \c 0 if successful and authenticated.
+    /// \return          #MBEDTLS_ERR_GCM_AUTH_FAILED if the tag does not match.
+    /// \return          #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths or pointers are
+    ///                  not valid or a cipher-specific error code if the decryption
+    ///                  failed.
+    pub fn mbedtls_gcm_auth_decrypt(
+        ctx: *mut mbedtls_gcm_context,
+        length: usize,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+        add: *const crate::c_types::c_uchar,
+        add_len: usize,
+        tag: *const crate::c_types::c_uchar,
+        tag_len: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function starts a GCM encryption or decryption
+    ///                  operation.
+    ///
+    /// \param ctx       The GCM context. This must be initialized.
+    /// \param mode      The operation to perform: #MBEDTLS_GCM_ENCRYPT or
+    ///                  #MBEDTLS_GCM_DECRYPT.
+    /// \param iv        The initialization vector. This must be a readable buffer of
+    ///                  at least \p iv_len Bytes.
+    /// \param iv_len    The length of the IV.
+    ///
+    /// \return          \c 0 on success.
+    pub fn mbedtls_gcm_starts(
+        ctx: *mut mbedtls_gcm_context,
+        mode: crate::c_types::c_int,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function feeds an input buffer as associated data
+    ///                  (authenticated but not encrypted data) in a GCM
+    ///                  encryption or decryption operation.
+    ///
+    ///                  Call this function after mbedtls_gcm_starts() to pass
+    ///                  the associated data. If the associated data is empty,
+    ///                  you do not need to call this function. You may not
+    ///                  call this function after calling mbedtls_cipher_update().
+    ///
+    /// \param ctx       The GCM context. This must have been started with
+    ///                  mbedtls_gcm_starts() and must not have yet received
+    ///                  any input with mbedtls_gcm_update().
+    /// \param add       The buffer holding the additional data, or \c NULL
+    ///                  if \p add_len is \c 0.
+    /// \param add_len   The length of the additional data. If \c 0,
+    ///                  \p add may be \c NULL.
+    ///
+    /// \return          \c 0 on success.
+    pub fn mbedtls_gcm_update_ad(
+        ctx: *mut mbedtls_gcm_context,
+        add: *const crate::c_types::c_uchar,
+        add_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function feeds an input buffer into an ongoing GCM
+    ///                  encryption or decryption operation.
+    ///
+    ///                  You may call this function zero, one or more times
+    ///                  to pass successive parts of the input: the plaintext to
+    ///                  encrypt, or the ciphertext (not including the tag) to
+    ///                  decrypt. After the last part of the input, call
+    ///                  mbedtls_gcm_finish().
+    ///
+    ///                  This function may produce output in one of the following
+    ///                  ways:
+    ///                  - Immediate output: the output length is always equal
+    ///                    to the input length.
+    ///                  - Buffered output: the output consists of a whole number
+    ///                    of 16-byte blocks. If the total input length so far
+    ///                    (not including associated data) is 16 \* *B* + *A*
+    ///                    with *A* < 16 then the total output length is 16 \* *B*.
+    ///
+    ///                  In particular:
+    ///                  - It is always correct to call this function with
+    ///                    \p output_size >= \p input_length + 15.
+    ///                  - If \p input_length is a multiple of 16 for all the calls
+    ///                    to this function during an operation, then it is
+    ///                    correct to use \p output_size = \p input_length.
+    ///
+    /// \note            For decryption, the output buffer cannot be the same as
+    ///                  input buffer. If the buffers overlap, the output buffer
+    ///                  must trail at least 8 Bytes behind the input buffer.
+    ///
+    /// \param ctx           The GCM context. This must be initialized.
+    /// \param input         The buffer holding the input data. If \p input_length
+    ///                      is greater than zero, this must be a readable buffer
+    ///                      of at least \p input_length bytes.
+    /// \param input_length  The length of the input data in bytes.
+    /// \param output        The buffer for the output data. If \p output_size
+    ///                      is greater than zero, this must be a writable buffer of
+    ///                      of at least \p output_size bytes.
+    /// \param output_size   The size of the output buffer in bytes.
+    ///                      See the function description regarding the output size.
+    /// \param output_length On success, \p *output_length contains the actual
+    ///                      length of the output written in \p output.
+    ///                      On failure, the content of \p *output_length is
+    ///                      unspecified.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_GCM_BAD_INPUT on failure:
+    ///                 total input length too long,
+    ///                 unsupported input/output buffer overlap detected,
+    ///                 or \p output_size too small.
+    pub fn mbedtls_gcm_update(
+        ctx: *mut mbedtls_gcm_context,
+        input: *const crate::c_types::c_uchar,
+        input_length: usize,
+        output: *mut crate::c_types::c_uchar,
+        output_size: usize,
+        output_length: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function finishes the GCM operation and generates
+    ///                  the authentication tag.
+    ///
+    ///                  It wraps up the GCM stream, and generates the
+    ///                  tag. The tag can have a maximum length of 16 Bytes.
+    ///
+    /// \param ctx       The GCM context. This must be initialized.
+    /// \param tag       The buffer for holding the tag. This must be a writable
+    ///                  buffer of at least \p tag_len Bytes.
+    /// \param tag_len   The length of the tag to generate. This must be at least
+    ///                  four.
+    /// \param output    The buffer for the final output.
+    ///                  If \p output_size is nonzero, this must be a writable
+    ///                  buffer of at least \p output_size bytes.
+    /// \param output_size  The size of the \p output buffer in bytes.
+    ///                  This must be large enough for the output that
+    ///                  mbedtls_gcm_update() has not produced. In particular:
+    ///                  - If mbedtls_gcm_update() produces immediate output,
+    ///                    or if the total input size is a multiple of \c 16,
+    ///                    then mbedtls_gcm_finish() never produces any output,
+    ///                    so \p output_size can be \c 0.
+    ///                  - \p output_size never needs to be more than \c 15.
+    /// \param output_length On success, \p *output_length contains the actual
+    ///                      length of the output written in \p output.
+    ///                      On failure, the content of \p *output_length is
+    ///                      unspecified.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_GCM_BAD_INPUT on failure:
+    ///                  invalid value of \p tag_len,
+    ///                  or \p output_size too small.
+    pub fn mbedtls_gcm_finish(
+        ctx: *mut mbedtls_gcm_context,
+        output: *mut crate::c_types::c_uchar,
+        output_size: usize,
+        output_length: *mut usize,
+        tag: *mut crate::c_types::c_uchar,
+        tag_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function clears a GCM context and the underlying
+    ///                  cipher sub-context.
+    ///
+    /// \param ctx       The GCM context to clear. If this is \c NULL, the call has
+    ///                  no effect. Otherwise, this must be initialized.
+    pub fn mbedtls_gcm_free(ctx: *mut mbedtls_gcm_context);
+}
+extern "C" {
+    /// \brief          The GCM checkup routine.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_gcm_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+/// \brief    The CCM context-type definition. The CCM context is passed
+///           to the APIs called.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ccm_context {
+    pub private_y: [crate::c_types::c_uchar; 16usize],
+    pub private_ctr: [crate::c_types::c_uchar; 16usize],
+    pub private_cipher_ctx: mbedtls_cipher_context_t,
+    pub private_plaintext_len: usize,
+    pub private_add_len: usize,
+    pub private_tag_len: usize,
+    pub private_processed: usize,
+    pub private_q: crate::c_types::c_uchar,
+    pub private_mode: crate::c_types::c_uchar,
+    pub private_state: crate::c_types::c_int,
+}
+extern "C" {
+    /// \brief           This function initializes the specified CCM context,
+    ///                  to make references valid, and prepare the context
+    ///                  for mbedtls_ccm_setkey() or mbedtls_ccm_free().
+    ///
+    /// \param ctx       The CCM context to initialize. This must not be \c NULL.
+    pub fn mbedtls_ccm_init(ctx: *mut mbedtls_ccm_context);
+}
+extern "C" {
+    /// \brief           This function initializes the CCM context set in the
+    ///                  \p ctx parameter and sets the encryption key.
+    ///
+    /// \param ctx       The CCM context to initialize. This must be an initialized
+    ///                  context.
+    /// \param cipher    The 128-bit block cipher to use.
+    /// \param key       The encryption key. This must not be \c NULL.
+    /// \param keybits   The key size in bits. This must be acceptable by the cipher.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A CCM or cipher-specific error code on failure.
+    pub fn mbedtls_ccm_setkey(
+        ctx: *mut mbedtls_ccm_context,
+        cipher: mbedtls_cipher_id_t,
+        key: *const crate::c_types::c_uchar,
+        keybits: crate::c_types::c_uint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief   This function releases and clears the specified CCM context
+    ///          and underlying cipher sub-context.
+    ///
+    /// \param ctx       The CCM context to clear. If this is \c NULL, the function
+    ///                  has no effect. Otherwise, this must be initialized.
+    pub fn mbedtls_ccm_free(ctx: *mut mbedtls_ccm_context);
+}
+extern "C" {
+    /// \brief           This function encrypts a buffer using CCM.
+    ///
+    /// \note            The tag is written to a separate buffer. To concatenate
+    ///                  the \p tag with the \p output, as done in <em>RFC-3610:
+    ///                  Counter with CBC-MAC (CCM)</em>, use
+    ///                  \p tag = \p output + \p length, and make sure that the
+    ///                  output buffer is at least \p length + \p tag_len wide.
+    ///
+    /// \param ctx       The CCM context to use for encryption. This must be
+    ///                  initialized and bound to a key.
+    /// \param length    The length of the input data in Bytes.
+    /// \param iv        The initialization vector (nonce). This must be a readable
+    ///                  buffer of at least \p iv_len Bytes.
+    /// \param iv_len    The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
+    ///                  or 13. The length L of the message length field is
+    ///                  15 - \p iv_len.
+    /// \param ad        The additional data field. If \p ad_len is greater than
+    ///                  zero, \p ad must be a readable buffer of at least that
+    ///                  length.
+    /// \param ad_len    The length of additional data in Bytes.
+    ///                  This must be less than `2^16 - 2^8`.
+    /// \param input     The buffer holding the input data. If \p length is greater
+    ///                  than zero, \p input must be a readable buffer of at least
+    ///                  that length.
+    /// \param output    The buffer holding the output data. If \p length is greater
+    ///                  than zero, \p output must be a writable buffer of at least
+    ///                  that length.
+    /// \param tag       The buffer holding the authentication field. This must be a
+    ///                  writable buffer of at least \p tag_len Bytes.
+    /// \param tag_len   The length of the authentication field to generate in Bytes:
+    ///                  4, 6, 8, 10, 12, 14 or 16.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A CCM or cipher-specific error code on failure.
+    pub fn mbedtls_ccm_encrypt_and_tag(
+        ctx: *mut mbedtls_ccm_context,
+        length: usize,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+        ad: *const crate::c_types::c_uchar,
+        ad_len: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+        tag: *mut crate::c_types::c_uchar,
+        tag_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function encrypts a buffer using CCM*.
+    ///
+    /// \note            The tag is written to a separate buffer. To concatenate
+    ///                  the \p tag with the \p output, as done in <em>RFC-3610:
+    ///                  Counter with CBC-MAC (CCM)</em>, use
+    ///                  \p tag = \p output + \p length, and make sure that the
+    ///                  output buffer is at least \p length + \p tag_len wide.
+    ///
+    /// \note            When using this function in a variable tag length context,
+    ///                  the tag length has to be encoded into the \p iv passed to
+    ///                  this function.
+    ///
+    /// \param ctx       The CCM context to use for encryption. This must be
+    ///                  initialized and bound to a key.
+    /// \param length    The length of the input data in Bytes.
+    ///                  For tag length = 0, input length is ignored.
+    /// \param iv        The initialization vector (nonce). This must be a readable
+    ///                  buffer of at least \p iv_len Bytes.
+    /// \param iv_len    The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
+    ///                  or 13. The length L of the message length field is
+    ///                  15 - \p iv_len.
+    /// \param ad        The additional data field. This must be a readable buffer of
+    ///                  at least \p ad_len Bytes.
+    /// \param ad_len    The length of additional data in Bytes.
+    ///                  This must be less than 2^16 - 2^8.
+    /// \param input     The buffer holding the input data. If \p length is greater
+    ///                  than zero, \p input must be a readable buffer of at least
+    ///                  that length.
+    /// \param output    The buffer holding the output data. If \p length is greater
+    ///                  than zero, \p output must be a writable buffer of at least
+    ///                  that length.
+    /// \param tag       The buffer holding the authentication field. This must be a
+    ///                  writable buffer of at least \p tag_len Bytes.
+    /// \param tag_len   The length of the authentication field to generate in Bytes:
+    ///                  0, 4, 6, 8, 10, 12, 14 or 16.
+    ///
+    /// \warning         Passing \c 0 as \p tag_len means that the message is no
+    ///                  longer authenticated.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A CCM or cipher-specific error code on failure.
+    pub fn mbedtls_ccm_star_encrypt_and_tag(
+        ctx: *mut mbedtls_ccm_context,
+        length: usize,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+        ad: *const crate::c_types::c_uchar,
+        ad_len: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+        tag: *mut crate::c_types::c_uchar,
+        tag_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function performs a CCM authenticated decryption of a
+    ///                  buffer.
+    ///
+    /// \param ctx       The CCM context to use for decryption. This must be
+    ///                  initialized and bound to a key.
+    /// \param length    The length of the input data in Bytes.
+    /// \param iv        The initialization vector (nonce). This must be a readable
+    ///                  buffer of at least \p iv_len Bytes.
+    /// \param iv_len    The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
+    ///                  or 13. The length L of the message length field is
+    ///                  15 - \p iv_len.
+    /// \param ad        The additional data field. This must be a readable buffer
+    ///                  of at least that \p ad_len Bytes..
+    /// \param ad_len    The length of additional data in Bytes.
+    ///                  This must be less than 2^16 - 2^8.
+    /// \param input     The buffer holding the input data. If \p length is greater
+    ///                  than zero, \p input must be a readable buffer of at least
+    ///                  that length.
+    /// \param output    The buffer holding the output data. If \p length is greater
+    ///                  than zero, \p output must be a writable buffer of at least
+    ///                  that length.
+    /// \param tag       The buffer holding the authentication field. This must be a
+    ///                  readable buffer of at least \p tag_len Bytes.
+    /// \param tag_len   The length of the authentication field to generate in Bytes:
+    ///                  4, 6, 8, 10, 12, 14 or 16.
+    ///
+    /// \return          \c 0 on success. This indicates that the message is authentic.
+    /// \return          #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match.
+    /// \return          A cipher-specific error code on calculation failure.
+    pub fn mbedtls_ccm_auth_decrypt(
+        ctx: *mut mbedtls_ccm_context,
+        length: usize,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+        ad: *const crate::c_types::c_uchar,
+        ad_len: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+        tag: *const crate::c_types::c_uchar,
+        tag_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function performs a CCM* authenticated decryption of a
+    ///                  buffer.
+    ///
+    /// \note            When using this function in a variable tag length context,
+    ///                  the tag length has to be decoded from \p iv and passed to
+    ///                  this function as \p tag_len. (\p tag needs to be adjusted
+    ///                  accordingly.)
+    ///
+    /// \param ctx       The CCM context to use for decryption. This must be
+    ///                  initialized and bound to a key.
+    /// \param length    The length of the input data in Bytes.
+    ///                  For tag length = 0, input length is ignored.
+    /// \param iv        The initialization vector (nonce). This must be a readable
+    ///                  buffer of at least \p iv_len Bytes.
+    /// \param iv_len    The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
+    ///                  or 13. The length L of the message length field is
+    ///                  15 - \p iv_len.
+    /// \param ad        The additional data field. This must be a readable buffer of
+    ///                  at least that \p ad_len Bytes.
+    /// \param ad_len    The length of additional data in Bytes.
+    ///                  This must be less than 2^16 - 2^8.
+    /// \param input     The buffer holding the input data. If \p length is greater
+    ///                  than zero, \p input must be a readable buffer of at least
+    ///                  that length.
+    /// \param output    The buffer holding the output data. If \p length is greater
+    ///                  than zero, \p output must be a writable buffer of at least
+    ///                  that length.
+    /// \param tag       The buffer holding the authentication field. This must be a
+    ///                  readable buffer of at least \p tag_len Bytes.
+    /// \param tag_len   The length of the authentication field in Bytes.
+    ///                  0, 4, 6, 8, 10, 12, 14 or 16.
+    ///
+    /// \warning         Passing \c 0 as \p tag_len means that the message is nos
+    ///                  longer authenticated.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match.
+    /// \return          A cipher-specific error code on calculation failure.
+    pub fn mbedtls_ccm_star_auth_decrypt(
+        ctx: *mut mbedtls_ccm_context,
+        length: usize,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+        ad: *const crate::c_types::c_uchar,
+        ad_len: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+        tag: *const crate::c_types::c_uchar,
+        tag_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function starts a CCM encryption or decryption
+    ///                  operation.
+    ///
+    ///                  This function and mbedtls_ccm_set_lengths() must be called
+    ///                  before calling mbedtls_ccm_update_ad() or
+    ///                  mbedtls_ccm_update(). This function can be called before
+    ///                  or after mbedtls_ccm_set_lengths().
+    ///
+    /// \note            This function is not implemented in Mbed TLS yet.
+    ///
+    /// \param ctx       The CCM context. This must be initialized.
+    /// \param mode      The operation to perform: #MBEDTLS_CCM_ENCRYPT or
+    ///                  #MBEDTLS_CCM_DECRYPT or #MBEDTLS_CCM_STAR_ENCRYPT or
+    ///                  #MBEDTLS_CCM_STAR_DECRYPT.
+    /// \param iv        The initialization vector. This must be a readable buffer
+    ///                  of at least \p iv_len Bytes.
+    /// \param iv_len    The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
+    ///                  or 13. The length L of the message length field is
+    ///                  15 - \p iv_len.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_CCM_BAD_INPUT on failure:
+    ///                  \p ctx is in an invalid state,
+    ///                  \p mode is invalid,
+    ///                  \p iv_len is invalid (lower than \c 7 or greater than
+    ///                  \c 13).
+    pub fn mbedtls_ccm_starts(
+        ctx: *mut mbedtls_ccm_context,
+        mode: crate::c_types::c_int,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function declares the lengths of the message
+    ///                  and additional data for a CCM encryption or decryption
+    ///                  operation.
+    ///
+    ///                  This function and mbedtls_ccm_starts() must be called
+    ///                  before calling mbedtls_ccm_update_ad() or
+    ///                  mbedtls_ccm_update(). This function can be called before
+    ///                  or after mbedtls_ccm_starts().
+    ///
+    /// \note            This function is not implemented in Mbed TLS yet.
+    ///
+    /// \param ctx       The CCM context. This must be initialized.
+    /// \param total_ad_len   The total length of additional data in bytes.
+    ///                       This must be less than `2^16 - 2^8`.
+    /// \param plaintext_len  The length in bytes of the plaintext to encrypt or
+    ///                       result of the decryption (thus not encompassing the
+    ///                       additional data that are not encrypted).
+    /// \param tag_len   The length of the tag to generate in Bytes:
+    ///                  4, 6, 8, 10, 12, 14 or 16.
+    ///                  For CCM*, zero is also valid.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_CCM_BAD_INPUT on failure:
+    ///                  \p ctx is in an invalid state,
+    ///                  \p total_ad_len is greater than \c 0xFF00.
+    pub fn mbedtls_ccm_set_lengths(
+        ctx: *mut mbedtls_ccm_context,
+        total_ad_len: usize,
+        plaintext_len: usize,
+        tag_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function feeds an input buffer as associated data
+    ///                  (authenticated but not encrypted data) in a CCM
+    ///                  encryption or decryption operation.
+    ///
+    ///                  You may call this function zero, one or more times
+    ///                  to pass successive parts of the additional data. The
+    ///                  lengths \p ad_len of the data parts should eventually add
+    ///                  up exactly to the total length of additional data
+    ///                  \c total_ad_len passed to mbedtls_ccm_set_lengths(). You
+    ///                  may not call this function after calling
+    ///                  mbedtls_ccm_update().
+    ///
+    /// \note            This function is not implemented in Mbed TLS yet.
+    ///
+    /// \param ctx       The CCM context. This must have been started with
+    ///                  mbedtls_ccm_starts(), the lengths of the message and
+    ///                  additional data must have been declared with
+    ///                  mbedtls_ccm_set_lengths() and this must not have yet
+    ///                  received any input with mbedtls_ccm_update().
+    /// \param ad        The buffer holding the additional data, or \c NULL
+    ///                  if \p ad_len is \c 0.
+    /// \param ad_len    The length of the additional data. If \c 0,
+    ///                  \p ad may be \c NULL.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_CCM_BAD_INPUT on failure:
+    ///                  \p ctx is in an invalid state,
+    ///                  total input length too long.
+    pub fn mbedtls_ccm_update_ad(
+        ctx: *mut mbedtls_ccm_context,
+        ad: *const crate::c_types::c_uchar,
+        ad_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function feeds an input buffer into an ongoing CCM
+    ///                  encryption or decryption operation.
+    ///
+    ///                  You may call this function zero, one or more times
+    ///                  to pass successive parts of the input: the plaintext to
+    ///                  encrypt, or the ciphertext (not including the tag) to
+    ///                  decrypt. After the last part of the input, call
+    ///                  mbedtls_ccm_finish(). The lengths \p input_len of the
+    ///                  data parts should eventually add up exactly to the
+    ///                  plaintext length \c plaintext_len passed to
+    ///                  mbedtls_ccm_set_lengths().
+    ///
+    ///                  This function may produce output in one of the following
+    ///                  ways:
+    ///                  - Immediate output: the output length is always equal
+    ///                    to the input length.
+    ///                  - Buffered output: except for the last part of input data,
+    ///                    the output consists of a whole number of 16-byte blocks.
+    ///                    If the total input length so far (not including
+    ///                    associated data) is 16 \* *B* + *A* with *A* < 16 then
+    ///                    the total output length is 16 \* *B*.
+    ///                    For the last part of input data, the output length is
+    ///                    equal to the input length plus the number of bytes (*A*)
+    ///                    buffered in the previous call to the function (if any).
+    ///                    The function uses the plaintext length
+    ///                    \c plaintext_len passed to mbedtls_ccm_set_lengths()
+    ///                    to detect the last part of input data.
+    ///
+    ///                  In particular:
+    ///                  - It is always correct to call this function with
+    ///                    \p output_size >= \p input_len + 15.
+    ///                  - If \p input_len is a multiple of 16 for all the calls
+    ///                    to this function during an operation (not necessary for
+    ///                    the last one) then it is correct to use \p output_size
+    ///                    =\p input_len.
+    ///
+    /// \note            This function is not implemented in Mbed TLS yet.
+    ///
+    /// \param ctx           The CCM context. This must have been started with
+    ///                      mbedtls_ccm_starts() and the lengths of the message and
+    ///                      additional data must have been declared with
+    ///                      mbedtls_ccm_set_lengths().
+    /// \param input         The buffer holding the input data. If \p input_len
+    ///                      is greater than zero, this must be a readable buffer
+    ///                      of at least \p input_len bytes.
+    /// \param input_len     The length of the input data in bytes.
+    /// \param output        The buffer for the output data. If \p output_size
+    ///                      is greater than zero, this must be a writable buffer of
+    ///                      at least \p output_size bytes.
+    /// \param output_size   The size of the output buffer in bytes.
+    ///                      See the function description regarding the output size.
+    /// \param output_len    On success, \p *output_len contains the actual
+    ///                      length of the output written in \p output.
+    ///                      On failure, the content of \p *output_len is
+    ///                      unspecified.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_CCM_BAD_INPUT on failure:
+    ///                 \p ctx is in an invalid state,
+    ///                 total input length too long,
+    ///                 or \p output_size too small.
+    pub fn mbedtls_ccm_update(
+        ctx: *mut mbedtls_ccm_context,
+        input: *const crate::c_types::c_uchar,
+        input_len: usize,
+        output: *mut crate::c_types::c_uchar,
+        output_size: usize,
+        output_len: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function finishes the CCM operation and generates
+    ///                  the authentication tag.
+    ///
+    ///                  It wraps up the CCM stream, and generates the
+    ///                  tag. The tag can have a maximum length of 16 Bytes.
+    ///
+    /// \note            This function is not implemented in Mbed TLS yet.
+    ///
+    /// \param ctx       The CCM context. This must have been started with
+    ///                  mbedtls_ccm_starts() and the lengths of the message and
+    ///                  additional data must have been declared with
+    ///                  mbedtls_ccm_set_lengths().
+    /// \param tag       The buffer for holding the tag. If \p tag_len is greater
+    ///                  than zero, this must be a writable buffer of at least \p
+    ///                  tag_len Bytes.
+    /// \param tag_len   The length of the tag. Must match the tag length passed to
+    ///                  mbedtls_ccm_set_lengths() function.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_CCM_BAD_INPUT on failure:
+    ///                  \p ctx is in an invalid state,
+    ///                  invalid value of \p tag_len,
+    ///                  the total amount of additional data passed to
+    ///                  mbedtls_ccm_update_ad() was lower than the total length of
+    ///                  additional data \c total_ad_len passed to
+    ///                  mbedtls_ccm_set_lengths(),
+    ///                  the total amount of input data passed to
+    ///                  mbedtls_ccm_update() was lower than the plaintext length
+    ///                  \c plaintext_len passed to mbedtls_ccm_set_lengths().
+    pub fn mbedtls_ccm_finish(
+        ctx: *mut mbedtls_ccm_context,
+        tag: *mut crate::c_types::c_uchar,
+        tag_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          The CCM checkup routine.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_ccm_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_poly1305_context {
+    pub private_r: [u32; 4usize],
+    pub private_s: [u32; 4usize],
+    pub private_acc: [u32; 5usize],
+    pub private_queue: [u8; 16usize],
+    pub private_queue_len: usize,
+}
+extern "C" {
+    /// \brief           This function initializes the specified Poly1305 context.
+    ///
+    ///                  It must be the first API called before using
+    ///                  the context.
+    ///
+    ///                  It is usually followed by a call to
+    ///                  \c mbedtls_poly1305_starts(), then one or more calls to
+    ///                  \c mbedtls_poly1305_update(), then one call to
+    ///                  \c mbedtls_poly1305_finish(), then finally
+    ///                  \c mbedtls_poly1305_free().
+    ///
+    /// \param ctx       The Poly1305 context to initialize. This must
+    ///                  not be \c NULL.
+    pub fn mbedtls_poly1305_init(ctx: *mut mbedtls_poly1305_context);
+}
+extern "C" {
+    /// \brief           This function releases and clears the specified
+    ///                  Poly1305 context.
+    ///
+    /// \param ctx       The Poly1305 context to clear. This may be \c NULL, in which
+    ///                  case this function is a no-op. If it is not \c NULL, it must
+    ///                  point to an initialized Poly1305 context.
+    pub fn mbedtls_poly1305_free(ctx: *mut mbedtls_poly1305_context);
+}
+extern "C" {
+    /// \brief           This function sets the one-time authentication key.
+    ///
+    /// \warning         The key must be unique and unpredictable for each
+    ///                  invocation of Poly1305.
+    ///
+    /// \param ctx       The Poly1305 context to which the key should be bound.
+    ///                  This must be initialized.
+    /// \param key       The buffer containing the \c 32 Byte (\c 256 Bit) key.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_poly1305_starts(
+        ctx: *mut mbedtls_poly1305_context,
+        key: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This functions feeds an input buffer into an ongoing
+    ///                  Poly1305 computation.
+    ///
+    ///                  It is called between \c mbedtls_cipher_poly1305_starts() and
+    ///                  \c mbedtls_cipher_poly1305_finish().
+    ///                  It can be called repeatedly to process a stream of data.
+    ///
+    /// \param ctx       The Poly1305 context to use for the Poly1305 operation.
+    ///                  This must be initialized and bound to a key.
+    /// \param ilen      The length of the input data in Bytes.
+    ///                  Any value is accepted.
+    /// \param input     The buffer holding the input data.
+    ///                  This pointer can be \c NULL if `ilen == 0`.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_poly1305_update(
+        ctx: *mut mbedtls_poly1305_context,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function generates the Poly1305 Message
+    ///                  Authentication Code (MAC).
+    ///
+    /// \param ctx       The Poly1305 context to use for the Poly1305 operation.
+    ///                  This must be initialized and bound to a key.
+    /// \param mac       The buffer to where the MAC is written. This must
+    ///                  be a writable buffer of length \c 16 Bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_poly1305_finish(
+        ctx: *mut mbedtls_poly1305_context,
+        mac: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function calculates the Poly1305 MAC of the input
+    ///                  buffer with the provided key.
+    ///
+    /// \warning         The key must be unique and unpredictable for each
+    ///                  invocation of Poly1305.
+    ///
+    /// \param key       The buffer containing the \c 32 Byte (\c 256 Bit) key.
+    /// \param ilen      The length of the input data in Bytes.
+    ///                  Any value is accepted.
+    /// \param input     The buffer holding the input data.
+    ///                  This pointer can be \c NULL if `ilen == 0`.
+    /// \param mac       The buffer to where the MAC is written. This must be
+    ///                  a writable buffer of length \c 16 Bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_poly1305_mac(
+        key: *const crate::c_types::c_uchar,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        mac: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           The Poly1305 checkup routine.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          \c 1 on failure.
+    pub fn mbedtls_poly1305_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+///< The mode value for performing encryption.
+pub const mbedtls_chachapoly_mode_t_MBEDTLS_CHACHAPOLY_ENCRYPT: mbedtls_chachapoly_mode_t = 0;
+///< The mode value for performing decryption.
+pub const mbedtls_chachapoly_mode_t_MBEDTLS_CHACHAPOLY_DECRYPT: mbedtls_chachapoly_mode_t = 1;
+pub type mbedtls_chachapoly_mode_t = crate::c_types::c_uint;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_chacha20_context {
+    pub private_state: [u32; 16usize],
+    pub private_keystream8: [u8; 64usize],
+    pub private_keystream_bytes_used: usize,
+}
+extern "C" {
+    /// \brief           This function initializes the specified ChaCha20 context.
+    ///
+    ///                  It must be the first API called before using
+    ///                  the context.
+    ///
+    ///                  It is usually followed by calls to
+    ///                  \c mbedtls_chacha20_setkey() and
+    ///                  \c mbedtls_chacha20_starts(), then one or more calls to
+    ///                  to \c mbedtls_chacha20_update(), and finally to
+    ///                  \c mbedtls_chacha20_free().
+    ///
+    /// \param ctx       The ChaCha20 context to initialize.
+    ///                  This must not be \c NULL.
+    pub fn mbedtls_chacha20_init(ctx: *mut mbedtls_chacha20_context);
+}
+extern "C" {
+    /// \brief           This function releases and clears the specified
+    ///                  ChaCha20 context.
+    ///
+    /// \param ctx       The ChaCha20 context to clear. This may be \c NULL,
+    ///                  in which case this function is a no-op. If it is not
+    ///                  \c NULL, it must point to an initialized context.
+    pub fn mbedtls_chacha20_free(ctx: *mut mbedtls_chacha20_context);
+}
+extern "C" {
+    /// \brief           This function sets the encryption/decryption key.
+    ///
+    /// \note            After using this function, you must also call
+    ///                  \c mbedtls_chacha20_starts() to set a nonce before you
+    ///                  start encrypting/decrypting data with
+    ///                  \c mbedtls_chacha_update().
+    ///
+    /// \param ctx       The ChaCha20 context to which the key should be bound.
+    ///                  It must be initialized.
+    /// \param key       The encryption/decryption key. This must be \c 32 Bytes
+    ///                  in length.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or key is NULL.
+    pub fn mbedtls_chacha20_setkey(
+        ctx: *mut mbedtls_chacha20_context,
+        key: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function sets the nonce and initial counter value.
+    ///
+    /// \note            A ChaCha20 context can be re-used with the same key by
+    ///                  calling this function to change the nonce.
+    ///
+    /// \warning         You must never use the same nonce twice with the same key.
+    ///                  This would void any confidentiality guarantees for the
+    ///                  messages encrypted with the same nonce and key.
+    ///
+    /// \param ctx       The ChaCha20 context to which the nonce should be bound.
+    ///                  It must be initialized and bound to a key.
+    /// \param nonce     The nonce. This must be \c 12 Bytes in size.
+    /// \param counter   The initial counter value. This is usually \c 0.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or nonce is
+    ///                  NULL.
+    pub fn mbedtls_chacha20_starts(
+        ctx: *mut mbedtls_chacha20_context,
+        nonce: *const crate::c_types::c_uchar,
+        counter: u32,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function encrypts or decrypts data.
+    ///
+    ///                  Since ChaCha20 is a stream cipher, the same operation is
+    ///                  used for encrypting and decrypting data.
+    ///
+    /// \note            The \p input and \p output pointers must either be equal or
+    ///                  point to non-overlapping buffers.
+    ///
+    /// \note            \c mbedtls_chacha20_setkey() and
+    ///                  \c mbedtls_chacha20_starts() must be called at least once
+    ///                  to setup the context before this function can be called.
+    ///
+    /// \note            This function can be called multiple times in a row in
+    ///                  order to encrypt of decrypt data piecewise with the same
+    ///                  key and nonce.
+    ///
+    /// \param ctx       The ChaCha20 context to use for encryption or decryption.
+    ///                  It must be initialized and bound to a key and nonce.
+    /// \param size      The length of the input data in Bytes.
+    /// \param input     The buffer holding the input data.
+    ///                  This pointer can be \c NULL if `size == 0`.
+    /// \param output    The buffer holding the output data.
+    ///                  This must be able to hold \p size Bytes.
+    ///                  This pointer can be \c NULL if `size == 0`.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_chacha20_update(
+        ctx: *mut mbedtls_chacha20_context,
+        size: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function encrypts or decrypts data with ChaCha20 and
+    ///                  the given key and nonce.
+    ///
+    ///                  Since ChaCha20 is a stream cipher, the same operation is
+    ///                  used for encrypting and decrypting data.
+    ///
+    /// \warning         You must never use the same (key, nonce) pair more than
+    ///                  once. This would void any confidentiality guarantees for
+    ///                  the messages encrypted with the same nonce and key.
+    ///
+    /// \note            The \p input and \p output pointers must either be equal or
+    ///                  point to non-overlapping buffers.
+    ///
+    /// \param key       The encryption/decryption key.
+    ///                  This must be \c 32 Bytes in length.
+    /// \param nonce     The nonce. This must be \c 12 Bytes in size.
+    /// \param counter   The initial counter value. This is usually \c 0.
+    /// \param size      The length of the input data in Bytes.
+    /// \param input     The buffer holding the input data.
+    ///                  This pointer can be \c NULL if `size == 0`.
+    /// \param output    The buffer holding the output data.
+    ///                  This must be able to hold \p size Bytes.
+    ///                  This pointer can be \c NULL if `size == 0`.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_chacha20_crypt(
+        key: *const crate::c_types::c_uchar,
+        nonce: *const crate::c_types::c_uchar,
+        counter: u32,
+        size: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           The ChaCha20 checkup routine.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          \c 1 on failure.
+    pub fn mbedtls_chacha20_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_chachapoly_context {
+    pub private_chacha20_ctx: mbedtls_chacha20_context,
+    pub private_poly1305_ctx: mbedtls_poly1305_context,
+    pub private_aad_len: u64,
+    pub private_ciphertext_len: u64,
+    pub private_state: crate::c_types::c_int,
+    pub private_mode: mbedtls_chachapoly_mode_t,
+}
+extern "C" {
+    /// \brief           This function initializes the specified ChaCha20-Poly1305 context.
+    ///
+    ///                  It must be the first API called before using
+    ///                  the context. It must be followed by a call to
+    ///                  \c mbedtls_chachapoly_setkey() before any operation can be
+    ///                  done, and to \c mbedtls_chachapoly_free() once all
+    ///                  operations with that context have been finished.
+    ///
+    ///                  In order to encrypt or decrypt full messages at once, for
+    ///                  each message you should make a single call to
+    ///                  \c mbedtls_chachapoly_crypt_and_tag() or
+    ///                  \c mbedtls_chachapoly_auth_decrypt().
+    ///
+    ///                  In order to encrypt messages piecewise, for each
+    ///                  message you should make a call to
+    ///                  \c mbedtls_chachapoly_starts(), then 0 or more calls to
+    ///                  \c mbedtls_chachapoly_update_aad(), then 0 or more calls to
+    ///                  \c mbedtls_chachapoly_update(), then one call to
+    ///                  \c mbedtls_chachapoly_finish().
+    ///
+    /// \warning         Decryption with the piecewise API is discouraged! Always
+    ///                  use \c mbedtls_chachapoly_auth_decrypt() when possible!
+    ///
+    ///                  If however this is not possible because the data is too
+    ///                  large to fit in memory, you need to:
+    ///
+    ///                  - call \c mbedtls_chachapoly_starts() and (if needed)
+    ///                  \c mbedtls_chachapoly_update_aad() as above,
+    ///                  - call \c mbedtls_chachapoly_update() multiple times and
+    ///                  ensure its output (the plaintext) is NOT used in any other
+    ///                  way than placing it in temporary storage at this point,
+    ///                  - call \c mbedtls_chachapoly_finish() to compute the
+    ///                  authentication tag and compared it in constant time to the
+    ///                  tag received with the ciphertext.
+    ///
+    ///                  If the tags are not equal, you must immediately discard
+    ///                  all previous outputs of \c mbedtls_chachapoly_update(),
+    ///                  otherwise you can now safely use the plaintext.
+    ///
+    /// \param ctx       The ChachaPoly context to initialize. Must not be \c NULL.
+    pub fn mbedtls_chachapoly_init(ctx: *mut mbedtls_chachapoly_context);
+}
+extern "C" {
+    /// \brief           This function releases and clears the specified
+    ///                  ChaCha20-Poly1305 context.
+    ///
+    /// \param ctx       The ChachaPoly context to clear. This may be \c NULL, in which
+    ///                  case this function is a no-op.
+    pub fn mbedtls_chachapoly_free(ctx: *mut mbedtls_chachapoly_context);
+}
+extern "C" {
+    /// \brief           This function sets the ChaCha20-Poly1305
+    ///                  symmetric encryption key.
+    ///
+    /// \param ctx       The ChaCha20-Poly1305 context to which the key should be
+    ///                  bound. This must be initialized.
+    /// \param key       The \c 256 Bit (\c 32 Bytes) key.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_chachapoly_setkey(
+        ctx: *mut mbedtls_chachapoly_context,
+        key: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function starts a ChaCha20-Poly1305 encryption or
+    ///                  decryption operation.
+    ///
+    /// \warning         You must never use the same nonce twice with the same key.
+    ///                  This would void any confidentiality and authenticity
+    ///                  guarantees for the messages encrypted with the same nonce
+    ///                  and key.
+    ///
+    /// \note            If the context is being used for AAD only (no data to
+    ///                  encrypt or decrypt) then \p mode can be set to any value.
+    ///
+    /// \warning         Decryption with the piecewise API is discouraged, see the
+    ///                  warning on \c mbedtls_chachapoly_init().
+    ///
+    /// \param ctx       The ChaCha20-Poly1305 context. This must be initialized
+    ///                  and bound to a key.
+    /// \param nonce     The nonce/IV to use for the message.
+    ///                  This must be a readable buffer of length \c 12 Bytes.
+    /// \param mode      The operation to perform: #MBEDTLS_CHACHAPOLY_ENCRYPT or
+    ///                  #MBEDTLS_CHACHAPOLY_DECRYPT (discouraged, see warning).
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_chachapoly_starts(
+        ctx: *mut mbedtls_chachapoly_context,
+        nonce: *const crate::c_types::c_uchar,
+        mode: mbedtls_chachapoly_mode_t,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function feeds additional data to be authenticated
+    ///                  into an ongoing ChaCha20-Poly1305 operation.
+    ///
+    ///                  The Additional Authenticated Data (AAD), also called
+    ///                  Associated Data (AD) is only authenticated but not
+    ///                  encrypted nor included in the encrypted output. It is
+    ///                  usually transmitted separately from the ciphertext or
+    ///                  computed locally by each party.
+    ///
+    /// \note            This function is called before data is encrypted/decrypted.
+    ///                  I.e. call this function to process the AAD before calling
+    ///                  \c mbedtls_chachapoly_update().
+    ///
+    ///                  You may call this function multiple times to process
+    ///                  an arbitrary amount of AAD. It is permitted to call
+    ///                  this function 0 times, if no AAD is used.
+    ///
+    ///                  This function cannot be called any more if data has
+    ///                  been processed by \c mbedtls_chachapoly_update(),
+    ///                  or if the context has been finished.
+    ///
+    /// \warning         Decryption with the piecewise API is discouraged, see the
+    ///                  warning on \c mbedtls_chachapoly_init().
+    ///
+    /// \param ctx       The ChaCha20-Poly1305 context. This must be initialized
+    ///                  and bound to a key.
+    /// \param aad_len   The length in Bytes of the AAD. The length has no
+    ///                  restrictions.
+    /// \param aad       Buffer containing the AAD.
+    ///                  This pointer can be \c NULL if `aad_len == 0`.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
+    ///                  if \p ctx or \p aad are NULL.
+    /// \return          #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE
+    ///                  if the operations has not been started or has been
+    ///                  finished, or if the AAD has been finished.
+    pub fn mbedtls_chachapoly_update_aad(
+        ctx: *mut mbedtls_chachapoly_context,
+        aad: *const crate::c_types::c_uchar,
+        aad_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Thus function feeds data to be encrypted or decrypted
+    ///                  into an on-going ChaCha20-Poly1305
+    ///                  operation.
+    ///
+    ///                  The direction (encryption or decryption) depends on the
+    ///                  mode that was given when calling
+    ///                  \c mbedtls_chachapoly_starts().
+    ///
+    ///                  You may call this function multiple times to process
+    ///                  an arbitrary amount of data. It is permitted to call
+    ///                  this function 0 times, if no data is to be encrypted
+    ///                  or decrypted.
+    ///
+    /// \warning         Decryption with the piecewise API is discouraged, see the
+    ///                  warning on \c mbedtls_chachapoly_init().
+    ///
+    /// \param ctx       The ChaCha20-Poly1305 context to use. This must be initialized.
+    /// \param len       The length (in bytes) of the data to encrypt or decrypt.
+    /// \param input     The buffer containing the data to encrypt or decrypt.
+    ///                  This pointer can be \c NULL if `len == 0`.
+    /// \param output    The buffer to where the encrypted or decrypted data is
+    ///                  written. This must be able to hold \p len bytes.
+    ///                  This pointer can be \c NULL if `len == 0`.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE
+    ///                  if the operation has not been started or has been
+    ///                  finished.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_chachapoly_update(
+        ctx: *mut mbedtls_chachapoly_context,
+        len: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function finished the ChaCha20-Poly1305 operation and
+    ///                  generates the MAC (authentication tag).
+    ///
+    /// \param ctx       The ChaCha20-Poly1305 context to use. This must be initialized.
+    /// \param mac       The buffer to where the 128-bit (16 bytes) MAC is written.
+    ///
+    /// \warning         Decryption with the piecewise API is discouraged, see the
+    ///                  warning on \c mbedtls_chachapoly_init().
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE
+    ///                  if the operation has not been started or has been
+    ///                  finished.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_chachapoly_finish(
+        ctx: *mut mbedtls_chachapoly_context,
+        mac: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function performs a complete ChaCha20-Poly1305
+    ///                  authenticated encryption with the previously-set key.
+    ///
+    /// \note            Before using this function, you must set the key with
+    ///                  \c mbedtls_chachapoly_setkey().
+    ///
+    /// \warning         You must never use the same nonce twice with the same key.
+    ///                  This would void any confidentiality and authenticity
+    ///                  guarantees for the messages encrypted with the same nonce
+    ///                  and key.
+    ///
+    /// \param ctx       The ChaCha20-Poly1305 context to use (holds the key).
+    ///                  This must be initialized.
+    /// \param length    The length (in bytes) of the data to encrypt or decrypt.
+    /// \param nonce     The 96-bit (12 bytes) nonce/IV to use.
+    /// \param aad       The buffer containing the additional authenticated
+    ///                  data (AAD). This pointer can be \c NULL if `aad_len == 0`.
+    /// \param aad_len   The length (in bytes) of the AAD data to process.
+    /// \param input     The buffer containing the data to encrypt or decrypt.
+    ///                  This pointer can be \c NULL if `ilen == 0`.
+    /// \param output    The buffer to where the encrypted or decrypted data
+    ///                  is written. This pointer can be \c NULL if `ilen == 0`.
+    /// \param tag       The buffer to where the computed 128-bit (16 bytes) MAC
+    ///                  is written. This must not be \c NULL.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_chachapoly_encrypt_and_tag(
+        ctx: *mut mbedtls_chachapoly_context,
+        length: usize,
+        nonce: *const crate::c_types::c_uchar,
+        aad: *const crate::c_types::c_uchar,
+        aad_len: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+        tag: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function performs a complete ChaCha20-Poly1305
+    ///                  authenticated decryption with the previously-set key.
+    ///
+    /// \note            Before using this function, you must set the key with
+    ///                  \c mbedtls_chachapoly_setkey().
+    ///
+    /// \param ctx       The ChaCha20-Poly1305 context to use (holds the key).
+    /// \param length    The length (in Bytes) of the data to decrypt.
+    /// \param nonce     The \c 96 Bit (\c 12 bytes) nonce/IV to use.
+    /// \param aad       The buffer containing the additional authenticated data (AAD).
+    ///                  This pointer can be \c NULL if `aad_len == 0`.
+    /// \param aad_len   The length (in bytes) of the AAD data to process.
+    /// \param tag       The buffer holding the authentication tag.
+    ///                  This must be a readable buffer of length \c 16 Bytes.
+    /// \param input     The buffer containing the data to decrypt.
+    ///                  This pointer can be \c NULL if `ilen == 0`.
+    /// \param output    The buffer to where the decrypted data is written.
+    ///                  This pointer can be \c NULL if `ilen == 0`.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED
+    ///                  if the data was not authentic.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_chachapoly_auth_decrypt(
+        ctx: *mut mbedtls_chachapoly_context,
+        length: usize,
+        nonce: *const crate::c_types::c_uchar,
+        aad: *const crate::c_types::c_uchar,
+        aad_len: usize,
+        tag: *const crate::c_types::c_uchar,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           The ChaCha20-Poly1305 checkup routine.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          \c 1 on failure.
+    pub fn mbedtls_chachapoly_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+pub const psa_encrypt_or_decrypt_t_PSA_CRYPTO_DRIVER_DECRYPT: psa_encrypt_or_decrypt_t = 0;
+pub const psa_encrypt_or_decrypt_t_PSA_CRYPTO_DRIVER_ENCRYPT: psa_encrypt_or_decrypt_t = 1;
+/// For encrypt-decrypt functions, whether the operation is an encryption
+/// or a decryption.
+pub type psa_encrypt_or_decrypt_t = crate::c_types::c_uint;
+/// \brief          MD5 context structure
+///
+/// \warning        MD5 is considered a weak message digest and its use
+///                 constitutes a security risk. We recommend considering
+///                 stronger message digests instead.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_md5_context {
+    pub private_total: [u32; 2usize],
+    pub private_state: [u32; 4usize],
+    pub private_buffer: [crate::c_types::c_uchar; 64usize],
+}
+extern "C" {
+    /// \brief          Initialize MD5 context
+    ///
+    /// \param ctx      MD5 context to be initialized
+    ///
+    /// \warning        MD5 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    pub fn mbedtls_md5_init(ctx: *mut mbedtls_md5_context);
+}
+extern "C" {
+    /// \brief          Clear MD5 context
+    ///
+    /// \param ctx      MD5 context to be cleared
+    ///
+    /// \warning        MD5 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    pub fn mbedtls_md5_free(ctx: *mut mbedtls_md5_context);
+}
+extern "C" {
+    /// \brief          Clone (the state of) an MD5 context
+    ///
+    /// \param dst      The destination context
+    /// \param src      The context to be cloned
+    ///
+    /// \warning        MD5 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    pub fn mbedtls_md5_clone(dst: *mut mbedtls_md5_context, src: *const mbedtls_md5_context);
+}
+extern "C" {
+    /// \brief          MD5 context setup
+    ///
+    /// \param ctx      context to be initialized
+    ///
+    /// \return         0 if successful
+    ///
+    /// \warning        MD5 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    pub fn mbedtls_md5_starts(ctx: *mut mbedtls_md5_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          MD5 process buffer
+    ///
+    /// \param ctx      MD5 context
+    /// \param input    buffer holding the data
+    /// \param ilen     length of the input data
+    ///
+    /// \return         0 if successful
+    ///
+    /// \warning        MD5 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    pub fn mbedtls_md5_update(
+        ctx: *mut mbedtls_md5_context,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          MD5 final digest
+    ///
+    /// \param ctx      MD5 context
+    /// \param output   MD5 checksum result
+    ///
+    /// \return         0 if successful
+    ///
+    /// \warning        MD5 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    pub fn mbedtls_md5_finish(
+        ctx: *mut mbedtls_md5_context,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          MD5 process data block (internal use only)
+    ///
+    /// \param ctx      MD5 context
+    /// \param data     buffer holding one block of data
+    ///
+    /// \return         0 if successful
+    ///
+    /// \warning        MD5 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    pub fn mbedtls_internal_md5_process(
+        ctx: *mut mbedtls_md5_context,
+        data: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Output = MD5( input buffer )
+    ///
+    /// \param input    buffer holding the data
+    /// \param ilen     length of the input data
+    /// \param output   MD5 checksum result
+    ///
+    /// \return         0 if successful
+    ///
+    /// \warning        MD5 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    pub fn mbedtls_md5(
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Checkup routine
+    ///
+    /// \return         0 if successful, or 1 if the test failed
+    ///
+    /// \warning        MD5 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    pub fn mbedtls_md5_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+/// \brief          RIPEMD-160 context structure
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ripemd160_context {
+    pub private_total: [u32; 2usize],
+    pub private_state: [u32; 5usize],
+    pub private_buffer: [crate::c_types::c_uchar; 64usize],
+}
+extern "C" {
+    /// \brief          Initialize RIPEMD-160 context
+    ///
+    /// \param ctx      RIPEMD-160 context to be initialized
+    pub fn mbedtls_ripemd160_init(ctx: *mut mbedtls_ripemd160_context);
+}
+extern "C" {
+    /// \brief          Clear RIPEMD-160 context
+    ///
+    /// \param ctx      RIPEMD-160 context to be cleared
+    pub fn mbedtls_ripemd160_free(ctx: *mut mbedtls_ripemd160_context);
+}
+extern "C" {
+    /// \brief          Clone (the state of) a RIPEMD-160 context
+    ///
+    /// \param dst      The destination context
+    /// \param src      The context to be cloned
+    pub fn mbedtls_ripemd160_clone(
+        dst: *mut mbedtls_ripemd160_context,
+        src: *const mbedtls_ripemd160_context,
+    );
+}
+extern "C" {
+    /// \brief          RIPEMD-160 context setup
+    ///
+    /// \param ctx      context to be initialized
+    ///
+    /// \return         0 if successful
+    pub fn mbedtls_ripemd160_starts(ctx: *mut mbedtls_ripemd160_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          RIPEMD-160 process buffer
+    ///
+    /// \param ctx      RIPEMD-160 context
+    /// \param input    buffer holding the data
+    /// \param ilen     length of the input data
+    ///
+    /// \return         0 if successful
+    pub fn mbedtls_ripemd160_update(
+        ctx: *mut mbedtls_ripemd160_context,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          RIPEMD-160 final digest
+    ///
+    /// \param ctx      RIPEMD-160 context
+    /// \param output   RIPEMD-160 checksum result
+    ///
+    /// \return         0 if successful
+    pub fn mbedtls_ripemd160_finish(
+        ctx: *mut mbedtls_ripemd160_context,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          RIPEMD-160 process data block (internal use only)
+    ///
+    /// \param ctx      RIPEMD-160 context
+    /// \param data     buffer holding one block of data
+    ///
+    /// \return         0 if successful
+    pub fn mbedtls_internal_ripemd160_process(
+        ctx: *mut mbedtls_ripemd160_context,
+        data: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Output = RIPEMD-160( input buffer )
+    ///
+    /// \param input    buffer holding the data
+    /// \param ilen     length of the input data
+    /// \param output   RIPEMD-160 checksum result
+    ///
+    /// \return         0 if successful
+    pub fn mbedtls_ripemd160(
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Checkup routine
+    ///
+    /// \return         0 if successful, or 1 if the test failed
+    pub fn mbedtls_ripemd160_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+/// \brief          The SHA-1 context structure.
+///
+/// \warning        SHA-1 is considered a weak message digest and its use
+///                 constitutes a security risk. We recommend considering
+///                 stronger message digests instead.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_sha1_context {
+    pub private_total: [u32; 2usize],
+    pub private_state: [u32; 5usize],
+    pub private_buffer: [crate::c_types::c_uchar; 64usize],
+}
+extern "C" {
+    /// \brief          This function initializes a SHA-1 context.
+    ///
+    /// \warning        SHA-1 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    ///
+    /// \param ctx      The SHA-1 context to initialize.
+    ///                 This must not be \c NULL.
+    pub fn mbedtls_sha1_init(ctx: *mut mbedtls_sha1_context);
+}
+extern "C" {
+    /// \brief          This function clears a SHA-1 context.
+    ///
+    /// \warning        SHA-1 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    ///
+    /// \param ctx      The SHA-1 context to clear. This may be \c NULL,
+    ///                 in which case this function does nothing. If it is
+    ///                 not \c NULL, it must point to an initialized
+    ///                 SHA-1 context.
+    pub fn mbedtls_sha1_free(ctx: *mut mbedtls_sha1_context);
+}
+extern "C" {
+    /// \brief          This function clones the state of a SHA-1 context.
+    ///
+    /// \warning        SHA-1 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    ///
+    /// \param dst      The SHA-1 context to clone to. This must be initialized.
+    /// \param src      The SHA-1 context to clone from. This must be initialized.
+    pub fn mbedtls_sha1_clone(dst: *mut mbedtls_sha1_context, src: *const mbedtls_sha1_context);
+}
+extern "C" {
+    /// \brief          This function starts a SHA-1 checksum calculation.
+    ///
+    /// \warning        SHA-1 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    ///
+    /// \param ctx      The SHA-1 context to initialize. This must be initialized.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha1_starts(ctx: *mut mbedtls_sha1_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function feeds an input buffer into an ongoing SHA-1
+    ///                 checksum calculation.
+    ///
+    /// \warning        SHA-1 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    ///
+    /// \param ctx      The SHA-1 context. This must be initialized
+    ///                 and have a hash operation started.
+    /// \param input    The buffer holding the input data.
+    ///                 This must be a readable buffer of length \p ilen Bytes.
+    /// \param ilen     The length of the input data \p input in Bytes.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha1_update(
+        ctx: *mut mbedtls_sha1_context,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function finishes the SHA-1 operation, and writes
+    ///                 the result to the output buffer.
+    ///
+    /// \warning        SHA-1 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    ///
+    /// \param ctx      The SHA-1 context to use. This must be initialized and
+    ///                 have a hash operation started.
+    /// \param output   The SHA-1 checksum result. This must be a writable
+    ///                 buffer of length \c 20 Bytes.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha1_finish(
+        ctx: *mut mbedtls_sha1_context,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          SHA-1 process data block (internal use only).
+    ///
+    /// \warning        SHA-1 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    ///
+    /// \param ctx      The SHA-1 context to use. This must be initialized.
+    /// \param data     The data block being processed. This must be a
+    ///                 readable buffer of length \c 64 Bytes.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_internal_sha1_process(
+        ctx: *mut mbedtls_sha1_context,
+        data: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function calculates the SHA-1 checksum of a buffer.
+    ///
+    ///                 The function allocates the context, performs the
+    ///                 calculation, and frees the context.
+    ///
+    ///                 The SHA-1 result is calculated as
+    ///                 output = SHA-1(input buffer).
+    ///
+    /// \warning        SHA-1 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    ///
+    /// \param input    The buffer holding the input data.
+    ///                 This must be a readable buffer of length \p ilen Bytes.
+    /// \param ilen     The length of the input data \p input in Bytes.
+    /// \param output   The SHA-1 checksum result.
+    ///                 This must be a writable buffer of length \c 20 Bytes.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha1(
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          The SHA-1 checkup routine.
+    ///
+    /// \warning        SHA-1 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_sha1_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+/// \brief          The SHA-256 context structure.
+///
+///                 The structure is used both for SHA-256 and for SHA-224
+///                 checksum calculations. The choice between these two is
+///                 made in the call to mbedtls_sha256_starts().
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_sha256_context {
+    pub private_total: [u32; 2usize],
+    pub private_state: [u32; 8usize],
+    pub private_buffer: [crate::c_types::c_uchar; 64usize],
+    pub private_is224: crate::c_types::c_int,
+}
+extern "C" {
+    /// \brief          This function initializes a SHA-256 context.
+    ///
+    /// \param ctx      The SHA-256 context to initialize. This must not be \c NULL.
+    pub fn mbedtls_sha256_init(ctx: *mut mbedtls_sha256_context);
+}
+extern "C" {
+    /// \brief          This function clears a SHA-256 context.
+    ///
+    /// \param ctx      The SHA-256 context to clear. This may be \c NULL, in which
+    ///                 case this function returns immediately. If it is not \c NULL,
+    ///                 it must point to an initialized SHA-256 context.
+    pub fn mbedtls_sha256_free(ctx: *mut mbedtls_sha256_context);
+}
+extern "C" {
+    /// \brief          This function clones the state of a SHA-256 context.
+    ///
+    /// \param dst      The destination context. This must be initialized.
+    /// \param src      The context to clone. This must be initialized.
+    pub fn mbedtls_sha256_clone(
+        dst: *mut mbedtls_sha256_context,
+        src: *const mbedtls_sha256_context,
+    );
+}
+extern "C" {
+    /// \brief          This function starts a SHA-224 or SHA-256 checksum
+    ///                 calculation.
+    ///
+    /// \param ctx      The context to use. This must be initialized.
+    /// \param is224    This determines which function to use. This must be
+    ///                 either \c 0 for SHA-256, or \c 1 for SHA-224.
+    ///
+    /// \note           is224 must be defined accordingly to the enabled
+    ///                 MBEDTLS_SHA224_C/MBEDTLS_SHA256_C symbols otherwise the
+    ///                 function will return #MBEDTLS_ERR_SHA512_BAD_INPUT_DATA.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha256_starts(
+        ctx: *mut mbedtls_sha256_context,
+        is224: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function feeds an input buffer into an ongoing
+    ///                 SHA-256 checksum calculation.
+    ///
+    /// \param ctx      The SHA-256 context. This must be initialized
+    ///                 and have a hash operation started.
+    /// \param input    The buffer holding the data. This must be a readable
+    ///                 buffer of length \p ilen Bytes.
+    /// \param ilen     The length of the input data in Bytes.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha256_update(
+        ctx: *mut mbedtls_sha256_context,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function finishes the SHA-256 operation, and writes
+    ///                 the result to the output buffer.
+    ///
+    /// \param ctx      The SHA-256 context. This must be initialized
+    ///                 and have a hash operation started.
+    /// \param output   The SHA-224 or SHA-256 checksum result.
+    ///                 This must be a writable buffer of length \c 32 bytes
+    ///                 for SHA-256, \c 28 bytes for SHA-224.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha256_finish(
+        ctx: *mut mbedtls_sha256_context,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function processes a single data block within
+    ///                 the ongoing SHA-256 computation. This function is for
+    ///                 internal use only.
+    ///
+    /// \param ctx      The SHA-256 context. This must be initialized.
+    /// \param data     The buffer holding one block of data. This must
+    ///                 be a readable buffer of length \c 64 Bytes.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_internal_sha256_process(
+        ctx: *mut mbedtls_sha256_context,
+        data: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function calculates the SHA-224 or SHA-256
+    ///                 checksum of a buffer.
+    ///
+    ///                 The function allocates the context, performs the
+    ///                 calculation, and frees the context.
+    ///
+    ///                 The SHA-256 result is calculated as
+    ///                 output = SHA-256(input buffer).
+    ///
+    /// \param input    The buffer holding the data. This must be a readable
+    ///                 buffer of length \p ilen Bytes.
+    /// \param ilen     The length of the input data in Bytes.
+    /// \param output   The SHA-224 or SHA-256 checksum result.
+    ///                 This must be a writable buffer of length \c 32 bytes
+    ///                 for SHA-256, \c 28 bytes for SHA-224.
+    /// \param is224    Determines which function to use. This must be
+    ///                 either \c 0 for SHA-256, or \c 1 for SHA-224.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha256(
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+        is224: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          The SHA-224 checkup routine.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_sha224_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          The SHA-256 checkup routine.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_sha256_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+/// \brief          The SHA-512 context structure.
+///
+///                 The structure is used both for SHA-384 and for SHA-512
+///                 checksum calculations. The choice between these two is
+///                 made in the call to mbedtls_sha512_starts().
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_sha512_context {
+    pub private_total: [u64; 2usize],
+    pub private_state: [u64; 8usize],
+    pub private_buffer: [crate::c_types::c_uchar; 128usize],
+    pub private_is384: crate::c_types::c_int,
+}
+extern "C" {
+    /// \brief          This function initializes a SHA-512 context.
+    ///
+    /// \param ctx      The SHA-512 context to initialize. This must
+    ///                 not be \c NULL.
+    pub fn mbedtls_sha512_init(ctx: *mut mbedtls_sha512_context);
+}
+extern "C" {
+    /// \brief          This function clears a SHA-512 context.
+    ///
+    /// \param ctx      The SHA-512 context to clear. This may be \c NULL,
+    ///                 in which case this function does nothing. If it
+    ///                 is not \c NULL, it must point to an initialized
+    ///                 SHA-512 context.
+    pub fn mbedtls_sha512_free(ctx: *mut mbedtls_sha512_context);
+}
+extern "C" {
+    /// \brief          This function clones the state of a SHA-512 context.
+    ///
+    /// \param dst      The destination context. This must be initialized.
+    /// \param src      The context to clone. This must be initialized.
+    pub fn mbedtls_sha512_clone(
+        dst: *mut mbedtls_sha512_context,
+        src: *const mbedtls_sha512_context,
+    );
+}
+extern "C" {
+    /// \brief          This function starts a SHA-384 or SHA-512 checksum
+    ///                 calculation.
+    ///
+    /// \param ctx      The SHA-512 context to use. This must be initialized.
+    /// \param is384    Determines which function to use. This must be
+    ///                 either \c 0 for SHA-512, or \c 1 for SHA-384.
+    ///
+    /// \note           is384 must be defined accordingly to the enabled
+    ///                 MBEDTLS_SHA384_C/MBEDTLS_SHA512_C symbols otherwise the
+    ///                 function will return #MBEDTLS_ERR_SHA512_BAD_INPUT_DATA.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha512_starts(
+        ctx: *mut mbedtls_sha512_context,
+        is384: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function feeds an input buffer into an ongoing
+    ///                 SHA-512 checksum calculation.
+    ///
+    /// \param ctx      The SHA-512 context. This must be initialized
+    ///                 and have a hash operation started.
+    /// \param input    The buffer holding the input data. This must
+    ///                 be a readable buffer of length \p ilen Bytes.
+    /// \param ilen     The length of the input data in Bytes.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha512_update(
+        ctx: *mut mbedtls_sha512_context,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function finishes the SHA-512 operation, and writes
+    ///                 the result to the output buffer.
+    ///
+    /// \param ctx      The SHA-512 context. This must be initialized
+    ///                 and have a hash operation started.
+    /// \param output   The SHA-384 or SHA-512 checksum result.
+    ///                 This must be a writable buffer of length \c 64 bytes
+    ///                 for SHA-512, \c 48 bytes for SHA-384.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha512_finish(
+        ctx: *mut mbedtls_sha512_context,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function processes a single data block within
+    ///                 the ongoing SHA-512 computation.
+    ///                 This function is for internal use only.
+    ///
+    /// \param ctx      The SHA-512 context. This must be initialized.
+    /// \param data     The buffer holding one block of data. This
+    ///                 must be a readable buffer of length \c 128 Bytes.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_internal_sha512_process(
+        ctx: *mut mbedtls_sha512_context,
+        data: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function calculates the SHA-512 or SHA-384
+    ///                 checksum of a buffer.
+    ///
+    ///                 The function allocates the context, performs the
+    ///                 calculation, and frees the context.
+    ///
+    ///                 The SHA-512 result is calculated as
+    ///                 output = SHA-512(input buffer).
+    ///
+    /// \param input    The buffer holding the input data. This must be
+    ///                 a readable buffer of length \p ilen Bytes.
+    /// \param ilen     The length of the input data in Bytes.
+    /// \param output   The SHA-384 or SHA-512 checksum result.
+    ///                 This must be a writable buffer of length \c 64 bytes
+    ///                 for SHA-512, \c 48 bytes for SHA-384.
+    /// \param is384    Determines which function to use. This must be either
+    ///                 \c 0 for SHA-512, or \c 1 for SHA-384.
+    ///
+    /// \note           is384 must be defined accordingly with the supported
+    ///                 symbols in the config file. If:
+    ///                 - is384 is 0, but \c MBEDTLS_SHA384_C is not defined, or
+    ///                 - is384 is 1, but \c MBEDTLS_SHA512_C is not defined
+    ///                 then the function will return
+    ///                 #MBEDTLS_ERR_SHA512_BAD_INPUT_DATA.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha512(
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+        is384: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          The SHA-384 checkup routine.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_sha384_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          The SHA-512 checkup routine.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_sha512_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_psa_hash_operation_t {
+    pub private_alg: psa_algorithm_t,
+    pub private_ctx: mbedtls_psa_hash_operation_t__bindgen_ty_1,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union mbedtls_psa_hash_operation_t__bindgen_ty_1 {
+    pub dummy: crate::c_types::c_uint,
+    pub md5: mbedtls_md5_context,
+    pub ripemd160: mbedtls_ripemd160_context,
+    pub sha1: mbedtls_sha1_context,
+    pub sha256: mbedtls_sha256_context,
+    pub sha512: mbedtls_sha512_context,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_psa_cipher_operation_t {
+    pub private_alg: psa_algorithm_t,
+    pub private_iv_length: u8,
+    pub private_block_length: u8,
+    pub private_ctx: mbedtls_psa_cipher_operation_t__bindgen_ty_1,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union mbedtls_psa_cipher_operation_t__bindgen_ty_1 {
+    pub private_dummy: crate::c_types::c_uint,
+    pub private_cipher: mbedtls_cipher_context_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union psa_driver_hash_context_t {
+    pub dummy: crate::c_types::c_uint,
+    pub mbedtls_ctx: mbedtls_psa_hash_operation_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union psa_driver_cipher_context_t {
+    pub dummy: crate::c_types::c_uint,
+    pub mbedtls_ctx: mbedtls_psa_cipher_operation_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_hash_operation_s {
+    pub private_id: crate::c_types::c_uint,
+    pub private_ctx: psa_driver_hash_context_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_cipher_operation_s {
+    pub private_id: crate::c_types::c_uint,
+    pub _bitfield_align_1: [u8; 0],
+    pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>,
+    pub private_default_iv_length: u8,
+    pub private_ctx: psa_driver_cipher_context_t,
+}
+impl psa_cipher_operation_s {
+    #[inline]
+    pub fn private_iv_required(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_iv_required(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(0usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn private_iv_set(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_iv_set(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(1usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn new_bitfield_1(
+        private_iv_required: crate::c_types::c_uint,
+        private_iv_set: crate::c_types::c_uint,
+    ) -> __BindgenBitfieldUnit<[u8; 1usize]> {
+        let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default();
+        __bindgen_bitfield_unit.set(0usize, 1u8, {
+            let private_iv_required: u32 = unsafe { ::core::mem::transmute(private_iv_required) };
+            private_iv_required as u64
+        });
+        __bindgen_bitfield_unit.set(1usize, 1u8, {
+            let private_iv_set: u32 = unsafe { ::core::mem::transmute(private_iv_set) };
+            private_iv_set as u64
+        });
+        __bindgen_bitfield_unit
+    }
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_psa_hmac_operation_t {
+    pub private_alg: psa_algorithm_t,
+    /// The hash context.
+    pub hash_ctx: psa_hash_operation_s,
+    pub private_opad: [u8; 128usize],
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_psa_mac_operation_t {
+    pub private_alg: psa_algorithm_t,
+    pub private_ctx: mbedtls_psa_mac_operation_t__bindgen_ty_1,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union mbedtls_psa_mac_operation_t__bindgen_ty_1 {
+    pub private_dummy: crate::c_types::c_uint,
+    pub private_hmac: mbedtls_psa_hmac_operation_t,
+    pub private_cmac: mbedtls_cipher_context_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_psa_aead_operation_t {
+    pub private_alg: psa_algorithm_t,
+    pub private_key_type: psa_key_type_t,
+    pub _bitfield_align_1: [u8; 0],
+    pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>,
+    pub private_tag_length: u8,
+    pub ctx: mbedtls_psa_aead_operation_t__bindgen_ty_1,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union mbedtls_psa_aead_operation_t__bindgen_ty_1 {
+    pub dummy: crate::c_types::c_uint,
+    pub private_ccm: mbedtls_ccm_context,
+    pub private_gcm: mbedtls_gcm_context,
+    pub private_chachapoly: mbedtls_chachapoly_context,
+}
+impl mbedtls_psa_aead_operation_t {
+    #[inline]
+    pub fn private_is_encrypt(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_is_encrypt(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(0usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn new_bitfield_1(
+        private_is_encrypt: crate::c_types::c_uint,
+    ) -> __BindgenBitfieldUnit<[u8; 1usize]> {
+        let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default();
+        __bindgen_bitfield_unit.set(0usize, 1u8, {
+            let private_is_encrypt: u32 = unsafe { ::core::mem::transmute(private_is_encrypt) };
+            private_is_encrypt as u64
+        });
+        __bindgen_bitfield_unit
+    }
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_psa_sign_hash_interruptible_operation_t {
+    pub private_dummy: crate::c_types::c_uint,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_psa_verify_hash_interruptible_operation_t {
+    pub private_dummy: crate::c_types::c_uint,
+}
+///< Client
+pub const mbedtls_ecjpake_role_MBEDTLS_ECJPAKE_CLIENT: mbedtls_ecjpake_role = 0;
+///< Server
+pub const mbedtls_ecjpake_role_MBEDTLS_ECJPAKE_SERVER: mbedtls_ecjpake_role = 1;
+/// Roles in the EC J-PAKE exchange
+pub type mbedtls_ecjpake_role = crate::c_types::c_uint;
+/// EC J-PAKE context structure.
+///
+/// J-PAKE is a symmetric protocol, except for the identifiers used in
+/// Zero-Knowledge Proofs, and the serialization of the second message
+/// (KeyExchange) as defined by the Thread spec.
+///
+/// In order to benefit from this symmetry, we choose a different naming
+/// convention from the Thread v1.0 spec. Correspondence is indicated in the
+/// description as a pair C: client name, S: server name
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ecjpake_context {
+    pub private_md_type: mbedtls_md_type_t,
+    pub private_grp: mbedtls_ecp_group,
+    pub private_role: mbedtls_ecjpake_role,
+    pub private_point_format: crate::c_types::c_int,
+    pub private_Xm1: mbedtls_ecp_point,
+    pub private_Xm2: mbedtls_ecp_point,
+    pub private_Xp1: mbedtls_ecp_point,
+    pub private_Xp2: mbedtls_ecp_point,
+    pub private_Xp: mbedtls_ecp_point,
+    pub private_xm1: mbedtls_mpi,
+    pub private_xm2: mbedtls_mpi,
+    pub private_s: mbedtls_mpi,
+}
+extern "C" {
+    /// \brief           Initialize an ECJPAKE context.
+    ///
+    /// \param ctx       The ECJPAKE context to initialize.
+    ///                  This must not be \c NULL.
+    pub fn mbedtls_ecjpake_init(ctx: *mut mbedtls_ecjpake_context);
+}
+extern "C" {
+    /// \brief           Set up an ECJPAKE context for use.
+    ///
+    /// \note            Currently the only values for hash/curve allowed by the
+    ///                  standard are #MBEDTLS_MD_SHA256/#MBEDTLS_ECP_DP_SECP256R1.
+    ///
+    /// \param ctx       The ECJPAKE context to set up. This must be initialized.
+    /// \param role      The role of the caller. This must be either
+    ///                  #MBEDTLS_ECJPAKE_CLIENT or #MBEDTLS_ECJPAKE_SERVER.
+    /// \param hash      The identifier of the hash function to use,
+    ///                  for example #MBEDTLS_MD_SHA256.
+    /// \param curve     The identifier of the elliptic curve to use,
+    ///                  for example #MBEDTLS_ECP_DP_SECP256R1.
+    /// \param secret    The pre-shared secret (passphrase). This must be
+    ///                  a readable not empty buffer of length \p len Bytes. It need
+    ///                  only be valid for the duration of this call.
+    /// \param len       The length of the pre-shared secret \p secret.
+    ///
+    /// \return          \c 0 if successful.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_ecjpake_setup(
+        ctx: *mut mbedtls_ecjpake_context,
+        role: mbedtls_ecjpake_role,
+        hash: mbedtls_md_type_t,
+        curve: mbedtls_ecp_group_id,
+        secret: *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               Set the point format for future reads and writes.
+    ///
+    /// \param ctx           The ECJPAKE context to configure.
+    /// \param point_format  The point format to use:
+    ///                      #MBEDTLS_ECP_PF_UNCOMPRESSED (default)
+    ///                      or #MBEDTLS_ECP_PF_COMPRESSED.
+    ///
+    /// \return              \c 0 if successful.
+    /// \return              #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if \p point_format
+    ///                      is invalid.
+    pub fn mbedtls_ecjpake_set_point_format(
+        ctx: *mut mbedtls_ecjpake_context,
+        point_format: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Check if an ECJPAKE context is ready for use.
+    ///
+    /// \param ctx       The ECJPAKE context to check. This must be
+    ///                  initialized.
+    ///
+    /// \return          \c 0 if the context is ready for use.
+    /// \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA otherwise.
+    pub fn mbedtls_ecjpake_check(ctx: *const mbedtls_ecjpake_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Generate and write the first round message
+    ///                  (TLS: contents of the Client/ServerHello extension,
+    ///                  excluding extension type and length bytes).
+    ///
+    /// \param ctx       The ECJPAKE context to use. This must be
+    ///                  initialized and set up.
+    /// \param buf       The buffer to write the contents to. This must be a
+    ///                  writable buffer of length \p len Bytes.
+    /// \param len       The length of \p buf in Bytes.
+    /// \param olen      The address at which to store the total number
+    ///                  of Bytes written to \p buf. This must not be \c NULL.
+    /// \param f_rng     The RNG function to use. This must not be \c NULL.
+    /// \param p_rng     The RNG parameter to be passed to \p f_rng. This
+    ///                  may be \c NULL if \p f_rng doesn't use a context.
+    ///
+    /// \return          \c 0 if successful.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_ecjpake_write_round_one(
+        ctx: *mut mbedtls_ecjpake_context,
+        buf: *mut crate::c_types::c_uchar,
+        len: usize,
+        olen: *mut usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Read and process the first round message
+    ///                  (TLS: contents of the Client/ServerHello extension,
+    ///                  excluding extension type and length bytes).
+    ///
+    /// \param ctx       The ECJPAKE context to use. This must be initialized
+    ///                  and set up.
+    /// \param buf       The buffer holding the first round message. This must
+    ///                  be a readable buffer of length \p len Bytes.
+    /// \param len       The length in Bytes of \p buf.
+    ///
+    /// \return          \c 0 if successful.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_ecjpake_read_round_one(
+        ctx: *mut mbedtls_ecjpake_context,
+        buf: *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Generate and write the second round message
+    ///                  (TLS: contents of the Client/ServerKeyExchange).
+    ///
+    /// \param ctx       The ECJPAKE context to use. This must be initialized,
+    ///                  set up, and already have performed round one.
+    /// \param buf       The buffer to write the round two contents to.
+    ///                  This must be a writable buffer of length \p len Bytes.
+    /// \param len       The size of \p buf in Bytes.
+    /// \param olen      The address at which to store the total number of Bytes
+    ///                  written to \p buf. This must not be \c NULL.
+    /// \param f_rng     The RNG function to use. This must not be \c NULL.
+    /// \param p_rng     The RNG parameter to be passed to \p f_rng. This
+    ///                  may be \c NULL if \p f_rng doesn't use a context.
+    ///
+    /// \return          \c 0 if successful.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_ecjpake_write_round_two(
+        ctx: *mut mbedtls_ecjpake_context,
+        buf: *mut crate::c_types::c_uchar,
+        len: usize,
+        olen: *mut usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Read and process the second round message
+    ///                  (TLS: contents of the Client/ServerKeyExchange).
+    ///
+    /// \param ctx       The ECJPAKE context to use. This must be initialized
+    ///                  and set up and already have performed round one.
+    /// \param buf       The buffer holding the second round message. This must
+    ///                  be a readable buffer of length \p len Bytes.
+    /// \param len       The length in Bytes of \p buf.
+    ///
+    /// \return          \c 0 if successful.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_ecjpake_read_round_two(
+        ctx: *mut mbedtls_ecjpake_context,
+        buf: *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Derive the shared secret
+    ///                  (TLS: Pre-Master Secret).
+    ///
+    /// \param ctx       The ECJPAKE context to use. This must be initialized,
+    ///                  set up and have performed both round one and two.
+    /// \param buf       The buffer to write the derived secret to. This must
+    ///                  be a writable buffer of length \p len Bytes.
+    /// \param len       The length of \p buf in Bytes.
+    /// \param olen      The address at which to store the total number of Bytes
+    ///                  written to \p buf. This must not be \c NULL.
+    /// \param f_rng     The RNG function to use. This must not be \c NULL.
+    /// \param p_rng     The RNG parameter to be passed to \p f_rng. This
+    ///                  may be \c NULL if \p f_rng doesn't use a context.
+    ///
+    /// \return          \c 0 if successful.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_ecjpake_derive_secret(
+        ctx: *mut mbedtls_ecjpake_context,
+        buf: *mut crate::c_types::c_uchar,
+        len: usize,
+        olen: *mut usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Write the shared key material to be passed to a Key
+    ///                  Derivation Function as described in RFC8236.
+    ///
+    /// \param ctx       The ECJPAKE context to use. This must be initialized,
+    ///                  set up and have performed both round one and two.
+    /// \param buf       The buffer to write the derived secret to. This must
+    ///                  be a writable buffer of length \p len Bytes.
+    /// \param len       The length of \p buf in Bytes.
+    /// \param olen      The address at which to store the total number of bytes
+    ///                  written to \p buf. This must not be \c NULL.
+    /// \param f_rng     The RNG function to use. This must not be \c NULL.
+    /// \param p_rng     The RNG parameter to be passed to \p f_rng. This
+    ///                  may be \c NULL if \p f_rng doesn't use a context.
+    ///
+    /// \return          \c 0 if successful.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_ecjpake_write_shared_key(
+        ctx: *mut mbedtls_ecjpake_context,
+        buf: *mut crate::c_types::c_uchar,
+        len: usize,
+        olen: *mut usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This clears an ECJPAKE context and frees any
+    ///                  embedded data structure.
+    ///
+    /// \param ctx       The ECJPAKE context to free. This may be \c NULL,
+    ///                  in which case this function does nothing. If it is not
+    ///                  \c NULL, it must point to an initialized ECJPAKE context.
+    pub fn mbedtls_ecjpake_free(ctx: *mut mbedtls_ecjpake_context);
+}
+extern "C" {
+    /// \brief          Checkup routine
+    ///
+    /// \return         0 if successful, or 1 if a test failed
+    pub fn mbedtls_ecjpake_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_psa_pake_operation_t {
+    pub private_alg: psa_algorithm_t,
+    pub private_password: *mut u8,
+    pub private_password_len: usize,
+    pub private_role: u8,
+    pub private_buffer: [u8; 336usize],
+    pub private_buffer_length: usize,
+    pub private_buffer_offset: usize,
+    pub private_ctx: mbedtls_psa_pake_operation_t__bindgen_ty_1,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union mbedtls_psa_pake_operation_t__bindgen_ty_1 {
+    pub private_dummy: crate::c_types::c_uint,
+    pub private_jpake: mbedtls_ecjpake_context,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union psa_driver_mac_context_t {
+    pub dummy: crate::c_types::c_uint,
+    pub mbedtls_ctx: mbedtls_psa_mac_operation_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union psa_driver_aead_context_t {
+    pub dummy: crate::c_types::c_uint,
+    pub mbedtls_ctx: mbedtls_psa_aead_operation_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union psa_driver_sign_hash_interruptible_context_t {
+    pub dummy: crate::c_types::c_uint,
+    pub mbedtls_ctx: mbedtls_psa_sign_hash_interruptible_operation_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union psa_driver_verify_hash_interruptible_context_t {
+    pub dummy: crate::c_types::c_uint,
+    pub mbedtls_ctx: mbedtls_psa_verify_hash_interruptible_operation_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union psa_driver_pake_context_t {
+    pub dummy: crate::c_types::c_uint,
+    pub mbedtls_ctx: mbedtls_psa_pake_operation_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_mac_operation_s {
+    pub private_id: crate::c_types::c_uint,
+    pub private_mac_size: u8,
+    pub _bitfield_align_1: [u8; 0],
+    pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>,
+    pub private_ctx: psa_driver_mac_context_t,
+}
+impl psa_mac_operation_s {
+    #[inline]
+    pub fn private_is_sign(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_is_sign(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(0usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn new_bitfield_1(
+        private_is_sign: crate::c_types::c_uint,
+    ) -> __BindgenBitfieldUnit<[u8; 1usize]> {
+        let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default();
+        __bindgen_bitfield_unit.set(0usize, 1u8, {
+            let private_is_sign: u32 = unsafe { ::core::mem::transmute(private_is_sign) };
+            private_is_sign as u64
+        });
+        __bindgen_bitfield_unit
+    }
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_aead_operation_s {
+    pub private_id: crate::c_types::c_uint,
+    pub private_alg: psa_algorithm_t,
+    pub private_key_type: psa_key_type_t,
+    pub private_ad_remaining: usize,
+    pub private_body_remaining: usize,
+    pub _bitfield_align_1: [u8; 0],
+    pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>,
+    pub private_ctx: psa_driver_aead_context_t,
+}
+impl psa_aead_operation_s {
+    #[inline]
+    pub fn private_nonce_set(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_nonce_set(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(0usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn private_lengths_set(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_lengths_set(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(1usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn private_ad_started(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_ad_started(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(2usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn private_body_started(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_body_started(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(3usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn private_is_encrypt(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_is_encrypt(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(4usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn new_bitfield_1(
+        private_nonce_set: crate::c_types::c_uint,
+        private_lengths_set: crate::c_types::c_uint,
+        private_ad_started: crate::c_types::c_uint,
+        private_body_started: crate::c_types::c_uint,
+        private_is_encrypt: crate::c_types::c_uint,
+    ) -> __BindgenBitfieldUnit<[u8; 1usize]> {
+        let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default();
+        __bindgen_bitfield_unit.set(0usize, 1u8, {
+            let private_nonce_set: u32 = unsafe { ::core::mem::transmute(private_nonce_set) };
+            private_nonce_set as u64
+        });
+        __bindgen_bitfield_unit.set(1usize, 1u8, {
+            let private_lengths_set: u32 = unsafe { ::core::mem::transmute(private_lengths_set) };
+            private_lengths_set as u64
+        });
+        __bindgen_bitfield_unit.set(2usize, 1u8, {
+            let private_ad_started: u32 = unsafe { ::core::mem::transmute(private_ad_started) };
+            private_ad_started as u64
+        });
+        __bindgen_bitfield_unit.set(3usize, 1u8, {
+            let private_body_started: u32 = unsafe { ::core::mem::transmute(private_body_started) };
+            private_body_started as u64
+        });
+        __bindgen_bitfield_unit.set(4usize, 1u8, {
+            let private_is_encrypt: u32 = unsafe { ::core::mem::transmute(private_is_encrypt) };
+            private_is_encrypt as u64
+        });
+        __bindgen_bitfield_unit
+    }
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_hkdf_key_derivation_t {
+    pub private_info: *mut u8,
+    pub private_info_length: usize,
+    pub private_offset_in_block: u8,
+    pub private_block_number: u8,
+    pub _bitfield_align_1: [u8; 0],
+    pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>,
+    pub private_output_block: [u8; 64usize],
+    pub private_prk: [u8; 64usize],
+    pub private_hmac: psa_mac_operation_s,
+}
+impl psa_hkdf_key_derivation_t {
+    #[inline]
+    pub fn private_state(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 2u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_state(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(0usize, 2u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn private_info_set(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_info_set(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(2usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn new_bitfield_1(
+        private_state: crate::c_types::c_uint,
+        private_info_set: crate::c_types::c_uint,
+    ) -> __BindgenBitfieldUnit<[u8; 1usize]> {
+        let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default();
+        __bindgen_bitfield_unit.set(0usize, 2u8, {
+            let private_state: u32 = unsafe { ::core::mem::transmute(private_state) };
+            private_state as u64
+        });
+        __bindgen_bitfield_unit.set(2usize, 1u8, {
+            let private_info_set: u32 = unsafe { ::core::mem::transmute(private_info_set) };
+            private_info_set as u64
+        });
+        __bindgen_bitfield_unit
+    }
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_tls12_ecjpake_to_pms_t {
+    pub private_data: [u8; 32usize],
+}
+pub const psa_tls12_prf_key_derivation_state_t_PSA_TLS12_PRF_STATE_INIT:
+    psa_tls12_prf_key_derivation_state_t = 0;
+pub const psa_tls12_prf_key_derivation_state_t_PSA_TLS12_PRF_STATE_SEED_SET:
+    psa_tls12_prf_key_derivation_state_t = 1;
+pub const psa_tls12_prf_key_derivation_state_t_PSA_TLS12_PRF_STATE_OTHER_KEY_SET:
+    psa_tls12_prf_key_derivation_state_t = 2;
+pub const psa_tls12_prf_key_derivation_state_t_PSA_TLS12_PRF_STATE_KEY_SET:
+    psa_tls12_prf_key_derivation_state_t = 3;
+pub const psa_tls12_prf_key_derivation_state_t_PSA_TLS12_PRF_STATE_LABEL_SET:
+    psa_tls12_prf_key_derivation_state_t = 4;
+pub const psa_tls12_prf_key_derivation_state_t_PSA_TLS12_PRF_STATE_OUTPUT:
+    psa_tls12_prf_key_derivation_state_t = 5;
+pub type psa_tls12_prf_key_derivation_state_t = crate::c_types::c_uint;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_tls12_prf_key_derivation_s {
+    pub private_left_in_block: u8,
+    pub private_block_number: u8,
+    pub private_state: psa_tls12_prf_key_derivation_state_t,
+    pub private_secret: *mut u8,
+    pub private_secret_length: usize,
+    pub private_seed: *mut u8,
+    pub private_seed_length: usize,
+    pub private_label: *mut u8,
+    pub private_label_length: usize,
+    pub private_other_secret: *mut u8,
+    pub private_other_secret_length: usize,
+    pub private_Ai: [u8; 64usize],
+    pub private_output_block: [u8; 64usize],
+}
+pub type psa_tls12_prf_key_derivation_t = psa_tls12_prf_key_derivation_s;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_key_derivation_s {
+    pub private_alg: psa_algorithm_t,
+    pub _bitfield_align_1: [u8; 0],
+    pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>,
+    pub private_capacity: usize,
+    pub private_ctx: psa_key_derivation_s__bindgen_ty_1,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union psa_key_derivation_s__bindgen_ty_1 {
+    pub private_dummy: u8,
+    pub private_hkdf: psa_hkdf_key_derivation_t,
+    pub private_tls12_prf: psa_tls12_prf_key_derivation_t,
+    pub private_tls12_ecjpake_to_pms: psa_tls12_ecjpake_to_pms_t,
+}
+impl psa_key_derivation_s {
+    #[inline]
+    pub fn private_can_output_key(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_can_output_key(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(0usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn new_bitfield_1(
+        private_can_output_key: crate::c_types::c_uint,
+    ) -> __BindgenBitfieldUnit<[u8; 1usize]> {
+        let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default();
+        __bindgen_bitfield_unit.set(0usize, 1u8, {
+            let private_can_output_key: u32 =
+                unsafe { ::core::mem::transmute(private_can_output_key) };
+            private_can_output_key as u64
+        });
+        __bindgen_bitfield_unit
+    }
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_key_policy_s {
+    pub private_usage: psa_key_usage_t,
+    pub private_alg: psa_algorithm_t,
+    pub private_alg2: psa_algorithm_t,
+}
+pub type psa_key_policy_t = psa_key_policy_s;
+pub type psa_key_bits_t = u16;
+/// A mask of flags that can be stored in key attributes.
+///
+/// This type is also used internally to store flags in slots. Internal
+/// flags are defined in library/psa_crypto_core.h. Internal flags may have
+/// the same value as external flags if they are properly handled during
+/// key creation and in psa_get_key_attributes.
+pub type psa_key_attributes_flag_t = u16;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_core_key_attributes_t {
+    pub private_type: psa_key_type_t,
+    pub private_bits: psa_key_bits_t,
+    pub private_lifetime: psa_key_lifetime_t,
+    pub private_id: mbedtls_svc_key_id_t,
+    pub private_policy: psa_key_policy_t,
+    pub private_flags: psa_key_attributes_flag_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_key_attributes_s {
+    pub private_core: psa_core_key_attributes_t,
+    pub private_domain_parameters: *mut crate::c_types::c_void,
+    pub private_domain_parameters_size: usize,
+}
+extern "C" {
+    /// \brief Set domain parameters for a key.
+    ///
+    /// Some key types require additional domain parameters in addition to
+    /// the key type identifier and the key size. Use this function instead
+    /// of psa_set_key_type() when you need to specify domain parameters.
+    ///
+    /// The format for the required domain parameters varies based on the key type.
+    ///
+    /// - For RSA keys (#PSA_KEY_TYPE_RSA_PUBLIC_KEY or #PSA_KEY_TYPE_RSA_KEY_PAIR),
+    ///   the domain parameter data consists of the public exponent,
+    ///   represented as a big-endian integer with no leading zeros.
+    ///   This information is used when generating an RSA key pair.
+    ///   When importing a key, the public exponent is read from the imported
+    ///   key data and the exponent recorded in the attribute structure is ignored.
+    ///   As an exception, the public exponent 65537 is represented by an empty
+    ///   byte string.
+    /// - For DSA keys (#PSA_KEY_TYPE_DSA_PUBLIC_KEY or #PSA_KEY_TYPE_DSA_KEY_PAIR),
+    ///   the `Dss-Params` format as defined by RFC 3279 &sect;2.3.2.
+    ///   ```
+    ///   Dss-Params ::= SEQUENCE  {
+    ///      p       INTEGER,
+    ///      q       INTEGER,
+    ///      g       INTEGER
+    ///   }
+    ///   ```
+    /// - For Diffie-Hellman key exchange keys
+    ///   (#PSA_KEY_TYPE_DH_PUBLIC_KEY(#PSA_DH_FAMILY_CUSTOM) or
+    ///   #PSA_KEY_TYPE_DH_KEY_PAIR(#PSA_DH_FAMILY_CUSTOM)), the
+    ///   `DomainParameters` format as defined by RFC 3279 &sect;2.3.3.
+    ///   ```
+    ///   DomainParameters ::= SEQUENCE {
+    ///      p               INTEGER,                    -- odd prime, p=jq +1
+    ///      g               INTEGER,                    -- generator, g
+    ///      q               INTEGER,                    -- factor of p-1
+    ///      j               INTEGER OPTIONAL,           -- subgroup factor
+    ///      validationParams ValidationParams OPTIONAL
+    ///   }
+    ///   ValidationParams ::= SEQUENCE {
+    ///      seed            BIT STRING,
+    ///      pgenCounter     INTEGER
+    ///   }
+    ///   ```
+    ///
+    /// \note This function may allocate memory or other resources.
+    ///       Once you have called this function on an attribute structure,
+    ///       you must call psa_reset_key_attributes() to free these resources.
+    ///
+    /// \note This is an experimental extension to the interface. It may change
+    ///       in future versions of the library.
+    ///
+    /// \param[in,out] attributes    Attribute structure where the specified domain
+    ///                              parameters will be stored.
+    ///                              If this function fails, the content of
+    ///                              \p attributes is not modified.
+    /// \param type                  Key type (a \c PSA_KEY_TYPE_XXX value).
+    /// \param[in] data              Buffer containing the key domain parameters.
+    ///                              The content of this buffer is interpreted
+    ///                              according to \p type as described above.
+    /// \param data_length           Size of the \p data buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    pub fn psa_set_key_domain_parameters(
+        attributes: *mut psa_key_attributes_t,
+        type_: psa_key_type_t,
+        data: *const u8,
+        data_length: usize,
+    ) -> psa_status_t;
+}
+/// \brief The context for PSA interruptible hash signing.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_sign_hash_interruptible_operation_s {
+    pub private_id: crate::c_types::c_uint,
+    pub private_ctx: psa_driver_sign_hash_interruptible_context_t,
+    pub _bitfield_align_1: [u8; 0],
+    pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>,
+    pub private_num_ops: u32,
+}
+impl psa_sign_hash_interruptible_operation_s {
+    #[inline]
+    pub fn private_error_occurred(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_error_occurred(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(0usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn new_bitfield_1(
+        private_error_occurred: crate::c_types::c_uint,
+    ) -> __BindgenBitfieldUnit<[u8; 1usize]> {
+        let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default();
+        __bindgen_bitfield_unit.set(0usize, 1u8, {
+            let private_error_occurred: u32 =
+                unsafe { ::core::mem::transmute(private_error_occurred) };
+            private_error_occurred as u64
+        });
+        __bindgen_bitfield_unit
+    }
+}
+/// \brief The context for PSA interruptible hash verification.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_verify_hash_interruptible_operation_s {
+    pub private_id: crate::c_types::c_uint,
+    pub private_ctx: psa_driver_verify_hash_interruptible_context_t,
+    pub _bitfield_align_1: [u8; 0],
+    pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>,
+    pub private_num_ops: u32,
+}
+impl psa_verify_hash_interruptible_operation_s {
+    #[inline]
+    pub fn private_error_occurred(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_error_occurred(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(0usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn new_bitfield_1(
+        private_error_occurred: crate::c_types::c_uint,
+    ) -> __BindgenBitfieldUnit<[u8; 1usize]> {
+        let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default();
+        __bindgen_bitfield_unit.set(0usize, 1u8, {
+            let private_error_occurred: u32 =
+                unsafe { ::core::mem::transmute(private_error_occurred) };
+            private_error_occurred as u64
+        });
+        __bindgen_bitfield_unit
+    }
+}
+pub type psa_key_handle_t = mbedtls_svc_key_id_t;
+extern "C" {
+    /// Open a handle to an existing persistent key.
+    ///
+    /// Open a handle to a persistent key. A key is persistent if it was created
+    /// with a lifetime other than #PSA_KEY_LIFETIME_VOLATILE. A persistent key
+    /// always has a nonzero key identifier, set with psa_set_key_id() when
+    /// creating the key. Implementations may provide additional pre-provisioned
+    /// keys that can be opened with psa_open_key(). Such keys have an application
+    /// key identifier in the vendor range, as documented in the description of
+    /// #psa_key_id_t.
+    ///
+    /// The application must eventually close the handle with psa_close_key() or
+    /// psa_destroy_key() to release associated resources. If the application dies
+    /// without calling one of these functions, the implementation should perform
+    /// the equivalent of a call to psa_close_key().
+    ///
+    /// Some implementations permit an application to open the same key multiple
+    /// times. If this is successful, each call to psa_open_key() will return a
+    /// different key handle.
+    ///
+    /// \note This API is not part of the PSA Cryptography API Release 1.0.0
+    /// specification. It was defined in the 1.0 Beta 3 version of the
+    /// specification but was removed in the 1.0.0 released version. This API is
+    /// kept for the time being to not break applications relying on it. It is not
+    /// deprecated yet but will be in the near future.
+    ///
+    /// \note Applications that rely on opening a key multiple times will not be
+    /// portable to implementations that only permit a single key handle to be
+    /// opened. See also :ref:\`key-handles\`.
+    ///
+    ///
+    /// \param key           The persistent identifier of the key.
+    /// \param[out] handle   On success, a handle to the key.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success. The application can now use the value of `*handle`
+    ///         to access the key.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+    ///         The implementation does not have sufficient resources to open the
+    ///         key. This can be due to reaching an implementation limit on the
+    ///         number of open keys, the number of open key handles, or available
+    ///         memory.
+    /// \retval #PSA_ERROR_DOES_NOT_EXIST
+    ///         There is no persistent key with key identifier \p key.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not a valid persistent key identifier.
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The specified key exists, but the application does not have the
+    ///         permission to access it. Note that this specification does not
+    ///         define any way to create such a key, but it may be possible
+    ///         through implementation-specific means.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_open_key(key: mbedtls_svc_key_id_t, handle: *mut psa_key_handle_t) -> psa_status_t;
+}
+extern "C" {
+    /// Close a key handle.
+    ///
+    /// If the handle designates a volatile key, this will destroy the key material
+    /// and free all associated resources, just like psa_destroy_key().
+    ///
+    /// If this is the last open handle to a persistent key, then closing the handle
+    /// will free all resources associated with the key in volatile memory. The key
+    /// data in persistent storage is not affected and can be opened again later
+    /// with a call to psa_open_key().
+    ///
+    /// Closing the key handle makes the handle invalid, and the key handle
+    /// must not be used again by the application.
+    ///
+    /// \note This API is not part of the PSA Cryptography API Release 1.0.0
+    /// specification. It was defined in the 1.0 Beta 3 version of the
+    /// specification but was removed in the 1.0.0 released version. This API is
+    /// kept for the time being to not break applications relying on it. It is not
+    /// deprecated yet but will be in the near future.
+    ///
+    /// \note If the key handle was used to set up an active
+    /// :ref:\`multipart operation <multipart-operations>\`, then closing the
+    /// key handle can cause the multipart operation to fail. Applications should
+    /// maintain the key handle until after the multipart operation has finished.
+    ///
+    /// \param handle        The key handle to close.
+    ///                      If this is \c 0, do nothing and return \c PSA_SUCCESS.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         \p handle was a valid handle or \c 0. It is now closed.
+    /// \retval #PSA_ERROR_INVALID_HANDLE
+    ///         \p handle is not a valid handle nor \c 0.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_close_key(handle: psa_key_handle_t) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Library deinitialization.
+    ///
+    /// This function clears all data associated with the PSA layer,
+    /// including the whole key store.
+    ///
+    /// This is an Mbed TLS extension.
+    pub fn mbedtls_psa_crypto_free();
+}
+/// \brief Statistics about
+/// resource consumption related to the PSA keystore.
+///
+/// \note The content of this structure is not part of the stable API and ABI
+///       of Mbed Crypto and may change arbitrarily from version to version.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_psa_stats_s {
+    pub private_volatile_slots: usize,
+    pub private_persistent_slots: usize,
+    pub private_external_slots: usize,
+    pub private_half_filled_slots: usize,
+    pub private_cache_slots: usize,
+    pub private_empty_slots: usize,
+    pub private_locked_slots: usize,
+    pub private_max_open_internal_key_id: psa_key_id_t,
+    pub private_max_open_external_key_id: psa_key_id_t,
+}
+/// \brief Statistics about
+/// resource consumption related to the PSA keystore.
+///
+/// \note The content of this structure is not part of the stable API and ABI
+///       of Mbed Crypto and may change arbitrarily from version to version.
+pub type mbedtls_psa_stats_t = mbedtls_psa_stats_s;
+extern "C" {
+    /// \brief Get statistics about
+    /// resource consumption related to the PSA keystore.
+    ///
+    /// \note When Mbed Crypto is built as part of a service, with isolation
+    ///       between the application and the keystore, the service may or
+    ///       may not expose this function.
+    pub fn mbedtls_psa_get_stats(stats: *mut mbedtls_psa_stats_t);
+}
+extern "C" {
+    /// \brief Inject an initial entropy seed for the random generator into
+    ///        secure storage.
+    ///
+    /// This function injects data to be used as a seed for the random generator
+    /// used by the PSA Crypto implementation. On devices that lack a trusted
+    /// entropy source (preferably a hardware random number generator),
+    /// the Mbed PSA Crypto implementation uses this value to seed its
+    /// random generator.
+    ///
+    /// On devices without a trusted entropy source, this function must be
+    /// called exactly once in the lifetime of the device. On devices with
+    /// a trusted entropy source, calling this function is optional.
+    /// In all cases, this function may only be called before calling any
+    /// other function in the PSA Crypto API, including psa_crypto_init().
+    ///
+    /// When this function returns successfully, it populates a file in
+    /// persistent storage. Once the file has been created, this function
+    /// can no longer succeed.
+    ///
+    /// If any error occurs, this function does not change the system state.
+    /// You can call this function again after correcting the reason for the
+    /// error if possible.
+    ///
+    /// \warning This function **can** fail! Callers MUST check the return status.
+    ///
+    /// \warning If you use this function, you should use it as part of a
+    ///          factory provisioning process. The value of the injected seed
+    ///          is critical to the security of the device. It must be
+    ///          *secret*, *unpredictable* and (statistically) *unique per device*.
+    ///          You should be generate it randomly using a cryptographically
+    ///          secure random generator seeded from trusted entropy sources.
+    ///          You should transmit it securely to the device and ensure
+    ///          that its value is not leaked or stored anywhere beyond the
+    ///          needs of transmitting it from the point of generation to
+    ///          the call of this function, and erase all copies of the value
+    ///          once this function returns.
+    ///
+    /// This is an Mbed TLS extension.
+    ///
+    /// \note This function is only available on the following platforms:
+    /// * If the compile-time option MBEDTLS_PSA_INJECT_ENTROPY is enabled.
+    ///   Note that you must provide compatible implementations of
+    ///   mbedtls_nv_seed_read and mbedtls_nv_seed_write.
+    /// * In a client-server integration of PSA Cryptography, on the client side,
+    ///   if the server supports this feature.
+    /// \param[in] seed          Buffer containing the seed value to inject.
+    /// \param[in] seed_size     Size of the \p seed buffer.
+    ///                          The size of the seed in bytes must be greater
+    ///                          or equal to both #MBEDTLS_ENTROPY_BLOCK_SIZE
+    ///                          and the value of \c MBEDTLS_ENTROPY_MIN_PLATFORM
+    ///                          in `library/entropy_poll.h` in the Mbed TLS source
+    ///                          code.
+    ///                          It must be less or equal to
+    ///                          #MBEDTLS_ENTROPY_MAX_SEED_SIZE.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         The seed value was injected successfully. The random generator
+    ///         of the PSA Crypto implementation is now ready for use.
+    ///         You may now call psa_crypto_init() and use the PSA Crypto
+    ///         implementation.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p seed_size is out of range.
+    /// \retval #PSA_ERROR_STORAGE_FAILURE
+    ///         There was a failure reading or writing from storage.
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The library has already been initialized. It is no longer
+    ///         possible to call this function.
+    pub fn mbedtls_psa_inject_entropy(seed: *const u8, seed_size: usize) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Get domain parameters for a key.
+    ///
+    /// Get the domain parameters for a key with this function, if any. The format
+    /// of the domain parameters written to \p data is specified in the
+    /// documentation for psa_set_key_domain_parameters().
+    ///
+    /// \note This is an experimental extension to the interface. It may change
+    ///       in future versions of the library.
+    ///
+    /// \param[in] attributes        The key attribute structure to query.
+    /// \param[out] data             On success, the key domain parameters.
+    /// \param data_size             Size of the \p data buffer in bytes.
+    ///                              The buffer is guaranteed to be large
+    ///                              enough if its size in bytes is at least
+    ///                              the value given by
+    ///                              PSA_KEY_DOMAIN_PARAMETERS_SIZE().
+    /// \param[out] data_length      On success, the number of bytes
+    ///                              that make up the key domain parameters data.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL \emptydescription
+    pub fn psa_get_key_domain_parameters(
+        attributes: *const psa_key_attributes_t,
+        data: *mut u8,
+        data_size: usize,
+        data_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Convert an ECC curve identifier from the PSA encoding to Mbed TLS.
+    ///
+    /// \note This function is provided solely for the convenience of
+    ///       Mbed TLS and may be removed at any time without notice.
+    ///
+    /// \param curve         A PSA elliptic curve identifier
+    ///                      (`PSA_ECC_FAMILY_xxx`).
+    /// \param bits          The bit-length of a private key on \p curve.
+    /// \param bits_is_sloppy If true, \p bits may be the bit-length rounded up
+    ///                      to the nearest multiple of 8. This allows the caller
+    ///                      to infer the exact curve from the length of a key
+    ///                      which is supplied as a byte string.
+    ///
+    /// \return              The corresponding Mbed TLS elliptic curve identifier
+    ///                      (`MBEDTLS_ECP_DP_xxx`).
+    /// \return              #MBEDTLS_ECP_DP_NONE if \c curve is not recognized.
+    /// \return              #MBEDTLS_ECP_DP_NONE if \p bits is not
+    ///                      correct for \p curve.
+    pub fn mbedtls_ecc_group_of_psa(
+        curve: psa_ecc_family_t,
+        bits: usize,
+        bits_is_sloppy: crate::c_types::c_int,
+    ) -> mbedtls_ecp_group_id;
+}
+extern "C" {
+    /// External random generator function, implemented by the platform.
+    ///
+    /// When the compile-time option #MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled,
+    /// this function replaces Mbed TLS's entropy and DRBG modules for all
+    /// random generation triggered via PSA crypto interfaces.
+    ///
+    /// \note This random generator must deliver random numbers with cryptographic
+    ///       quality and high performance. It must supply unpredictable numbers
+    ///       with a uniform distribution. The implementation of this function
+    ///       is responsible for ensuring that the random generator is seeded
+    ///       with sufficient entropy. If you have a hardware TRNG which is slow
+    ///       or delivers non-uniform output, declare it as an entropy source
+    ///       with mbedtls_entropy_add_source() instead of enabling this option.
+    ///
+    /// \param[in,out] context       Pointer to the random generator context.
+    ///                              This is all-bits-zero on the first call
+    ///                              and preserved between successive calls.
+    /// \param[out] output           Output buffer. On success, this buffer
+    ///                              contains random data with a uniform
+    ///                              distribution.
+    /// \param output_size           The size of the \p output buffer in bytes.
+    /// \param[out] output_length    On success, set this value to \p output_size.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success. The output buffer contains \p output_size bytes of
+    ///         cryptographic-quality random data, and \c *output_length is
+    ///         set to \p output_size.
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
+    ///         The random generator requires extra entropy and there is no
+    ///         way to obtain entropy under current environment conditions.
+    ///         This error should not happen under normal circumstances since
+    ///         this function is responsible for obtaining as much entropy as
+    ///         it needs. However implementations of this function may return
+    ///         #PSA_ERROR_INSUFFICIENT_ENTROPY if there is no way to obtain
+    ///         entropy without blocking indefinitely.
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE
+    ///         A failure of the random generator hardware that isn't covered
+    ///         by #PSA_ERROR_INSUFFICIENT_ENTROPY.
+    pub fn mbedtls_psa_external_get_random(
+        context: *mut mbedtls_psa_external_random_context_t,
+        output: *mut u8,
+        output_size: usize,
+        output_length: *mut usize,
+    ) -> psa_status_t;
+}
+/// A slot number identifying a key in a driver.
+///
+/// Values of this type are used to identify built-in keys.
+pub type psa_drv_slot_number_t = u64;
+/// \brief Encoding of the application role of PAKE
+///
+/// Encodes the application's role in the algorithm is being executed. For more
+/// information see the documentation of individual \c PSA_PAKE_ROLE_XXX
+/// constants.
+pub type psa_pake_role_t = u8;
+/// Encoding of input and output indicators for PAKE.
+///
+/// Some PAKE algorithms need to exchange more data than just a single key share.
+/// This type is for encoding additional input and output data for such
+/// algorithms.
+pub type psa_pake_step_t = u8;
+/// Encoding of the type of the PAKE's primitive.
+///
+/// Values defined by this standard will never be in the range 0x80-0xff.
+/// Vendors who define additional types must use an encoding in this range.
+///
+/// For more information see the documentation of individual
+/// \c PSA_PAKE_PRIMITIVE_TYPE_XXX constants.
+pub type psa_pake_primitive_type_t = u8;
+/// \brief Encoding of the family of the primitive associated with the PAKE.
+///
+/// For more information see the documentation of individual
+/// \c PSA_PAKE_PRIMITIVE_TYPE_XXX constants.
+pub type psa_pake_family_t = u8;
+/// \brief Encoding of the primitive associated with the PAKE.
+///
+/// For more information see the documentation of the #PSA_PAKE_PRIMITIVE macro.
+pub type psa_pake_primitive_t = u32;
+/// The type of the data structure for PAKE cipher suites.
+///
+/// This is an implementation-defined \c struct. Applications should not
+/// make any assumptions about the content of this structure.
+/// Implementation details can change in future versions without notice.
+pub type psa_pake_cipher_suite_t = psa_pake_cipher_suite_s;
+/// The type of the state data structure for PAKE operations.
+///
+/// Before calling any function on a PAKE operation object, the application
+/// must initialize it by any of the following means:
+/// - Set the structure to all-bits-zero, for example:
+///   \code
+///   psa_pake_operation_t operation;
+///   memset(&operation, 0, sizeof(operation));
+///   \endcode
+/// - Initialize the structure to logical zero values, for example:
+///   \code
+///   psa_pake_operation_t operation = {0};
+///   \endcode
+/// - Initialize the structure to the initializer #PSA_PAKE_OPERATION_INIT,
+///   for example:
+///   \code
+///   psa_pake_operation_t operation = PSA_PAKE_OPERATION_INIT;
+///   \endcode
+/// - Assign the result of the function psa_pake_operation_init()
+///   to the structure, for example:
+///   \code
+///   psa_pake_operation_t operation;
+///   operation = psa_pake_operation_init();
+///   \endcode
+///
+/// This is an implementation-defined \c struct. Applications should not
+/// make any assumptions about the content of this structure.
+/// Implementation details can change in future versions without notice.
+pub type psa_pake_operation_t = psa_pake_operation_s;
+/// The type of input values for PAKE operations.
+pub type psa_crypto_driver_pake_inputs_t = psa_crypto_driver_pake_inputs_s;
+/// The type of computation stage for J-PAKE operations.
+pub type psa_jpake_computation_stage_t = psa_jpake_computation_stage_s;
+extern "C" {
+    /// Get the length of the password in bytes from given inputs.
+    ///
+    /// \param[in]  inputs           Operation inputs.
+    /// \param[out] password_len     Password length.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         Password hasn't been set yet.
+    pub fn psa_crypto_driver_pake_get_password_len(
+        inputs: *const psa_crypto_driver_pake_inputs_t,
+        password_len: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Get the password from given inputs.
+    ///
+    /// \param[in]  inputs           Operation inputs.
+    /// \param[out] buffer           Return buffer for password.
+    /// \param      buffer_size      Size of the return buffer in bytes.
+    /// \param[out] buffer_length    Actual size of the password in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         Password hasn't been set yet.
+    pub fn psa_crypto_driver_pake_get_password(
+        inputs: *const psa_crypto_driver_pake_inputs_t,
+        buffer: *mut u8,
+        buffer_size: usize,
+        buffer_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Get the role from given inputs.
+    ///
+    /// \param[in]  inputs           Operation inputs.
+    /// \param[out] role             Return buffer for role.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         Role hasn't been set yet.
+    pub fn psa_crypto_driver_pake_get_role(
+        inputs: *const psa_crypto_driver_pake_inputs_t,
+        role: *mut psa_pake_role_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Get the length of the user id in bytes from given inputs.
+    ///
+    /// \param[in]  inputs           Operation inputs.
+    /// \param[out] user_len         User id length.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         User id hasn't been set yet.
+    pub fn psa_crypto_driver_pake_get_user_len(
+        inputs: *const psa_crypto_driver_pake_inputs_t,
+        user_len: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Get the length of the peer id in bytes from given inputs.
+    ///
+    /// \param[in]  inputs           Operation inputs.
+    /// \param[out] peer_len         Peer id length.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         Peer id hasn't been set yet.
+    pub fn psa_crypto_driver_pake_get_peer_len(
+        inputs: *const psa_crypto_driver_pake_inputs_t,
+        peer_len: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Get the user id from given inputs.
+    ///
+    /// \param[in]  inputs           Operation inputs.
+    /// \param[out] user_id          User id.
+    /// \param      user_id_size     Size of \p user_id in bytes.
+    /// \param[out] user_id_len      Size of the user id in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         User id hasn't been set yet.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p user_id is too small.
+    pub fn psa_crypto_driver_pake_get_user(
+        inputs: *const psa_crypto_driver_pake_inputs_t,
+        user_id: *mut u8,
+        user_id_size: usize,
+        user_id_len: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Get the peer id from given inputs.
+    ///
+    /// \param[in]  inputs           Operation inputs.
+    /// \param[out] peer_id          Peer id.
+    /// \param      peer_id_size     Size of \p peer_id in bytes.
+    /// \param[out] peer_id_length   Size of the peer id in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         Peer id hasn't been set yet.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p peer_id is too small.
+    pub fn psa_crypto_driver_pake_get_peer(
+        inputs: *const psa_crypto_driver_pake_inputs_t,
+        peer_id: *mut u8,
+        peer_id_size: usize,
+        peer_id_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Get the cipher suite from given inputs.
+    ///
+    /// \param[in]  inputs           Operation inputs.
+    /// \param[out] cipher_suite     Return buffer for role.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         Cipher_suite hasn't been set yet.
+    pub fn psa_crypto_driver_pake_get_cipher_suite(
+        inputs: *const psa_crypto_driver_pake_inputs_t,
+        cipher_suite: *mut psa_pake_cipher_suite_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Set the session information for a password-authenticated key exchange.
+    ///
+    /// The sequence of operations to set up a password-authenticated key exchange
+    /// is as follows:
+    /// -# Allocate an operation object which will be passed to all the functions
+    ///    listed here.
+    /// -# Initialize the operation object with one of the methods described in the
+    ///    documentation for #psa_pake_operation_t, e.g.
+    ///    #PSA_PAKE_OPERATION_INIT.
+    /// -# Call psa_pake_setup() to specify the cipher suite.
+    /// -# Call \c psa_pake_set_xxx() functions on the operation to complete the
+    ///    setup. The exact sequence of \c psa_pake_set_xxx() functions that needs
+    ///    to be called depends on the algorithm in use.
+    ///
+    /// Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX`
+    /// values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true)
+    /// for more information.
+    ///
+    /// A typical sequence of calls to perform a password-authenticated key
+    /// exchange:
+    /// -# Call psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...) to get the
+    ///    key share that needs to be sent to the peer.
+    /// -# Call psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...) to provide
+    ///    the key share that was received from the peer.
+    /// -# Depending on the algorithm additional calls to psa_pake_output() and
+    ///    psa_pake_input() might be necessary.
+    /// -# Call psa_pake_get_implicit_key() for accessing the shared secret.
+    ///
+    /// Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX`
+    /// values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true)
+    /// for more information.
+    ///
+    /// If an error occurs at any step after a call to psa_pake_setup(),
+    /// the operation will need to be reset by a call to psa_pake_abort(). The
+    /// application may call psa_pake_abort() at any time after the operation
+    /// has been initialized.
+    ///
+    /// After a successful call to psa_pake_setup(), the application must
+    /// eventually terminate the operation. The following events terminate an
+    /// operation:
+    /// - A call to psa_pake_abort().
+    /// - A successful call to psa_pake_get_implicit_key().
+    ///
+    /// \param[in,out] operation     The operation object to set up. It must have
+    ///                              been initialized but not set up yet.
+    /// \param[in] cipher_suite      The cipher suite to use. (A cipher suite fully
+    ///                              characterizes a PAKE algorithm and determines
+    ///                              the algorithm as well.)
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The algorithm in \p cipher_suite is not a PAKE algorithm, or the
+    ///         PAKE primitive in \p cipher_suite is not compatible with the
+    ///         PAKE algorithm, or the hash algorithm in \p cipher_suite is invalid
+    ///         or not compatible with the PAKE algorithm and primitive.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         The algorithm in \p cipher_suite is not a supported PAKE algorithm,
+    ///         or the PAKE primitive in \p cipher_suite is not supported or not
+    ///         compatible with the PAKE algorithm, or the hash algorithm in
+    ///         \p cipher_suite is not supported or not compatible with the PAKE
+    ///         algorithm and primitive.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid, or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_pake_setup(
+        operation: *mut psa_pake_operation_t,
+        cipher_suite: *const psa_pake_cipher_suite_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Set the password for a password-authenticated key exchange from key ID.
+    ///
+    /// Call this function when the password, or a value derived from the password,
+    /// is already present in the key store.
+    ///
+    /// \param[in,out] operation     The operation object to set the password for. It
+    ///                              must have been set up by psa_pake_setup() and
+    ///                              not yet in use (neither psa_pake_output() nor
+    ///                              psa_pake_input() has been called yet). It must
+    ///                              be on operation for which the password hasn't
+    ///                              been set yet (psa_pake_set_password_key()
+    ///                              hasn't been called yet).
+    /// \param password              Identifier of the key holding the password or a
+    ///                              value derived from the password (eg. by a
+    ///                              memory-hard function).  It must remain valid
+    ///                              until the operation terminates. It must be of
+    ///                              type #PSA_KEY_TYPE_PASSWORD or
+    ///                              #PSA_KEY_TYPE_PASSWORD_HASH. It has to allow
+    ///                              the usage #PSA_KEY_USAGE_DERIVE.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE
+    ///         \p password is not a valid key identifier.
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The key does not have the #PSA_KEY_USAGE_DERIVE flag, or it does not
+    ///         permit the \p operation's algorithm.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The key type for \p password is not #PSA_KEY_TYPE_PASSWORD or
+    ///         #PSA_KEY_TYPE_PASSWORD_HASH, or \p password is not compatible with
+    ///         the \p operation's cipher suite.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         The key type or key size of \p password is not supported with the
+    ///         \p operation's cipher suite.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must have been set up.), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_pake_set_password_key(
+        operation: *mut psa_pake_operation_t,
+        password: mbedtls_svc_key_id_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Set the user ID for a password-authenticated key exchange.
+    ///
+    /// Call this function to set the user ID. For PAKE algorithms that associate a
+    /// user identifier with each side of the session you need to call
+    /// psa_pake_set_peer() as well. For PAKE algorithms that associate a single
+    /// user identifier with the session, call psa_pake_set_user() only.
+    ///
+    /// Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX`
+    /// values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true)
+    /// for more information.
+    ///
+    /// \param[in,out] operation     The operation object to set the user ID for. It
+    ///                              must have been set up by psa_pake_setup() and
+    ///                              not yet in use (neither psa_pake_output() nor
+    ///                              psa_pake_input() has been called yet). It must
+    ///                              be on operation for which the user ID hasn't
+    ///                              been set (psa_pake_set_user() hasn't been
+    ///                              called yet).
+    /// \param[in] user_id           The user ID to authenticate with.
+    ///                              (temporary limitation: "client" or "server" only)
+    /// \param user_id_len           Size of the \p user_id buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p user_id is not valid for the \p operation's algorithm and cipher
+    ///         suite.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         The value of \p user_id is not supported by the implementation.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid, or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_pake_set_user(
+        operation: *mut psa_pake_operation_t,
+        user_id: *const u8,
+        user_id_len: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Set the peer ID for a password-authenticated key exchange.
+    ///
+    /// Call this function in addition to psa_pake_set_user() for PAKE algorithms
+    /// that associate a user identifier with each side of the session. For PAKE
+    /// algorithms that associate a single user identifier with the session, call
+    /// psa_pake_set_user() only.
+    ///
+    /// Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX`
+    /// values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true)
+    /// for more information.
+    ///
+    /// \param[in,out] operation     The operation object to set the peer ID for. It
+    ///                              must have been set up by psa_pake_setup() and
+    ///                              not yet in use (neither psa_pake_output() nor
+    ///                              psa_pake_input() has been called yet). It must
+    ///                              be on operation for which the peer ID hasn't
+    ///                              been set (psa_pake_set_peer() hasn't been
+    ///                              called yet).
+    /// \param[in] peer_id           The peer's ID to authenticate.
+    ///                              (temporary limitation: "client" or "server" only)
+    /// \param peer_id_len           Size of the \p peer_id buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p user_id is not valid for the \p operation's algorithm and cipher
+    ///         suite.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         The algorithm doesn't associate a second identity with the session.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         Calling psa_pake_set_peer() is invalid with the \p operation's
+    ///         algorithm, the operation state is not valid, or the library has not
+    ///         been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_pake_set_peer(
+        operation: *mut psa_pake_operation_t,
+        peer_id: *const u8,
+        peer_id_len: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Set the application role for a password-authenticated key exchange.
+    ///
+    /// Not all PAKE algorithms need to differentiate the communicating entities.
+    /// It is optional to call this function for PAKEs that don't require a role
+    /// to be specified. For such PAKEs the application role parameter is ignored,
+    /// or #PSA_PAKE_ROLE_NONE can be passed as \c role.
+    ///
+    /// Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX`
+    /// values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true)
+    /// for more information.
+    ///
+    /// \param[in,out] operation     The operation object to specify the
+    ///                              application's role for. It must have been set up
+    ///                              by psa_pake_setup() and not yet in use (neither
+    ///                              psa_pake_output() nor psa_pake_input() has been
+    ///                              called yet). It must be on operation for which
+    ///                              the application's role hasn't been specified
+    ///                              (psa_pake_set_role() hasn't been called yet).
+    /// \param role                  A value of type ::psa_pake_role_t indicating the
+    ///                              application's role in the PAKE the algorithm
+    ///                              that is being set up. For more information see
+    ///                              the documentation of \c PSA_PAKE_ROLE_XXX
+    ///                              constants.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The \p role is not a valid PAKE role in the \p operation’s algorithm.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         The \p role for this algorithm is not supported or is not valid.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid, or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_pake_set_role(
+        operation: *mut psa_pake_operation_t,
+        role: psa_pake_role_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Get output for a step of a password-authenticated key exchange.
+    ///
+    /// Depending on the algorithm being executed, you might need to call this
+    /// function several times or you might not need to call this at all.
+    ///
+    /// The exact sequence of calls to perform a password-authenticated key
+    /// exchange depends on the algorithm in use.  Refer to the documentation of
+    /// individual PAKE algorithm types (`PSA_ALG_XXX` values of type
+    /// ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more
+    /// information.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_pake_abort().
+    ///
+    /// \param[in,out] operation    Active PAKE operation.
+    /// \param step                 The step of the algorithm for which the output is
+    ///                             requested.
+    /// \param[out] output          Buffer where the output is to be written in the
+    ///                             format appropriate for this \p step. Refer to
+    ///                             the documentation of the individual
+    ///                             \c PSA_PAKE_STEP_XXX constants for more
+    ///                             information.
+    /// \param output_size          Size of the \p output buffer in bytes. This must
+    ///                             be at least #PSA_PAKE_OUTPUT_SIZE(\p alg, \p
+    ///                             primitive, \p step) where \p alg and
+    ///                             \p primitive are the PAKE algorithm and primitive
+    ///                             in the operation's cipher suite, and \p step is
+    ///                             the output step.
+    ///
+    /// \param[out] output_length   On success, the number of bytes of the returned
+    ///                             output.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p output buffer is too small.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p step is not compatible with the operation's algorithm.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p step is not supported with the operation's algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active, and fully set
+    ///         up, and this call must conform to the algorithm's requirements
+    ///         for ordering of input and output steps), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_pake_output(
+        operation: *mut psa_pake_operation_t,
+        step: psa_pake_step_t,
+        output: *mut u8,
+        output_size: usize,
+        output_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Provide input for a step of a password-authenticated key exchange.
+    ///
+    /// Depending on the algorithm being executed, you might need to call this
+    /// function several times or you might not need to call this at all.
+    ///
+    /// The exact sequence of calls to perform a password-authenticated key
+    /// exchange depends on the algorithm in use.  Refer to the documentation of
+    /// individual PAKE algorithm types (`PSA_ALG_XXX` values of type
+    /// ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more
+    /// information.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_pake_abort().
+    ///
+    /// \param[in,out] operation    Active PAKE operation.
+    /// \param step                 The step for which the input is provided.
+    /// \param[in] input            Buffer containing the input in the format
+    ///                             appropriate for this \p step. Refer to the
+    ///                             documentation of the individual
+    ///                             \c PSA_PAKE_STEP_XXX constants for more
+    ///                             information.
+    /// \param input_length         Size of the \p input buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The verification fails for a #PSA_PAKE_STEP_ZK_PROOF input step.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p is not compatible with the \p operation’s algorithm, or the
+    ///         \p input is not valid for the \p operation's algorithm, cipher suite
+    ///         or \p step.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p step p is not supported with the \p operation's algorithm, or the
+    ///         \p input is not supported for the \p operation's algorithm, cipher
+    ///         suite or \p step.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active, and fully set
+    ///         up, and this call must conform to the algorithm's requirements
+    ///         for ordering of input and output steps), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_pake_input(
+        operation: *mut psa_pake_operation_t,
+        step: psa_pake_step_t,
+        input: *const u8,
+        input_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Get implicitly confirmed shared secret from a PAKE.
+    ///
+    /// At this point there is a cryptographic guarantee that only the authenticated
+    /// party who used the same password is able to compute the key. But there is no
+    /// guarantee that the peer is the party it claims to be and was able to do so.
+    ///
+    /// That is, the authentication is only implicit. Since the peer is not
+    /// authenticated yet, no action should be taken yet that assumes that the peer
+    /// is who it claims to be. For example, do not access restricted files on the
+    /// peer's behalf until an explicit authentication has succeeded.
+    ///
+    /// This function can be called after the key exchange phase of the operation
+    /// has completed. It imports the shared secret output of the PAKE into the
+    /// provided derivation operation. The input step
+    /// #PSA_KEY_DERIVATION_INPUT_SECRET is used when placing the shared key
+    /// material in the key derivation operation.
+    ///
+    /// The exact sequence of calls to perform a password-authenticated key
+    /// exchange depends on the algorithm in use.  Refer to the documentation of
+    /// individual PAKE algorithm types (`PSA_ALG_XXX` values of type
+    /// ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more
+    /// information.
+    ///
+    /// When this function returns successfully, \p operation becomes inactive.
+    /// If this function returns an error status, both \p operation
+    /// and \p key_derivation operations enter an error state and must be aborted by
+    /// calling psa_pake_abort() and psa_key_derivation_abort() respectively.
+    ///
+    /// \param[in,out] operation    Active PAKE operation.
+    /// \param[out] output          A key derivation operation that is ready
+    ///                             for an input step of type
+    ///                             #PSA_KEY_DERIVATION_INPUT_SECRET.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         #PSA_KEY_DERIVATION_INPUT_SECRET is not compatible with the
+    ///         algorithm in the \p output key derivation operation.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         Input from a PAKE is not supported by the algorithm in the \p output
+    ///         key derivation operation.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The PAKE operation state is not valid (it must be active, but beyond
+    ///         that validity is specific to the algorithm), or
+    ///         the library has not been previously initialized by psa_crypto_init(),
+    ///         or the state of \p output is not valid for
+    ///         the #PSA_KEY_DERIVATION_INPUT_SECRET step. This can happen if the
+    ///         step is out of order or the application has done this step already
+    ///         and it may not be repeated.
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_pake_get_implicit_key(
+        operation: *mut psa_pake_operation_t,
+        output: *mut psa_key_derivation_operation_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Abort a PAKE operation.
+    ///
+    /// Aborting an operation frees all associated resources except for the \c
+    /// operation structure itself. Once aborted, the operation object can be reused
+    /// for another operation by calling psa_pake_setup() again.
+    ///
+    /// This function may be called at any time after the operation
+    /// object has been initialized as described in #psa_pake_operation_t.
+    ///
+    /// In particular, calling psa_pake_abort() after the operation has been
+    /// terminated by a call to psa_pake_abort() or psa_pake_get_implicit_key()
+    /// is safe and has no effect.
+    ///
+    /// \param[in,out] operation    The operation to abort.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_pake_abort(operation: *mut psa_pake_operation_t) -> psa_status_t;
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_pake_cipher_suite_s {
+    pub algorithm: psa_algorithm_t,
+    pub type_: psa_pake_primitive_type_t,
+    pub family: psa_pake_family_t,
+    pub bits: u16,
+    pub hash: psa_algorithm_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_crypto_driver_pake_inputs_s {
+    pub private_password: *mut u8,
+    pub private_password_len: usize,
+    pub private_role: psa_pake_role_t,
+    pub private_user: *mut u8,
+    pub private_user_len: usize,
+    pub private_peer: *mut u8,
+    pub private_peer_len: usize,
+    pub private_attributes: psa_key_attributes_t,
+    pub private_cipher_suite: psa_pake_cipher_suite_t,
+}
+pub const psa_jpake_step_PSA_PAKE_STEP_INVALID: psa_jpake_step = 0;
+pub const psa_jpake_step_PSA_PAKE_STEP_X1_X2: psa_jpake_step = 1;
+pub const psa_jpake_step_PSA_PAKE_STEP_X2S: psa_jpake_step = 2;
+pub const psa_jpake_step_PSA_PAKE_STEP_DERIVE: psa_jpake_step = 3;
+pub type psa_jpake_step = crate::c_types::c_uint;
+pub use self::psa_jpake_step as psa_jpake_step_t;
+pub const psa_jpake_state_PSA_PAKE_STATE_INVALID: psa_jpake_state = 0;
+pub const psa_jpake_state_PSA_PAKE_STATE_SETUP: psa_jpake_state = 1;
+pub const psa_jpake_state_PSA_PAKE_STATE_READY: psa_jpake_state = 2;
+pub const psa_jpake_state_PSA_PAKE_OUTPUT_X1_X2: psa_jpake_state = 3;
+pub const psa_jpake_state_PSA_PAKE_OUTPUT_X2S: psa_jpake_state = 4;
+pub const psa_jpake_state_PSA_PAKE_INPUT_X1_X2: psa_jpake_state = 5;
+pub const psa_jpake_state_PSA_PAKE_INPUT_X4S: psa_jpake_state = 6;
+pub type psa_jpake_state = crate::c_types::c_uint;
+pub use self::psa_jpake_state as psa_jpake_state_t;
+pub const psa_jpake_sequence_PSA_PAKE_SEQ_INVALID: psa_jpake_sequence = 0;
+pub const psa_jpake_sequence_PSA_PAKE_X1_STEP_KEY_SHARE: psa_jpake_sequence = 1;
+pub const psa_jpake_sequence_PSA_PAKE_X1_STEP_ZK_PUBLIC: psa_jpake_sequence = 2;
+pub const psa_jpake_sequence_PSA_PAKE_X1_STEP_ZK_PROOF: psa_jpake_sequence = 3;
+pub const psa_jpake_sequence_PSA_PAKE_X2_STEP_KEY_SHARE: psa_jpake_sequence = 4;
+pub const psa_jpake_sequence_PSA_PAKE_X2_STEP_ZK_PUBLIC: psa_jpake_sequence = 5;
+pub const psa_jpake_sequence_PSA_PAKE_X2_STEP_ZK_PROOF: psa_jpake_sequence = 6;
+pub const psa_jpake_sequence_PSA_PAKE_SEQ_END: psa_jpake_sequence = 7;
+pub type psa_jpake_sequence = crate::c_types::c_uint;
+pub use self::psa_jpake_sequence as psa_jpake_sequence_t;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_STEP_INVALID: psa_crypto_driver_pake_step = 0;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X1_STEP_KEY_SHARE: psa_crypto_driver_pake_step = 1;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X1_STEP_ZK_PUBLIC: psa_crypto_driver_pake_step = 2;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X1_STEP_ZK_PROOF: psa_crypto_driver_pake_step = 3;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X2_STEP_KEY_SHARE: psa_crypto_driver_pake_step = 4;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X2_STEP_ZK_PUBLIC: psa_crypto_driver_pake_step = 5;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X2_STEP_ZK_PROOF: psa_crypto_driver_pake_step = 6;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X2S_STEP_KEY_SHARE: psa_crypto_driver_pake_step = 7;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X2S_STEP_ZK_PUBLIC: psa_crypto_driver_pake_step = 8;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X2S_STEP_ZK_PROOF: psa_crypto_driver_pake_step = 9;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X4S_STEP_KEY_SHARE: psa_crypto_driver_pake_step =
+    10;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X4S_STEP_ZK_PUBLIC: psa_crypto_driver_pake_step =
+    11;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X4S_STEP_ZK_PROOF: psa_crypto_driver_pake_step = 12;
+pub type psa_crypto_driver_pake_step = crate::c_types::c_uint;
+pub use self::psa_crypto_driver_pake_step as psa_crypto_driver_pake_step_t;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_jpake_computation_stage_s {
+    pub private_state: psa_jpake_state_t,
+    pub private_sequence: psa_jpake_sequence_t,
+    pub private_input_step: psa_jpake_step_t,
+    pub private_output_step: psa_jpake_step_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_pake_operation_s {
+    pub private_id: crate::c_types::c_uint,
+    pub private_alg: psa_algorithm_t,
+    pub private_stage: u8,
+    pub private_computation_stage: psa_pake_operation_s__bindgen_ty_1,
+    pub private_data: psa_pake_operation_s__bindgen_ty_2,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union psa_pake_operation_s__bindgen_ty_1 {
+    pub private_dummy: u8,
+    pub private_jpake: psa_jpake_computation_stage_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union psa_pake_operation_s__bindgen_ty_2 {
+    pub private_ctx: psa_driver_pake_context_t,
+    pub private_inputs: psa_crypto_driver_pake_inputs_t,
+}
+/// Type-length-value structure that allows for ASN1 using DER.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_asn1_buf {
+    ///< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING.
+    pub tag: crate::c_types::c_int,
+    ///< ASN1 length, in octets.
+    pub len: usize,
+    ///< ASN1 data, e.g. in ASCII.
+    pub p: *mut crate::c_types::c_uchar,
+}
+/// Container for ASN1 bit strings.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_asn1_bitstring {
+    ///< ASN1 length, in octets.
+    pub len: usize,
+    ///< Number of unused bits at the end of the string
+    pub unused_bits: crate::c_types::c_uchar,
+    ///< Raw ASN1 data for the bit string
+    pub p: *mut crate::c_types::c_uchar,
+}
+/// Container for a sequence of ASN.1 items
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_asn1_sequence {
+    ///< Buffer containing the given ASN.1 item.
+    pub buf: mbedtls_asn1_buf,
+    /// The next entry in the sequence.
+    ///
+    /// The details of memory management for sequences are not documented and
+    /// may change in future versions. Set this field to \p NULL when
+    /// initializing a structure, and do not modify it except via Mbed TLS
+    /// library functions.
+    pub next: *mut mbedtls_asn1_sequence,
+}
+/// Container for a sequence or list of 'named' ASN.1 data items
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_asn1_named_data {
+    ///< The object identifier.
+    pub oid: mbedtls_asn1_buf,
+    ///< The named value.
+    pub val: mbedtls_asn1_buf,
+    /// The next entry in the sequence.
+    ///
+    /// The details of memory management for named data sequences are not
+    /// documented and may change in future versions. Set this field to \p NULL
+    /// when initializing a structure, and do not modify it except via Mbed TLS
+    /// library functions.
+    pub next: *mut mbedtls_asn1_named_data,
+    pub private_next_merged: crate::c_types::c_uchar,
+}
+extern "C" {
+    /// \brief       Get the length of an ASN.1 element.
+    ///              Updates the pointer to immediately behind the length.
+    ///
+    /// \param p     On entry, \c *p points to the first byte of the length,
+    ///              i.e. immediately after the tag.
+    ///              On successful completion, \c *p points to the first byte
+    ///              after the length, i.e. the first byte of the content.
+    ///              On error, the value of \c *p is undefined.
+    /// \param end   End of data.
+    /// \param len   On successful completion, \c *len contains the length
+    ///              read from the ASN.1 input.
+    ///
+    /// \return      0 if successful.
+    /// \return      #MBEDTLS_ERR_ASN1_OUT_OF_DATA if the ASN.1 element
+    ///              would end beyond \p end.
+    /// \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparsable.
+    pub fn mbedtls_asn1_get_len(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        len: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       Get the tag and length of the element.
+    ///              Check for the requested tag.
+    ///              Updates the pointer to immediately behind the tag and length.
+    ///
+    /// \param p     On entry, \c *p points to the start of the ASN.1 element.
+    ///              On successful completion, \c *p points to the first byte
+    ///              after the length, i.e. the first byte of the content.
+    ///              On error, the value of \c *p is undefined.
+    /// \param end   End of data.
+    /// \param len   On successful completion, \c *len contains the length
+    ///              read from the ASN.1 input.
+    /// \param tag   The expected tag.
+    ///
+    /// \return      0 if successful.
+    /// \return      #MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if the data does not start
+    ///              with the requested tag.
+    /// \return      #MBEDTLS_ERR_ASN1_OUT_OF_DATA if the ASN.1 element
+    ///              would end beyond \p end.
+    /// \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparsable.
+    pub fn mbedtls_asn1_get_tag(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        len: *mut usize,
+        tag: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       Retrieve a boolean ASN.1 tag and its value.
+    ///              Updates the pointer to immediately behind the full tag.
+    ///
+    /// \param p     On entry, \c *p points to the start of the ASN.1 element.
+    ///              On successful completion, \c *p points to the first byte
+    ///              beyond the ASN.1 element.
+    ///              On error, the value of \c *p is undefined.
+    /// \param end   End of data.
+    /// \param val   On success, the parsed value (\c 0 or \c 1).
+    ///
+    /// \return      0 if successful.
+    /// \return      An ASN.1 error code if the input does not start with
+    ///              a valid ASN.1 BOOLEAN.
+    pub fn mbedtls_asn1_get_bool(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        val: *mut crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       Retrieve an integer ASN.1 tag and its value.
+    ///              Updates the pointer to immediately behind the full tag.
+    ///
+    /// \param p     On entry, \c *p points to the start of the ASN.1 element.
+    ///              On successful completion, \c *p points to the first byte
+    ///              beyond the ASN.1 element.
+    ///              On error, the value of \c *p is undefined.
+    /// \param end   End of data.
+    /// \param val   On success, the parsed value.
+    ///
+    /// \return      0 if successful.
+    /// \return      An ASN.1 error code if the input does not start with
+    ///              a valid ASN.1 INTEGER.
+    /// \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does
+    ///              not fit in an \c int.
+    pub fn mbedtls_asn1_get_int(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        val: *mut crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       Retrieve an enumerated ASN.1 tag and its value.
+    ///              Updates the pointer to immediately behind the full tag.
+    ///
+    /// \param p     On entry, \c *p points to the start of the ASN.1 element.
+    ///              On successful completion, \c *p points to the first byte
+    ///              beyond the ASN.1 element.
+    ///              On error, the value of \c *p is undefined.
+    /// \param end   End of data.
+    /// \param val   On success, the parsed value.
+    ///
+    /// \return      0 if successful.
+    /// \return      An ASN.1 error code if the input does not start with
+    ///              a valid ASN.1 ENUMERATED.
+    /// \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does
+    ///              not fit in an \c int.
+    pub fn mbedtls_asn1_get_enum(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        val: *mut crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       Retrieve a bitstring ASN.1 tag and its value.
+    ///              Updates the pointer to immediately behind the full tag.
+    ///
+    /// \param p     On entry, \c *p points to the start of the ASN.1 element.
+    ///              On successful completion, \c *p is equal to \p end.
+    ///              On error, the value of \c *p is undefined.
+    /// \param end   End of data.
+    /// \param bs    On success, ::mbedtls_asn1_bitstring information about
+    ///              the parsed value.
+    ///
+    /// \return      0 if successful.
+    /// \return      #MBEDTLS_ERR_ASN1_LENGTH_MISMATCH if the input contains
+    ///              extra data after a valid BIT STRING.
+    /// \return      An ASN.1 error code if the input does not start with
+    ///              a valid ASN.1 BIT STRING.
+    pub fn mbedtls_asn1_get_bitstring(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        bs: *mut mbedtls_asn1_bitstring,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       Retrieve a bitstring ASN.1 tag without unused bits and its
+    ///              value.
+    ///              Updates the pointer to the beginning of the bit/octet string.
+    ///
+    /// \param p     On entry, \c *p points to the start of the ASN.1 element.
+    ///              On successful completion, \c *p points to the first byte
+    ///              of the content of the BIT STRING.
+    ///              On error, the value of \c *p is undefined.
+    /// \param end   End of data.
+    /// \param len   On success, \c *len is the length of the content in bytes.
+    ///
+    /// \return      0 if successful.
+    /// \return      #MBEDTLS_ERR_ASN1_INVALID_DATA if the input starts with
+    ///              a valid BIT STRING with a nonzero number of unused bits.
+    /// \return      An ASN.1 error code if the input does not start with
+    ///              a valid ASN.1 BIT STRING.
+    pub fn mbedtls_asn1_get_bitstring_null(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        len: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       Parses and splits an ASN.1 "SEQUENCE OF <tag>".
+    ///              Updates the pointer to immediately behind the full sequence tag.
+    ///
+    /// This function allocates memory for the sequence elements. You can free
+    /// the allocated memory with mbedtls_asn1_sequence_free().
+    ///
+    /// \note        On error, this function may return a partial list in \p cur.
+    ///              You must set `cur->next = NULL` before calling this function!
+    ///              Otherwise it is impossible to distinguish a previously non-null
+    ///              pointer from a pointer to an object allocated by this function.
+    ///
+    /// \note        If the sequence is empty, this function does not modify
+    ///              \c *cur. If the sequence is valid and non-empty, this
+    ///              function sets `cur->buf.tag` to \p tag. This allows
+    ///              callers to distinguish between an empty sequence and
+    ///              a one-element sequence.
+    ///
+    /// \param p     On entry, \c *p points to the start of the ASN.1 element.
+    ///              On successful completion, \c *p is equal to \p end.
+    ///              On error, the value of \c *p is undefined.
+    /// \param end   End of data.
+    /// \param cur   A ::mbedtls_asn1_sequence which this function fills.
+    ///              When this function returns, \c *cur is the head of a linked
+    ///              list. Each node in this list is allocated with
+    ///              mbedtls_calloc() apart from \p cur itself, and should
+    ///              therefore be freed with mbedtls_free().
+    ///              The list describes the content of the sequence.
+    ///              The head of the list (i.e. \c *cur itself) describes the
+    ///              first element, `*cur->next` describes the second element, etc.
+    ///              For each element, `buf.tag == tag`, `buf.len` is the length
+    ///              of the content of the content of the element, and `buf.p`
+    ///              points to the first byte of the content (i.e. immediately
+    ///              past the length of the element).
+    ///              Note that list elements may be allocated even on error.
+    /// \param tag   Each element of the sequence must have this tag.
+    ///
+    /// \return      0 if successful.
+    /// \return      #MBEDTLS_ERR_ASN1_LENGTH_MISMATCH if the input contains
+    ///              extra data after a valid SEQUENCE OF \p tag.
+    /// \return      #MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if the input starts with
+    ///              an ASN.1 SEQUENCE in which an element has a tag that
+    ///              is different from \p tag.
+    /// \return      #MBEDTLS_ERR_ASN1_ALLOC_FAILED if a memory allocation failed.
+    /// \return      An ASN.1 error code if the input does not start with
+    ///              a valid ASN.1 SEQUENCE.
+    pub fn mbedtls_asn1_get_sequence_of(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        cur: *mut mbedtls_asn1_sequence,
+        tag: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Free a heap-allocated linked list presentation of
+    ///                 an ASN.1 sequence, including the first element.
+    ///
+    /// There are two common ways to manage the memory used for the representation
+    /// of a parsed ASN.1 sequence:
+    /// - Allocate a head node `mbedtls_asn1_sequence *head` with mbedtls_calloc().
+    ///   Pass this node as the `cur` argument to mbedtls_asn1_get_sequence_of().
+    ///   When you have finished processing the sequence,
+    ///   call mbedtls_asn1_sequence_free() on `head`.
+    /// - Allocate a head node `mbedtls_asn1_sequence *head` in any manner,
+    ///   for example on the stack. Make sure that `head->next == NULL`.
+    ///   Pass `head` as the `cur` argument to mbedtls_asn1_get_sequence_of().
+    ///   When you have finished processing the sequence,
+    ///   call mbedtls_asn1_sequence_free() on `head->cur`,
+    ///   then free `head` itself in the appropriate manner.
+    ///
+    /// \param seq      The address of the first sequence component. This may
+    ///                 be \c NULL, in which case this functions returns
+    ///                 immediately.
+    pub fn mbedtls_asn1_sequence_free(seq: *mut mbedtls_asn1_sequence);
+}
+extern "C" {
+    /// \brief                Traverse an ASN.1 SEQUENCE container and
+    ///                       call a callback for each entry.
+    ///
+    /// This function checks that the input is a SEQUENCE of elements that
+    /// each have a "must" tag, and calls a callback function on the elements
+    /// that have a "may" tag.
+    ///
+    /// For example, to validate that the input is a SEQUENCE of `tag1` and call
+    /// `cb` on each element, use
+    /// ```
+    /// mbedtls_asn1_traverse_sequence_of(&p, end, 0xff, tag1, 0, 0, cb, ctx);
+    /// ```
+    ///
+    /// To validate that the input is a SEQUENCE of ANY and call `cb` on
+    /// each element, use
+    /// ```
+    /// mbedtls_asn1_traverse_sequence_of(&p, end, 0, 0, 0, 0, cb, ctx);
+    /// ```
+    ///
+    /// To validate that the input is a SEQUENCE of CHOICE {NULL, OCTET STRING}
+    /// and call `cb` on each element that is an OCTET STRING, use
+    /// ```
+    /// mbedtls_asn1_traverse_sequence_of(&p, end, 0xfe, 0x04, 0xff, 0x04, cb, ctx);
+    /// ```
+    ///
+    /// The callback is called on the elements with a "may" tag from left to
+    /// right. If the input is not a valid SEQUENCE of elements with a "must" tag,
+    /// the callback is called on the elements up to the leftmost point where
+    /// the input is invalid.
+    ///
+    /// \warning              This function is still experimental and may change
+    ///                       at any time.
+    ///
+    /// \param p              The address of the pointer to the beginning of
+    ///                       the ASN.1 SEQUENCE header. This is updated to
+    ///                       point to the end of the ASN.1 SEQUENCE container
+    ///                       on a successful invocation.
+    /// \param end            The end of the ASN.1 SEQUENCE container.
+    /// \param tag_must_mask  A mask to be applied to the ASN.1 tags found within
+    ///                       the SEQUENCE before comparing to \p tag_must_value.
+    /// \param tag_must_val   The required value of each ASN.1 tag found in the
+    ///                       SEQUENCE, after masking with \p tag_must_mask.
+    ///                       Mismatching tags lead to an error.
+    ///                       For example, a value of \c 0 for both \p tag_must_mask
+    ///                       and \p tag_must_val means that every tag is allowed,
+    ///                       while a value of \c 0xFF for \p tag_must_mask means
+    ///                       that \p tag_must_val is the only allowed tag.
+    /// \param tag_may_mask   A mask to be applied to the ASN.1 tags found within
+    ///                       the SEQUENCE before comparing to \p tag_may_value.
+    /// \param tag_may_val    The desired value of each ASN.1 tag found in the
+    ///                       SEQUENCE, after masking with \p tag_may_mask.
+    ///                       Mismatching tags will be silently ignored.
+    ///                       For example, a value of \c 0 for \p tag_may_mask and
+    ///                       \p tag_may_val means that any tag will be considered,
+    ///                       while a value of \c 0xFF for \p tag_may_mask means
+    ///                       that all tags with value different from \p tag_may_val
+    ///                       will be ignored.
+    /// \param cb             The callback to trigger for each component
+    ///                       in the ASN.1 SEQUENCE that matches \p tag_may_val.
+    ///                       The callback function is called with the following
+    ///                       parameters:
+    ///                       - \p ctx.
+    ///                       - The tag of the current element.
+    ///                       - A pointer to the start of the current element's
+    ///                         content inside the input.
+    ///                       - The length of the content of the current element.
+    ///                       If the callback returns a non-zero value,
+    ///                       the function stops immediately,
+    ///                       forwarding the callback's return value.
+    /// \param ctx            The context to be passed to the callback \p cb.
+    ///
+    /// \return               \c 0 if successful the entire ASN.1 SEQUENCE
+    ///                       was traversed without parsing or callback errors.
+    /// \return               #MBEDTLS_ERR_ASN1_LENGTH_MISMATCH if the input
+    ///                       contains extra data after a valid SEQUENCE
+    ///                       of elements with an accepted tag.
+    /// \return               #MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if the input starts
+    ///                       with an ASN.1 SEQUENCE in which an element has a tag
+    ///                       that is not accepted.
+    /// \return               An ASN.1 error code if the input does not start with
+    ///                       a valid ASN.1 SEQUENCE.
+    /// \return               A non-zero error code forwarded from the callback
+    ///                       \p cb in case the latter returns a non-zero value.
+    pub fn mbedtls_asn1_traverse_sequence_of(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        tag_must_mask: crate::c_types::c_uchar,
+        tag_must_val: crate::c_types::c_uchar,
+        tag_may_mask: crate::c_types::c_uchar,
+        tag_may_val: crate::c_types::c_uchar,
+        cb: ::core::option::Option<
+            unsafe extern "C" fn(
+                ctx: *mut crate::c_types::c_void,
+                tag: crate::c_types::c_int,
+                start: *mut crate::c_types::c_uchar,
+                len: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        ctx: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       Retrieve an integer ASN.1 tag and its value.
+    ///              Updates the pointer to immediately behind the full tag.
+    ///
+    /// \param p     On entry, \c *p points to the start of the ASN.1 element.
+    ///              On successful completion, \c *p points to the first byte
+    ///              beyond the ASN.1 element.
+    ///              On error, the value of \c *p is undefined.
+    /// \param end   End of data.
+    /// \param X     On success, the parsed value.
+    ///
+    /// \return      0 if successful.
+    /// \return      An ASN.1 error code if the input does not start with
+    ///              a valid ASN.1 INTEGER.
+    /// \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does
+    ///              not fit in an \c int.
+    /// \return      An MPI error code if the parsed value is too large.
+    pub fn mbedtls_asn1_get_mpi(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        X: *mut mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       Retrieve an AlgorithmIdentifier ASN.1 sequence.
+    ///              Updates the pointer to immediately behind the full
+    ///              AlgorithmIdentifier.
+    ///
+    /// \param p     On entry, \c *p points to the start of the ASN.1 element.
+    ///              On successful completion, \c *p points to the first byte
+    ///              beyond the AlgorithmIdentifier element.
+    ///              On error, the value of \c *p is undefined.
+    /// \param end   End of data.
+    /// \param alg   The buffer to receive the OID.
+    /// \param params The buffer to receive the parameters.
+    ///              This is zeroized if there are no parameters.
+    ///
+    /// \return      0 if successful or a specific ASN.1 or MPI error code.
+    pub fn mbedtls_asn1_get_alg(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        alg: *mut mbedtls_asn1_buf,
+        params: *mut mbedtls_asn1_buf,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       Retrieve an AlgorithmIdentifier ASN.1 sequence with NULL or no
+    ///              params.
+    ///              Updates the pointer to immediately behind the full
+    ///              AlgorithmIdentifier.
+    ///
+    /// \param p     On entry, \c *p points to the start of the ASN.1 element.
+    ///              On successful completion, \c *p points to the first byte
+    ///              beyond the AlgorithmIdentifier element.
+    ///              On error, the value of \c *p is undefined.
+    /// \param end   End of data.
+    /// \param alg   The buffer to receive the OID.
+    ///
+    /// \return      0 if successful or a specific ASN.1 or MPI error code.
+    pub fn mbedtls_asn1_get_alg_null(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        alg: *mut mbedtls_asn1_buf,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       Find a specific named_data entry in a sequence or list based on
+    ///              the OID.
+    ///
+    /// \param list  The list to seek through
+    /// \param oid   The OID to look for
+    /// \param len   Size of the OID
+    ///
+    /// \return      NULL if not found, or a pointer to the existing entry.
+    pub fn mbedtls_asn1_find_named_data(
+        list: *const mbedtls_asn1_named_data,
+        oid: *const crate::c_types::c_char,
+        len: usize,
+    ) -> *const mbedtls_asn1_named_data;
+}
+extern "C" {
+    /// \brief       Free a mbedtls_asn1_named_data entry
+    ///
+    /// \deprecated  This function is deprecated and will be removed in a
+    ///              future version of the library.
+    ///              Please use mbedtls_asn1_free_named_data_list()
+    ///              or mbedtls_asn1_free_named_data_list_shallow().
+    ///
+    /// \param entry The named data entry to free.
+    ///              This function calls mbedtls_free() on
+    ///              `entry->oid.p` and `entry->val.p`.
+    pub fn mbedtls_asn1_free_named_data(entry: *mut mbedtls_asn1_named_data);
+}
+extern "C" {
+    /// \brief       Free all entries in a mbedtls_asn1_named_data list.
+    ///
+    /// \param head  Pointer to the head of the list of named data entries to free.
+    ///              This function calls mbedtls_free() on
+    ///              `entry->oid.p` and `entry->val.p` and then on `entry`
+    ///              for each list entry, and sets \c *head to \c NULL.
+    pub fn mbedtls_asn1_free_named_data_list(head: *mut *mut mbedtls_asn1_named_data);
+}
+extern "C" {
+    /// \brief       Free all shallow entries in a mbedtls_asn1_named_data list,
+    ///              but do not free internal pointer targets.
+    ///
+    /// \param name  Head of the list of named data entries to free.
+    ///              This function calls mbedtls_free() on each list element.
+    pub fn mbedtls_asn1_free_named_data_list_shallow(name: *mut mbedtls_asn1_named_data);
+}
+/// Type-length-value structure that allows for ASN1 using DER.
+pub type mbedtls_x509_buf = mbedtls_asn1_buf;
+/// Container for ASN1 bit strings.
+pub type mbedtls_x509_bitstring = mbedtls_asn1_bitstring;
+/// Container for ASN1 named information objects.
+/// It allows for Relative Distinguished Names (e.g. cn=localhost,ou=code,etc.).
+pub type mbedtls_x509_name = mbedtls_asn1_named_data;
+/// Container for a sequence of ASN.1 items
+pub type mbedtls_x509_sequence = mbedtls_asn1_sequence;
+/// Container for date and time (precision in seconds).
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_x509_time {
+    ///< Date.
+    pub year: crate::c_types::c_int,
+    ///< Date.
+    pub mon: crate::c_types::c_int,
+    ///< Date.
+    pub day: crate::c_types::c_int,
+    ///< Time.
+    pub hour: crate::c_types::c_int,
+    ///< Time.
+    pub min: crate::c_types::c_int,
+    ///< Time.
+    pub sec: crate::c_types::c_int,
+}
+/// From RFC 5280 section 4.2.1.6:
+/// OtherName ::= SEQUENCE {
+///      type-id    OBJECT IDENTIFIER,
+///      value      [0] EXPLICIT ANY DEFINED BY type-id }
+///
+/// Future versions of the library may add new fields to this structure or
+/// to its embedded union and structure.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_x509_san_other_name {
+    ///< The type id.
+    pub type_id: mbedtls_x509_buf,
+    pub value: mbedtls_x509_san_other_name__bindgen_ty_1,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union mbedtls_x509_san_other_name__bindgen_ty_1 {
+    pub hardware_module_name: mbedtls_x509_san_other_name__bindgen_ty_1__bindgen_ty_1,
+}
+/// From RFC 4108 section 5:
+/// HardwareModuleName ::= SEQUENCE {
+///                         hwType OBJECT IDENTIFIER,
+///                         hwSerialNum OCTET STRING }
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_x509_san_other_name__bindgen_ty_1__bindgen_ty_1 {
+    ///< The object identifier.
+    pub oid: mbedtls_x509_buf,
+    ///< The named value.
+    pub val: mbedtls_x509_buf,
+}
+/// A structure for holding the parsed Subject Alternative Name,
+/// according to type.
+///
+/// Future versions of the library may add new fields to this structure or
+/// to its embedded union and structure.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_x509_subject_alternative_name {
+    ///< The SAN type, value of MBEDTLS_X509_SAN_XXX.
+    pub type_: crate::c_types::c_int,
+    ///< A union of the supported SAN types
+    pub san: mbedtls_x509_subject_alternative_name__bindgen_ty_1,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union mbedtls_x509_subject_alternative_name__bindgen_ty_1 {
+    ///< The otherName supported type.
+    pub other_name: mbedtls_x509_san_other_name,
+    ///< The buffer for the unconstructed types. Only rfc822Name, dnsName and uniformResourceIdentifier are currently supported
+    pub unstructured_name: mbedtls_x509_buf,
+}
+extern "C" {
+    /// \brief          Store the certificate DN in printable form into buf;
+    ///                 no more than size characters will be written.
+    ///
+    /// \param buf      Buffer to write to
+    /// \param size     Maximum size of buffer
+    /// \param dn       The X509 name to represent
+    ///
+    /// \return         The length of the string written (not including the
+    ///                 terminated nul byte), or a negative error code.
+    pub fn mbedtls_x509_dn_gets(
+        buf: *mut crate::c_types::c_char,
+        size: usize,
+        dn: *const mbedtls_x509_name,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Store the certificate serial in printable form into buf;
+    ///                 no more than size characters will be written.
+    ///
+    /// \param buf      Buffer to write to
+    /// \param size     Maximum size of buffer
+    /// \param serial   The X509 serial to represent
+    ///
+    /// \return         The length of the string written (not including the
+    ///                 terminated nul byte), or a negative error code.
+    pub fn mbedtls_x509_serial_gets(
+        buf: *mut crate::c_types::c_char,
+        size: usize,
+        serial: *const mbedtls_x509_buf,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Check a given mbedtls_x509_time against the system time
+    ///                 and tell if it's in the past.
+    ///
+    /// \note           Intended usage is "if( is_past( valid_to ) ) ERROR".
+    ///                 Hence the return value of 1 if on internal errors.
+    ///
+    /// \param to       mbedtls_x509_time to check
+    ///
+    /// \return         1 if the given time is in the past or an error occurred,
+    ///                 0 otherwise.
+    pub fn mbedtls_x509_time_is_past(to: *const mbedtls_x509_time) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Check a given mbedtls_x509_time against the system time
+    ///                 and tell if it's in the future.
+    ///
+    /// \note           Intended usage is "if( is_future( valid_from ) ) ERROR".
+    ///                 Hence the return value of 1 if on internal errors.
+    ///
+    /// \param from     mbedtls_x509_time to check
+    ///
+    /// \return         1 if the given time is in the future or an error occurred,
+    ///                 0 otherwise.
+    pub fn mbedtls_x509_time_is_future(from: *const mbedtls_x509_time) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function parses an item in the SubjectAlternativeNames
+    ///                 extension.
+    ///
+    /// \param san_buf  The buffer holding the raw data item of the subject
+    ///                 alternative name.
+    /// \param san      The target structure to populate with the parsed presentation
+    ///                 of the subject alternative name encoded in \p san_raw.
+    ///
+    /// \note           Supported GeneralName types, as defined in RFC 5280:
+    ///                 "rfc822Name", "dnsName", "uniformResourceIdentifier" and "hardware_module_name"
+    ///                 of type "otherName", as defined in RFC 4108.
+    ///
+    /// \note           This function should be called on a single raw data of
+    ///                 subject alternative name. For example, after successful
+    ///                 certificate parsing, one must iterate on every item in the
+    ///                 \p crt->subject_alt_names sequence, and pass it to
+    ///                 this function.
+    ///
+    /// \warning        The target structure contains pointers to the raw data of the
+    ///                 parsed certificate, and its lifetime is restricted by the
+    ///                 lifetime of the certificate.
+    ///
+    /// \return         \c 0 on success
+    /// \return         #MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE for an unsupported
+    ///                 SAN type.
+    /// \return         Another negative value for any other failure.
+    pub fn mbedtls_x509_parse_subject_alt_name(
+        san_buf: *const mbedtls_x509_buf,
+        san: *mut mbedtls_x509_subject_alternative_name,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \} addtogroup x509_module
+    pub fn mbedtls_x509_get_name(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        cur: *mut mbedtls_x509_name,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_get_alg_null(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        alg: *mut mbedtls_x509_buf,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_get_alg(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        alg: *mut mbedtls_x509_buf,
+        params: *mut mbedtls_x509_buf,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_get_rsassa_pss_params(
+        params: *const mbedtls_x509_buf,
+        md_alg: *mut mbedtls_md_type_t,
+        mgf_md: *mut mbedtls_md_type_t,
+        salt_len: *mut crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_get_sig(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        sig: *mut mbedtls_x509_buf,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_get_sig_alg(
+        sig_oid: *const mbedtls_x509_buf,
+        sig_params: *const mbedtls_x509_buf,
+        md_alg: *mut mbedtls_md_type_t,
+        pk_alg: *mut mbedtls_pk_type_t,
+        sig_opts: *mut *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_get_time(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        t: *mut mbedtls_x509_time,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_get_serial(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        serial: *mut mbedtls_x509_buf,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_get_ext(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        ext: *mut mbedtls_x509_buf,
+        tag: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_sig_alg_gets(
+        buf: *mut crate::c_types::c_char,
+        size: usize,
+        sig_oid: *const mbedtls_x509_buf,
+        pk_alg: mbedtls_pk_type_t,
+        md_alg: mbedtls_md_type_t,
+        sig_opts: *const crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_key_size_helper(
+        buf: *mut crate::c_types::c_char,
+        buf_size: usize,
+        name: *const crate::c_types::c_char,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_string_to_names(
+        head: *mut *mut mbedtls_asn1_named_data,
+        name: *const crate::c_types::c_char,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_set_extension(
+        head: *mut *mut mbedtls_asn1_named_data,
+        oid: *const crate::c_types::c_char,
+        oid_len: usize,
+        critical: crate::c_types::c_int,
+        val: *const crate::c_types::c_uchar,
+        val_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_write_extensions(
+        p: *mut *mut crate::c_types::c_uchar,
+        start: *mut crate::c_types::c_uchar,
+        first: *mut mbedtls_asn1_named_data,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_write_names(
+        p: *mut *mut crate::c_types::c_uchar,
+        start: *mut crate::c_types::c_uchar,
+        first: *mut mbedtls_asn1_named_data,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_write_sig(
+        p: *mut *mut crate::c_types::c_uchar,
+        start: *mut crate::c_types::c_uchar,
+        oid: *const crate::c_types::c_char,
+        oid_len: usize,
+        sig: *mut crate::c_types::c_uchar,
+        size: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_get_ns_cert_type(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        ns_cert_type: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_get_key_usage(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        key_usage: *mut crate::c_types::c_uint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_get_subject_alt_name(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        subject_alt_name: *mut mbedtls_x509_sequence,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_info_subject_alt_name(
+        buf: *mut *mut crate::c_types::c_char,
+        size: *mut usize,
+        subject_alt_name: *const mbedtls_x509_sequence,
+        prefix: *const crate::c_types::c_char,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_info_cert_type(
+        buf: *mut *mut crate::c_types::c_char,
+        size: *mut usize,
+        ns_cert_type: crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_info_key_usage(
+        buf: *mut *mut crate::c_types::c_char,
+        size: *mut usize,
+        key_usage: crate::c_types::c_uint,
+    ) -> crate::c_types::c_int;
+}
+/// Certificate revocation list entry.
+/// Contains the CA-specific serial numbers and revocation dates.
+///
+/// Some fields of this structure are publicly readable. Do not modify
+/// them except via Mbed TLS library functions: the effect of modifying
+/// those fields or the data that those fields points to is unspecified.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_x509_crl_entry {
+    /// Direct access to the whole entry inside the containing buffer.
+    pub raw: mbedtls_x509_buf,
+    /// The serial number of the revoked certificate.
+    pub serial: mbedtls_x509_buf,
+    /// The revocation date of this entry.
+    pub revocation_date: mbedtls_x509_time,
+    /// Direct access to the list of CRL entry extensions
+    /// (an ASN.1 constructed sequence).
+    ///
+    /// If there are no extensions, `entry_ext.len == 0` and
+    /// `entry_ext.p == NULL`.
+    pub entry_ext: mbedtls_x509_buf,
+    /// Next element in the linked list of entries.
+    /// \p NULL indicates the end of the list.
+    /// Do not modify this field directly.
+    pub next: *mut mbedtls_x509_crl_entry,
+}
+/// Certificate revocation list structure.
+/// Every CRL may have multiple entries.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_x509_crl {
+    ///< The raw certificate data (DER).
+    pub raw: mbedtls_x509_buf,
+    ///< The raw certificate body (DER). The part that is To Be Signed.
+    pub tbs: mbedtls_x509_buf,
+    ///< CRL version (1=v1, 2=v2)
+    pub version: crate::c_types::c_int,
+    ///< CRL signature type identifier
+    pub sig_oid: mbedtls_x509_buf,
+    ///< The raw issuer data (DER).
+    pub issuer_raw: mbedtls_x509_buf,
+    ///< The parsed issuer data (named information object).
+    pub issuer: mbedtls_x509_name,
+    pub this_update: mbedtls_x509_time,
+    pub next_update: mbedtls_x509_time,
+    ///< The CRL entries containing the certificate revocation times for this CA.
+    pub entry: mbedtls_x509_crl_entry,
+    pub crl_ext: mbedtls_x509_buf,
+    pub private_sig_oid2: mbedtls_x509_buf,
+    pub private_sig: mbedtls_x509_buf,
+    pub private_sig_md: mbedtls_md_type_t,
+    pub private_sig_pk: mbedtls_pk_type_t,
+    pub private_sig_opts: *mut crate::c_types::c_void,
+    /// Next element in the linked list of CRL.
+    /// \p NULL indicates the end of the list.
+    /// Do not modify this field directly.
+    pub next: *mut mbedtls_x509_crl,
+}
+extern "C" {
+    /// \brief          Parse a DER-encoded CRL and append it to the chained list
+    ///
+    /// \note           If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+    ///                 subsystem must have been initialized by calling
+    ///                 psa_crypto_init() before calling this function.
+    ///
+    /// \param chain    points to the start of the chain
+    /// \param buf      buffer holding the CRL data in DER format
+    /// \param buflen   size of the buffer
+    ///                 (including the terminating null byte for PEM data)
+    ///
+    /// \return         0 if successful, or a specific X509 or PEM error code
+    pub fn mbedtls_x509_crl_parse_der(
+        chain: *mut mbedtls_x509_crl,
+        buf: *const crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Parse one or more CRLs and append them to the chained list
+    ///
+    /// \note           Multiple CRLs are accepted only if using PEM format
+    ///
+    /// \note           If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+    ///                 subsystem must have been initialized by calling
+    ///                 psa_crypto_init() before calling this function.
+    ///
+    /// \param chain    points to the start of the chain
+    /// \param buf      buffer holding the CRL data in PEM or DER format
+    /// \param buflen   size of the buffer
+    ///                 (including the terminating null byte for PEM data)
+    ///
+    /// \return         0 if successful, or a specific X509 or PEM error code
+    pub fn mbedtls_x509_crl_parse(
+        chain: *mut mbedtls_x509_crl,
+        buf: *const crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Returns an informational string about the CRL.
+    ///
+    /// \param buf      Buffer to write to
+    /// \param size     Maximum size of buffer
+    /// \param prefix   A line prefix
+    /// \param crl      The X509 CRL to represent
+    ///
+    /// \return         The length of the string written (not including the
+    ///                 terminated nul byte), or a negative error code.
+    pub fn mbedtls_x509_crl_info(
+        buf: *mut crate::c_types::c_char,
+        size: usize,
+        prefix: *const crate::c_types::c_char,
+        crl: *const mbedtls_x509_crl,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Initialize a CRL (chain)
+    ///
+    /// \param crl      CRL chain to initialize
+    pub fn mbedtls_x509_crl_init(crl: *mut mbedtls_x509_crl);
+}
+extern "C" {
+    /// \brief          Unallocate all CRL data
+    ///
+    /// \param crl      CRL chain to free
+    pub fn mbedtls_x509_crl_free(crl: *mut mbedtls_x509_crl);
+}
+/// Container for an X.509 certificate. The certificate may be chained.
+///
+/// Some fields of this structure are publicly readable. Do not modify
+/// them except via Mbed TLS library functions: the effect of modifying
+/// those fields or the data that those fields points to is unspecified.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_x509_crt {
+    pub private_own_buffer: crate::c_types::c_int,
+    ///< The raw certificate data (DER).
+    pub raw: mbedtls_x509_buf,
+    ///< The raw certificate body (DER). The part that is To Be Signed.
+    pub tbs: mbedtls_x509_buf,
+    ///< The X.509 version. (1=v1, 2=v2, 3=v3)
+    pub version: crate::c_types::c_int,
+    ///< Unique id for certificate issued by a specific CA.
+    pub serial: mbedtls_x509_buf,
+    ///< Signature algorithm, e.g. sha1RSA
+    pub sig_oid: mbedtls_x509_buf,
+    ///< The raw issuer data (DER). Used for quick comparison.
+    pub issuer_raw: mbedtls_x509_buf,
+    ///< The raw subject data (DER). Used for quick comparison.
+    pub subject_raw: mbedtls_x509_buf,
+    ///< The parsed issuer data (named information object).
+    pub issuer: mbedtls_x509_name,
+    ///< The parsed subject data (named information object).
+    pub subject: mbedtls_x509_name,
+    ///< Start time of certificate validity.
+    pub valid_from: mbedtls_x509_time,
+    ///< End time of certificate validity.
+    pub valid_to: mbedtls_x509_time,
+    pub pk_raw: mbedtls_x509_buf,
+    ///< Container for the public key context.
+    pub pk: mbedtls_pk_context,
+    ///< Optional X.509 v2/v3 issuer unique identifier.
+    pub issuer_id: mbedtls_x509_buf,
+    ///< Optional X.509 v2/v3 subject unique identifier.
+    pub subject_id: mbedtls_x509_buf,
+    ///< Optional X.509 v3 extensions.
+    pub v3_ext: mbedtls_x509_buf,
+    ///< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName, uniformResourceIdentifier and OtherName are listed).
+    pub subject_alt_names: mbedtls_x509_sequence,
+    ///< Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed).
+    pub certificate_policies: mbedtls_x509_sequence,
+    pub private_ext_types: crate::c_types::c_int,
+    pub private_ca_istrue: crate::c_types::c_int,
+    pub private_max_pathlen: crate::c_types::c_int,
+    pub private_key_usage: crate::c_types::c_uint,
+    ///< Optional list of extended key usage OIDs.
+    pub ext_key_usage: mbedtls_x509_sequence,
+    pub private_ns_cert_type: crate::c_types::c_uchar,
+    pub private_sig: mbedtls_x509_buf,
+    pub private_sig_md: mbedtls_md_type_t,
+    pub private_sig_pk: mbedtls_pk_type_t,
+    pub private_sig_opts: *mut crate::c_types::c_void,
+    /// Next certificate in the linked list that constitutes the CA chain.
+    /// \p NULL indicates the end of the list.
+    /// Do not modify this field directly.
+    pub next: *mut mbedtls_x509_crt,
+}
+/// Security profile for certificate verification.
+///
+/// All lists are bitfields, built by ORing flags from MBEDTLS_X509_ID_FLAG().
+///
+/// The fields of this structure are part of the public API and can be
+/// manipulated directly by applications. Future versions of the library may
+/// add extra fields or reorder existing fields.
+///
+/// You can create custom profiles by starting from a copy of
+/// an existing profile, such as mbedtls_x509_crt_profile_default or
+/// mbedtls_x509_ctr_profile_none and then tune it to your needs.
+///
+/// For example to allow SHA-224 in addition to the default:
+///
+///  mbedtls_x509_crt_profile my_profile = mbedtls_x509_crt_profile_default;
+///  my_profile.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 );
+///
+/// Or to allow only RSA-3072+ with SHA-256:
+///
+///  mbedtls_x509_crt_profile my_profile = mbedtls_x509_crt_profile_none;
+///  my_profile.allowed_mds = MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 );
+///  my_profile.allowed_pks = MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_RSA );
+///  my_profile.rsa_min_bitlen = 3072;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_x509_crt_profile {
+    ///< MDs for signatures
+    pub allowed_mds: u32,
+    ///< PK algs for public keys;
+    ///   this applies to all certificates
+    ///   in the provided chain.
+    pub allowed_pks: u32,
+    ///< Elliptic curves for ECDSA
+    pub allowed_curves: u32,
+    ///< Minimum size for RSA keys
+    pub rsa_min_bitlen: u32,
+}
+/// Container for writing a certificate (CRT)
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_x509write_cert {
+    pub private_version: crate::c_types::c_int,
+    pub private_serial: [crate::c_types::c_uchar; 20usize],
+    pub private_serial_len: usize,
+    pub private_subject_key: *mut mbedtls_pk_context,
+    pub private_issuer_key: *mut mbedtls_pk_context,
+    pub private_subject: *mut mbedtls_asn1_named_data,
+    pub private_issuer: *mut mbedtls_asn1_named_data,
+    pub private_md_alg: mbedtls_md_type_t,
+    pub private_not_before: [crate::c_types::c_char; 16usize],
+    pub private_not_after: [crate::c_types::c_char; 16usize],
+    pub private_extensions: *mut mbedtls_asn1_named_data,
+}
+/// Item in a verification chain: cert and flags for it
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_x509_crt_verify_chain_item {
+    pub private_crt: *mut mbedtls_x509_crt,
+    pub private_flags: u32,
+}
+/// Verification chain as built by \c mbedtls_crt_verify_chain()
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_x509_crt_verify_chain {
+    pub private_items: [mbedtls_x509_crt_verify_chain_item; 10usize],
+    pub private_len: crate::c_types::c_uint,
+}
+pub type mbedtls_x509_crt_restart_ctx = crate::c_types::c_void;
+extern "C" {
+    /// Default security profile. Should provide a good balance between security
+    /// and compatibility with current deployments.
+    ///
+    /// This profile permits:
+    /// - SHA2 hashes with at least 256 bits: SHA-256, SHA-384, SHA-512.
+    /// - Elliptic curves with 255 bits and above except secp256k1.
+    /// - RSA with 2048 bits and above.
+    ///
+    /// New minor versions of Mbed TLS may extend this profile, for example if
+    /// new algorithms are added to the library. New minor versions of Mbed TLS will
+    /// not reduce this profile unless serious security concerns require it.
+    pub static mbedtls_x509_crt_profile_default: mbedtls_x509_crt_profile;
+}
+extern "C" {
+    /// Expected next default profile. Recommended for new deployments.
+    /// Currently targets a 128-bit security level, except for allowing RSA-2048.
+    /// This profile may change at any time.
+    pub static mbedtls_x509_crt_profile_next: mbedtls_x509_crt_profile;
+}
+extern "C" {
+    /// NSA Suite B profile.
+    pub static mbedtls_x509_crt_profile_suiteb: mbedtls_x509_crt_profile;
+}
+extern "C" {
+    /// Empty profile that allows nothing. Useful as a basis for constructing
+    /// custom profiles.
+    pub static mbedtls_x509_crt_profile_none: mbedtls_x509_crt_profile;
+}
+extern "C" {
+    /// \brief          Parse a single DER formatted certificate and add it
+    ///                 to the end of the provided chained list.
+    ///
+    /// \note           If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+    ///                 subsystem must have been initialized by calling
+    ///                 psa_crypto_init() before calling this function.
+    ///
+    /// \param chain    The pointer to the start of the CRT chain to attach to.
+    ///                 When parsing the first CRT in a chain, this should point
+    ///                 to an instance of ::mbedtls_x509_crt initialized through
+    ///                 mbedtls_x509_crt_init().
+    /// \param buf      The buffer holding the DER encoded certificate.
+    /// \param buflen   The size in Bytes of \p buf.
+    ///
+    /// \note           This function makes an internal copy of the CRT buffer
+    ///                 \p buf. In particular, \p buf may be destroyed or reused
+    ///                 after this call returns. To avoid duplicating the CRT
+    ///                 buffer (at the cost of stricter lifetime constraints),
+    ///                 use mbedtls_x509_crt_parse_der_nocopy() instead.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_x509_crt_parse_der(
+        chain: *mut mbedtls_x509_crt,
+        buf: *const crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+/// \brief          The type of certificate extension callbacks.
+///
+///                 Callbacks of this type are passed to and used by the
+///                 mbedtls_x509_crt_parse_der_with_ext_cb() routine when
+///                 it encounters either an unsupported extension or a
+///                 "certificate policies" extension containing any
+///                 unsupported certificate policies.
+///                 Future versions of the library may invoke the callback
+///                 in other cases, if and when the need arises.
+///
+/// \param p_ctx    An opaque context passed to the callback.
+/// \param crt      The certificate being parsed.
+/// \param oid      The OID of the extension.
+/// \param critical Whether the extension is critical.
+/// \param p        Pointer to the start of the extension value
+///                 (the content of the OCTET STRING).
+/// \param end      End of extension value.
+///
+/// \note           The callback must fail and return a negative error code
+///                 if it can not parse or does not support the extension.
+///                 When the callback fails to parse a critical extension
+///                 mbedtls_x509_crt_parse_der_with_ext_cb() also fails.
+///                 When the callback fails to parse a non critical extension
+///                 mbedtls_x509_crt_parse_der_with_ext_cb() simply skips
+///                 the extension and continues parsing.
+///
+/// \return         \c 0 on success.
+/// \return         A negative error code on failure.
+pub type mbedtls_x509_crt_ext_cb_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        p_ctx: *mut crate::c_types::c_void,
+        crt: *const mbedtls_x509_crt,
+        oid: *const mbedtls_x509_buf,
+        critical: crate::c_types::c_int,
+        p: *const crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int,
+>;
+extern "C" {
+    /// \brief            Parse a single DER formatted certificate and add it
+    ///                   to the end of the provided chained list.
+    ///
+    /// \note             If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+    ///                   subsystem must have been initialized by calling
+    ///                   psa_crypto_init() before calling this function.
+    ///
+    /// \param chain      The pointer to the start of the CRT chain to attach to.
+    ///                   When parsing the first CRT in a chain, this should point
+    ///                   to an instance of ::mbedtls_x509_crt initialized through
+    ///                   mbedtls_x509_crt_init().
+    /// \param buf        The buffer holding the DER encoded certificate.
+    /// \param buflen     The size in Bytes of \p buf.
+    /// \param make_copy  When not zero this function makes an internal copy of the
+    ///                   CRT buffer \p buf. In particular, \p buf may be destroyed
+    ///                   or reused after this call returns.
+    ///                   When zero this function avoids duplicating the CRT buffer
+    ///                   by taking temporary ownership thereof until the CRT
+    ///                   is destroyed (like mbedtls_x509_crt_parse_der_nocopy())
+    /// \param cb         A callback invoked for every unsupported certificate
+    ///                   extension.
+    /// \param p_ctx      An opaque context passed to the callback.
+    ///
+    /// \note             This call is functionally equivalent to
+    ///                   mbedtls_x509_crt_parse_der(), and/or
+    ///                   mbedtls_x509_crt_parse_der_nocopy()
+    ///                   but it calls the callback with every unsupported
+    ///                   certificate extension and additionally the
+    ///                   "certificate policies" extension if it contains any
+    ///                   unsupported certificate policies.
+    ///                   The callback must return a negative error code if it
+    ///                   does not know how to handle such an extension.
+    ///                   When the callback fails to parse a critical extension
+    ///                   mbedtls_x509_crt_parse_der_with_ext_cb() also fails.
+    ///                   When the callback fails to parse a non critical extension
+    ///                   mbedtls_x509_crt_parse_der_with_ext_cb() simply skips
+    ///                   the extension and continues parsing.
+    ///                   Future versions of the library may invoke the callback
+    ///                   in other cases, if and when the need arises.
+    ///
+    /// \return           \c 0 if successful.
+    /// \return           A negative error code on failure.
+    pub fn mbedtls_x509_crt_parse_der_with_ext_cb(
+        chain: *mut mbedtls_x509_crt,
+        buf: *const crate::c_types::c_uchar,
+        buflen: usize,
+        make_copy: crate::c_types::c_int,
+        cb: mbedtls_x509_crt_ext_cb_t,
+        p_ctx: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Parse a single DER formatted certificate and add it
+    ///                 to the end of the provided chained list. This is a
+    ///                 variant of mbedtls_x509_crt_parse_der() which takes
+    ///                 temporary ownership of the CRT buffer until the CRT
+    ///                 is destroyed.
+    ///
+    /// \note           If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+    ///                 subsystem must have been initialized by calling
+    ///                 psa_crypto_init() before calling this function.
+    ///
+    /// \param chain    The pointer to the start of the CRT chain to attach to.
+    ///                 When parsing the first CRT in a chain, this should point
+    ///                 to an instance of ::mbedtls_x509_crt initialized through
+    ///                 mbedtls_x509_crt_init().
+    /// \param buf      The address of the readable buffer holding the DER encoded
+    ///                 certificate to use. On success, this buffer must be
+    ///                 retained and not be changed for the lifetime of the
+    ///                 CRT chain \p chain, that is, until \p chain is destroyed
+    ///                 through a call to mbedtls_x509_crt_free().
+    /// \param buflen   The size in Bytes of \p buf.
+    ///
+    /// \note           This call is functionally equivalent to
+    ///                 mbedtls_x509_crt_parse_der(), but it avoids creating a
+    ///                 copy of the input buffer at the cost of stronger lifetime
+    ///                 constraints. This is useful in constrained environments
+    ///                 where duplication of the CRT cannot be tolerated.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_x509_crt_parse_der_nocopy(
+        chain: *mut mbedtls_x509_crt,
+        buf: *const crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Parse one DER-encoded or one or more concatenated PEM-encoded
+    ///                 certificates and add them to the chained list.
+    ///
+    ///                 For CRTs in PEM encoding, the function parses permissively:
+    ///                 if at least one certificate can be parsed, the function
+    ///                 returns the number of certificates for which parsing failed
+    ///                 (hence \c 0 if all certificates were parsed successfully).
+    ///                 If no certificate could be parsed, the function returns
+    ///                 the first (negative) error encountered during parsing.
+    ///
+    ///                 PEM encoded certificates may be interleaved by other data
+    ///                 such as human readable descriptions of their content, as
+    ///                 long as the certificates are enclosed in the PEM specific
+    ///                 '-----{BEGIN/END} CERTIFICATE-----' delimiters.
+    ///
+    /// \note           If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+    ///                 subsystem must have been initialized by calling
+    ///                 psa_crypto_init() before calling this function.
+    ///
+    /// \param chain    The chain to which to add the parsed certificates.
+    /// \param buf      The buffer holding the certificate data in PEM or DER format.
+    ///                 For certificates in PEM encoding, this may be a concatenation
+    ///                 of multiple certificates; for DER encoding, the buffer must
+    ///                 comprise exactly one certificate.
+    /// \param buflen   The size of \p buf, including the terminating \c NULL byte
+    ///                 in case of PEM encoded data.
+    ///
+    /// \return         \c 0 if all certificates were parsed successfully.
+    /// \return         The (positive) number of certificates that couldn't
+    ///                 be parsed if parsing was partly successful (see above).
+    /// \return         A negative X509 or PEM error code otherwise.
+    pub fn mbedtls_x509_crt_parse(
+        chain: *mut mbedtls_x509_crt,
+        buf: *const crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Returns an informational string about the
+    ///                 certificate.
+    ///
+    /// \param buf      Buffer to write to
+    /// \param size     Maximum size of buffer
+    /// \param prefix   A line prefix
+    /// \param crt      The X509 certificate to represent
+    ///
+    /// \return         The length of the string written (not including the
+    ///                 terminated nul byte), or a negative error code.
+    pub fn mbedtls_x509_crt_info(
+        buf: *mut crate::c_types::c_char,
+        size: usize,
+        prefix: *const crate::c_types::c_char,
+        crt: *const mbedtls_x509_crt,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Returns an informational string about the
+    ///                 verification status of a certificate.
+    ///
+    /// \param buf      Buffer to write to
+    /// \param size     Maximum size of buffer
+    /// \param prefix   A line prefix
+    /// \param flags    Verification flags created by mbedtls_x509_crt_verify()
+    ///
+    /// \return         The length of the string written (not including the
+    ///                 terminated nul byte), or a negative error code.
+    pub fn mbedtls_x509_crt_verify_info(
+        buf: *mut crate::c_types::c_char,
+        size: usize,
+        prefix: *const crate::c_types::c_char,
+        flags: u32,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Verify a chain of certificates.
+    ///
+    ///                 The verify callback is a user-supplied callback that
+    ///                 can clear / modify / add flags for a certificate. If set,
+    ///                 the verification callback is called for each
+    ///                 certificate in the chain (from the trust-ca down to the
+    ///                 presented crt). The parameters for the callback are:
+    ///                 (void *parameter, mbedtls_x509_crt *crt, int certificate_depth,
+    ///                 int *flags). With the flags representing current flags for
+    ///                 that specific certificate and the certificate depth from
+    ///                 the bottom (Peer cert depth = 0).
+    ///
+    ///                 All flags left after returning from the callback
+    ///                 are also returned to the application. The function should
+    ///                 return 0 for anything (including invalid certificates)
+    ///                 other than fatal error, as a non-zero return code
+    ///                 immediately aborts the verification process. For fatal
+    ///                 errors, a specific error code should be used (different
+    ///                 from MBEDTLS_ERR_X509_CERT_VERIFY_FAILED which should not
+    ///                 be returned at this point), or MBEDTLS_ERR_X509_FATAL_ERROR
+    ///                 can be used if no better code is available.
+    ///
+    /// \note           In case verification failed, the results can be displayed
+    ///                 using \c mbedtls_x509_crt_verify_info()
+    ///
+    /// \note           Same as \c mbedtls_x509_crt_verify_with_profile() with the
+    ///                 default security profile.
+    ///
+    /// \note           It is your responsibility to provide up-to-date CRLs for
+    ///                 all trusted CAs. If no CRL is provided for the CA that was
+    ///                 used to sign the certificate, CRL verification is skipped
+    ///                 silently, that is *without* setting any flag.
+    ///
+    /// \note           The \c trust_ca list can contain two types of certificates:
+    ///                 (1) those of trusted root CAs, so that certificates
+    ///                 chaining up to those CAs will be trusted, and (2)
+    ///                 self-signed end-entity certificates to be trusted (for
+    ///                 specific peers you know) - in that case, the self-signed
+    ///                 certificate doesn't need to have the CA bit set.
+    ///
+    /// \param crt      The certificate chain to be verified.
+    /// \param trust_ca The list of trusted CAs.
+    /// \param ca_crl   The list of CRLs for trusted CAs.
+    /// \param cn       The expected Common Name. This will be checked to be
+    ///                 present in the certificate's subjectAltNames extension or,
+    ///                 if this extension is absent, as a CN component in its
+    ///                 Subject name. Currently only DNS names are supported. This
+    ///                 may be \c NULL if the CN need not be verified.
+    /// \param flags    The address at which to store the result of the verification.
+    ///                 If the verification couldn't be completed, the flag value is
+    ///                 set to (uint32_t) -1.
+    /// \param f_vrfy   The verification callback to use. See the documentation
+    ///                 of mbedtls_x509_crt_verify() for more information.
+    /// \param p_vrfy   The context to be passed to \p f_vrfy.
+    ///
+    /// \return         \c 0 if the chain is valid with respect to the
+    ///                 passed CN, CAs, CRLs and security profile.
+    /// \return         #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the
+    ///                 certificate chain verification failed. In this case,
+    ///                 \c *flags will have one or more
+    ///                 \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX
+    ///                 flags set.
+    /// \return         Another negative error code in case of a fatal error
+    ///                 encountered during the verification process.
+    pub fn mbedtls_x509_crt_verify(
+        crt: *mut mbedtls_x509_crt,
+        trust_ca: *mut mbedtls_x509_crt,
+        ca_crl: *mut mbedtls_x509_crl,
+        cn: *const crate::c_types::c_char,
+        flags: *mut u32,
+        f_vrfy: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut mbedtls_x509_crt,
+                arg3: crate::c_types::c_int,
+                arg4: *mut u32,
+            ) -> crate::c_types::c_int,
+        >,
+        p_vrfy: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Verify a chain of certificates with respect to
+    ///                 a configurable security profile.
+    ///
+    /// \note           Same as \c mbedtls_x509_crt_verify(), but with explicit
+    ///                 security profile.
+    ///
+    /// \note           The restrictions on keys (RSA minimum size, allowed curves
+    ///                 for ECDSA) apply to all certificates: trusted root,
+    ///                 intermediate CAs if any, and end entity certificate.
+    ///
+    /// \param crt      The certificate chain to be verified.
+    /// \param trust_ca The list of trusted CAs.
+    /// \param ca_crl   The list of CRLs for trusted CAs.
+    /// \param profile  The security profile to use for the verification.
+    /// \param cn       The expected Common Name. This may be \c NULL if the
+    ///                 CN need not be verified.
+    /// \param flags    The address at which to store the result of the verification.
+    ///                 If the verification couldn't be completed, the flag value is
+    ///                 set to (uint32_t) -1.
+    /// \param f_vrfy   The verification callback to use. See the documentation
+    ///                 of mbedtls_x509_crt_verify() for more information.
+    /// \param p_vrfy   The context to be passed to \p f_vrfy.
+    ///
+    /// \return         \c 0 if the chain is valid with respect to the
+    ///                 passed CN, CAs, CRLs and security profile.
+    /// \return         #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the
+    ///                 certificate chain verification failed. In this case,
+    ///                 \c *flags will have one or more
+    ///                 \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX
+    ///                 flags set.
+    /// \return         Another negative error code in case of a fatal error
+    ///                 encountered during the verification process.
+    pub fn mbedtls_x509_crt_verify_with_profile(
+        crt: *mut mbedtls_x509_crt,
+        trust_ca: *mut mbedtls_x509_crt,
+        ca_crl: *mut mbedtls_x509_crl,
+        profile: *const mbedtls_x509_crt_profile,
+        cn: *const crate::c_types::c_char,
+        flags: *mut u32,
+        f_vrfy: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut mbedtls_x509_crt,
+                arg3: crate::c_types::c_int,
+                arg4: *mut u32,
+            ) -> crate::c_types::c_int,
+        >,
+        p_vrfy: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Restartable version of \c mbedtls_crt_verify_with_profile()
+    ///
+    /// \note           Performs the same job as \c mbedtls_crt_verify_with_profile()
+    ///                 but can return early and restart according to the limit
+    ///                 set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
+    ///
+    /// \param crt      The certificate chain to be verified.
+    /// \param trust_ca The list of trusted CAs.
+    /// \param ca_crl   The list of CRLs for trusted CAs.
+    /// \param profile  The security profile to use for the verification.
+    /// \param cn       The expected Common Name. This may be \c NULL if the
+    ///                 CN need not be verified.
+    /// \param flags    The address at which to store the result of the verification.
+    ///                 If the verification couldn't be completed, the flag value is
+    ///                 set to (uint32_t) -1.
+    /// \param f_vrfy   The verification callback to use. See the documentation
+    ///                 of mbedtls_x509_crt_verify() for more information.
+    /// \param p_vrfy   The context to be passed to \p f_vrfy.
+    /// \param rs_ctx   The restart context to use. This may be set to \c NULL
+    ///                 to disable restartable ECC.
+    ///
+    /// \return         See \c mbedtls_crt_verify_with_profile(), or
+    /// \return         #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                 operations was reached: see \c mbedtls_ecp_set_max_ops().
+    pub fn mbedtls_x509_crt_verify_restartable(
+        crt: *mut mbedtls_x509_crt,
+        trust_ca: *mut mbedtls_x509_crt,
+        ca_crl: *mut mbedtls_x509_crl,
+        profile: *const mbedtls_x509_crt_profile,
+        cn: *const crate::c_types::c_char,
+        flags: *mut u32,
+        f_vrfy: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut mbedtls_x509_crt,
+                arg3: crate::c_types::c_int,
+                arg4: *mut u32,
+            ) -> crate::c_types::c_int,
+        >,
+        p_vrfy: *mut crate::c_types::c_void,
+        rs_ctx: *mut mbedtls_x509_crt_restart_ctx,
+    ) -> crate::c_types::c_int;
+}
+/// \brief               The type of trusted certificate callbacks.
+///
+///                      Callbacks of this type are passed to and used by the CRT
+///                      verification routine mbedtls_x509_crt_verify_with_ca_cb()
+///                      when looking for trusted signers of a given certificate.
+///
+///                      On success, the callback returns a list of trusted
+///                      certificates to be considered as potential signers
+///                      for the input certificate.
+///
+/// \param p_ctx         An opaque context passed to the callback.
+/// \param child         The certificate for which to search a potential signer.
+///                      This will point to a readable certificate.
+/// \param candidate_cas The address at which to store the address of the first
+///                      entry in the generated linked list of candidate signers.
+///                      This will not be \c NULL.
+///
+/// \note                The callback must only return a non-zero value on a
+///                      fatal error. If, in contrast, the search for a potential
+///                      signer completes without a single candidate, the
+///                      callback must return \c 0 and set \c *candidate_cas
+///                      to \c NULL.
+///
+/// \return              \c 0 on success. In this case, \c *candidate_cas points
+///                      to a heap-allocated linked list of instances of
+///                      ::mbedtls_x509_crt, and ownership of this list is passed
+///                      to the caller.
+/// \return              A negative error code on failure.
+pub type mbedtls_x509_crt_ca_cb_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        p_ctx: *mut crate::c_types::c_void,
+        child: *const mbedtls_x509_crt,
+        candidate_cas: *mut *mut mbedtls_x509_crt,
+    ) -> crate::c_types::c_int,
+>;
+extern "C" {
+    /// \brief          Check usage of certificate against keyUsage extension.
+    ///
+    /// \param crt      Leaf certificate used.
+    /// \param usage    Intended usage(s) (eg MBEDTLS_X509_KU_KEY_ENCIPHERMENT
+    ///                 before using the certificate to perform an RSA key
+    ///                 exchange).
+    ///
+    /// \note           Except for decipherOnly and encipherOnly, a bit set in the
+    ///                 usage argument means this bit MUST be set in the
+    ///                 certificate. For decipherOnly and encipherOnly, it means
+    ///                 that bit MAY be set.
+    ///
+    /// \return         0 is these uses of the certificate are allowed,
+    ///                 MBEDTLS_ERR_X509_BAD_INPUT_DATA if the keyUsage extension
+    ///                 is present but does not match the usage argument.
+    ///
+    /// \note           You should only call this function on leaf certificates, on
+    ///                 (intermediate) CAs the keyUsage extension is automatically
+    ///                 checked by \c mbedtls_x509_crt_verify().
+    pub fn mbedtls_x509_crt_check_key_usage(
+        crt: *const mbedtls_x509_crt,
+        usage: crate::c_types::c_uint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Check usage of certificate against extendedKeyUsage.
+    ///
+    /// \param crt       Leaf certificate used.
+    /// \param usage_oid Intended usage (eg MBEDTLS_OID_SERVER_AUTH or
+    ///                  MBEDTLS_OID_CLIENT_AUTH).
+    /// \param usage_len Length of usage_oid (eg given by MBEDTLS_OID_SIZE()).
+    ///
+    /// \return          0 if this use of the certificate is allowed,
+    ///                  MBEDTLS_ERR_X509_BAD_INPUT_DATA if not.
+    ///
+    /// \note            Usually only makes sense on leaf certificates.
+    pub fn mbedtls_x509_crt_check_extended_key_usage(
+        crt: *const mbedtls_x509_crt,
+        usage_oid: *const crate::c_types::c_char,
+        usage_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Verify the certificate revocation status
+    ///
+    /// \param crt      a certificate to be verified
+    /// \param crl      the CRL to verify against
+    ///
+    /// \return         1 if the certificate is revoked, 0 otherwise
+    pub fn mbedtls_x509_crt_is_revoked(
+        crt: *const mbedtls_x509_crt,
+        crl: *const mbedtls_x509_crl,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Initialize a certificate (chain)
+    ///
+    /// \param crt      Certificate chain to initialize
+    pub fn mbedtls_x509_crt_init(crt: *mut mbedtls_x509_crt);
+}
+extern "C" {
+    /// \brief          Unallocate all certificate data
+    ///
+    /// \param crt      Certificate chain to free
+    pub fn mbedtls_x509_crt_free(crt: *mut mbedtls_x509_crt);
+}
+extern "C" {
+    /// \brief           Initialize a CRT writing context
+    ///
+    /// \param ctx       CRT context to initialize
+    pub fn mbedtls_x509write_crt_init(ctx: *mut mbedtls_x509write_cert);
+}
+extern "C" {
+    /// \brief           Set the version for a Certificate
+    ///                  Default: MBEDTLS_X509_CRT_VERSION_3
+    ///
+    /// \param ctx       CRT context to use
+    /// \param version   version to set (MBEDTLS_X509_CRT_VERSION_1, MBEDTLS_X509_CRT_VERSION_2 or
+    ///                                  MBEDTLS_X509_CRT_VERSION_3)
+    pub fn mbedtls_x509write_crt_set_version(
+        ctx: *mut mbedtls_x509write_cert,
+        version: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief           Set the serial number for a Certificate.
+    ///
+    /// \deprecated      This function is deprecated and will be removed in a
+    ///                  future version of the library. Please use
+    ///                  mbedtls_x509write_crt_set_serial_raw() instead.
+    ///
+    /// \note            Even though the MBEDTLS_BIGNUM_C guard looks redundant since
+    ///                  X509 depends on PK and PK depends on BIGNUM, this emphasizes
+    ///                  a direct dependency between X509 and BIGNUM which is going
+    ///                  to be deprecated in the future.
+    ///
+    /// \param ctx       CRT context to use
+    /// \param serial    serial number to set
+    ///
+    /// \return          0 if successful
+    pub fn mbedtls_x509write_crt_set_serial(
+        ctx: *mut mbedtls_x509write_cert,
+        serial: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Set the serial number for a Certificate.
+    ///
+    /// \param ctx          CRT context to use
+    /// \param serial       A raw array of bytes containing the serial number in big
+    ///                     endian format
+    /// \param serial_len   Length of valid bytes (expressed in bytes) in \p serial
+    ///                     input buffer
+    ///
+    /// \return          0 if successful, or
+    ///                  MBEDTLS_ERR_X509_BAD_INPUT_DATA if the provided input buffer
+    ///                  is too big (longer than MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN)
+    pub fn mbedtls_x509write_crt_set_serial_raw(
+        ctx: *mut mbedtls_x509write_cert,
+        serial: *mut crate::c_types::c_uchar,
+        serial_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Set the validity period for a Certificate
+    ///                  Timestamps should be in string format for UTC timezone
+    ///                  i.e. "YYYYMMDDhhmmss"
+    ///                  e.g. "20131231235959" for December 31st 2013
+    ///                       at 23:59:59
+    ///
+    /// \param ctx       CRT context to use
+    /// \param not_before    not_before timestamp
+    /// \param not_after     not_after timestamp
+    ///
+    /// \return          0 if timestamp was parsed successfully, or
+    ///                  a specific error code
+    pub fn mbedtls_x509write_crt_set_validity(
+        ctx: *mut mbedtls_x509write_cert,
+        not_before: *const crate::c_types::c_char,
+        not_after: *const crate::c_types::c_char,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Set the issuer name for a Certificate
+    ///                  Issuer names should contain a comma-separated list
+    ///                  of OID types and values:
+    ///                  e.g. "C=UK,O=ARM,CN=mbed TLS CA"
+    ///
+    /// \param ctx           CRT context to use
+    /// \param issuer_name   issuer name to set
+    ///
+    /// \return          0 if issuer name was parsed successfully, or
+    ///                  a specific error code
+    pub fn mbedtls_x509write_crt_set_issuer_name(
+        ctx: *mut mbedtls_x509write_cert,
+        issuer_name: *const crate::c_types::c_char,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Set the subject name for a Certificate
+    ///                  Subject names should contain a comma-separated list
+    ///                  of OID types and values:
+    ///                  e.g. "C=UK,O=ARM,CN=mbed TLS Server 1"
+    ///
+    /// \param ctx           CRT context to use
+    /// \param subject_name  subject name to set
+    ///
+    /// \return          0 if subject name was parsed successfully, or
+    ///                  a specific error code
+    pub fn mbedtls_x509write_crt_set_subject_name(
+        ctx: *mut mbedtls_x509write_cert,
+        subject_name: *const crate::c_types::c_char,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Set the subject public key for the certificate
+    ///
+    /// \param ctx       CRT context to use
+    /// \param key       public key to include
+    pub fn mbedtls_x509write_crt_set_subject_key(
+        ctx: *mut mbedtls_x509write_cert,
+        key: *mut mbedtls_pk_context,
+    );
+}
+extern "C" {
+    /// \brief           Set the issuer key used for signing the certificate
+    ///
+    /// \param ctx       CRT context to use
+    /// \param key       private key to sign with
+    pub fn mbedtls_x509write_crt_set_issuer_key(
+        ctx: *mut mbedtls_x509write_cert,
+        key: *mut mbedtls_pk_context,
+    );
+}
+extern "C" {
+    /// \brief           Set the MD algorithm to use for the signature
+    ///                  (e.g. MBEDTLS_MD_SHA1)
+    ///
+    /// \param ctx       CRT context to use
+    /// \param md_alg    MD algorithm to use
+    pub fn mbedtls_x509write_crt_set_md_alg(
+        ctx: *mut mbedtls_x509write_cert,
+        md_alg: mbedtls_md_type_t,
+    );
+}
+extern "C" {
+    /// \brief           Generic function to add to or replace an extension in the
+    ///                  CRT
+    ///
+    /// \param ctx       CRT context to use
+    /// \param oid       OID of the extension
+    /// \param oid_len   length of the OID
+    /// \param critical  if the extension is critical (per the RFC's definition)
+    /// \param val       value of the extension OCTET STRING
+    /// \param val_len   length of the value data
+    ///
+    /// \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
+    pub fn mbedtls_x509write_crt_set_extension(
+        ctx: *mut mbedtls_x509write_cert,
+        oid: *const crate::c_types::c_char,
+        oid_len: usize,
+        critical: crate::c_types::c_int,
+        val: *const crate::c_types::c_uchar,
+        val_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Set the basicConstraints extension for a CRT
+    ///
+    /// \param ctx       CRT context to use
+    /// \param is_ca     is this a CA certificate
+    /// \param max_pathlen   maximum length of certificate chains below this
+    ///                      certificate (only for CA certificates, -1 is
+    ///                      unlimited)
+    ///
+    /// \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
+    pub fn mbedtls_x509write_crt_set_basic_constraints(
+        ctx: *mut mbedtls_x509write_cert,
+        is_ca: crate::c_types::c_int,
+        max_pathlen: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Set the subjectKeyIdentifier extension for a CRT
+    ///                  Requires that mbedtls_x509write_crt_set_subject_key() has been
+    ///                  called before
+    ///
+    /// \param ctx       CRT context to use
+    ///
+    /// \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
+    pub fn mbedtls_x509write_crt_set_subject_key_identifier(
+        ctx: *mut mbedtls_x509write_cert,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Set the authorityKeyIdentifier extension for a CRT
+    ///                  Requires that mbedtls_x509write_crt_set_issuer_key() has been
+    ///                  called before
+    ///
+    /// \param ctx       CRT context to use
+    ///
+    /// \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
+    pub fn mbedtls_x509write_crt_set_authority_key_identifier(
+        ctx: *mut mbedtls_x509write_cert,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Set the Key Usage Extension flags
+    ///                  (e.g. MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_SIGN)
+    ///
+    /// \param ctx       CRT context to use
+    /// \param key_usage key usage flags to set
+    ///
+    /// \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
+    pub fn mbedtls_x509write_crt_set_key_usage(
+        ctx: *mut mbedtls_x509write_cert,
+        key_usage: crate::c_types::c_uint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Set the Extended Key Usage Extension
+    ///                  (e.g. MBEDTLS_OID_SERVER_AUTH)
+    ///
+    /// \param ctx       CRT context to use
+    /// \param exts      extended key usage extensions to set, a sequence of
+    ///                  MBEDTLS_ASN1_OID objects
+    ///
+    /// \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
+    pub fn mbedtls_x509write_crt_set_ext_key_usage(
+        ctx: *mut mbedtls_x509write_cert,
+        exts: *const mbedtls_asn1_sequence,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Set the Netscape Cert Type flags
+    ///                  (e.g. MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT | MBEDTLS_X509_NS_CERT_TYPE_EMAIL)
+    ///
+    /// \param ctx           CRT context to use
+    /// \param ns_cert_type  Netscape Cert Type flags to set
+    ///
+    /// \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
+    pub fn mbedtls_x509write_crt_set_ns_cert_type(
+        ctx: *mut mbedtls_x509write_cert,
+        ns_cert_type: crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Free the contents of a CRT write context
+    ///
+    /// \param ctx       CRT context to free
+    pub fn mbedtls_x509write_crt_free(ctx: *mut mbedtls_x509write_cert);
+}
+extern "C" {
+    /// \brief           Write a built up certificate to a X509 DER structure
+    ///                  Note: data is written at the end of the buffer! Use the
+    ///                        return value to determine where you should start
+    ///                        using the buffer
+    ///
+    /// \param ctx       certificate to write away
+    /// \param buf       buffer to write to
+    /// \param size      size of the buffer
+    /// \param f_rng     RNG function. This must not be \c NULL.
+    /// \param p_rng     RNG parameter
+    ///
+    /// \return          length of data written if successful, or a specific
+    ///                  error code
+    ///
+    /// \note            \p f_rng is used for the signature operation.
+    pub fn mbedtls_x509write_crt_der(
+        ctx: *mut mbedtls_x509write_cert,
+        buf: *mut crate::c_types::c_uchar,
+        size: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Write a built up certificate to a X509 PEM string
+    ///
+    /// \param ctx       certificate to write away
+    /// \param buf       buffer to write to
+    /// \param size      size of the buffer
+    /// \param f_rng     RNG function. This must not be \c NULL.
+    /// \param p_rng     RNG parameter
+    ///
+    /// \return          0 if successful, or a specific error code
+    ///
+    /// \note            \p f_rng is used for the signature operation.
+    pub fn mbedtls_x509write_crt_pem(
+        ctx: *mut mbedtls_x509write_cert,
+        buf: *mut crate::c_types::c_uchar,
+        size: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+///<  The prime modulus.
+pub const mbedtls_dhm_parameter_MBEDTLS_DHM_PARAM_P: mbedtls_dhm_parameter = 0;
+///<  The generator.
+pub const mbedtls_dhm_parameter_MBEDTLS_DHM_PARAM_G: mbedtls_dhm_parameter = 1;
+///<  Our secret value.
+pub const mbedtls_dhm_parameter_MBEDTLS_DHM_PARAM_X: mbedtls_dhm_parameter = 2;
+///<  Our public key = \c G^X mod \c P.
+pub const mbedtls_dhm_parameter_MBEDTLS_DHM_PARAM_GX: mbedtls_dhm_parameter = 3;
+///<  The public key of the peer = \c G^Y mod \c P.
+pub const mbedtls_dhm_parameter_MBEDTLS_DHM_PARAM_GY: mbedtls_dhm_parameter = 4;
+///<  The shared secret = \c G^(XY) mod \c P.
+pub const mbedtls_dhm_parameter_MBEDTLS_DHM_PARAM_K: mbedtls_dhm_parameter = 5;
+/// Which parameter to access in mbedtls_dhm_get_value().
+pub type mbedtls_dhm_parameter = crate::c_types::c_uint;
+/// \brief          The DHM context structure.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_dhm_context {
+    pub private_P: mbedtls_mpi,
+    pub private_G: mbedtls_mpi,
+    pub private_X: mbedtls_mpi,
+    pub private_GX: mbedtls_mpi,
+    pub private_GY: mbedtls_mpi,
+    pub private_K: mbedtls_mpi,
+    pub private_RP: mbedtls_mpi,
+    pub private_Vi: mbedtls_mpi,
+    pub private_Vf: mbedtls_mpi,
+    pub private_pX: mbedtls_mpi,
+}
+extern "C" {
+    /// \brief          This function initializes the DHM context.
+    ///
+    /// \param ctx      The DHM context to initialize.
+    pub fn mbedtls_dhm_init(ctx: *mut mbedtls_dhm_context);
+}
+extern "C" {
+    /// \brief          This function parses the DHM parameters in a
+    ///                 TLS ServerKeyExchange handshake message
+    ///                 (DHM modulus, generator, and public key).
+    ///
+    /// \note           In a TLS handshake, this is the how the client
+    ///                 sets up its DHM context from the server's public
+    ///                 DHM key material.
+    ///
+    /// \param ctx      The DHM context to use. This must be initialized.
+    /// \param p        On input, *p must be the start of the input buffer.
+    ///                 On output, *p is updated to point to the end of the data
+    ///                 that has been read. On success, this is the first byte
+    ///                 past the end of the ServerKeyExchange parameters.
+    ///                 On error, this is the point at which an error has been
+    ///                 detected, which is usually not useful except to debug
+    ///                 failures.
+    /// \param end      The end of the input buffer.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_DHM_XXX error code on failure.
+    pub fn mbedtls_dhm_read_params(
+        ctx: *mut mbedtls_dhm_context,
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function generates a DHM key pair and exports its
+    ///                 public part together with the DHM parameters in the format
+    ///                 used in a TLS ServerKeyExchange handshake message.
+    ///
+    /// \note           This function assumes that the DHM parameters \c ctx->P
+    ///                 and \c ctx->G have already been properly set. For that, use
+    ///                 mbedtls_dhm_set_group() below in conjunction with
+    ///                 mbedtls_mpi_read_binary() and mbedtls_mpi_read_string().
+    ///
+    /// \note           In a TLS handshake, this is the how the server generates
+    ///                 and exports its DHM key material.
+    ///
+    /// \param ctx      The DHM context to use. This must be initialized
+    ///                 and have the DHM parameters set. It may or may not
+    ///                 already have imported the peer's public key.
+    /// \param x_size   The private key size in Bytes.
+    /// \param olen     The address at which to store the number of Bytes
+    ///                 written on success. This must not be \c NULL.
+    /// \param output   The destination buffer. This must be a writable buffer of
+    ///                 sufficient size to hold the reduced binary presentation of
+    ///                 the modulus, the generator and the public key, each wrapped
+    ///                 with a 2-byte length field. It is the responsibility of the
+    ///                 caller to ensure that enough space is available. Refer to
+    ///                 mbedtls_mpi_size() to computing the byte-size of an MPI.
+    /// \param f_rng    The RNG function. Must not be \c NULL.
+    /// \param p_rng    The RNG context to be passed to \p f_rng. This may be
+    ///                 \c NULL if \p f_rng doesn't need a context parameter.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_DHM_XXX error code on failure.
+    pub fn mbedtls_dhm_make_params(
+        ctx: *mut mbedtls_dhm_context,
+        x_size: crate::c_types::c_int,
+        output: *mut crate::c_types::c_uchar,
+        olen: *mut usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function sets the prime modulus and generator.
+    ///
+    /// \note           This function can be used to set \c ctx->P, \c ctx->G
+    ///                 in preparation for mbedtls_dhm_make_params().
+    ///
+    /// \param ctx      The DHM context to configure. This must be initialized.
+    /// \param P        The MPI holding the DHM prime modulus. This must be
+    ///                 an initialized MPI.
+    /// \param G        The MPI holding the DHM generator. This must be an
+    ///                 initialized MPI.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         An \c MBEDTLS_ERR_DHM_XXX error code on failure.
+    pub fn mbedtls_dhm_set_group(
+        ctx: *mut mbedtls_dhm_context,
+        P: *const mbedtls_mpi,
+        G: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function imports the raw public value of the peer.
+    ///
+    /// \note           In a TLS handshake, this is the how the server imports
+    ///                 the Client's public DHM key.
+    ///
+    /// \param ctx      The DHM context to use. This must be initialized and have
+    ///                 its DHM parameters set, e.g. via mbedtls_dhm_set_group().
+    ///                 It may or may not already have generated its own private key.
+    /// \param input    The input buffer containing the \c G^Y value of the peer.
+    ///                 This must be a readable buffer of size \p ilen Bytes.
+    /// \param ilen     The size of the input buffer \p input in Bytes.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_DHM_XXX error code on failure.
+    pub fn mbedtls_dhm_read_public(
+        ctx: *mut mbedtls_dhm_context,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function creates a DHM key pair and exports
+    ///                 the raw public key in big-endian format.
+    ///
+    /// \note           The destination buffer is always fully written
+    ///                 so as to contain a big-endian representation of G^X mod P.
+    ///                 If it is larger than \c ctx->len, it is padded accordingly
+    ///                 with zero-bytes at the beginning.
+    ///
+    /// \param ctx      The DHM context to use. This must be initialized and
+    ///                 have the DHM parameters set. It may or may not already
+    ///                 have imported the peer's public key.
+    /// \param x_size   The private key size in Bytes.
+    /// \param output   The destination buffer. This must be a writable buffer of
+    ///                 size \p olen Bytes.
+    /// \param olen     The length of the destination buffer. This must be at least
+    ///                 equal to `ctx->len` (the size of \c P).
+    /// \param f_rng    The RNG function. This must not be \c NULL.
+    /// \param p_rng    The RNG context to be passed to \p f_rng. This may be \c NULL
+    ///                 if \p f_rng doesn't need a context argument.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_DHM_XXX error code on failure.
+    pub fn mbedtls_dhm_make_public(
+        ctx: *mut mbedtls_dhm_context,
+        x_size: crate::c_types::c_int,
+        output: *mut crate::c_types::c_uchar,
+        olen: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function derives and exports the shared secret
+    ///                 \c (G^Y)^X mod \c P.
+    ///
+    /// \note           If \p f_rng is not \c NULL, it is used to blind the input as
+    ///                 a countermeasure against timing attacks. Blinding is used
+    ///                 only if our private key \c X is re-used, and not used
+    ///                 otherwise. We recommend always passing a non-NULL
+    ///                 \p f_rng argument.
+    ///
+    /// \param ctx           The DHM context to use. This must be initialized
+    ///                      and have its own private key generated and the peer's
+    ///                      public key imported.
+    /// \param output        The buffer to write the generated shared key to. This
+    ///                      must be a writable buffer of size \p output_size Bytes.
+    /// \param output_size   The size of the destination buffer. This must be at
+    ///                      least the size of \c ctx->len (the size of \c P).
+    /// \param olen          On exit, holds the actual number of Bytes written.
+    /// \param f_rng         The RNG function. Must not be \c NULL. Used for
+    ///                      blinding.
+    /// \param p_rng         The RNG context to be passed to \p f_rng. This may be
+    ///                      \c NULL if \p f_rng doesn't need a context parameter.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              An \c MBEDTLS_ERR_DHM_XXX error code on failure.
+    pub fn mbedtls_dhm_calc_secret(
+        ctx: *mut mbedtls_dhm_context,
+        output: *mut crate::c_types::c_uchar,
+        output_size: usize,
+        olen: *mut usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function returns the size of the prime modulus in bits.
+    ///
+    /// \param ctx      The DHM context to query.
+    ///
+    /// \return         The size of the prime modulus in bits,
+    ///                 i.e. the number n such that 2^(n-1) <= P < 2^n.
+    pub fn mbedtls_dhm_get_bitlen(ctx: *const mbedtls_dhm_context) -> usize;
+}
+extern "C" {
+    /// \brief          This function returns the size of the prime modulus in bytes.
+    ///
+    /// \param ctx      The DHM context to query.
+    ///
+    /// \return         The size of the prime modulus in bytes,
+    ///                 i.e. the number n such that 2^(8*(n-1)) <= P < 2^(8*n).
+    pub fn mbedtls_dhm_get_len(ctx: *const mbedtls_dhm_context) -> usize;
+}
+extern "C" {
+    /// \brief          This function copies a parameter of a DHM key.
+    ///
+    /// \param ctx      The DHM context to query.
+    /// \param param    The parameter to copy.
+    /// \param dest     The MPI object to copy the value into. It must be
+    ///                 initialized.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_DHM_BAD_INPUT_DATA if \p field is invalid.
+    /// \return         An \c MBEDTLS_ERR_MPI_XXX error code if the copy fails.
+    pub fn mbedtls_dhm_get_value(
+        ctx: *const mbedtls_dhm_context,
+        param: mbedtls_dhm_parameter,
+        dest: *mut mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function frees and clears the components
+    ///                 of a DHM context.
+    ///
+    /// \param ctx      The DHM context to free and clear. This may be \c NULL,
+    ///                 in which case this function is a no-op. If it is not \c NULL,
+    ///                 it must point to an initialized DHM context.
+    pub fn mbedtls_dhm_free(ctx: *mut mbedtls_dhm_context);
+}
+extern "C" {
+    /// \brief             This function parses DHM parameters in PEM or DER format.
+    ///
+    /// \param dhm         The DHM context to import the DHM parameters into.
+    ///                    This must be initialized.
+    /// \param dhmin       The input buffer. This must be a readable buffer of
+    ///                    length \p dhminlen Bytes.
+    /// \param dhminlen    The size of the input buffer \p dhmin, including the
+    ///                    terminating \c NULL Byte for PEM data.
+    ///
+    /// \return            \c 0 on success.
+    /// \return            An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX error
+    ///                    code on failure.
+    pub fn mbedtls_dhm_parse_dhm(
+        dhm: *mut mbedtls_dhm_context,
+        dhmin: *const crate::c_types::c_uchar,
+        dhminlen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          The DMH checkup routine.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_dhm_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+///< Our key.
+pub const mbedtls_ecdh_side_MBEDTLS_ECDH_OURS: mbedtls_ecdh_side = 0;
+///< The key of the peer.
+pub const mbedtls_ecdh_side_MBEDTLS_ECDH_THEIRS: mbedtls_ecdh_side = 1;
+/// Defines the source of the imported EC key.
+pub type mbedtls_ecdh_side = crate::c_types::c_uint;
+///< Implementation not defined.
+pub const mbedtls_ecdh_variant_MBEDTLS_ECDH_VARIANT_NONE: mbedtls_ecdh_variant = 0;
+///< The default Mbed TLS implementation
+pub const mbedtls_ecdh_variant_MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: mbedtls_ecdh_variant = 1;
+/// Defines the ECDH implementation used.
+///
+/// Later versions of the library may add new variants, therefore users should
+/// not make any assumptions about them.
+pub type mbedtls_ecdh_variant = crate::c_types::c_uint;
+/// The context used by the default ECDH implementation.
+///
+/// Later versions might change the structure of this context, therefore users
+/// should not make any assumptions about the structure of
+/// mbedtls_ecdh_context_mbed.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ecdh_context_mbed {
+    pub private_grp: mbedtls_ecp_group,
+    pub private_d: mbedtls_mpi,
+    pub private_Q: mbedtls_ecp_point,
+    pub private_Qp: mbedtls_ecp_point,
+    pub private_z: mbedtls_mpi,
+}
+/// \warning         Performing multiple operations concurrently on the same
+///                  ECDSA context is not supported; objects of this type
+///                  should not be shared between multiple threads.
+/// \brief           The ECDH context structure.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ecdh_context {
+    pub private_point_format: u8,
+    pub private_grp_id: mbedtls_ecp_group_id,
+    pub private_var: mbedtls_ecdh_variant,
+    pub private_ctx: mbedtls_ecdh_context__bindgen_ty_1,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union mbedtls_ecdh_context__bindgen_ty_1 {
+    pub private_mbed_ecdh: mbedtls_ecdh_context_mbed,
+}
+extern "C" {
+    /// \brief          Check whether a given group can be used for ECDH.
+    ///
+    /// \param gid      The ECP group ID to check.
+    ///
+    /// \return         \c 1 if the group can be used, \c 0 otherwise
+    pub fn mbedtls_ecdh_can_do(gid: mbedtls_ecp_group_id) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function generates an ECDH keypair on an elliptic
+    ///                  curve.
+    ///
+    ///                  This function performs the first of two core computations
+    ///                  implemented during the ECDH key exchange. The second core
+    ///                  computation is performed by mbedtls_ecdh_compute_shared().
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param grp       The ECP group to use. This must be initialized and have
+    ///                  domain parameters loaded, for example through
+    ///                  mbedtls_ecp_load() or mbedtls_ecp_tls_read_group().
+    /// \param d         The destination MPI (private key).
+    ///                  This must be initialized.
+    /// \param Q         The destination point (public key).
+    ///                  This must be initialized.
+    /// \param f_rng     The RNG function to use. This must not be \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may be
+    ///                  \c NULL in case \p f_rng doesn't need a context argument.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          Another \c MBEDTLS_ERR_ECP_XXX or
+    ///                  \c MBEDTLS_MPI_XXX error code on failure.
+    pub fn mbedtls_ecdh_gen_public(
+        grp: *mut mbedtls_ecp_group,
+        d: *mut mbedtls_mpi,
+        Q: *mut mbedtls_ecp_point,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function computes the shared secret.
+    ///
+    ///                  This function performs the second of two core computations
+    ///                  implemented during the ECDH key exchange. The first core
+    ///                  computation is performed by mbedtls_ecdh_gen_public().
+    ///
+    /// \see             ecp.h
+    ///
+    /// \note            If \p f_rng is not NULL, it is used to implement
+    ///                  countermeasures against side-channel attacks.
+    ///                  For more information, see mbedtls_ecp_mul().
+    ///
+    /// \param grp       The ECP group to use. This must be initialized and have
+    ///                  domain parameters loaded, for example through
+    ///                  mbedtls_ecp_load() or mbedtls_ecp_tls_read_group().
+    /// \param z         The destination MPI (shared secret).
+    ///                  This must be initialized.
+    /// \param Q         The public key from another party.
+    ///                  This must be initialized.
+    /// \param d         Our secret exponent (private key).
+    ///                  This must be initialized.
+    /// \param f_rng     The RNG function to use. This must not be \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may be
+    ///                  \c NULL if \p f_rng is \c NULL or doesn't need a
+    ///                  context argument.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          Another \c MBEDTLS_ERR_ECP_XXX or
+    ///                  \c MBEDTLS_MPI_XXX error code on failure.
+    pub fn mbedtls_ecdh_compute_shared(
+        grp: *mut mbedtls_ecp_group,
+        z: *mut mbedtls_mpi,
+        Q: *const mbedtls_ecp_point,
+        d: *const mbedtls_mpi,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function initializes an ECDH context.
+    ///
+    /// \param ctx       The ECDH context to initialize. This must not be \c NULL.
+    pub fn mbedtls_ecdh_init(ctx: *mut mbedtls_ecdh_context);
+}
+extern "C" {
+    /// \brief           This function sets up the ECDH context with the information
+    ///                  given.
+    ///
+    ///                  This function should be called after mbedtls_ecdh_init() but
+    ///                  before mbedtls_ecdh_make_params(). There is no need to call
+    ///                  this function before mbedtls_ecdh_read_params().
+    ///
+    ///                  This is the first function used by a TLS server for ECDHE
+    ///                  ciphersuites.
+    ///
+    /// \param ctx       The ECDH context to set up. This must be initialized.
+    /// \param grp_id    The group id of the group to set up the context for.
+    ///
+    /// \return          \c 0 on success.
+    pub fn mbedtls_ecdh_setup(
+        ctx: *mut mbedtls_ecdh_context,
+        grp_id: mbedtls_ecp_group_id,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function frees a context.
+    ///
+    /// \param ctx       The context to free. This may be \c NULL, in which
+    ///                  case this function does nothing. If it is not \c NULL,
+    ///                  it must point to an initialized ECDH context.
+    pub fn mbedtls_ecdh_free(ctx: *mut mbedtls_ecdh_context);
+}
+extern "C" {
+    /// \brief           This function generates an EC key pair and exports its
+    ///                  in the format used in a TLS ServerKeyExchange handshake
+    ///                  message.
+    ///
+    ///                  This is the second function used by a TLS server for ECDHE
+    ///                  ciphersuites. (It is called after mbedtls_ecdh_setup().)
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param ctx       The ECDH context to use. This must be initialized
+    ///                  and bound to a group, for example via mbedtls_ecdh_setup().
+    /// \param olen      The address at which to store the number of Bytes written.
+    /// \param buf       The destination buffer. This must be a writable buffer of
+    ///                  length \p blen Bytes.
+    /// \param blen      The length of the destination buffer \p buf in Bytes.
+    /// \param f_rng     The RNG function to use. This must not be \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may be
+    ///                  \c NULL in case \p f_rng doesn't need a context argument.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                  operations was reached: see \c mbedtls_ecp_set_max_ops().
+    /// \return          Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
+    pub fn mbedtls_ecdh_make_params(
+        ctx: *mut mbedtls_ecdh_context,
+        olen: *mut usize,
+        buf: *mut crate::c_types::c_uchar,
+        blen: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function parses the ECDHE parameters in a
+    ///                  TLS ServerKeyExchange handshake message.
+    ///
+    /// \note            In a TLS handshake, this is the how the client
+    ///                  sets up its ECDHE context from the server's public
+    ///                  ECDHE key material.
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param ctx       The ECDHE context to use. This must be initialized.
+    /// \param buf       On input, \c *buf must be the start of the input buffer.
+    ///                  On output, \c *buf is updated to point to the end of the
+    ///                  data that has been read. On success, this is the first byte
+    ///                  past the end of the ServerKeyExchange parameters.
+    ///                  On error, this is the point at which an error has been
+    ///                  detected, which is usually not useful except to debug
+    ///                  failures.
+    /// \param end       The end of the input buffer.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX error code on failure.
+    pub fn mbedtls_ecdh_read_params(
+        ctx: *mut mbedtls_ecdh_context,
+        buf: *mut *const crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function sets up an ECDH context from an EC key.
+    ///
+    ///                  It is used by clients and servers in place of the
+    ///                  ServerKeyEchange for static ECDH, and imports ECDH
+    ///                  parameters from the EC key information of a certificate.
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param ctx       The ECDH context to set up. This must be initialized.
+    /// \param key       The EC key to use. This must be initialized.
+    /// \param side      Defines the source of the key. Possible values are:
+    ///                  - #MBEDTLS_ECDH_OURS: The key is ours.
+    ///                  - #MBEDTLS_ECDH_THEIRS: The key is that of the peer.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
+    pub fn mbedtls_ecdh_get_params(
+        ctx: *mut mbedtls_ecdh_context,
+        key: *const mbedtls_ecp_keypair,
+        side: mbedtls_ecdh_side,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function generates a public key and exports it
+    ///                  as a TLS ClientKeyExchange payload.
+    ///
+    ///                  This is the second function used by a TLS client for ECDH(E)
+    ///                  ciphersuites.
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param ctx       The ECDH context to use. This must be initialized
+    ///                  and bound to a group, the latter usually by
+    ///                  mbedtls_ecdh_read_params().
+    /// \param olen      The address at which to store the number of Bytes written.
+    ///                  This must not be \c NULL.
+    /// \param buf       The destination buffer. This must be a writable buffer
+    ///                  of length \p blen Bytes.
+    /// \param blen      The size of the destination buffer \p buf in Bytes.
+    /// \param f_rng     The RNG function to use. This must not be \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may be
+    ///                  \c NULL in case \p f_rng doesn't need a context argument.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                  operations was reached: see \c mbedtls_ecp_set_max_ops().
+    /// \return          Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
+    pub fn mbedtls_ecdh_make_public(
+        ctx: *mut mbedtls_ecdh_context,
+        olen: *mut usize,
+        buf: *mut crate::c_types::c_uchar,
+        blen: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       This function parses and processes the ECDHE payload of a
+    ///              TLS ClientKeyExchange message.
+    ///
+    ///              This is the third function used by a TLS server for ECDH(E)
+    ///              ciphersuites. (It is called after mbedtls_ecdh_setup() and
+    ///              mbedtls_ecdh_make_params().)
+    ///
+    /// \see         ecp.h
+    ///
+    /// \param ctx   The ECDH context to use. This must be initialized
+    ///              and bound to a group, for example via mbedtls_ecdh_setup().
+    /// \param buf   The pointer to the ClientKeyExchange payload. This must
+    ///              be a readable buffer of length \p blen Bytes.
+    /// \param blen  The length of the input buffer \p buf in Bytes.
+    ///
+    /// \return      \c 0 on success.
+    /// \return      An \c MBEDTLS_ERR_ECP_XXX error code on failure.
+    pub fn mbedtls_ecdh_read_public(
+        ctx: *mut mbedtls_ecdh_context,
+        buf: *const crate::c_types::c_uchar,
+        blen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function derives and exports the shared secret.
+    ///
+    ///                  This is the last function used by both TLS client
+    ///                  and servers.
+    ///
+    /// \note            If \p f_rng is not NULL, it is used to implement
+    ///                  countermeasures against side-channel attacks.
+    ///                  For more information, see mbedtls_ecp_mul().
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param ctx       The ECDH context to use. This must be initialized
+    ///                  and have its own private key generated and the peer's
+    ///                  public key imported.
+    /// \param olen      The address at which to store the total number of
+    ///                  Bytes written on success. This must not be \c NULL.
+    /// \param buf       The buffer to write the generated shared key to. This
+    ///                  must be a writable buffer of size \p blen Bytes.
+    /// \param blen      The length of the destination buffer \p buf in Bytes.
+    /// \param f_rng     The RNG function to use. This must not be \c NULL.
+    /// \param p_rng     The RNG context. This may be \c NULL if \p f_rng
+    ///                  doesn't need a context argument.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                  operations was reached: see \c mbedtls_ecp_set_max_ops().
+    /// \return          Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
+    pub fn mbedtls_ecdh_calc_secret(
+        ctx: *mut mbedtls_ecdh_context,
+        olen: *mut usize,
+        buf: *mut crate::c_types::c_uchar,
+        blen: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union mbedtls_ssl_premaster_secret {
+    pub _pms_rsa: [crate::c_types::c_uchar; 48usize],
+    pub _pms_dhm: [crate::c_types::c_uchar; 1024usize],
+    pub _pms_ecdh: [crate::c_types::c_uchar; 66usize],
+    pub _pms_psk: [crate::c_types::c_uchar; 100usize],
+    pub _pms_dhe_psk: [crate::c_types::c_uchar; 1076usize],
+    pub _pms_rsa_psk: [crate::c_types::c_uchar; 100usize],
+    pub _pms_ecdhe_psk: [crate::c_types::c_uchar; 118usize],
+}
+pub const mbedtls_ssl_states_MBEDTLS_SSL_HELLO_REQUEST: mbedtls_ssl_states = 0;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_CLIENT_HELLO: mbedtls_ssl_states = 1;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_SERVER_HELLO: mbedtls_ssl_states = 2;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_SERVER_CERTIFICATE: mbedtls_ssl_states = 3;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_SERVER_KEY_EXCHANGE: mbedtls_ssl_states = 4;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_CERTIFICATE_REQUEST: mbedtls_ssl_states = 5;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_SERVER_HELLO_DONE: mbedtls_ssl_states = 6;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_CLIENT_CERTIFICATE: mbedtls_ssl_states = 7;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_CLIENT_KEY_EXCHANGE: mbedtls_ssl_states = 8;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_CERTIFICATE_VERIFY: mbedtls_ssl_states = 9;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC: mbedtls_ssl_states = 10;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_CLIENT_FINISHED: mbedtls_ssl_states = 11;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC: mbedtls_ssl_states = 12;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_SERVER_FINISHED: mbedtls_ssl_states = 13;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_FLUSH_BUFFERS: mbedtls_ssl_states = 14;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_HANDSHAKE_WRAPUP: mbedtls_ssl_states = 15;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_NEW_SESSION_TICKET: mbedtls_ssl_states = 16;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT: mbedtls_ssl_states = 17;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_HELLO_RETRY_REQUEST: mbedtls_ssl_states = 18;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_ENCRYPTED_EXTENSIONS: mbedtls_ssl_states = 19;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_END_OF_EARLY_DATA: mbedtls_ssl_states = 20;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY: mbedtls_ssl_states = 21;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED: mbedtls_ssl_states = 22;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO: mbedtls_ssl_states =
+    23;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO: mbedtls_ssl_states = 24;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO: mbedtls_ssl_states = 25;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST: mbedtls_ssl_states =
+    26;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_HANDSHAKE_OVER: mbedtls_ssl_states = 27;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET: mbedtls_ssl_states = 28;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH: mbedtls_ssl_states = 29;
+pub type mbedtls_ssl_states = crate::c_types::c_uint;
+/// \brief          Callback type: send data on the network.
+///
+/// \note           That callback may be either blocking or non-blocking.
+///
+/// \param ctx      Context for the send callback (typically a file descriptor)
+/// \param buf      Buffer holding the data to send
+/// \param len      Length of the data to send
+///
+/// \return         The callback must return the number of bytes sent if any,
+///                 or a non-zero error code.
+///                 If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_WRITE
+///                 must be returned when the operation would block.
+///
+/// \note           The callback is allowed to send fewer bytes than requested.
+///                 It must always return the number of bytes actually sent.
+pub type mbedtls_ssl_send_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        ctx: *mut crate::c_types::c_void,
+        buf: *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int,
+>;
+/// \brief          Callback type: receive data from the network.
+///
+/// \note           That callback may be either blocking or non-blocking.
+///
+/// \param ctx      Context for the receive callback (typically a file
+///                 descriptor)
+/// \param buf      Buffer to write the received data to
+/// \param len      Length of the receive buffer
+///
+/// \returns        If data has been received, the positive number of bytes received.
+/// \returns        \c 0 if the connection has been closed.
+/// \returns        If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_READ
+///                 must be returned when the operation would block.
+/// \returns        Another negative error code on other kinds of failures.
+///
+/// \note           The callback may receive fewer bytes than the length of the
+///                 buffer. It must always return the number of bytes actually
+///                 received and written to the buffer.
+pub type mbedtls_ssl_recv_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        ctx: *mut crate::c_types::c_void,
+        buf: *mut crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int,
+>;
+/// \brief          Callback type: receive data from the network, with timeout
+///
+/// \note           That callback must block until data is received, or the
+///                 timeout delay expires, or the operation is interrupted by a
+///                 signal.
+///
+/// \param ctx      Context for the receive callback (typically a file descriptor)
+/// \param buf      Buffer to write the received data to
+/// \param len      Length of the receive buffer
+/// \param timeout  Maximum number of milliseconds to wait for data
+///                 0 means no timeout (potentially waiting forever)
+///
+/// \return         The callback must return the number of bytes received,
+///                 or a non-zero error code:
+///                 \c MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out,
+///                 \c MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal.
+///
+/// \note           The callback may receive fewer bytes than the length of the
+///                 buffer. It must always return the number of bytes actually
+///                 received and written to the buffer.
+pub type mbedtls_ssl_recv_timeout_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        ctx: *mut crate::c_types::c_void,
+        buf: *mut crate::c_types::c_uchar,
+        len: usize,
+        timeout: u32,
+    ) -> crate::c_types::c_int,
+>;
+/// \brief          Callback type: set a pair of timers/delays to watch
+///
+/// \param ctx      Context pointer
+/// \param int_ms   Intermediate delay in milliseconds
+/// \param fin_ms   Final delay in milliseconds
+///                 0 cancels the current timer.
+///
+/// \note           This callback must at least store the necessary information
+///                 for the associated \c mbedtls_ssl_get_timer_t callback to
+///                 return correct information.
+///
+/// \note           If using an event-driven style of programming, an event must
+///                 be generated when the final delay is passed. The event must
+///                 cause a call to \c mbedtls_ssl_handshake() with the proper
+///                 SSL context to be scheduled. Care must be taken to ensure
+///                 that at most one such call happens at a time.
+///
+/// \note           Only one timer at a time must be running. Calling this
+///                 function while a timer is running must cancel it. Cancelled
+///                 timers must not generate any event.
+pub type mbedtls_ssl_set_timer_t = ::core::option::Option<
+    unsafe extern "C" fn(ctx: *mut crate::c_types::c_void, int_ms: u32, fin_ms: u32),
+>;
+/// \brief          Callback type: get status of timers/delays
+///
+/// \param ctx      Context pointer
+///
+/// \return         This callback must return:
+///                 -1 if cancelled (fin_ms == 0),
+///                  0 if none of the delays have passed,
+///                  1 if only the intermediate delay has passed,
+///                  2 if the final delay has passed.
+pub type mbedtls_ssl_get_timer_t = ::core::option::Option<
+    unsafe extern "C" fn(ctx: *mut crate::c_types::c_void) -> crate::c_types::c_int,
+>;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ssl_transform {
+    _unused: [u8; 0],
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ssl_handshake_params {
+    _unused: [u8; 0],
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ssl_sig_hash_set_t {
+    _unused: [u8; 0],
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ssl_key_cert {
+    _unused: [u8; 0],
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ssl_flight_item {
+    _unused: [u8; 0],
+}
+/// \brief          Callback type: server-side session cache getter
+///
+///                 The session cache is logically a key value store, with
+///                 keys being session IDs and values being instances of
+///                 mbedtls_ssl_session.
+///
+///                 This callback retrieves an entry in this key-value store.
+///
+/// \param data            The address of the session cache structure to query.
+/// \param session_id      The buffer holding the session ID to query.
+/// \param session_id_len  The length of \p session_id in Bytes.
+/// \param session         The address of the session structure to populate.
+///                        It is initialized with mbdtls_ssl_session_init(),
+///                        and the callback must always leave it in a state
+///                        where it can safely be freed via
+///                        mbedtls_ssl_session_free() independent of the
+///                        return code of this function.
+///
+/// \return                \c 0 on success
+/// \return                A non-zero return value on failure.
+pub type mbedtls_ssl_cache_get_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        data: *mut crate::c_types::c_void,
+        session_id: *const crate::c_types::c_uchar,
+        session_id_len: usize,
+        session: *mut mbedtls_ssl_session,
+    ) -> crate::c_types::c_int,
+>;
+/// \brief          Callback type: server-side session cache setter
+///
+///                 The session cache is logically a key value store, with
+///                 keys being session IDs and values being instances of
+///                 mbedtls_ssl_session.
+///
+///                 This callback sets an entry in this key-value store.
+///
+/// \param data            The address of the session cache structure to modify.
+/// \param session_id      The buffer holding the session ID to query.
+/// \param session_id_len  The length of \p session_id in Bytes.
+/// \param session         The address of the session to be stored in the
+///                        session cache.
+///
+/// \return                \c 0 on success
+/// \return                A non-zero return value on failure.
+pub type mbedtls_ssl_cache_set_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        data: *mut crate::c_types::c_void,
+        session_id: *const crate::c_types::c_uchar,
+        session_id_len: usize,
+        session: *const mbedtls_ssl_session,
+    ) -> crate::c_types::c_int,
+>;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ssl_tls13_application_secrets {
+    pub client_application_traffic_secret_N: [crate::c_types::c_uchar; 64usize],
+    pub server_application_traffic_secret_N: [crate::c_types::c_uchar; 64usize],
+    pub exporter_master_secret: [crate::c_types::c_uchar; 64usize],
+    pub resumption_master_secret: [crate::c_types::c_uchar; 64usize],
+}
+///< Context not in use or version not yet negotiated.
+pub const mbedtls_ssl_protocol_version_MBEDTLS_SSL_VERSION_UNKNOWN: mbedtls_ssl_protocol_version =
+    0;
+///< (D)TLS 1.2
+pub const mbedtls_ssl_protocol_version_MBEDTLS_SSL_VERSION_TLS1_2: mbedtls_ssl_protocol_version =
+    771;
+///< (D)TLS 1.3
+pub const mbedtls_ssl_protocol_version_MBEDTLS_SSL_VERSION_TLS1_3: mbedtls_ssl_protocol_version =
+    772;
+/// Human-friendly representation of the (D)TLS protocol version.
+pub type mbedtls_ssl_protocol_version = crate::c_types::c_uint;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ssl_session {
+    pub private_mfl_code: crate::c_types::c_uchar,
+    pub private_exported: crate::c_types::c_uchar,
+    pub private_tls_version: mbedtls_ssl_protocol_version,
+    pub private_ciphersuite: crate::c_types::c_int,
+    pub private_id_len: usize,
+    pub private_id: [crate::c_types::c_uchar; 32usize],
+    pub private_master: [crate::c_types::c_uchar; 48usize],
+    pub private_peer_cert: *mut mbedtls_x509_crt,
+    pub private_verify_result: u32,
+    pub private_ticket: *mut crate::c_types::c_uchar,
+    pub private_ticket_len: usize,
+    pub private_ticket_lifetime: u32,
+    pub private_endpoint: u8,
+    pub private_ticket_flags: u8,
+    pub private_ticket_age_add: u32,
+    pub private_resumption_key_len: u8,
+    pub private_resumption_key: [crate::c_types::c_uchar; 48usize],
+    pub private_hostname: *mut crate::c_types::c_char,
+    pub private_encrypt_then_mac: crate::c_types::c_int,
+    pub private_app_secrets: mbedtls_ssl_tls13_application_secrets,
+}
+pub const mbedtls_tls_prf_types_MBEDTLS_SSL_TLS_PRF_NONE: mbedtls_tls_prf_types = 0;
+pub const mbedtls_tls_prf_types_MBEDTLS_SSL_TLS_PRF_SHA384: mbedtls_tls_prf_types = 1;
+pub const mbedtls_tls_prf_types_MBEDTLS_SSL_TLS_PRF_SHA256: mbedtls_tls_prf_types = 2;
+pub const mbedtls_tls_prf_types_MBEDTLS_SSL_HKDF_EXPAND_SHA384: mbedtls_tls_prf_types = 3;
+pub const mbedtls_tls_prf_types_MBEDTLS_SSL_HKDF_EXPAND_SHA256: mbedtls_tls_prf_types = 4;
+pub type mbedtls_tls_prf_types = crate::c_types::c_uint;
+pub const mbedtls_ssl_key_export_type_MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET:
+    mbedtls_ssl_key_export_type = 0;
+pub const mbedtls_ssl_key_export_type_MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_EARLY_SECRET:
+    mbedtls_ssl_key_export_type = 1;
+pub const mbedtls_ssl_key_export_type_MBEDTLS_SSL_KEY_EXPORT_TLS1_3_EARLY_EXPORTER_SECRET:
+    mbedtls_ssl_key_export_type = 2;
+pub const mbedtls_ssl_key_export_type_MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_HANDSHAKE_TRAFFIC_SECRET : mbedtls_ssl_key_export_type = 3 ;
+pub const mbedtls_ssl_key_export_type_MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_HANDSHAKE_TRAFFIC_SECRET : mbedtls_ssl_key_export_type = 4 ;
+pub const mbedtls_ssl_key_export_type_MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_APPLICATION_TRAFFIC_SECRET : mbedtls_ssl_key_export_type = 5 ;
+pub const mbedtls_ssl_key_export_type_MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_APPLICATION_TRAFFIC_SECRET : mbedtls_ssl_key_export_type = 6 ;
+pub type mbedtls_ssl_key_export_type = crate::c_types::c_uint;
+/// \brief           Callback type: Export key alongside random values for
+///                                 session identification, and PRF for
+///                                 implementation of TLS key exporters.
+///
+/// \param p_expkey   Context for the callback.
+/// \param type       The type of the key that is being exported.
+/// \param secret     The address of the buffer holding the secret
+///                   that's being exporterd.
+/// \param secret_len The length of \p secret in bytes.
+/// \param client_random The client random bytes.
+/// \param server_random The server random bytes.
+/// \param tls_prf_type The identifier for the PRF used in the handshake
+///                     to which the key belongs.
+pub type mbedtls_ssl_export_keys_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        p_expkey: *mut crate::c_types::c_void,
+        type_: mbedtls_ssl_key_export_type,
+        secret: *const crate::c_types::c_uchar,
+        secret_len: usize,
+        client_random: *const crate::c_types::c_uchar,
+        server_random: *const crate::c_types::c_uchar,
+        tls_prf_type: mbedtls_tls_prf_types,
+    ),
+>;
+/// \brief           Callback type: generic handshake callback
+///
+/// \note            Callbacks may use user_data funcs to set/get app user data.
+///                  See \c mbedtls_ssl_get_user_data_p()
+///                      \c mbedtls_ssl_get_user_data_n()
+///                      \c mbedtls_ssl_conf_get_user_data_p()
+///                      \c mbedtls_ssl_conf_get_user_data_n()
+///
+/// \param ssl       \c mbedtls_ssl_context on which the callback is run
+///
+/// \return          The return value of the callback is 0 if successful,
+///                  or a specific MBEDTLS_ERR_XXX code, which will cause
+///                  the handshake to be aborted.
+pub type mbedtls_ssl_hs_cb_t = ::core::option::Option<
+    unsafe extern "C" fn(ssl: *mut mbedtls_ssl_context) -> crate::c_types::c_int,
+>;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union mbedtls_ssl_user_data_t {
+    pub n: usize,
+    pub p: *mut crate::c_types::c_void,
+}
+/// SSL/TLS configuration to be shared between mbedtls_ssl_context structures.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ssl_config {
+    pub private_max_tls_version: mbedtls_ssl_protocol_version,
+    pub private_min_tls_version: mbedtls_ssl_protocol_version,
+    pub private_endpoint: u8,
+    pub private_transport: u8,
+    pub private_authmode: u8,
+    pub private_allow_legacy_renegotiation: u8,
+    pub private_mfl_code: u8,
+    pub private_encrypt_then_mac: u8,
+    pub private_extended_ms: u8,
+    pub private_anti_replay: u8,
+    pub private_disable_renegotiation: u8,
+    pub private_session_tickets: u8,
+    pub private_new_session_tickets_count: u16,
+    pub private_cert_req_ca_list: u8,
+    pub private_respect_cli_pref: u8,
+    pub private_ignore_unexpected_cid: u8,
+    pub private_ciphersuite_list: *const crate::c_types::c_int,
+    pub private_tls13_kex_modes: crate::c_types::c_int,
+    pub private_f_dbg: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut crate::c_types::c_void,
+            arg2: crate::c_types::c_int,
+            arg3: *const crate::c_types::c_char,
+            arg4: crate::c_types::c_int,
+            arg5: *const crate::c_types::c_char,
+        ),
+    >,
+    pub private_p_dbg: *mut crate::c_types::c_void,
+    pub private_f_rng: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut crate::c_types::c_void,
+            arg2: *mut crate::c_types::c_uchar,
+            arg3: usize,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_p_rng: *mut crate::c_types::c_void,
+    pub private_f_get_cache: mbedtls_ssl_cache_get_t,
+    pub private_f_set_cache: mbedtls_ssl_cache_set_t,
+    pub private_p_cache: *mut crate::c_types::c_void,
+    pub private_f_sni: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut crate::c_types::c_void,
+            arg2: *mut mbedtls_ssl_context,
+            arg3: *const crate::c_types::c_uchar,
+            arg4: usize,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_p_sni: *mut crate::c_types::c_void,
+    pub private_f_vrfy: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut crate::c_types::c_void,
+            arg2: *mut mbedtls_x509_crt,
+            arg3: crate::c_types::c_int,
+            arg4: *mut u32,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_p_vrfy: *mut crate::c_types::c_void,
+    pub private_f_psk: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut crate::c_types::c_void,
+            arg2: *mut mbedtls_ssl_context,
+            arg3: *const crate::c_types::c_uchar,
+            arg4: usize,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_p_psk: *mut crate::c_types::c_void,
+    pub private_f_cookie_write: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut crate::c_types::c_void,
+            arg2: *mut *mut crate::c_types::c_uchar,
+            arg3: *mut crate::c_types::c_uchar,
+            arg4: *const crate::c_types::c_uchar,
+            arg5: usize,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_f_cookie_check: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut crate::c_types::c_void,
+            arg2: *const crate::c_types::c_uchar,
+            arg3: usize,
+            arg4: *const crate::c_types::c_uchar,
+            arg5: usize,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_p_cookie: *mut crate::c_types::c_void,
+    pub private_f_ticket_write: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut crate::c_types::c_void,
+            arg2: *const mbedtls_ssl_session,
+            arg3: *mut crate::c_types::c_uchar,
+            arg4: *const crate::c_types::c_uchar,
+            arg5: *mut usize,
+            arg6: *mut u32,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_f_ticket_parse: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut crate::c_types::c_void,
+            arg2: *mut mbedtls_ssl_session,
+            arg3: *mut crate::c_types::c_uchar,
+            arg4: usize,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_p_ticket: *mut crate::c_types::c_void,
+    pub private_cid_len: usize,
+    pub private_cert_profile: *const mbedtls_x509_crt_profile,
+    pub private_key_cert: *mut mbedtls_ssl_key_cert,
+    pub private_ca_chain: *mut mbedtls_x509_crt,
+    pub private_ca_crl: *mut mbedtls_x509_crl,
+    pub private_sig_hashes: *const crate::c_types::c_int,
+    pub private_sig_algs: *const u16,
+    pub private_curve_list: *const mbedtls_ecp_group_id,
+    pub private_group_list: *const u16,
+    pub private_dhm_P: mbedtls_mpi,
+    pub private_dhm_G: mbedtls_mpi,
+    pub private_psk: *mut crate::c_types::c_uchar,
+    pub private_psk_len: usize,
+    pub private_psk_identity: *mut crate::c_types::c_uchar,
+    pub private_psk_identity_len: usize,
+    pub private_alpn_list: *mut *const crate::c_types::c_char,
+    pub private_read_timeout: u32,
+    pub private_hs_timeout_min: u32,
+    pub private_hs_timeout_max: u32,
+    pub private_renego_max_records: crate::c_types::c_int,
+    pub private_renego_period: [crate::c_types::c_uchar; 8usize],
+    pub private_badmac_limit: crate::c_types::c_uint,
+    pub private_dhm_min_bitlen: crate::c_types::c_uint,
+    pub private_user_data: mbedtls_ssl_user_data_t,
+    pub private_f_cert_cb: mbedtls_ssl_hs_cb_t,
+    pub private_dn_hints: *const mbedtls_x509_crt,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ssl_context {
+    pub private_conf: *const mbedtls_ssl_config,
+    pub private_state: crate::c_types::c_int,
+    pub private_renego_status: crate::c_types::c_int,
+    pub private_renego_records_seen: crate::c_types::c_int,
+    pub private_tls_version: mbedtls_ssl_protocol_version,
+    pub private_badmac_seen: crate::c_types::c_uint,
+    pub private_f_vrfy: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut crate::c_types::c_void,
+            arg2: *mut mbedtls_x509_crt,
+            arg3: crate::c_types::c_int,
+            arg4: *mut u32,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_p_vrfy: *mut crate::c_types::c_void,
+    pub private_f_send: mbedtls_ssl_send_t,
+    pub private_f_recv: mbedtls_ssl_recv_t,
+    pub private_f_recv_timeout: mbedtls_ssl_recv_timeout_t,
+    pub private_p_bio: *mut crate::c_types::c_void,
+    pub private_session_in: *mut mbedtls_ssl_session,
+    pub private_session_out: *mut mbedtls_ssl_session,
+    pub private_session: *mut mbedtls_ssl_session,
+    pub private_session_negotiate: *mut mbedtls_ssl_session,
+    pub private_handshake: *mut mbedtls_ssl_handshake_params,
+    pub private_transform_in: *mut mbedtls_ssl_transform,
+    pub private_transform_out: *mut mbedtls_ssl_transform,
+    pub private_transform: *mut mbedtls_ssl_transform,
+    pub private_transform_negotiate: *mut mbedtls_ssl_transform,
+    pub private_transform_application: *mut mbedtls_ssl_transform,
+    pub private_p_timer: *mut crate::c_types::c_void,
+    pub private_f_set_timer: mbedtls_ssl_set_timer_t,
+    pub private_f_get_timer: mbedtls_ssl_get_timer_t,
+    pub private_in_buf: *mut crate::c_types::c_uchar,
+    pub private_in_ctr: *mut crate::c_types::c_uchar,
+    pub private_in_hdr: *mut crate::c_types::c_uchar,
+    pub private_in_cid: *mut crate::c_types::c_uchar,
+    pub private_in_len: *mut crate::c_types::c_uchar,
+    pub private_in_iv: *mut crate::c_types::c_uchar,
+    pub private_in_msg: *mut crate::c_types::c_uchar,
+    pub private_in_offt: *mut crate::c_types::c_uchar,
+    pub private_in_msgtype: crate::c_types::c_int,
+    pub private_in_msglen: usize,
+    pub private_in_left: usize,
+    pub private_in_epoch: u16,
+    pub private_next_record_offset: usize,
+    pub private_in_window_top: u64,
+    pub private_in_window: u64,
+    pub private_in_hslen: usize,
+    pub private_nb_zero: crate::c_types::c_int,
+    pub private_keep_current_message: crate::c_types::c_int,
+    pub private_send_alert: crate::c_types::c_uchar,
+    pub private_alert_type: crate::c_types::c_uchar,
+    pub private_alert_reason: crate::c_types::c_int,
+    pub private_disable_datagram_packing: u8,
+    pub private_out_buf: *mut crate::c_types::c_uchar,
+    pub private_out_ctr: *mut crate::c_types::c_uchar,
+    pub private_out_hdr: *mut crate::c_types::c_uchar,
+    pub private_out_cid: *mut crate::c_types::c_uchar,
+    pub private_out_len: *mut crate::c_types::c_uchar,
+    pub private_out_iv: *mut crate::c_types::c_uchar,
+    pub private_out_msg: *mut crate::c_types::c_uchar,
+    pub private_out_msgtype: crate::c_types::c_int,
+    pub private_out_msglen: usize,
+    pub private_out_left: usize,
+    pub private_cur_out_ctr: [crate::c_types::c_uchar; 8usize],
+    pub private_mtu: u16,
+    pub private_hostname: *mut crate::c_types::c_char,
+    pub private_alpn_chosen: *const crate::c_types::c_char,
+    pub private_cli_id: *mut crate::c_types::c_uchar,
+    pub private_cli_id_len: usize,
+    pub private_secure_renegotiation: crate::c_types::c_int,
+    pub private_verify_data_len: usize,
+    pub private_own_verify_data: [crate::c_types::c_char; 12usize],
+    pub private_peer_verify_data: [crate::c_types::c_char; 12usize],
+    pub private_own_cid: [crate::c_types::c_uchar; 32usize],
+    pub private_own_cid_len: u8,
+    pub private_negotiate_cid: u8,
+    pub private_f_export_keys: mbedtls_ssl_export_keys_t,
+    pub private_p_export_keys: *mut crate::c_types::c_void,
+    pub private_user_data: mbedtls_ssl_user_data_t,
+}
+extern "C" {
+    /// \brief               Return the name of the ciphersuite associated with the
+    ///                      given ID
+    ///
+    /// \param ciphersuite_id SSL ciphersuite ID
+    ///
+    /// \return              a string containing the ciphersuite name
+    pub fn mbedtls_ssl_get_ciphersuite_name(
+        ciphersuite_id: crate::c_types::c_int,
+    ) -> *const crate::c_types::c_char;
+}
+extern "C" {
+    /// \brief               Return the ID of the ciphersuite associated with the
+    ///                      given name
+    ///
+    /// \param ciphersuite_name SSL ciphersuite name
+    ///
+    /// \return              the ID with the ciphersuite or 0 if not found
+    pub fn mbedtls_ssl_get_ciphersuite_id(
+        ciphersuite_name: *const crate::c_types::c_char,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Initialize an SSL context
+    ///                 Just makes the context ready for mbedtls_ssl_setup() or
+    ///                 mbedtls_ssl_free()
+    ///
+    /// \param ssl      SSL context
+    pub fn mbedtls_ssl_init(ssl: *mut mbedtls_ssl_context);
+}
+extern "C" {
+    /// \brief          Set up an SSL context for use
+    ///
+    /// \note           No copy of the configuration context is made, it can be
+    ///                 shared by many mbedtls_ssl_context structures.
+    ///
+    /// \warning        The conf structure will be accessed during the session.
+    ///                 It must not be modified or freed as long as the session
+    ///                 is active.
+    ///
+    /// \warning        This function must be called exactly once per context.
+    ///                 Calling mbedtls_ssl_setup again is not supported, even
+    ///                 if no session is active.
+    ///
+    /// \note           If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+    ///                 subsystem must have been initialized by calling
+    ///                 psa_crypto_init() before calling this function.
+    ///
+    /// \param ssl      SSL context
+    /// \param conf     SSL configuration to use
+    ///
+    /// \return         0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED if
+    ///                 memory allocation failed
+    pub fn mbedtls_ssl_setup(
+        ssl: *mut mbedtls_ssl_context,
+        conf: *const mbedtls_ssl_config,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Reset an already initialized SSL context for re-use
+    ///                 while retaining application-set variables, function
+    ///                 pointers and data.
+    ///
+    /// \param ssl      SSL context
+    /// \return         0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED or
+    ///MBEDTLS_ERR_SSL_HW_ACCEL_FAILED
+    pub fn mbedtls_ssl_session_reset(ssl: *mut mbedtls_ssl_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Set the current endpoint type
+    ///
+    /// \param conf     SSL configuration
+    /// \param endpoint must be MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER
+    pub fn mbedtls_ssl_conf_endpoint(
+        conf: *mut mbedtls_ssl_config,
+        endpoint: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief           Set the transport type (TLS or DTLS).
+    ///                  Default: TLS
+    ///
+    /// \note            For DTLS, you must either provide a recv callback that
+    ///                  doesn't block, or one that handles timeouts, see
+    ///                  \c mbedtls_ssl_set_bio(). You also need to provide timer
+    ///                  callbacks with \c mbedtls_ssl_set_timer_cb().
+    ///
+    /// \param conf      SSL configuration
+    /// \param transport transport type:
+    ///                  MBEDTLS_SSL_TRANSPORT_STREAM for TLS,
+    ///                  MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS.
+    pub fn mbedtls_ssl_conf_transport(
+        conf: *mut mbedtls_ssl_config,
+        transport: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief          Set the certificate verification mode
+    ///                 Default: NONE on server, REQUIRED on client
+    ///
+    /// \param conf     SSL configuration
+    /// \param authmode can be:
+    ///
+    ///  MBEDTLS_SSL_VERIFY_NONE:      peer certificate is not checked
+    ///                        (default on server)
+    ///                        (insecure on client)
+    ///
+    ///  MBEDTLS_SSL_VERIFY_OPTIONAL:  peer certificate is checked, however the
+    ///                        handshake continues even if verification failed;
+    ///                        mbedtls_ssl_get_verify_result() can be called after the
+    ///                        handshake is complete.
+    ///
+    ///  MBEDTLS_SSL_VERIFY_REQUIRED:  peer *must* present a valid certificate,
+    ///                        handshake is aborted if verification failed.
+    ///                        (default on client)
+    ///
+    /// \note On client, MBEDTLS_SSL_VERIFY_REQUIRED is the recommended mode.
+    /// With MBEDTLS_SSL_VERIFY_OPTIONAL, the user needs to call mbedtls_ssl_get_verify_result() at
+    /// the right time(s), which may not be obvious, while REQUIRED always perform
+    /// the verification as soon as possible. For example, REQUIRED was protecting
+    /// against the "triple handshake" attack even before it was found.
+    pub fn mbedtls_ssl_conf_authmode(
+        conf: *mut mbedtls_ssl_config,
+        authmode: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief          Set the verification callback (Optional).
+    ///
+    ///                 If set, the provided verify callback is called for each
+    ///                 certificate in the peer's CRT chain, including the trusted
+    ///                 root. For more information, please see the documentation of
+    ///                 \c mbedtls_x509_crt_verify().
+    ///
+    /// \note           For per context callbacks and contexts, please use
+    ///                 mbedtls_ssl_set_verify() instead.
+    ///
+    /// \param conf     The SSL configuration to use.
+    /// \param f_vrfy   The verification callback to use during CRT verification.
+    /// \param p_vrfy   The opaque context to be passed to the callback.
+    pub fn mbedtls_ssl_conf_verify(
+        conf: *mut mbedtls_ssl_config,
+        f_vrfy: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut mbedtls_x509_crt,
+                arg3: crate::c_types::c_int,
+                arg4: *mut u32,
+            ) -> crate::c_types::c_int,
+        >,
+        p_vrfy: *mut crate::c_types::c_void,
+    );
+}
+extern "C" {
+    /// \brief          Set the random number generator callback
+    ///
+    /// \param conf     SSL configuration
+    /// \param f_rng    RNG function (mandatory)
+    /// \param p_rng    RNG parameter
+    pub fn mbedtls_ssl_conf_rng(
+        conf: *mut mbedtls_ssl_config,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    );
+}
+extern "C" {
+    /// \brief          Set the debug callback
+    ///
+    ///                 The callback has the following argument:
+    ///                 void *           opaque context for the callback
+    ///                 int              debug level
+    ///                 const char *     file name
+    ///                 int              line number
+    ///                 const char *     message
+    ///
+    /// \param conf     SSL configuration
+    /// \param f_dbg    debug function
+    /// \param p_dbg    debug parameter
+    pub fn mbedtls_ssl_conf_dbg(
+        conf: *mut mbedtls_ssl_config,
+        f_dbg: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: crate::c_types::c_int,
+                arg3: *const crate::c_types::c_char,
+                arg4: crate::c_types::c_int,
+                arg5: *const crate::c_types::c_char,
+            ),
+        >,
+        p_dbg: *mut crate::c_types::c_void,
+    );
+}
+extern "C" {
+    /// \brief          Set the underlying BIO callbacks for write, read and
+    ///                 read-with-timeout.
+    ///
+    /// \param ssl      SSL context
+    /// \param p_bio    parameter (context) shared by BIO callbacks
+    /// \param f_send   write callback
+    /// \param f_recv   read callback
+    /// \param f_recv_timeout blocking read callback with timeout.
+    ///
+    /// \note           One of f_recv or f_recv_timeout can be NULL, in which case
+    ///                 the other is used. If both are non-NULL, f_recv_timeout is
+    ///                 used and f_recv is ignored (as if it were NULL).
+    ///
+    /// \note           The two most common use cases are:
+    ///                 - non-blocking I/O, f_recv != NULL, f_recv_timeout == NULL
+    ///                 - blocking I/O, f_recv == NULL, f_recv_timeout != NULL
+    ///
+    /// \note           For DTLS, you need to provide either a non-NULL
+    ///                 f_recv_timeout callback, or a f_recv that doesn't block.
+    ///
+    /// \note           See the documentations of \c mbedtls_ssl_send_t,
+    ///                 \c mbedtls_ssl_recv_t and \c mbedtls_ssl_recv_timeout_t for
+    ///                 the conventions those callbacks must follow.
+    ///
+    /// \note           On some platforms, net_sockets.c provides
+    ///                 \c mbedtls_net_send(), \c mbedtls_net_recv() and
+    ///                 \c mbedtls_net_recv_timeout() that are suitable to be used
+    ///                 here.
+    pub fn mbedtls_ssl_set_bio(
+        ssl: *mut mbedtls_ssl_context,
+        p_bio: *mut crate::c_types::c_void,
+        f_send: mbedtls_ssl_send_t,
+        f_recv: mbedtls_ssl_recv_t,
+        f_recv_timeout: mbedtls_ssl_recv_timeout_t,
+    );
+}
+extern "C" {
+    /// \brief             Configure the use of the Connection ID (CID)
+    ///                    extension in the next handshake.
+    ///
+    ///                    Reference: RFC 9146 (or draft-ietf-tls-dtls-connection-id-05
+    ///                    https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05
+    ///                    for legacy version)
+    ///
+    ///                    The DTLS CID extension allows the reliable association of
+    ///                    DTLS records to DTLS connections across changes in the
+    ///                    underlying transport (changed IP and Port metadata) by
+    ///                    adding explicit connection identifiers (CIDs) to the
+    ///                    headers of encrypted DTLS records. The desired CIDs are
+    ///                    configured by the application layer and are exchanged in
+    ///                    new `ClientHello` / `ServerHello` extensions during the
+    ///                    handshake, where each side indicates the CID it wants the
+    ///                    peer to use when writing encrypted messages. The CIDs are
+    ///                    put to use once records get encrypted: the stack discards
+    ///                    any incoming records that don't include the configured CID
+    ///                    in their header, and adds the peer's requested CID to the
+    ///                    headers of outgoing messages.
+    ///
+    ///                    This API enables or disables the use of the CID extension
+    ///                    in the next handshake and sets the value of the CID to
+    ///                    be used for incoming messages.
+    ///
+    /// \param ssl         The SSL context to configure. This must be initialized.
+    /// \param enable      This value determines whether the CID extension should
+    ///                    be used or not. Possible values are:
+    ///                    - MBEDTLS_SSL_CID_ENABLED to enable the use of the CID.
+    ///                    - MBEDTLS_SSL_CID_DISABLED (default) to disable the use
+    ///                      of the CID.
+    /// \param own_cid     The address of the readable buffer holding the CID we want
+    ///                    the peer to use when sending encrypted messages to us.
+    ///                    This may be \c NULL if \p own_cid_len is \c 0.
+    ///                    This parameter is unused if \p enabled is set to
+    ///                    MBEDTLS_SSL_CID_DISABLED.
+    /// \param own_cid_len The length of \p own_cid.
+    ///                    This parameter is unused if \p enabled is set to
+    ///                    MBEDTLS_SSL_CID_DISABLED.
+    ///
+    /// \note              The value of \p own_cid_len must match the value of the
+    ///                    \c len parameter passed to mbedtls_ssl_conf_cid()
+    ///                    when configuring the ::mbedtls_ssl_config that \p ssl
+    ///                    is bound to.
+    ///
+    /// \note              This CID configuration applies to subsequent handshakes
+    ///                    performed on the SSL context \p ssl, but does not trigger
+    ///                    one. You still have to call `mbedtls_ssl_handshake()`
+    ///                    (for the initial handshake) or `mbedtls_ssl_renegotiate()`
+    ///                    (for a renegotiation handshake) explicitly after a
+    ///                    successful call to this function to run the handshake.
+    ///
+    /// \note              This call cannot guarantee that the use of the CID
+    ///                    will be successfully negotiated in the next handshake,
+    ///                    because the peer might not support it. Specifically:
+    ///                    - On the Client, enabling the use of the CID through
+    ///                      this call implies that the `ClientHello` in the next
+    ///                      handshake will include the CID extension, thereby
+    ///                      offering the use of the CID to the server. Only if
+    ///                      the `ServerHello` contains the CID extension, too,
+    ///                      the CID extension will actually be put to use.
+    ///                    - On the Server, enabling the use of the CID through
+    ///                      this call implies that the server will look for
+    ///                      the CID extension in a `ClientHello` from the client,
+    ///                      and, if present, reply with a CID extension in its
+    ///                      `ServerHello`.
+    ///
+    /// \note              To check whether the use of the CID was negotiated
+    ///                    after the subsequent handshake has completed, please
+    ///                    use the API mbedtls_ssl_get_peer_cid().
+    ///
+    /// \warning           If the use of the CID extension is enabled in this call
+    ///                    and the subsequent handshake negotiates its use, Mbed TLS
+    ///                    will silently drop every packet whose CID does not match
+    ///                    the CID configured in \p own_cid. It is the responsibility
+    ///                    of the user to adapt the underlying transport to take care
+    ///                    of CID-based demultiplexing before handing datagrams to
+    ///                    Mbed TLS.
+    ///
+    /// \return            \c 0 on success. In this case, the CID configuration
+    ///                    applies to the next handshake.
+    /// \return            A negative error code on failure.
+    pub fn mbedtls_ssl_set_cid(
+        ssl: *mut mbedtls_ssl_context,
+        enable: crate::c_types::c_int,
+        own_cid: *const crate::c_types::c_uchar,
+        own_cid_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief              Get information about our request for usage of the CID
+    ///                     extension in the current connection.
+    ///
+    /// \param ssl          The SSL context to query.
+    /// \param enabled      The address at which to store whether the CID extension
+    ///                     is requested to be used or not. If the CID is
+    ///                     requested, `*enabled` is set to
+    ///                     MBEDTLS_SSL_CID_ENABLED; otherwise, it is set to
+    ///                     MBEDTLS_SSL_CID_DISABLED.
+    /// \param own_cid      The address of the buffer in which to store our own
+    ///                     CID (if the CID extension is requested). This may be
+    ///                     \c NULL in case the value of our CID isn't needed. If
+    ///                     it is not \c NULL, \p own_cid_len must not be \c NULL.
+    /// \param own_cid_len  The address at which to store the size of our own CID
+    ///                     (if the CID extension is requested). This is also the
+    ///                     number of Bytes in \p own_cid that have been written.
+    ///                     This may be \c NULL in case the length of our own CID
+    ///                     isn't needed. If it is \c NULL, \p own_cid must be
+    ///                     \c NULL, too.
+    ///
+    ///\note                If we are requesting an empty CID this function sets
+    ///                     `*enabled` to #MBEDTLS_SSL_CID_DISABLED (the rationale
+    ///                     for this is that the resulting outcome is the
+    ///                     same as if the CID extensions wasn't requested).
+    ///
+    /// \return            \c 0 on success.
+    /// \return            A negative error code on failure.
+    pub fn mbedtls_ssl_get_own_cid(
+        ssl: *mut mbedtls_ssl_context,
+        enabled: *mut crate::c_types::c_int,
+        own_cid: *mut crate::c_types::c_uchar,
+        own_cid_len: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief              Get information about the use of the CID extension
+    ///                     in the current connection.
+    ///
+    /// \param ssl          The SSL context to query.
+    /// \param enabled      The address at which to store whether the CID extension
+    ///                     is currently in use or not. If the CID is in use,
+    ///                     `*enabled` is set to MBEDTLS_SSL_CID_ENABLED;
+    ///                     otherwise, it is set to MBEDTLS_SSL_CID_DISABLED.
+    /// \param peer_cid     The address of the buffer in which to store the CID
+    ///                     chosen by the peer (if the CID extension is used).
+    ///                     This may be \c NULL in case the value of peer CID
+    ///                     isn't needed. If it is not \c NULL, \p peer_cid_len
+    ///                     must not be \c NULL.
+    /// \param peer_cid_len The address at which to store the size of the CID
+    ///                     chosen by the peer (if the CID extension is used).
+    ///                     This is also the number of Bytes in \p peer_cid that
+    ///                     have been written.
+    ///                     This may be \c NULL in case the length of the peer CID
+    ///                     isn't needed. If it is \c NULL, \p peer_cid must be
+    ///                     \c NULL, too.
+    ///
+    /// \note               This applies to the state of the CID negotiated in
+    ///                     the last complete handshake. If a handshake is in
+    ///                     progress, this function will attempt to complete
+    ///                     the handshake first.
+    ///
+    /// \note               If CID extensions have been exchanged but both client
+    ///                     and server chose to use an empty CID, this function
+    ///                     sets `*enabled` to #MBEDTLS_SSL_CID_DISABLED
+    ///                     (the rationale for this is that the resulting
+    ///                     communication is the same as if the CID extensions
+    ///                     hadn't been used).
+    ///
+    /// \return            \c 0 on success.
+    /// \return            A negative error code on failure.
+    pub fn mbedtls_ssl_get_peer_cid(
+        ssl: *mut mbedtls_ssl_context,
+        enabled: *mut crate::c_types::c_int,
+        peer_cid: *mut crate::c_types::c_uchar,
+        peer_cid_len: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Set the Maximum Transport Unit (MTU).
+    ///                 Special value: 0 means unset (no limit).
+    ///                 This represents the maximum size of a datagram payload
+    ///                 handled by the transport layer (usually UDP) as determined
+    ///                 by the network link and stack. In practice, this controls
+    ///                 the maximum size datagram the DTLS layer will pass to the
+    ///                 \c f_send() callback set using \c mbedtls_ssl_set_bio().
+    ///
+    /// \note           The limit on datagram size is converted to a limit on
+    ///                 record payload by subtracting the current overhead of
+    ///                 encapsulation and encryption/authentication if any.
+    ///
+    /// \note           This can be called at any point during the connection, for
+    ///                 example when a Path Maximum Transfer Unit (PMTU)
+    ///                 estimate becomes available from other sources,
+    ///                 such as lower (or higher) protocol layers.
+    ///
+    /// \note           This setting only controls the size of the packets we send,
+    ///                 and does not restrict the size of the datagrams we're
+    ///                 willing to receive. Client-side, you can request the
+    ///                 server to use smaller records with \c
+    ///                 mbedtls_ssl_conf_max_frag_len().
+    ///
+    /// \note           If both a MTU and a maximum fragment length have been
+    ///                 configured (or negotiated with the peer), the resulting
+    ///                 lower limit on record payload (see first note) is used.
+    ///
+    /// \note           This can only be used to decrease the maximum size
+    ///                 of datagrams (hence records, see first note) sent. It
+    ///                 cannot be used to increase the maximum size of records over
+    ///                 the limit set by #MBEDTLS_SSL_OUT_CONTENT_LEN.
+    ///
+    /// \note           Values lower than the current record layer expansion will
+    ///                 result in an error when trying to send data.
+    ///
+    /// \param ssl      SSL context
+    /// \param mtu      Value of the path MTU in bytes
+    pub fn mbedtls_ssl_set_mtu(ssl: *mut mbedtls_ssl_context, mtu: u16);
+}
+extern "C" {
+    /// \brief          Set a connection-specific verification callback (optional).
+    ///
+    ///                 If set, the provided verify callback is called for each
+    ///                 certificate in the peer's CRT chain, including the trusted
+    ///                 root. For more information, please see the documentation of
+    ///                 \c mbedtls_x509_crt_verify().
+    ///
+    /// \note           This call is analogous to mbedtls_ssl_conf_verify() but
+    ///                 binds the verification callback and context to an SSL context
+    ///                 as opposed to an SSL configuration.
+    ///                 If mbedtls_ssl_conf_verify() and mbedtls_ssl_set_verify()
+    ///                 are both used, mbedtls_ssl_set_verify() takes precedence.
+    ///
+    /// \param ssl      The SSL context to use.
+    /// \param f_vrfy   The verification callback to use during CRT verification.
+    /// \param p_vrfy   The opaque context to be passed to the callback.
+    pub fn mbedtls_ssl_set_verify(
+        ssl: *mut mbedtls_ssl_context,
+        f_vrfy: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut mbedtls_x509_crt,
+                arg3: crate::c_types::c_int,
+                arg4: *mut u32,
+            ) -> crate::c_types::c_int,
+        >,
+        p_vrfy: *mut crate::c_types::c_void,
+    );
+}
+extern "C" {
+    /// \brief          Set the timeout period for mbedtls_ssl_read()
+    ///                 (Default: no timeout.)
+    ///
+    /// \param conf     SSL configuration context
+    /// \param timeout  Timeout value in milliseconds.
+    ///                 Use 0 for no timeout (default).
+    ///
+    /// \note           With blocking I/O, this will only work if a non-NULL
+    ///                 \c f_recv_timeout was set with \c mbedtls_ssl_set_bio().
+    ///                 With non-blocking I/O, this will only work if timer
+    ///                 callbacks were set with \c mbedtls_ssl_set_timer_cb().
+    ///
+    /// \note           With non-blocking I/O, you may also skip this function
+    ///                 altogether and handle timeouts at the application layer.
+    pub fn mbedtls_ssl_conf_read_timeout(conf: *mut mbedtls_ssl_config, timeout: u32);
+}
+extern "C" {
+    /// \brief          Check whether a buffer contains a valid and authentic record
+    ///                 that has not been seen before. (DTLS only).
+    ///
+    ///                 This function does not change the user-visible state
+    ///                 of the SSL context. Its sole purpose is to provide
+    ///                 an indication of the legitimacy of an incoming record.
+    ///
+    ///                 This can be useful e.g. in distributed server environments
+    ///                 using the DTLS Connection ID feature, in which connections
+    ///                 might need to be passed between service instances on a change
+    ///                 of peer address, but where such disruptive operations should
+    ///                 only happen after the validity of incoming records has been
+    ///                 confirmed.
+    ///
+    /// \param ssl      The SSL context to use.
+    /// \param buf      The address of the buffer holding the record to be checked.
+    ///                 This must be a read/write buffer of length \p buflen Bytes.
+    /// \param buflen   The length of \p buf in Bytes.
+    ///
+    /// \note           This routine only checks whether the provided buffer begins
+    ///                 with a valid and authentic record that has not been seen
+    ///                 before, but does not check potential data following the
+    ///                 initial record. In particular, it is possible to pass DTLS
+    ///                 datagrams containing multiple records, in which case only
+    ///                 the first record is checked.
+    ///
+    /// \note           This function modifies the input buffer \p buf. If you need
+    ///                 to preserve the original record, you have to maintain a copy.
+    ///
+    /// \return         \c 0 if the record is valid and authentic and has not been
+    ///                 seen before.
+    /// \return         MBEDTLS_ERR_SSL_INVALID_MAC if the check completed
+    ///                 successfully but the record was found to be not authentic.
+    /// \return         MBEDTLS_ERR_SSL_INVALID_RECORD if the check completed
+    ///                 successfully but the record was found to be invalid for
+    ///                 a reason different from authenticity checking.
+    /// \return         MBEDTLS_ERR_SSL_UNEXPECTED_RECORD if the check completed
+    ///                 successfully but the record was found to be unexpected
+    ///                 in the state of the SSL context, including replayed records.
+    /// \return         Another negative error code on different kinds of failure.
+    ///                 In this case, the SSL context becomes unusable and needs
+    ///                 to be freed or reset before reuse.
+    pub fn mbedtls_ssl_check_record(
+        ssl: *const mbedtls_ssl_context,
+        buf: *mut crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Set the timer callbacks (Mandatory for DTLS.)
+    ///
+    /// \param ssl      SSL context
+    /// \param p_timer  parameter (context) shared by timer callbacks
+    /// \param f_set_timer   set timer callback
+    /// \param f_get_timer   get timer callback. Must return:
+    ///
+    /// \note           See the documentation of \c mbedtls_ssl_set_timer_t and
+    ///                 \c mbedtls_ssl_get_timer_t for the conventions this pair of
+    ///                 callbacks must follow.
+    ///
+    /// \note           On some platforms, timing.c provides
+    ///                 \c mbedtls_timing_set_delay() and
+    ///                 \c mbedtls_timing_get_delay() that are suitable for using
+    ///                 here, except if using an event-driven style.
+    ///
+    /// \note           See also the "DTLS tutorial" article in our knowledge base.
+    ///                 https://mbed-tls.readthedocs.io/en/latest/kb/how-to/dtls-tutorial
+    pub fn mbedtls_ssl_set_timer_cb(
+        ssl: *mut mbedtls_ssl_context,
+        p_timer: *mut crate::c_types::c_void,
+        f_set_timer: mbedtls_ssl_set_timer_t,
+        f_get_timer: mbedtls_ssl_get_timer_t,
+    );
+}
+/// \brief           Callback type: generate and write session ticket
+///
+/// \note            This describes what a callback implementation should do.
+///                  This callback should generate an encrypted and
+///                  authenticated ticket for the session and write it to the
+///                  output buffer. Here, ticket means the opaque ticket part
+///                  of the NewSessionTicket structure of RFC 5077.
+///
+/// \param p_ticket  Context for the callback
+/// \param session   SSL session to be written in the ticket
+/// \param start     Start of the output buffer
+/// \param end       End of the output buffer
+/// \param tlen      On exit, holds the length written
+/// \param lifetime  On exit, holds the lifetime of the ticket in seconds
+///
+/// \return          0 if successful, or
+///                  a specific MBEDTLS_ERR_XXX code.
+pub type mbedtls_ssl_ticket_write_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        p_ticket: *mut crate::c_types::c_void,
+        session: *const mbedtls_ssl_session,
+        start: *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        tlen: *mut usize,
+        lifetime: *mut u32,
+    ) -> crate::c_types::c_int,
+>;
+/// \brief           Callback type: parse and load session ticket
+///
+/// \note            This describes what a callback implementation should do.
+///                  This callback should parse a session ticket as generated
+///                  by the corresponding mbedtls_ssl_ticket_write_t function,
+///                  and, if the ticket is authentic and valid, load the
+///                  session.
+///
+/// \note            The implementation is allowed to modify the first len
+///                  bytes of the input buffer, eg to use it as a temporary
+///                  area for the decrypted ticket contents.
+///
+/// \param p_ticket  Context for the callback
+/// \param session   SSL session to be loaded
+/// \param buf       Start of the buffer containing the ticket
+/// \param len       Length of the ticket.
+///
+/// \return          0 if successful, or
+///                  MBEDTLS_ERR_SSL_INVALID_MAC if not authentic, or
+///                  MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED if expired, or
+///                  any other non-zero code for other failures.
+pub type mbedtls_ssl_ticket_parse_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        p_ticket: *mut crate::c_types::c_void,
+        session: *mut mbedtls_ssl_session,
+        buf: *mut crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int,
+>;
+extern "C" {
+    /// \brief           Configure SSL session ticket callbacks (server only).
+    ///                  (Default: none.)
+    ///
+    /// \note            On server, session tickets are enabled by providing
+    ///                  non-NULL callbacks.
+    ///
+    /// \note            On client, use \c mbedtls_ssl_conf_session_tickets().
+    ///
+    /// \param conf      SSL configuration context
+    /// \param f_ticket_write    Callback for writing a ticket
+    /// \param f_ticket_parse    Callback for parsing a ticket
+    /// \param p_ticket          Context shared by the two callbacks
+    pub fn mbedtls_ssl_conf_session_tickets_cb(
+        conf: *mut mbedtls_ssl_config,
+        f_ticket_write: mbedtls_ssl_ticket_write_t,
+        f_ticket_parse: mbedtls_ssl_ticket_parse_t,
+        p_ticket: *mut crate::c_types::c_void,
+    );
+}
+extern "C" {
+    /// \brief   Configure a key export callback.
+    ///          (Default: none.)
+    ///
+    ///          This API can be used for two purposes:
+    ///          - Debugging: Use this API to e.g. generate an NSSKeylog
+    ///            file and use it to inspect encrypted traffic in tools
+    ///            such as Wireshark.
+    ///          - Application-specific export: Use this API to implement
+    ///            key exporters, e.g. for EAP-TLS or DTLS-SRTP.
+    ///
+    ///
+    /// \param ssl            The SSL context to which the export
+    ///                       callback should be attached.
+    /// \param f_export_keys  The callback for the key export.
+    /// \param p_export_keys  The opaque context pointer to be passed to the
+    ///                       callback \p f_export_keys.
+    pub fn mbedtls_ssl_set_export_keys_cb(
+        ssl: *mut mbedtls_ssl_context,
+        f_export_keys: mbedtls_ssl_export_keys_t,
+        p_export_keys: *mut crate::c_types::c_void,
+    );
+}
+/// \brief          Callback type: generate a cookie
+///
+/// \param ctx      Context for the callback
+/// \param p        Buffer to write to,
+///                 must be updated to point right after the cookie
+/// \param end      Pointer to one past the end of the output buffer
+/// \param info     Client ID info that was passed to
+///                 \c mbedtls_ssl_set_client_transport_id()
+/// \param ilen     Length of info in bytes
+///
+/// \return         The callback must return 0 on success,
+///                 or a negative error code.
+pub type mbedtls_ssl_cookie_write_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        ctx: *mut crate::c_types::c_void,
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *mut crate::c_types::c_uchar,
+        info: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int,
+>;
+/// \brief          Callback type: verify a cookie
+///
+/// \param ctx      Context for the callback
+/// \param cookie   Cookie to verify
+/// \param clen     Length of cookie
+/// \param info     Client ID info that was passed to
+///                 \c mbedtls_ssl_set_client_transport_id()
+/// \param ilen     Length of info in bytes
+///
+/// \return         The callback must return 0 if cookie is valid,
+///                 or a negative error code.
+pub type mbedtls_ssl_cookie_check_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        ctx: *mut crate::c_types::c_void,
+        cookie: *const crate::c_types::c_uchar,
+        clen: usize,
+        info: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int,
+>;
+extern "C" {
+    /// \brief           Register callbacks for DTLS cookies
+    ///                  (Server only. DTLS only.)
+    ///
+    ///                  Default: dummy callbacks that fail, in order to force you to
+    ///                  register working callbacks (and initialize their context).
+    ///
+    ///                  To disable HelloVerifyRequest, register NULL callbacks.
+    ///
+    /// \warning         Disabling hello verification allows your server to be used
+    ///                  for amplification in DoS attacks against other hosts.
+    ///                  Only disable if you known this can't happen in your
+    ///                  particular environment.
+    ///
+    /// \note            See comments on \c mbedtls_ssl_handshake() about handling
+    ///                  the MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED that is expected
+    ///                  on the first handshake attempt when this is enabled.
+    ///
+    /// \note            This is also necessary to handle client reconnection from
+    ///                  the same port as described in RFC 6347 section 4.2.8 (only
+    ///                  the variant with cookies is supported currently). See
+    ///                  comments on \c mbedtls_ssl_read() for details.
+    ///
+    /// \param conf              SSL configuration
+    /// \param f_cookie_write    Cookie write callback
+    /// \param f_cookie_check    Cookie check callback
+    /// \param p_cookie          Context for both callbacks
+    pub fn mbedtls_ssl_conf_dtls_cookies(
+        conf: *mut mbedtls_ssl_config,
+        f_cookie_write: mbedtls_ssl_cookie_write_t,
+        f_cookie_check: mbedtls_ssl_cookie_check_t,
+        p_cookie: *mut crate::c_types::c_void,
+    );
+}
+extern "C" {
+    /// \brief          Set client's transport-level identification info.
+    ///                 (Server only. DTLS only.)
+    ///
+    ///                 This is usually the IP address (and port), but could be
+    ///                 anything identify the client depending on the underlying
+    ///                 network stack. Used for HelloVerifyRequest with DTLS.
+    ///                 This is *not* used to route the actual packets.
+    ///
+    /// \param ssl      SSL context
+    /// \param info     Transport-level info identifying the client (eg IP + port)
+    /// \param ilen     Length of info in bytes
+    ///
+    /// \note           An internal copy is made, so the info buffer can be reused.
+    ///
+    /// \return         0 on success,
+    ///                 MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used on client,
+    ///                 MBEDTLS_ERR_SSL_ALLOC_FAILED if out of memory.
+    pub fn mbedtls_ssl_set_client_transport_id(
+        ssl: *mut mbedtls_ssl_context,
+        info: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Enable or disable anti-replay protection for DTLS.
+    ///                 (DTLS only, no effect on TLS.)
+    ///                 Default: enabled.
+    ///
+    /// \param conf     SSL configuration
+    /// \param mode     MBEDTLS_SSL_ANTI_REPLAY_ENABLED or MBEDTLS_SSL_ANTI_REPLAY_DISABLED.
+    ///
+    /// \warning        Disabling this is a security risk unless the application
+    ///                 protocol handles duplicated packets in a safe way. You
+    ///                 should not disable this without careful consideration.
+    ///                 However, if your application already detects duplicated
+    ///                 packets and needs information about them to adjust its
+    ///                 transmission strategy, then you'll want to disable this.
+    pub fn mbedtls_ssl_conf_dtls_anti_replay(
+        conf: *mut mbedtls_ssl_config,
+        mode: crate::c_types::c_char,
+    );
+}
+extern "C" {
+    /// \brief          Set a limit on the number of records with a bad MAC
+    ///                 before terminating the connection.
+    ///                 (DTLS only, no effect on TLS.)
+    ///                 Default: 0 (disabled).
+    ///
+    /// \param conf     SSL configuration
+    /// \param limit    Limit, or 0 to disable.
+    ///
+    /// \note           If the limit is N, then the connection is terminated when
+    ///                 the Nth non-authentic record is seen.
+    ///
+    /// \note           Records with an invalid header are not counted, only the
+    ///                 ones going through the authentication-decryption phase.
+    ///
+    /// \note           This is a security trade-off related to the fact that it's
+    ///                 often relatively easy for an active attacker to inject UDP
+    ///                 datagrams. On one hand, setting a low limit here makes it
+    ///                 easier for such an attacker to forcibly terminated a
+    ///                 connection. On the other hand, a high limit or no limit
+    ///                 might make us waste resources checking authentication on
+    ///                 many bogus packets.
+    pub fn mbedtls_ssl_conf_dtls_badmac_limit(
+        conf: *mut mbedtls_ssl_config,
+        limit: crate::c_types::c_uint,
+    );
+}
+extern "C" {
+    /// \brief          Allow or disallow packing of multiple handshake records
+    ///                 within a single datagram.
+    ///
+    /// \param ssl           The SSL context to configure.
+    /// \param allow_packing This determines whether datagram packing may
+    ///                      be used or not. A value of \c 0 means that every
+    ///                      record will be sent in a separate datagram; a
+    ///                      value of \c 1 means that, if space permits,
+    ///                      multiple handshake messages (including CCS) belonging to
+    ///                      a single flight may be packed within a single datagram.
+    ///
+    /// \note           This is enabled by default and should only be disabled
+    ///                 for test purposes, or if datagram packing causes
+    ///                 interoperability issues with peers that don't support it.
+    ///
+    /// \note           Allowing datagram packing reduces the network load since
+    ///                 there's less overhead if multiple messages share the same
+    ///                 datagram. Also, it increases the handshake efficiency
+    ///                 since messages belonging to a single datagram will not
+    ///                 be reordered in transit, and so future message buffering
+    ///                 or flight retransmission (if no buffering is used) as
+    ///                 means to deal with reordering are needed less frequently.
+    ///
+    /// \note           Application records are not affected by this option and
+    ///                 are currently always sent in separate datagrams.
+    pub fn mbedtls_ssl_set_datagram_packing(
+        ssl: *mut mbedtls_ssl_context,
+        allow_packing: crate::c_types::c_uint,
+    );
+}
+extern "C" {
+    /// \brief          Set retransmit timeout values for the DTLS handshake.
+    ///                 (DTLS only, no effect on TLS.)
+    ///
+    /// \param conf     SSL configuration
+    /// \param min      Initial timeout value in milliseconds.
+    ///                 Default: 1000 (1 second).
+    /// \param max      Maximum timeout value in milliseconds.
+    ///                 Default: 60000 (60 seconds).
+    ///
+    /// \note           Default values are from RFC 6347 section 4.2.4.1.
+    ///
+    /// \note           The 'min' value should typically be slightly above the
+    ///                 expected round-trip time to your peer, plus whatever time
+    ///                 it takes for the peer to process the message. For example,
+    ///                 if your RTT is about 600ms and you peer needs up to 1s to
+    ///                 do the cryptographic operations in the handshake, then you
+    ///                 should set 'min' slightly above 1600. Lower values of 'min'
+    ///                 might cause spurious resends which waste network resources,
+    ///                 while larger value of 'min' will increase overall latency
+    ///                 on unreliable network links.
+    ///
+    /// \note           The more unreliable your network connection is, the larger
+    ///                 your max / min ratio needs to be in order to achieve
+    ///                 reliable handshakes.
+    ///
+    /// \note           Messages are retransmitted up to log2(ceil(max/min)) times.
+    ///                 For example, if min = 1s and max = 5s, the retransmit plan
+    ///                 goes: send ... 1s -> resend ... 2s -> resend ... 4s ->
+    ///                 resend ... 5s -> give up and return a timeout error.
+    pub fn mbedtls_ssl_conf_handshake_timeout(conf: *mut mbedtls_ssl_config, min: u32, max: u32);
+}
+extern "C" {
+    /// \brief          Set the session cache callbacks (server-side only)
+    ///                 If not set, no session resuming is done (except if session
+    ///                 tickets are enabled too).
+    ///
+    ///                 The session cache has the responsibility to check for stale
+    ///                 entries based on timeout. See RFC 5246 for recommendations.
+    ///
+    ///                 Warning: session.peer_cert is cleared by the SSL/TLS layer on
+    ///                 connection shutdown, so do not cache the pointer! Either set
+    ///                 it to NULL or make a full copy of the certificate.
+    ///
+    ///                 The get callback is called once during the initial handshake
+    ///                 to enable session resuming. The get function has the
+    ///                 following parameters: (void *parameter, mbedtls_ssl_session *session)
+    ///                 If a valid entry is found, it should fill the master of
+    ///                 the session object with the cached values and return 0,
+    ///                 return 1 otherwise. Optionally peer_cert can be set as well
+    ///                 if it is properly present in cache entry.
+    ///
+    ///                 The set callback is called once during the initial handshake
+    ///                 to enable session resuming after the entire handshake has
+    ///                 been finished. The set function has the following parameters:
+    ///                 (void *parameter, const mbedtls_ssl_session *session). The function
+    ///                 should create a cache entry for future retrieval based on
+    ///                 the data in the session structure and should keep in mind
+    ///                 that the mbedtls_ssl_session object presented (and all its referenced
+    ///                 data) is cleared by the SSL/TLS layer when the connection is
+    ///                 terminated. It is recommended to add metadata to determine if
+    ///                 an entry is still valid in the future. Return 0 if
+    ///                 successfully cached, return 1 otherwise.
+    ///
+    /// \param conf           SSL configuration
+    /// \param p_cache        parameter (context) for both callbacks
+    /// \param f_get_cache    session get callback
+    /// \param f_set_cache    session set callback
+    pub fn mbedtls_ssl_conf_session_cache(
+        conf: *mut mbedtls_ssl_config,
+        p_cache: *mut crate::c_types::c_void,
+        f_get_cache: mbedtls_ssl_cache_get_t,
+        f_set_cache: mbedtls_ssl_cache_set_t,
+    );
+}
+extern "C" {
+    /// \brief          Load a session for session resumption.
+    ///
+    ///                 Sessions loaded through this call will be considered
+    ///                 for session resumption in the next handshake.
+    ///
+    /// \note           Even if this call succeeds, it is not guaranteed that
+    ///                 the next handshake will indeed be shortened through the
+    ///                 use of session resumption: The server is always free
+    ///                 to reject any attempt for resumption and fall back to
+    ///                 a full handshake.
+    ///
+    /// \note           This function can handle a variety of mechanisms for session
+    ///                 resumption: For TLS 1.2, both session ID-based resumption and
+    ///                 ticket-based resumption will be considered. For TLS 1.3,
+    ///                 once implemented, sessions equate to tickets, and loading
+    ///                 one or more sessions via this call will lead to their
+    ///                 corresponding tickets being advertised as resumption PSKs
+    ///                 by the client.
+    ///
+    /// \note           Calling this function multiple times will only be useful
+    ///                 once TLS 1.3 is supported. For TLS 1.2 connections, this
+    ///                 function should be called at most once.
+    ///
+    /// \param ssl      The SSL context representing the connection which should
+    ///                 be attempted to be setup using session resumption. This
+    ///                 must be initialized via mbedtls_ssl_init() and bound to
+    ///                 an SSL configuration via mbedtls_ssl_setup(), but
+    ///                 the handshake must not yet have been started.
+    /// \param session  The session to be considered for session resumption.
+    ///                 This must be a session previously exported via
+    ///                 mbedtls_ssl_get_session(), and potentially serialized and
+    ///                 deserialized through mbedtls_ssl_session_save() and
+    ///                 mbedtls_ssl_session_load() in the meantime.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         \c MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if the session
+    ///                 could not be loaded because of an implementation limitation.
+    ///                 This error is non-fatal, and has no observable effect on
+    ///                 the SSL context or the session that was attempted to be loaded.
+    /// \return         Another negative error code on other kinds of failure.
+    ///
+    /// \sa             mbedtls_ssl_get_session()
+    /// \sa             mbedtls_ssl_session_load()
+    pub fn mbedtls_ssl_set_session(
+        ssl: *mut mbedtls_ssl_context,
+        session: *const mbedtls_ssl_session,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Load serialized session data into a session structure.
+    ///                 On client, this can be used for loading saved sessions
+    ///                 before resuming them with mbedtls_ssl_set_session().
+    ///                 On server, this can be used for alternative implementations
+    ///                 of session cache or session tickets.
+    ///
+    /// \warning        If a peer certificate chain is associated with the session,
+    ///                 the serialized state will only contain the peer's
+    ///                 end-entity certificate and the result of the chain
+    ///                 verification (unless verification was disabled), but not
+    ///                 the rest of the chain.
+    ///
+    /// \see            mbedtls_ssl_session_save()
+    /// \see            mbedtls_ssl_set_session()
+    ///
+    /// \param session  The session structure to be populated. It must have been
+    ///                 initialised with mbedtls_ssl_session_init() but not
+    ///                 populated yet.
+    /// \param buf      The buffer holding the serialized session data. It must be a
+    ///                 readable buffer of at least \p len bytes.
+    /// \param len      The size of the serialized data in bytes.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed.
+    /// \return         #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid.
+    /// \return         #MBEDTLS_ERR_SSL_VERSION_MISMATCH if the serialized data
+    ///                 was generated in a different version or configuration of
+    ///                 Mbed TLS.
+    /// \return         Another negative value for other kinds of errors (for
+    ///                 example, unsupported features in the embedded certificate).
+    pub fn mbedtls_ssl_session_load(
+        session: *mut mbedtls_ssl_session,
+        buf: *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Save session structure as serialized data in a buffer.
+    ///                 On client, this can be used for saving session data,
+    ///                 potentially in non-volatile storage, for resuming later.
+    ///                 On server, this can be used for alternative implementations
+    ///                 of session cache or session tickets.
+    ///
+    /// \see            mbedtls_ssl_session_load()
+    ///
+    /// \param session  The session structure to be saved.
+    /// \param buf      The buffer to write the serialized data to. It must be a
+    ///                 writeable buffer of at least \p len bytes, or may be \c
+    ///                 NULL if \p len is \c 0.
+    /// \param buf_len  The number of bytes available for writing in \p buf.
+    /// \param olen     The size in bytes of the data that has been or would have
+    ///                 been written. It must point to a valid \c size_t.
+    ///
+    /// \note           \p olen is updated to the correct value regardless of
+    ///                 whether \p buf_len was large enough. This makes it possible
+    ///                 to determine the necessary size by calling this function
+    ///                 with \p buf set to \c NULL and \p buf_len to \c 0.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small.
+    pub fn mbedtls_ssl_session_save(
+        session: *const mbedtls_ssl_session,
+        buf: *mut crate::c_types::c_uchar,
+        buf_len: usize,
+        olen: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               Set the list of allowed ciphersuites and the preference
+    ///                      order. First in the list has the highest preference.
+    ///
+    ///                      For TLS 1.2, the notion of ciphersuite determines both
+    ///                      the key exchange mechanism and the suite of symmetric
+    ///                      algorithms to be used during and after the handshake.
+    ///
+    ///                      For TLS 1.3 (in development), the notion of ciphersuite
+    ///                      only determines the suite of symmetric algorithms to be
+    ///                      used during and after the handshake, while key exchange
+    ///                      mechanisms are configured separately.
+    ///
+    ///                      In Mbed TLS, ciphersuites for both TLS 1.2 and TLS 1.3
+    ///                      are configured via this function. For users of TLS 1.3,
+    ///                      there will be separate API for the configuration of key
+    ///                      exchange mechanisms.
+    ///
+    ///                      The list of ciphersuites passed to this function may
+    ///                      contain a mixture of TLS 1.2 and TLS 1.3 ciphersuite
+    ///                      identifiers. This is useful if negotiation of TLS 1.3
+    ///                      should be attempted, but a fallback to TLS 1.2 would
+    ///                      be tolerated.
+    ///
+    /// \note                By default, the server chooses its preferred
+    ///                      ciphersuite among those that the client supports. If
+    ///                      mbedtls_ssl_conf_preference_order() is called to prefer
+    ///                      the client's preferences, the server instead chooses
+    ///                      the client's preferred ciphersuite among those that
+    ///                      the server supports.
+    ///
+    /// \warning             The ciphersuites array \p ciphersuites is not copied.
+    ///                      It must remain valid for the lifetime of the SSL
+    ///                      configuration \p conf.
+    ///
+    /// \param conf          The SSL configuration to modify.
+    /// \param ciphersuites  A 0-terminated list of IANA identifiers of supported
+    ///                      ciphersuites, accessible through \c MBEDTLS_TLS_XXX
+    ///                      and \c MBEDTLS_TLS1_3_XXX macros defined in
+    ///                      ssl_ciphersuites.h.
+    pub fn mbedtls_ssl_conf_ciphersuites(
+        conf: *mut mbedtls_ssl_config,
+        ciphersuites: *const crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief Set the supported key exchange modes for TLS 1.3 connections.
+    ///
+    ///        In contrast to TLS 1.2, the ciphersuite concept in TLS 1.3 does not
+    ///        include the choice of key exchange mechanism. It is therefore not
+    ///        covered by the API mbedtls_ssl_conf_ciphersuites(). See the
+    ///        documentation of mbedtls_ssl_conf_ciphersuites() for more
+    ///        information on the ciphersuite concept in TLS 1.2 and TLS 1.3.
+    ///
+    ///        The present function is specific to TLS 1.3 and allows users to
+    ///        configure the set of supported key exchange mechanisms in TLS 1.3.
+    ///
+    /// \param conf       The SSL configuration the change should apply to.
+    /// \param kex_modes  A bitwise combination of one or more of the following:
+    ///                   - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK
+    ///                     This flag enables pure-PSK key exchanges.
+    ///                   - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL
+    ///                     This flag enables combined PSK-ephemeral key exchanges.
+    ///                   - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL
+    ///                     This flag enables pure-ephemeral key exchanges.
+    ///                   For convenience, the following pre-defined macros are
+    ///                   available for combinations of the above:
+    ///                   - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL
+    ///                     Includes all of pure-PSK, PSK-ephemeral and pure-ephemeral.
+    ///                   - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL
+    ///                     Includes both pure-PSK and combined PSK-ephemeral
+    ///                     key exchanges, but excludes pure-ephemeral key exchanges.
+    ///                   - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL
+    ///                     Includes both pure-ephemeral and combined PSK-ephemeral
+    ///                     key exchanges.
+    ///
+    /// \note  If a PSK-based key exchange mode shall be supported, applications
+    ///        must also use the APIs mbedtls_ssl_conf_psk() or
+    ///        mbedtls_ssl_conf_psk_cb() or mbedtls_ssl_conf_psk_opaque()
+    ///        to configure the PSKs to be used.
+    ///
+    /// \note  If a pure-ephemeral key exchange mode shall be supported,
+    ///        server-side applications must also provide a certificate via
+    ///        mbedtls_ssl_conf_own_cert().
+    pub fn mbedtls_ssl_conf_tls13_key_exchange_modes(
+        conf: *mut mbedtls_ssl_config,
+        kex_modes: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief               Specify the length of Connection IDs for incoming
+    ///                      encrypted DTLS records, as well as the behaviour
+    ///                      on unexpected CIDs.
+    ///
+    ///                      By default, the CID length is set to \c 0,
+    ///                      and unexpected CIDs are silently ignored.
+    ///
+    /// \param conf          The SSL configuration to modify.
+    /// \param len           The length in Bytes of the CID fields in encrypted
+    ///                      DTLS records using the CID mechanism. This must
+    ///                      not be larger than #MBEDTLS_SSL_CID_OUT_LEN_MAX.
+    /// \param ignore_other_cids This determines the stack's behaviour when
+    ///                          receiving a record with an unexpected CID.
+    ///                          Possible values are:
+    ///                          - #MBEDTLS_SSL_UNEXPECTED_CID_IGNORE
+    ///                            In this case, the record is silently ignored.
+    ///                          - #MBEDTLS_SSL_UNEXPECTED_CID_FAIL
+    ///                            In this case, the stack fails with the specific
+    ///                            error code #MBEDTLS_ERR_SSL_UNEXPECTED_CID.
+    ///
+    /// \note                The CID specification allows implementations to either
+    ///                      use a common length for all incoming connection IDs or
+    ///                      allow variable-length incoming IDs. Mbed TLS currently
+    ///                      requires a common length for all connections sharing the
+    ///                      same SSL configuration; this allows simpler parsing of
+    ///                      record headers.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if \p own_cid_len
+    ///                      is too large.
+    pub fn mbedtls_ssl_conf_cid(
+        conf: *mut mbedtls_ssl_config,
+        len: usize,
+        ignore_other_cids: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Set the X.509 security profile used for verification
+    ///
+    /// \note           The restrictions are enforced for all certificates in the
+    ///                 chain. However, signatures in the handshake are not covered
+    ///                 by this setting but by \b mbedtls_ssl_conf_sig_hashes().
+    ///
+    /// \param conf     SSL configuration
+    /// \param profile  Profile to use
+    pub fn mbedtls_ssl_conf_cert_profile(
+        conf: *mut mbedtls_ssl_config,
+        profile: *const mbedtls_x509_crt_profile,
+    );
+}
+extern "C" {
+    /// \brief          Set the data required to verify peer certificate
+    ///
+    /// \note           See \c mbedtls_x509_crt_verify() for notes regarding the
+    ///                 parameters ca_chain (maps to trust_ca for that function)
+    ///                 and ca_crl.
+    ///
+    /// \param conf     SSL configuration
+    /// \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs)
+    /// \param ca_crl   trusted CA CRLs
+    pub fn mbedtls_ssl_conf_ca_chain(
+        conf: *mut mbedtls_ssl_config,
+        ca_chain: *mut mbedtls_x509_crt,
+        ca_crl: *mut mbedtls_x509_crl,
+    );
+}
+extern "C" {
+    /// \brief          Set own certificate chain and private key
+    ///
+    /// \note           own_cert should contain in order from the bottom up your
+    ///                 certificate chain. The top certificate (self-signed)
+    ///                 can be omitted.
+    ///
+    /// \note           On server, this function can be called multiple times to
+    ///                 provision more than one cert/key pair (eg one ECDSA, one
+    ///                 RSA with SHA-256, one RSA with SHA-1). An adequate
+    ///                 certificate will be selected according to the client's
+    ///                 advertised capabilities. In case multiple certificates are
+    ///                 adequate, preference is given to the one set by the first
+    ///                 call to this function, then second, etc.
+    ///
+    /// \note           On client, only the first call has any effect. That is,
+    ///                 only one client certificate can be provisioned. The
+    ///                 server's preferences in its CertificateRequest message will
+    ///                 be ignored and our only cert will be sent regardless of
+    ///                 whether it matches those preferences - the server can then
+    ///                 decide what it wants to do with it.
+    ///
+    /// \note           The provided \p pk_key needs to match the public key in the
+    ///                 first certificate in \p own_cert, or all handshakes using
+    ///                 that certificate will fail. It is your responsibility
+    ///                 to ensure that; this function will not perform any check.
+    ///                 You may use mbedtls_pk_check_pair() in order to perform
+    ///                 this check yourself, but be aware that this function can
+    ///                 be computationally expensive on some key types.
+    ///
+    /// \param conf     SSL configuration
+    /// \param own_cert own public certificate chain
+    /// \param pk_key   own private key
+    ///
+    /// \return         0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED
+    pub fn mbedtls_ssl_conf_own_cert(
+        conf: *mut mbedtls_ssl_config,
+        own_cert: *mut mbedtls_x509_crt,
+        pk_key: *mut mbedtls_pk_context,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Configure pre-shared keys (PSKs) and their
+    ///                 identities to be used in PSK-based ciphersuites.
+    ///
+    ///                 Only one PSK can be registered, through either
+    ///                 mbedtls_ssl_conf_psk() or mbedtls_ssl_conf_psk_opaque().
+    ///                 If you attempt to register more than one PSK, this function
+    ///                 fails, though this may change in future versions, which
+    ///                 may add support for multiple PSKs.
+    ///
+    /// \note           This is mainly useful for clients. Servers will usually
+    ///                 want to use \c mbedtls_ssl_conf_psk_cb() instead.
+    ///
+    /// \note           A PSK set by \c mbedtls_ssl_set_hs_psk() in the PSK callback
+    ///                 takes precedence over a PSK configured by this function.
+    ///
+    /// \param conf     The SSL configuration to register the PSK with.
+    /// \param psk      The pointer to the pre-shared key to use.
+    /// \param psk_len  The length of the pre-shared key in bytes.
+    /// \param psk_identity      The pointer to the pre-shared key identity.
+    /// \param psk_identity_len  The length of the pre-shared key identity
+    ///                          in bytes.
+    ///
+    /// \note           The PSK and its identity are copied internally and
+    ///                 hence need not be preserved by the caller for the lifetime
+    ///                 of the SSL configuration.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if no more PSKs
+    ///                 can be configured. In this case, the old PSK(s) remain intact.
+    /// \return         Another negative error code on other kinds of failure.
+    pub fn mbedtls_ssl_conf_psk(
+        conf: *mut mbedtls_ssl_config,
+        psk: *const crate::c_types::c_uchar,
+        psk_len: usize,
+        psk_identity: *const crate::c_types::c_uchar,
+        psk_identity_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Set the pre-shared Key (PSK) for the current handshake.
+    ///
+    /// \note           This should only be called inside the PSK callback,
+    ///                 i.e. the function passed to \c mbedtls_ssl_conf_psk_cb().
+    ///
+    /// \note           A PSK set by this function takes precedence over a PSK
+    ///                 configured by \c mbedtls_ssl_conf_psk().
+    ///
+    /// \param ssl      The SSL context to configure a PSK for.
+    /// \param psk      The pointer to the pre-shared key.
+    /// \param psk_len  The length of the pre-shared key in bytes.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         An \c MBEDTLS_ERR_SSL_XXX error code on failure.
+    pub fn mbedtls_ssl_set_hs_psk(
+        ssl: *mut mbedtls_ssl_context,
+        psk: *const crate::c_types::c_uchar,
+        psk_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Set the PSK callback (server-side only).
+    ///
+    ///                 If set, the PSK callback is called for each
+    ///                 handshake where a PSK-based ciphersuite was negotiated.
+    ///                 The caller provides the identity received and wants to
+    ///                 receive the actual PSK data and length.
+    ///
+    ///                 The callback has the following parameters:
+    ///                 - \c void*: The opaque pointer \p p_psk.
+    ///                 - \c mbedtls_ssl_context*: The SSL context to which
+    ///                                            the operation applies.
+    ///                 - \c const unsigned char*: The PSK identity
+    ///                                            selected by the client.
+    ///                 - \c size_t: The length of the PSK identity
+    ///                              selected by the client.
+    ///
+    ///                 If a valid PSK identity is found, the callback should use
+    ///                 \c mbedtls_ssl_set_hs_psk() or
+    ///                 \c mbedtls_ssl_set_hs_psk_opaque()
+    ///                 on the SSL context to set the correct PSK and return \c 0.
+    ///                 Any other return value will result in a denied PSK identity.
+    ///
+    /// \note           A dynamic PSK (i.e. set by the PSK callback) takes
+    ///                 precedence over a static PSK (i.e. set by
+    ///                 \c mbedtls_ssl_conf_psk() or
+    ///                 \c mbedtls_ssl_conf_psk_opaque()).
+    ///                 This means that if you set a PSK callback using this
+    ///                 function, you don't need to set a PSK using
+    ///                 \c mbedtls_ssl_conf_psk() or
+    ///                 \c mbedtls_ssl_conf_psk_opaque()).
+    ///
+    /// \param conf     The SSL configuration to register the callback with.
+    /// \param f_psk    The callback for selecting and setting the PSK based
+    ///                 in the PSK identity chosen by the client.
+    /// \param p_psk    A pointer to an opaque structure to be passed to
+    ///                 the callback, for example a PSK store.
+    pub fn mbedtls_ssl_conf_psk_cb(
+        conf: *mut mbedtls_ssl_config,
+        f_psk: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut mbedtls_ssl_context,
+                arg3: *const crate::c_types::c_uchar,
+                arg4: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_psk: *mut crate::c_types::c_void,
+    );
+}
+extern "C" {
+    /// \brief          Set the Diffie-Hellman public P and G values
+    ///                 from big-endian binary presentations.
+    ///                 (Default values: MBEDTLS_DHM_RFC3526_MODP_2048_[PG]_BIN)
+    ///
+    /// \param conf     SSL configuration
+    /// \param dhm_P    Diffie-Hellman-Merkle modulus in big-endian binary form
+    /// \param P_len    Length of DHM modulus
+    /// \param dhm_G    Diffie-Hellman-Merkle generator in big-endian binary form
+    /// \param G_len    Length of DHM generator
+    ///
+    /// \return         0 if successful
+    pub fn mbedtls_ssl_conf_dh_param_bin(
+        conf: *mut mbedtls_ssl_config,
+        dhm_P: *const crate::c_types::c_uchar,
+        P_len: usize,
+        dhm_G: *const crate::c_types::c_uchar,
+        G_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Set the Diffie-Hellman public P and G values,
+    ///                 read from existing context (server-side only)
+    ///
+    /// \param conf     SSL configuration
+    /// \param dhm_ctx  Diffie-Hellman-Merkle context
+    ///
+    /// \return         0 if successful
+    pub fn mbedtls_ssl_conf_dh_param_ctx(
+        conf: *mut mbedtls_ssl_config,
+        dhm_ctx: *mut mbedtls_dhm_context,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Set the minimum length for Diffie-Hellman parameters.
+    ///                 (Client-side only.)
+    ///                 (Default: 1024 bits.)
+    ///
+    /// \param conf     SSL configuration
+    /// \param bitlen   Minimum bit length of the DHM prime
+    pub fn mbedtls_ssl_conf_dhm_min_bitlen(
+        conf: *mut mbedtls_ssl_config,
+        bitlen: crate::c_types::c_uint,
+    );
+}
+extern "C" {
+    /// \brief          Set the allowed curves in order of preference.
+    ///
+    ///                 On server: this only affects selection of the ECDHE curve;
+    ///                 the curves used for ECDH and ECDSA are determined by the
+    ///                 list of available certificates instead.
+    ///
+    ///                 On client: this affects the list of curves offered for any
+    ///                 use. The server can override our preference order.
+    ///
+    ///                 Both sides: limits the set of curves accepted for use in
+    ///                 ECDHE and in the peer's end-entity certificate.
+    ///
+    /// \deprecated     Superseded by mbedtls_ssl_conf_groups().
+    ///
+    /// \note           This has no influence on which curves are allowed inside the
+    ///                 certificate chains, see \c mbedtls_ssl_conf_cert_profile()
+    ///                 for that. For the end-entity certificate however, the key
+    ///                 will be accepted only if it is allowed both by this list
+    ///                 and by the cert profile.
+    ///
+    /// \note           This list should be ordered by decreasing preference
+    ///                 (preferred curve first).
+    ///
+    /// \note           The default list is the same set of curves that
+    ///                 #mbedtls_x509_crt_profile_default allows, plus
+    ///                 ECDHE-only curves selected according to the same criteria.
+    ///                 The order favors curves with the lowest resource usage.
+    ///
+    /// \note           New minor versions of Mbed TLS may extend this list,
+    ///                 for example if new curves are added to the library.
+    ///                 New minor versions of Mbed TLS will not remove items
+    ///                 from this list unless serious security concerns require it.
+    ///                 New minor versions of Mbed TLS may change the order in
+    ///                 keeping with the general principle of favoring the lowest
+    ///                 resource usage.
+    ///
+    /// \param conf     SSL configuration
+    /// \param curves   Ordered list of allowed curves,
+    ///                 terminated by MBEDTLS_ECP_DP_NONE.
+    pub fn mbedtls_ssl_conf_curves(
+        conf: *mut mbedtls_ssl_config,
+        curves: *const mbedtls_ecp_group_id,
+    );
+}
+extern "C" {
+    /// \brief          Set the allowed groups in order of preference.
+    ///
+    ///                 On server: This only affects the choice of key agreement mechanism
+    ///
+    ///                 On client: this affects the list of groups offered for any
+    ///                 use. The server can override our preference order.
+    ///
+    ///                 Both sides: limits the set of groups accepted for use in
+    ///                 key sharing.
+    ///
+    /// \note           This function replaces the deprecated mbedtls_ssl_conf_curves(),
+    ///                 which only allows ECP curves to be configured.
+    ///
+    /// \note           The most recent invocation of either mbedtls_ssl_conf_curves()
+    ///                 or mbedtls_ssl_conf_groups() nullifies all previous invocations
+    ///                 of both.
+    ///
+    /// \note           This list should be ordered by decreasing preference
+    ///                 (preferred group first).
+    ///
+    /// \note           When this function is not called, a default list is used,
+    ///                 consisting of all supported curves at 255 bits and above,
+    ///                 and all supported finite fields at 2048 bits and above.
+    ///                 The order favors groups with the lowest resource usage.
+    ///
+    /// \note           New minor versions of Mbed TLS will not remove items
+    ///                 from the default list unless serious security concerns require it.
+    ///                 New minor versions of Mbed TLS may change the order in
+    ///                 keeping with the general principle of favoring the lowest
+    ///                 resource usage.
+    ///
+    /// \param conf     SSL configuration
+    /// \param groups   List of allowed groups ordered by preference, terminated by 0.
+    ///                 Must contain valid IANA NamedGroup IDs (provided via either an integer
+    ///                 or using MBEDTLS_TLS1_3_NAMED_GROUP_XXX macros).
+    pub fn mbedtls_ssl_conf_groups(conf: *mut mbedtls_ssl_config, groups: *const u16);
+}
+extern "C" {
+    /// \brief          Set the allowed hashes for signatures during the handshake.
+    ///
+    /// \note           This only affects which hashes are offered and can be used
+    ///                 for signatures during the handshake. Hashes for message
+    ///                 authentication and the TLS PRF are controlled by the
+    ///                 ciphersuite, see \c mbedtls_ssl_conf_ciphersuites(). Hashes
+    ///                 used for certificate signature are controlled by the
+    ///                 verification profile, see \c mbedtls_ssl_conf_cert_profile().
+    ///
+    /// \note           This list should be ordered by decreasing preference
+    ///                 (preferred hash first).
+    ///
+    /// \note           By default, all supported hashes whose length is at least
+    ///                 256 bits are allowed. This is the same set as the default
+    ///                 for certificate verification
+    ///                 (#mbedtls_x509_crt_profile_default).
+    ///                 The preference order is currently unspecified and may
+    ///                 change in future versions.
+    ///
+    /// \note           New minor versions of Mbed TLS may extend this list,
+    ///                 for example if new curves are added to the library.
+    ///                 New minor versions of Mbed TLS will not remove items
+    ///                 from this list unless serious security concerns require it.
+    ///
+    /// \param conf     SSL configuration
+    /// \param hashes   Ordered list of allowed signature hashes,
+    ///                 terminated by \c MBEDTLS_MD_NONE.
+    pub fn mbedtls_ssl_conf_sig_hashes(
+        conf: *mut mbedtls_ssl_config,
+        hashes: *const crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief          Configure allowed signature algorithms for use in TLS 1.3
+    ///
+    /// \param conf     The SSL configuration to use.
+    /// \param sig_algs List of allowed IANA values for TLS 1.3 signature algorithms,
+    ///                 terminated by \c MBEDTLS_TLS1_3_SIG_NONE. The list must remain
+    ///                 available throughout the lifetime of the conf object. Supported
+    ///                 values are available as \c MBEDTLS_TLS1_3_SIG_XXXX
+    pub fn mbedtls_ssl_conf_sig_algs(conf: *mut mbedtls_ssl_config, sig_algs: *const u16);
+}
+extern "C" {
+    /// \brief          Set or reset the hostname to check against the received
+    ///                 server certificate. It sets the ServerName TLS extension,
+    ///                 too, if that extension is enabled. (client-side only)
+    ///
+    /// \param ssl      SSL context
+    /// \param hostname the server hostname, may be NULL to clear hostname
+    ///
+    /// \note           Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN.
+    ///
+    /// \return         0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on
+    ///                 allocation failure, MBEDTLS_ERR_SSL_BAD_INPUT_DATA on
+    ///                 too long input hostname.
+    ///
+    ///                 Hostname set to the one provided on success (cleared
+    ///                 when NULL). On allocation failure hostname is cleared.
+    ///                 On too long input failure, old hostname is unchanged.
+    pub fn mbedtls_ssl_set_hostname(
+        ssl: *mut mbedtls_ssl_context,
+        hostname: *const crate::c_types::c_char,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Retrieve SNI extension value for the current handshake.
+    ///                 Available in \p f_cert_cb of \c mbedtls_ssl_conf_cert_cb(),
+    ///                 this is the same value passed to \p f_sni callback of
+    ///                 \c mbedtls_ssl_conf_sni() and may be used instead of
+    ///                 \c mbedtls_ssl_conf_sni().
+    ///
+    /// \param ssl      SSL context
+    /// \param name_len pointer into which to store length of returned value.
+    ///                 0 if SNI extension is not present or not yet processed.
+    ///
+    /// \return         const pointer to SNI extension value.
+    ///                 - value is valid only when called in \p f_cert_cb
+    ///                   registered with \c mbedtls_ssl_conf_cert_cb().
+    ///                 - value is NULL if SNI extension is not present.
+    ///                 - value is not '\0'-terminated.  Use \c name_len for len.
+    ///                 - value must not be freed.
+    pub fn mbedtls_ssl_get_hs_sni(
+        ssl: *mut mbedtls_ssl_context,
+        name_len: *mut usize,
+    ) -> *const crate::c_types::c_uchar;
+}
+extern "C" {
+    /// \brief          Set own certificate and key for the current handshake
+    ///
+    /// \note           Same as \c mbedtls_ssl_conf_own_cert() but for use within
+    ///                 the SNI callback or the certificate selection callback.
+    ///
+    /// \note           Passing null \c own_cert clears the certificate list for
+    ///                 the current handshake.
+    ///
+    /// \param ssl      SSL context
+    /// \param own_cert own public certificate chain
+    /// \param pk_key   own private key
+    ///
+    /// \return         0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED
+    pub fn mbedtls_ssl_set_hs_own_cert(
+        ssl: *mut mbedtls_ssl_context,
+        own_cert: *mut mbedtls_x509_crt,
+        pk_key: *mut mbedtls_pk_context,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Set the data required to verify peer certificate for the
+    ///                 current handshake
+    ///
+    /// \note           Same as \c mbedtls_ssl_conf_ca_chain() but for use within
+    ///                 the SNI callback or the certificate selection callback.
+    ///
+    /// \param ssl      SSL context
+    /// \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs)
+    /// \param ca_crl   trusted CA CRLs
+    pub fn mbedtls_ssl_set_hs_ca_chain(
+        ssl: *mut mbedtls_ssl_context,
+        ca_chain: *mut mbedtls_x509_crt,
+        ca_crl: *mut mbedtls_x509_crl,
+    );
+}
+extern "C" {
+    /// \brief          Set DN hints sent to client in CertificateRequest message
+    ///
+    /// \note           Same as \c mbedtls_ssl_conf_dn_hints() but for use within
+    ///                 the SNI callback or the certificate selection callback.
+    ///
+    /// \param ssl      SSL context
+    /// \param crt      crt chain whose subject DNs are issuer DNs of client certs
+    ///                 from which the client should select client peer certificate.
+    pub fn mbedtls_ssl_set_hs_dn_hints(ssl: *mut mbedtls_ssl_context, crt: *const mbedtls_x509_crt);
+}
+extern "C" {
+    /// \brief          Set authmode for the current handshake.
+    ///
+    /// \note           Same as \c mbedtls_ssl_conf_authmode() but for use within
+    ///                 the SNI callback or the certificate selection callback.
+    ///
+    /// \param ssl      SSL context
+    /// \param authmode MBEDTLS_SSL_VERIFY_NONE, MBEDTLS_SSL_VERIFY_OPTIONAL or
+    ///                 MBEDTLS_SSL_VERIFY_REQUIRED
+    pub fn mbedtls_ssl_set_hs_authmode(
+        ssl: *mut mbedtls_ssl_context,
+        authmode: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief          Set server side ServerName TLS extension callback
+    ///                 (optional, server-side only).
+    ///
+    ///                 If set, the ServerName callback is called whenever the
+    ///                 server receives a ServerName TLS extension from the client
+    ///                 during a handshake. The ServerName callback has the
+    ///                 following parameters: (void *parameter, mbedtls_ssl_context *ssl,
+    ///                 const unsigned char *hostname, size_t len). If a suitable
+    ///                 certificate is found, the callback must set the
+    ///                 certificate(s) and key(s) to use with \c
+    ///                 mbedtls_ssl_set_hs_own_cert() (can be called repeatedly),
+    ///                 and may optionally adjust the CA and associated CRL with \c
+    ///                 mbedtls_ssl_set_hs_ca_chain() as well as the client
+    ///                 authentication mode with \c mbedtls_ssl_set_hs_authmode(),
+    ///                 then must return 0. If no matching name is found, the
+    ///                 callback may return non-zero to abort the handshake.
+    ///
+    /// \param conf     SSL configuration
+    /// \param f_sni    verification function
+    /// \param p_sni    verification parameter
+    pub fn mbedtls_ssl_conf_sni(
+        conf: *mut mbedtls_ssl_config,
+        f_sni: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut mbedtls_ssl_context,
+                arg3: *const crate::c_types::c_uchar,
+                arg4: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_sni: *mut crate::c_types::c_void,
+    );
+}
+extern "C" {
+    /// \brief          Set the supported Application Layer Protocols.
+    ///
+    /// \param conf     SSL configuration
+    /// \param protos   Pointer to a NULL-terminated list of supported protocols,
+    ///                 in decreasing preference order. The pointer to the list is
+    ///                 recorded by the library for later reference as required, so
+    ///                 the lifetime of the table must be at least as long as the
+    ///                 lifetime of the SSL configuration structure.
+    ///
+    /// \return         0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA.
+    pub fn mbedtls_ssl_conf_alpn_protocols(
+        conf: *mut mbedtls_ssl_config,
+        protos: *mut *const crate::c_types::c_char,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Get the name of the negotiated Application Layer Protocol.
+    ///                 This function should be called after the handshake is
+    ///                 completed.
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         Protocol name, or NULL if no protocol was negotiated.
+    pub fn mbedtls_ssl_get_alpn_protocol(
+        ssl: *const mbedtls_ssl_context,
+    ) -> *const crate::c_types::c_char;
+}
+extern "C" {
+    /// \brief          Set the maximum supported version sent from the client side
+    ///                 and/or accepted at the server side.
+    ///
+    ///                 See also the documentation of mbedtls_ssl_conf_min_version().
+    ///
+    /// \note           This ignores ciphersuites from higher versions.
+    ///
+    /// \note           This function is deprecated and has been replaced by
+    ///                 \c mbedtls_ssl_conf_max_tls_version().
+    ///
+    /// \param conf     SSL configuration
+    /// \param major    Major version number (#MBEDTLS_SSL_MAJOR_VERSION_3)
+    /// \param minor    Minor version number
+    ///                 (#MBEDTLS_SSL_MINOR_VERSION_3 for (D)TLS 1.2,
+    ///                 #MBEDTLS_SSL_MINOR_VERSION_4 for TLS 1.3)
+    pub fn mbedtls_ssl_conf_max_version(
+        conf: *mut mbedtls_ssl_config,
+        major: crate::c_types::c_int,
+        minor: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief          Set the minimum accepted SSL/TLS protocol version
+    ///
+    /// \note           By default, all supported versions are accepted.
+    ///                 Future versions of the library may disable older
+    ///                 protocol versions by default if they become deprecated.
+    ///
+    /// \note           The following versions are supported (if enabled at
+    ///                 compile time):
+    ///                 - (D)TLS 1.2: \p major = #MBEDTLS_SSL_MAJOR_VERSION_3,
+    ///                   \p minor = #MBEDTLS_SSL_MINOR_VERSION_3
+    ///                 - TLS 1.3: \p major = #MBEDTLS_SSL_MAJOR_VERSION_3,
+    ///                   \p minor = #MBEDTLS_SSL_MINOR_VERSION_4
+    ///
+    ///                 Note that the numbers in the constant names are the
+    ///                 TLS internal protocol numbers, and the minor versions
+    ///                 differ by one from the human-readable versions!
+    ///
+    /// \note           Input outside of the SSL_MAX_XXXXX_VERSION and
+    ///                 SSL_MIN_XXXXX_VERSION range is ignored.
+    ///
+    /// \note           After the handshake, you can call
+    ///                 mbedtls_ssl_get_version_number() to see what version was
+    ///                 negotiated.
+    ///
+    /// \note           This function is deprecated and has been replaced by
+    ///                 \c mbedtls_ssl_conf_min_tls_version().
+    ///
+    /// \param conf     SSL configuration
+    /// \param major    Major version number (#MBEDTLS_SSL_MAJOR_VERSION_3)
+    /// \param minor    Minor version number
+    ///                 (#MBEDTLS_SSL_MINOR_VERSION_3 for (D)TLS 1.2,
+    ///                 #MBEDTLS_SSL_MINOR_VERSION_4 for TLS 1.3)
+    pub fn mbedtls_ssl_conf_min_version(
+        conf: *mut mbedtls_ssl_config,
+        major: crate::c_types::c_int,
+        minor: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief           Enable or disable Encrypt-then-MAC
+    ///                  (Default: MBEDTLS_SSL_ETM_ENABLED)
+    ///
+    /// \note            This should always be enabled, it is a security
+    ///                  improvement, and should not cause any interoperability
+    ///                  issue (used only if the peer supports it too).
+    ///
+    /// \param conf      SSL configuration
+    /// \param etm       MBEDTLS_SSL_ETM_ENABLED or MBEDTLS_SSL_ETM_DISABLED
+    pub fn mbedtls_ssl_conf_encrypt_then_mac(
+        conf: *mut mbedtls_ssl_config,
+        etm: crate::c_types::c_char,
+    );
+}
+extern "C" {
+    /// \brief           Enable or disable Extended Master Secret negotiation.
+    ///                  (Default: MBEDTLS_SSL_EXTENDED_MS_ENABLED)
+    ///
+    /// \note            This should always be enabled, it is a security fix to the
+    ///                  protocol, and should not cause any interoperability issue
+    ///                  (used only if the peer supports it too).
+    ///
+    /// \param conf      SSL configuration
+    /// \param ems       MBEDTLS_SSL_EXTENDED_MS_ENABLED or MBEDTLS_SSL_EXTENDED_MS_DISABLED
+    pub fn mbedtls_ssl_conf_extended_master_secret(
+        conf: *mut mbedtls_ssl_config,
+        ems: crate::c_types::c_char,
+    );
+}
+extern "C" {
+    /// \brief          Whether to send a list of acceptable CAs in
+    ///                 CertificateRequest messages.
+    ///                 (Default: do send)
+    ///
+    /// \param conf     SSL configuration
+    /// \param cert_req_ca_list   MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED or
+    ///                          MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED
+    pub fn mbedtls_ssl_conf_cert_req_ca_list(
+        conf: *mut mbedtls_ssl_config,
+        cert_req_ca_list: crate::c_types::c_char,
+    );
+}
+extern "C" {
+    /// \brief          Set the maximum fragment length to emit and/or negotiate.
+    ///                 (Typical: the smaller of #MBEDTLS_SSL_IN_CONTENT_LEN and
+    ///                 #MBEDTLS_SSL_OUT_CONTENT_LEN, usually `2^14` bytes)
+    ///                 (Server: set maximum fragment length to emit,
+    ///                 usually negotiated by the client during handshake)
+    ///                 (Client: set maximum fragment length to emit *and*
+    ///                 negotiate with the server during handshake)
+    ///                 (Default: #MBEDTLS_SSL_MAX_FRAG_LEN_NONE)
+    ///
+    /// \note           On the client side, the maximum fragment length extension
+    ///                 *will not* be used, unless the maximum fragment length has
+    ///                 been set via this function to a value different than
+    ///                 #MBEDTLS_SSL_MAX_FRAG_LEN_NONE.
+    ///
+    /// \note           With TLS, this currently only affects ApplicationData (sent
+    ///                 with \c mbedtls_ssl_read()), not handshake messages.
+    ///                 With DTLS, this affects both ApplicationData and handshake.
+    ///
+    /// \note           This sets the maximum length for a record's payload,
+    ///                 excluding record overhead that will be added to it, see
+    ///                 \c mbedtls_ssl_get_record_expansion().
+    ///
+    /// \note           For DTLS, it is also possible to set a limit for the total
+    ///                 size of datagrams passed to the transport layer, including
+    ///                 record overhead, see \c mbedtls_ssl_set_mtu().
+    ///
+    /// \param conf     SSL configuration
+    /// \param mfl_code Code for maximum fragment length (allowed values:
+    ///                 MBEDTLS_SSL_MAX_FRAG_LEN_512,  MBEDTLS_SSL_MAX_FRAG_LEN_1024,
+    ///                 MBEDTLS_SSL_MAX_FRAG_LEN_2048, MBEDTLS_SSL_MAX_FRAG_LEN_4096)
+    ///
+    /// \return         0 if successful or MBEDTLS_ERR_SSL_BAD_INPUT_DATA
+    pub fn mbedtls_ssl_conf_max_frag_len(
+        conf: *mut mbedtls_ssl_config,
+        mfl_code: crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Pick the ciphersuites order according to the second parameter
+    ///                 in the SSL Server module (MBEDTLS_SSL_SRV_C).
+    ///                 (Default, if never called: MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER)
+    ///
+    /// \param conf     SSL configuration
+    /// \param order    Server or client (MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER
+    ///                                or MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT)
+    pub fn mbedtls_ssl_conf_preference_order(
+        conf: *mut mbedtls_ssl_config,
+        order: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief          Enable / Disable session tickets (client only).
+    ///                 (Default: MBEDTLS_SSL_SESSION_TICKETS_ENABLED.)
+    ///
+    /// \note           On server, use \c mbedtls_ssl_conf_session_tickets_cb().
+    ///
+    /// \param conf     SSL configuration
+    /// \param use_tickets   Enable or disable (MBEDTLS_SSL_SESSION_TICKETS_ENABLED or
+    ///                                         MBEDTLS_SSL_SESSION_TICKETS_DISABLED)
+    pub fn mbedtls_ssl_conf_session_tickets(
+        conf: *mut mbedtls_ssl_config,
+        use_tickets: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief   Number of NewSessionTicket messages for the server to send
+    ///          after handshake completion.
+    ///
+    /// \note    The default value is
+    ///          \c MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS.
+    ///
+    /// \note    In case of a session resumption, this setting only partially apply.
+    ///          At most one ticket is sent in that case to just renew the pool of
+    ///          tickets of the client. The rationale is to avoid the number of
+    ///          tickets on the server to become rapidly out of control when the
+    ///          server has the same configuration for all its connection instances.
+    ///
+    /// \param conf    SSL configuration
+    /// \param num_tickets    Number of NewSessionTicket.
+    pub fn mbedtls_ssl_conf_new_session_tickets(conf: *mut mbedtls_ssl_config, num_tickets: u16);
+}
+extern "C" {
+    /// \brief          Enable / Disable renegotiation support for connection when
+    ///                 initiated by peer
+    ///                 (Default: MBEDTLS_SSL_RENEGOTIATION_DISABLED)
+    ///
+    /// \warning        It is recommended to always disable renegotiation unless you
+    ///                 know you need it and you know what you're doing. In the
+    ///                 past, there have been several issues associated with
+    ///                 renegotiation or a poor understanding of its properties.
+    ///
+    /// \note           Server-side, enabling renegotiation also makes the server
+    ///                 susceptible to a resource DoS by a malicious client.
+    ///
+    /// \param conf    SSL configuration
+    /// \param renegotiation     Enable or disable (MBEDTLS_SSL_RENEGOTIATION_ENABLED or
+    ///                                             MBEDTLS_SSL_RENEGOTIATION_DISABLED)
+    pub fn mbedtls_ssl_conf_renegotiation(
+        conf: *mut mbedtls_ssl_config,
+        renegotiation: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief          Prevent or allow legacy renegotiation.
+    ///                 (Default: MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION)
+    ///
+    ///                 MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION allows connections to
+    ///                 be established even if the peer does not support
+    ///                 secure renegotiation, but does not allow renegotiation
+    ///                 to take place if not secure.
+    ///                 (Interoperable and secure option)
+    ///
+    ///                 MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION allows renegotiations
+    ///                 with non-upgraded peers. Allowing legacy renegotiation
+    ///                 makes the connection vulnerable to specific man in the
+    ///                 middle attacks. (See RFC 5746)
+    ///                 (Most interoperable and least secure option)
+    ///
+    ///                 MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE breaks off connections
+    ///                 if peer does not support secure renegotiation. Results
+    ///                 in interoperability issues with non-upgraded peers
+    ///                 that do not support renegotiation altogether.
+    ///                 (Most secure option, interoperability issues)
+    ///
+    /// \param conf     SSL configuration
+    /// \param allow_legacy  Prevent or allow (SSL_NO_LEGACY_RENEGOTIATION,
+    ///                                        SSL_ALLOW_LEGACY_RENEGOTIATION or
+    ///                                        MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE)
+    pub fn mbedtls_ssl_conf_legacy_renegotiation(
+        conf: *mut mbedtls_ssl_config,
+        allow_legacy: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief          Enforce renegotiation requests.
+    ///                 (Default: enforced, max_records = 16)
+    ///
+    ///                 When we request a renegotiation, the peer can comply or
+    ///                 ignore the request. This function allows us to decide
+    ///                 whether to enforce our renegotiation requests by closing
+    ///                 the connection if the peer doesn't comply.
+    ///
+    ///                 However, records could already be in transit from the peer
+    ///                 when the request is emitted. In order to increase
+    ///                 reliability, we can accept a number of records before the
+    ///                 expected handshake records.
+    ///
+    ///                 The optimal value is highly dependent on the specific usage
+    ///                 scenario.
+    ///
+    /// \note           With DTLS and server-initiated renegotiation, the
+    ///                 HelloRequest is retransmitted every time mbedtls_ssl_read() times
+    ///                 out or receives Application Data, until:
+    ///                 - max_records records have beens seen, if it is >= 0, or
+    ///                 - the number of retransmits that would happen during an
+    ///                 actual handshake has been reached.
+    ///                 Please remember the request might be lost a few times
+    ///                 if you consider setting max_records to a really low value.
+    ///
+    /// \warning        On client, the grace period can only happen during
+    ///                 mbedtls_ssl_read(), as opposed to mbedtls_ssl_write() and mbedtls_ssl_renegotiate()
+    ///                 which always behave as if max_record was 0. The reason is,
+    ///                 if we receive application data from the server, we need a
+    ///                 place to write it, which only happens during mbedtls_ssl_read().
+    ///
+    /// \param conf     SSL configuration
+    /// \param max_records Use MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED if you don't want to
+    ///                 enforce renegotiation, or a non-negative value to enforce
+    ///                 it but allow for a grace period of max_records records.
+    pub fn mbedtls_ssl_conf_renegotiation_enforced(
+        conf: *mut mbedtls_ssl_config,
+        max_records: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief          Set record counter threshold for periodic renegotiation.
+    ///                 (Default: 2^48 - 1)
+    ///
+    ///                 Renegotiation is automatically triggered when a record
+    ///                 counter (outgoing or incoming) crosses the defined
+    ///                 threshold. The default value is meant to prevent the
+    ///                 connection from being closed when the counter is about to
+    ///                 reached its maximal value (it is not allowed to wrap).
+    ///
+    ///                 Lower values can be used to enforce policies such as "keys
+    ///                 must be refreshed every N packets with cipher X".
+    ///
+    ///                 The renegotiation period can be disabled by setting
+    ///                 conf->disable_renegotiation to
+    ///                 MBEDTLS_SSL_RENEGOTIATION_DISABLED.
+    ///
+    /// \note           When the configured transport is
+    ///                 MBEDTLS_SSL_TRANSPORT_DATAGRAM the maximum renegotiation
+    ///                 period is 2^48 - 1, and for MBEDTLS_SSL_TRANSPORT_STREAM,
+    ///                 the maximum renegotiation period is 2^64 - 1.
+    ///
+    /// \param conf     SSL configuration
+    /// \param period   The threshold value: a big-endian 64-bit number.
+    pub fn mbedtls_ssl_conf_renegotiation_period(
+        conf: *mut mbedtls_ssl_config,
+        period: *const crate::c_types::c_uchar,
+    );
+}
+extern "C" {
+    /// \brief          Check if there is data already read from the
+    ///                 underlying transport but not yet processed.
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         0 if nothing's pending, 1 otherwise.
+    ///
+    /// \note           This is different in purpose and behaviour from
+    ///                 \c mbedtls_ssl_get_bytes_avail in that it considers
+    ///                 any kind of unprocessed data, not only unread
+    ///                 application data. If \c mbedtls_ssl_get_bytes
+    ///                 returns a non-zero value, this function will
+    ///                 also signal pending data, but the converse does
+    ///                 not hold. For example, in DTLS there might be
+    ///                 further records waiting to be processed from
+    ///                 the current underlying transport's datagram.
+    ///
+    /// \note           If this function returns 1 (data pending), this
+    ///                 does not imply that a subsequent call to
+    ///                 \c mbedtls_ssl_read will provide any data;
+    ///                 e.g., the unprocessed data might turn out
+    ///                 to be an alert or a handshake message.
+    ///
+    /// \note           This function is useful in the following situation:
+    ///                 If the SSL/TLS module successfully returns from an
+    ///                 operation - e.g. a handshake or an application record
+    ///                 read - and you're awaiting incoming data next, you
+    ///                 must not immediately idle on the underlying transport
+    ///                 to have data ready, but you need to check the value
+    ///                 of this function first. The reason is that the desired
+    ///                 data might already be read but not yet processed.
+    ///                 If, in contrast, a previous call to the SSL/TLS module
+    ///                 returned MBEDTLS_ERR_SSL_WANT_READ, it is not necessary
+    ///                 to call this function, as the latter error code entails
+    ///                 that all internal data has been processed.
+    pub fn mbedtls_ssl_check_pending(ssl: *const mbedtls_ssl_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Return the number of application data bytes
+    ///                 remaining to be read from the current record.
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         How many bytes are available in the application
+    ///                 data record read buffer.
+    ///
+    /// \note           When working over a datagram transport, this is
+    ///                 useful to detect the current datagram's boundary
+    ///                 in case \c mbedtls_ssl_read has written the maximal
+    ///                 amount of data fitting into the input buffer.
+    pub fn mbedtls_ssl_get_bytes_avail(ssl: *const mbedtls_ssl_context) -> usize;
+}
+extern "C" {
+    /// \brief          Return the result of the certificate verification
+    ///
+    /// \param ssl      The SSL context to use.
+    ///
+    /// \return         \c 0 if the certificate verification was successful.
+    /// \return         \c -1u if the result is not available. This may happen
+    ///                 e.g. if the handshake aborts early, or a verification
+    ///                 callback returned a fatal error.
+    /// \return         A bitwise combination of \c MBEDTLS_X509_BADCERT_XXX
+    ///                 and \c MBEDTLS_X509_BADCRL_XXX failure flags; see x509.h.
+    pub fn mbedtls_ssl_get_verify_result(ssl: *const mbedtls_ssl_context) -> u32;
+}
+extern "C" {
+    /// \brief          Return the id of the current ciphersuite
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         a ciphersuite id
+    pub fn mbedtls_ssl_get_ciphersuite_id_from_ssl(
+        ssl: *const mbedtls_ssl_context,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Return the name of the current ciphersuite
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         a string containing the ciphersuite name
+    pub fn mbedtls_ssl_get_ciphersuite(
+        ssl: *const mbedtls_ssl_context,
+    ) -> *const crate::c_types::c_char;
+}
+extern "C" {
+    /// \brief          Return the current TLS version
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         a string containing the TLS version
+    pub fn mbedtls_ssl_get_version(
+        ssl: *const mbedtls_ssl_context,
+    ) -> *const crate::c_types::c_char;
+}
+extern "C" {
+    /// \brief          Return the (maximum) number of bytes added by the record
+    ///                 layer: header + encryption/MAC overhead (inc. padding)
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         Current maximum record expansion in bytes
+    pub fn mbedtls_ssl_get_record_expansion(
+        ssl: *const mbedtls_ssl_context,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Return the current maximum outgoing record payload in bytes.
+    ///
+    /// \note           The logic to determine the maximum outgoing record payload is
+    ///                 version-specific. It takes into account various factors, such as
+    ///                 the mbedtls_config.h setting \c MBEDTLS_SSL_OUT_CONTENT_LEN, extensions
+    ///                 such as the max fragment length or record size limit extension if
+    ///                 used, and for DTLS the path MTU as configured and current
+    ///                 record expansion.
+    ///
+    /// \note           With DTLS, \c mbedtls_ssl_write() will return an error if
+    ///                 called with a larger length value.
+    ///                 With TLS, \c mbedtls_ssl_write() will fragment the input if
+    ///                 necessary and return the number of bytes written; it is up
+    ///                 to the caller to call \c mbedtls_ssl_write() again in
+    ///                 order to send the remaining bytes if any.
+    ///
+    /// \sa             mbedtls_ssl_get_max_out_record_payload()
+    /// \sa             mbedtls_ssl_get_record_expansion()
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         Current maximum payload for an outgoing record,
+    ///                 or a negative error code.
+    pub fn mbedtls_ssl_get_max_out_record_payload(
+        ssl: *const mbedtls_ssl_context,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Return the current maximum incoming record payload in bytes.
+    ///
+    /// \note           The logic to determine the maximum incoming record payload is
+    ///                 version-specific. It takes into account various factors, such as
+    ///                 the mbedtls_config.h setting \c MBEDTLS_SSL_IN_CONTENT_LEN, extensions
+    ///                 such as the max fragment length extension or record size limit
+    ///                 extension if used, and the current record expansion.
+    ///
+    /// \sa             mbedtls_ssl_set_mtu()
+    /// \sa             mbedtls_ssl_get_max_in_record_payload()
+    /// \sa             mbedtls_ssl_get_record_expansion()
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         Current maximum payload for an incoming record,
+    ///                 or a negative error code.
+    pub fn mbedtls_ssl_get_max_in_record_payload(
+        ssl: *const mbedtls_ssl_context,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Return the peer certificate from the current connection.
+    ///
+    /// \param  ssl     The SSL context to use. This must be initialized and setup.
+    ///
+    /// \return         The current peer certificate, if available.
+    ///                 The returned certificate is owned by the SSL context and
+    ///                 is valid only until the next call to the SSL API.
+    /// \return         \c NULL if no peer certificate is available. This might
+    ///                 be because the chosen ciphersuite doesn't use CRTs
+    ///                 (PSK-based ciphersuites, for example), or because
+    ///                 #MBEDTLS_SSL_KEEP_PEER_CERTIFICATE has been disabled,
+    ///                 allowing the stack to free the peer's CRT to save memory.
+    ///
+    /// \note           For one-time inspection of the peer's certificate during
+    ///                 the handshake, consider registering an X.509 CRT verification
+    ///                 callback through mbedtls_ssl_conf_verify() instead of calling
+    ///                 this function. Using mbedtls_ssl_conf_verify() also comes at
+    ///                 the benefit of allowing you to influence the verification
+    ///                 process, for example by masking expected and tolerated
+    ///                 verification failures.
+    ///
+    /// \warning        You must not use the pointer returned by this function
+    ///                 after any further call to the SSL API, including
+    ///                 mbedtls_ssl_read() and mbedtls_ssl_write(); this is
+    ///                 because the pointer might change during renegotiation,
+    ///                 which happens transparently to the user.
+    ///                 If you want to use the certificate across API calls,
+    ///                 you must make a copy.
+    pub fn mbedtls_ssl_get_peer_cert(ssl: *const mbedtls_ssl_context) -> *const mbedtls_x509_crt;
+}
+extern "C" {
+    /// \brief          Export a session in order to resume it later.
+    ///
+    /// \param ssl      The SSL context representing the connection for which to
+    ///                 to export a session structure for later resumption.
+    /// \param session  The target structure in which to store the exported session.
+    ///                 This must have been initialized with mbedtls_ssl_init_session()
+    ///                 but otherwise be unused.
+    ///
+    /// \note           This function can handle a variety of mechanisms for session
+    ///                 resumption: For TLS 1.2, both session ID-based resumption and
+    ///                 ticket-based resumption will be considered. For TLS 1.3,
+    ///                 once implemented, sessions equate to tickets, and calling
+    ///                 this function multiple times will export the available
+    ///                 tickets one a time until no further tickets are available,
+    ///                 in which case MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE will
+    ///                 be returned.
+    ///
+    /// \note           Calling this function multiple times will only be useful
+    ///                 once TLS 1.3 is supported. For TLS 1.2 connections, this
+    ///                 function should be called at most once.
+    ///
+    /// \return         \c 0 if successful. In this case, \p session can be used for
+    ///                 session resumption by passing it to mbedtls_ssl_set_session(),
+    ///                 and serialized for storage via mbedtls_ssl_session_save().
+    /// \return         #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if no further session
+    ///                 is available for export.
+    ///                 This error is a non-fatal, and has no observable effect on
+    ///                 the SSL context or the destination session.
+    /// \return         Another negative error code on other kinds of failure.
+    ///
+    /// \sa             mbedtls_ssl_set_session()
+    /// \sa             mbedtls_ssl_session_save()
+    pub fn mbedtls_ssl_get_session(
+        ssl: *const mbedtls_ssl_context,
+        session: *mut mbedtls_ssl_session,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform the SSL handshake
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_SSL_WANT_READ or #MBEDTLS_ERR_SSL_WANT_WRITE
+    ///                 if the handshake is incomplete and waiting for data to
+    ///                 be available for reading from or writing to the underlying
+    ///                 transport - in this case you must call this function again
+    ///                 when the underlying transport is ready for the operation.
+    /// \return         #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if an asynchronous
+    ///                 operation is in progress (see
+    ///                 mbedtls_ssl_conf_async_private_cb()) - in this case you
+    ///                 must call this function again when the operation is ready.
+    /// \return         #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS if a cryptographic
+    ///                 operation is in progress (see mbedtls_ecp_set_max_ops()) -
+    ///                 in this case you must call this function again to complete
+    ///                 the handshake when you're done attending other tasks.
+    /// \return         #MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED if DTLS is in use
+    ///                 and the client did not demonstrate reachability yet - in
+    ///                 this case you must stop using the context (see below).
+    /// \return         Another SSL error code - in this case you must stop using
+    ///                 the context (see below).
+    ///
+    /// \warning        If this function returns something other than
+    ///                 \c 0,
+    ///                 #MBEDTLS_ERR_SSL_WANT_READ,
+    ///                 #MBEDTLS_ERR_SSL_WANT_WRITE,
+    ///                 #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or
+    ///                 #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS,
+    ///                 you must stop using the SSL context for reading or writing,
+    ///                 and either free it or call \c mbedtls_ssl_session_reset()
+    ///                 on it before re-using it for a new connection; the current
+    ///                 connection must be closed.
+    ///
+    /// \note           If DTLS is in use, then you may choose to handle
+    ///                 #MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED specially for logging
+    ///                 purposes, as it is an expected return value rather than an
+    ///                 actual error, but you still need to reset/free the context.
+    ///
+    /// \note           Remarks regarding event-driven DTLS:
+    ///                 If the function returns #MBEDTLS_ERR_SSL_WANT_READ, no datagram
+    ///                 from the underlying transport layer is currently being processed,
+    ///                 and it is safe to idle until the timer or the underlying transport
+    ///                 signal a new event. This is not true for a successful handshake,
+    ///                 in which case the datagram of the underlying transport that is
+    ///                 currently being processed might or might not contain further
+    ///                 DTLS records.
+    ///
+    /// \note           If the context is configured to allow TLS 1.3, or if
+    ///                 #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+    ///                 subsystem must have been initialized by calling
+    ///                 psa_crypto_init() before calling this function.
+    pub fn mbedtls_ssl_handshake(ssl: *mut mbedtls_ssl_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a single step of the SSL handshake
+    ///
+    /// \note           The state of the context (ssl->state) will be at
+    ///                 the next state after this function returns \c 0. Do not
+    ///                 call this function if mbedtls_ssl_is_handshake_over()
+    ///                 returns \c 1.
+    ///
+    /// \warning        Whilst in the past you may have used direct access to the
+    ///                 context state (ssl->state) in order to ascertain when to
+    ///                 stop calling this function and although you can still do
+    ///                 so with something like ssl->MBEDTLS_PRIVATE(state) or by
+    ///                 defining MBEDTLS_ALLOW_PRIVATE_ACCESS, this is now
+    ///                 considered deprecated and could be broken in any future
+    ///                 release. If you still find you have good reason for such
+    ///                 direct access, then please do contact the team to explain
+    ///                 this (raise an issue or post to the mailing list), so that
+    ///                 we can add a solution to your problem that will be
+    ///                 guaranteed to work in the future.
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         See mbedtls_ssl_handshake().
+    ///
+    /// \warning        If this function returns something other than \c 0,
+    ///                 #MBEDTLS_ERR_SSL_WANT_READ, #MBEDTLS_ERR_SSL_WANT_WRITE,
+    ///                 #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or
+    ///                 #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, you must stop using
+    ///                 the SSL context for reading or writing, and either free it
+    ///                 or call \c mbedtls_ssl_session_reset() on it before
+    ///                 re-using it for a new connection; the current connection
+    ///                 must be closed.
+    pub fn mbedtls_ssl_handshake_step(ssl: *mut mbedtls_ssl_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Initiate an SSL renegotiation on the running connection.
+    ///                 Client: perform the renegotiation right now.
+    ///                 Server: request renegotiation, which will be performed
+    ///                 during the next call to mbedtls_ssl_read() if honored by
+    ///                 client.
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         0 if successful, or any mbedtls_ssl_handshake() return
+    ///                 value except #MBEDTLS_ERR_SSL_CLIENT_RECONNECT that can't
+    ///                 happen during a renegotiation.
+    ///
+    /// \warning        If this function returns something other than \c 0,
+    ///                 #MBEDTLS_ERR_SSL_WANT_READ, #MBEDTLS_ERR_SSL_WANT_WRITE,
+    ///                 #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or
+    ///                 #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, you must stop using
+    ///                 the SSL context for reading or writing, and either free it
+    ///                 or call \c mbedtls_ssl_session_reset() on it before
+    ///                 re-using it for a new connection; the current connection
+    ///                 must be closed.
+    pub fn mbedtls_ssl_renegotiate(ssl: *mut mbedtls_ssl_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Read at most 'len' application data bytes
+    ///
+    /// \param ssl      SSL context
+    /// \param buf      buffer that will hold the data
+    /// \param len      maximum number of bytes to read
+    ///
+    /// \return         The (positive) number of bytes read if successful.
+    /// \return         \c 0 if the read end of the underlying transport was closed
+    ///                 without sending a CloseNotify beforehand, which might happen
+    ///                 because of various reasons (internal error of an underlying
+    ///                 stack, non-conformant peer not sending a CloseNotify and
+    ///                 such) - in this case you must stop using the context
+    ///                 (see below).
+    /// \return         #MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY if the underlying
+    ///                 transport is still functional, but the peer has
+    ///                 acknowledged to not send anything anymore.
+    /// \return         #MBEDTLS_ERR_SSL_WANT_READ or #MBEDTLS_ERR_SSL_WANT_WRITE
+    ///                 if the handshake is incomplete and waiting for data to
+    ///                 be available for reading from or writing to the underlying
+    ///                 transport - in this case you must call this function again
+    ///                 when the underlying transport is ready for the operation.
+    /// \return         #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if an asynchronous
+    ///                 operation is in progress (see
+    ///                 mbedtls_ssl_conf_async_private_cb()) - in this case you
+    ///                 must call this function again when the operation is ready.
+    /// \return         #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS if a cryptographic
+    ///                 operation is in progress (see mbedtls_ecp_set_max_ops()) -
+    ///                 in this case you must call this function again to complete
+    ///                 the handshake when you're done attending other tasks.
+    /// \return         #MBEDTLS_ERR_SSL_CLIENT_RECONNECT if we're at the server
+    ///                 side of a DTLS connection and the client is initiating a
+    ///                 new connection using the same source port. See below.
+    /// \return         Another SSL error code - in this case you must stop using
+    ///                 the context (see below).
+    ///
+    /// \warning        If this function returns something other than
+    ///                 a positive value,
+    ///                 #MBEDTLS_ERR_SSL_WANT_READ,
+    ///                 #MBEDTLS_ERR_SSL_WANT_WRITE,
+    ///                 #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS,
+    ///                 #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS or
+    ///                 #MBEDTLS_ERR_SSL_CLIENT_RECONNECT,
+    ///                 you must stop using the SSL context for reading or writing,
+    ///                 and either free it or call \c mbedtls_ssl_session_reset()
+    ///                 on it before re-using it for a new connection; the current
+    ///                 connection must be closed.
+    ///
+    /// \note           When this function returns #MBEDTLS_ERR_SSL_CLIENT_RECONNECT
+    ///                 (which can only happen server-side), it means that a client
+    ///                 is initiating a new connection using the same source port.
+    ///                 You can either treat that as a connection close and wait
+    ///                 for the client to resend a ClientHello, or directly
+    ///                 continue with \c mbedtls_ssl_handshake() with the same
+    ///                 context (as it has been reset internally). Either way, you
+    ///                 must make sure this is seen by the application as a new
+    ///                 connection: application state, if any, should be reset, and
+    ///                 most importantly the identity of the client must be checked
+    ///                 again. WARNING: not validating the identity of the client
+    ///                 again, or not transmitting the new identity to the
+    ///                 application layer, would allow authentication bypass!
+    ///
+    /// \note           Remarks regarding event-driven DTLS:
+    ///                 - If the function returns #MBEDTLS_ERR_SSL_WANT_READ, no datagram
+    ///                   from the underlying transport layer is currently being processed,
+    ///                   and it is safe to idle until the timer or the underlying transport
+    ///                   signal a new event.
+    ///                 - This function may return MBEDTLS_ERR_SSL_WANT_READ even if data was
+    ///                   initially available on the underlying transport, as this data may have
+    ///                   been only e.g. duplicated messages or a renegotiation request.
+    ///                   Therefore, you must be prepared to receive MBEDTLS_ERR_SSL_WANT_READ even
+    ///                   when reacting to an incoming-data event from the underlying transport.
+    ///                 - On success, the datagram of the underlying transport that is currently
+    ///                   being processed may contain further DTLS records. You should call
+    ///                   \c mbedtls_ssl_check_pending to check for remaining records.
+    pub fn mbedtls_ssl_read(
+        ssl: *mut mbedtls_ssl_context,
+        buf: *mut crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Try to write exactly 'len' application data bytes
+    ///
+    /// \warning        This function will do partial writes in some cases. If the
+    ///                 return value is non-negative but less than length, the
+    ///                 function must be called again with updated arguments:
+    ///                 buf + ret, len - ret (if ret is the return value) until
+    ///                 it returns a value equal to the last 'len' argument.
+    ///
+    /// \param ssl      SSL context
+    /// \param buf      buffer holding the data
+    /// \param len      how many bytes must be written
+    ///
+    /// \return         The (non-negative) number of bytes actually written if
+    ///                 successful (may be less than \p len).
+    /// \return         #MBEDTLS_ERR_SSL_WANT_READ or #MBEDTLS_ERR_SSL_WANT_WRITE
+    ///                 if the handshake is incomplete and waiting for data to
+    ///                 be available for reading from or writing to the underlying
+    ///                 transport - in this case you must call this function again
+    ///                 when the underlying transport is ready for the operation.
+    /// \return         #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if an asynchronous
+    ///                 operation is in progress (see
+    ///                 mbedtls_ssl_conf_async_private_cb()) - in this case you
+    ///                 must call this function again when the operation is ready.
+    /// \return         #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS if a cryptographic
+    ///                 operation is in progress (see mbedtls_ecp_set_max_ops()) -
+    ///                 in this case you must call this function again to complete
+    ///                 the handshake when you're done attending other tasks.
+    /// \return         Another SSL error code - in this case you must stop using
+    ///                 the context (see below).
+    ///
+    /// \warning        If this function returns something other than
+    ///                 a non-negative value,
+    ///                 #MBEDTLS_ERR_SSL_WANT_READ,
+    ///                 #MBEDTLS_ERR_SSL_WANT_WRITE,
+    ///                 #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or
+    ///                 #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS,
+    ///                 you must stop using the SSL context for reading or writing,
+    ///                 and either free it or call \c mbedtls_ssl_session_reset()
+    ///                 on it before re-using it for a new connection; the current
+    ///                 connection must be closed.
+    ///
+    /// \note           When this function returns #MBEDTLS_ERR_SSL_WANT_WRITE/READ,
+    ///                 it must be called later with the *same* arguments,
+    ///                 until it returns a value greater than or equal to 0. When
+    ///                 the function returns #MBEDTLS_ERR_SSL_WANT_WRITE there may be
+    ///                 some partial data in the output buffer, however this is not
+    ///                 yet sent.
+    ///
+    /// \note           If the requested length is greater than the maximum
+    ///                 fragment length (either the built-in limit or the one set
+    ///                 or negotiated with the peer), then:
+    ///                 - with TLS, less bytes than requested are written.
+    ///                 - with DTLS, MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned.
+    ///                 \c mbedtls_ssl_get_max_out_record_payload() may be used to
+    ///                 query the active maximum fragment length.
+    ///
+    /// \note           Attempting to write 0 bytes will result in an empty TLS
+    ///                 application record being sent.
+    pub fn mbedtls_ssl_write(
+        ssl: *mut mbedtls_ssl_context,
+        buf: *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Send an alert message
+    ///
+    /// \param ssl       SSL context
+    /// \param level     The alert level of the message
+    ///                  (MBEDTLS_SSL_ALERT_LEVEL_WARNING or MBEDTLS_SSL_ALERT_LEVEL_FATAL)
+    /// \param message   The alert message (SSL_ALERT_MSG_*)
+    ///
+    /// \return          0 if successful, or a specific SSL error code.
+    ///
+    /// \note           If this function returns something other than 0 or
+    ///                 MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using
+    ///                 the SSL context for reading or writing, and either free it or
+    ///                 call \c mbedtls_ssl_session_reset() on it before re-using it
+    ///                 for a new connection; the current connection must be closed.
+    pub fn mbedtls_ssl_send_alert_message(
+        ssl: *mut mbedtls_ssl_context,
+        level: crate::c_types::c_uchar,
+        message: crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Notify the peer that the connection is being closed
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return          0 if successful, or a specific SSL error code.
+    ///
+    /// \note           If this function returns something other than 0 or
+    ///                 MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using
+    ///                 the SSL context for reading or writing, and either free it or
+    ///                 call \c mbedtls_ssl_session_reset() on it before re-using it
+    ///                 for a new connection; the current connection must be closed.
+    pub fn mbedtls_ssl_close_notify(ssl: *mut mbedtls_ssl_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Free referenced items in an SSL context and clear memory
+    ///
+    /// \param ssl      SSL context
+    pub fn mbedtls_ssl_free(ssl: *mut mbedtls_ssl_context);
+}
+extern "C" {
+    /// \brief          Save an active connection as serialized data in a buffer.
+    ///                 This allows the freeing or re-using of the SSL context
+    ///                 while still picking up the connection later in a way that
+    ///                 it entirely transparent to the peer.
+    ///
+    /// \see            mbedtls_ssl_context_load()
+    ///
+    /// \note           The serialized data only contains the data that is
+    ///                 necessary to resume the connection: negotiated protocol
+    ///                 options, session identifier, keys, etc.
+    ///                 Loading a saved SSL context does not restore settings and
+    ///                 state related to how the application accesses the context,
+    ///                 such as configured callback functions, user data, pending
+    ///                 incoming or outgoing data, etc.
+    ///
+    /// \note           This feature is currently only available under certain
+    ///                 conditions, see the documentation of the return value
+    ///                 #MBEDTLS_ERR_SSL_BAD_INPUT_DATA for details.
+    ///
+    /// \note           When this function succeeds, it calls
+    ///                 mbedtls_ssl_session_reset() on \p ssl which as a result is
+    ///                 no longer associated with the connection that has been
+    ///                 serialized. This avoids creating copies of the connection
+    ///                 state. You're then free to either re-use the context
+    ///                 structure for a different connection, or call
+    ///                 mbedtls_ssl_free() on it. See the documentation of
+    ///                 mbedtls_ssl_session_reset() for more details.
+    ///
+    /// \param ssl      The SSL context to save. On success, it is no longer
+    ///                 associated with the connection that has been serialized.
+    /// \param buf      The buffer to write the serialized data to. It must be a
+    ///                 writeable buffer of at least \p buf_len bytes, or may be \c
+    ///                 NULL if \p buf_len is \c 0.
+    /// \param buf_len  The number of bytes available for writing in \p buf.
+    /// \param olen     The size in bytes of the data that has been or would have
+    ///                 been written. It must point to a valid \c size_t.
+    ///
+    /// \note           \p olen is updated to the correct value regardless of
+    ///                 whether \p buf_len was large enough. This makes it possible
+    ///                 to determine the necessary size by calling this function
+    ///                 with \p buf set to \c NULL and \p buf_len to \c 0. However,
+    ///                 the value of \p olen is only guaranteed to be correct when
+    ///                 the function returns #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL or
+    ///                 \c 0. If the return value is different, then the value of
+    ///                 \p olen is undefined.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small.
+    /// \return         #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed
+    ///                 while resetting the context.
+    /// \return         #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if a handshake is in
+    ///                 progress, or there is pending data for reading or sending,
+    ///                 or the connection does not use DTLS 1.2 with an AEAD
+    ///                 ciphersuite, or renegotiation is enabled.
+    pub fn mbedtls_ssl_context_save(
+        ssl: *mut mbedtls_ssl_context,
+        buf: *mut crate::c_types::c_uchar,
+        buf_len: usize,
+        olen: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Load serialized connection data to an SSL context.
+    ///
+    /// \see            mbedtls_ssl_context_save()
+    ///
+    /// \warning        The same serialized data must never be loaded into more
+    ///                 that one context. In order to ensure that, after
+    ///                 successfully loading serialized data to an SSL context, you
+    ///                 should immediately destroy or invalidate all copies of the
+    ///                 serialized data that was loaded. Loading the same data in
+    ///                 more than one context would cause severe security failures
+    ///                 including but not limited to loss of confidentiality.
+    ///
+    /// \note           Before calling this function, the SSL context must be
+    ///                 prepared in one of the two following ways. The first way is
+    ///                 to take a context freshly initialised with
+    ///                 mbedtls_ssl_init() and call mbedtls_ssl_setup() on it with
+    ///                 the same ::mbedtls_ssl_config structure that was used in
+    ///                 the original connection. The second way is to
+    ///                 call mbedtls_ssl_session_reset() on a context that was
+    ///                 previously prepared as above but used in the meantime.
+    ///                 Either way, you must not use the context to perform a
+    ///                 handshake between calling mbedtls_ssl_setup() or
+    ///                 mbedtls_ssl_session_reset() and calling this function. You
+    ///                 may however call other setter functions in that time frame
+    ///                 as indicated in the note below.
+    ///
+    /// \note           Before or after calling this function successfully, you
+    ///                 also need to configure some connection-specific callbacks
+    ///                 and settings before you can use the connection again
+    ///                 (unless they were already set before calling
+    ///                 mbedtls_ssl_session_reset() and the values are suitable for
+    ///                 the present connection). Specifically, you want to call
+    ///                 at least mbedtls_ssl_set_bio(),
+    ///                 mbedtls_ssl_set_timer_cb(), and
+    ///                 mbedtls_ssl_set_user_data_n() or
+    ///                 mbedtls_ssl_set_user_data_p() if they were set originally.
+    ///                 All other SSL setter functions
+    ///                 are not necessary to call, either because they're only used
+    ///                 in handshakes, or because the setting is already saved. You
+    ///                 might choose to call them anyway, for example in order to
+    ///                 share code between the cases of establishing a new
+    ///                 connection and the case of loading an already-established
+    ///                 connection.
+    ///
+    /// \note           If you have new information about the path MTU, you want to
+    ///                 call mbedtls_ssl_set_mtu() after calling this function, as
+    ///                 otherwise this function would overwrite your
+    ///                 newly-configured value with the value that was active when
+    ///                 the context was saved.
+    ///
+    /// \note           When this function returns an error code, it calls
+    ///                 mbedtls_ssl_free() on \p ssl. In this case, you need to
+    ///                 prepare the context with the usual sequence starting with a
+    ///                 call to mbedtls_ssl_init() if you want to use it again.
+    ///
+    /// \param ssl      The SSL context structure to be populated. It must have
+    ///                 been prepared as described in the note above.
+    /// \param buf      The buffer holding the serialized connection data. It must
+    ///                 be a readable buffer of at least \p len bytes.
+    /// \param len      The size of the serialized data in bytes.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed.
+    /// \return         #MBEDTLS_ERR_SSL_VERSION_MISMATCH if the serialized data
+    ///                 comes from a different Mbed TLS version or build.
+    /// \return         #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid.
+    pub fn mbedtls_ssl_context_load(
+        ssl: *mut mbedtls_ssl_context,
+        buf: *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Initialize an SSL configuration context
+    ///                 Just makes the context ready for
+    ///                 mbedtls_ssl_config_defaults() or mbedtls_ssl_config_free().
+    ///
+    /// \note           You need to call mbedtls_ssl_config_defaults() unless you
+    ///                 manually set all of the relevant fields yourself.
+    ///
+    /// \param conf     SSL configuration context
+    pub fn mbedtls_ssl_config_init(conf: *mut mbedtls_ssl_config);
+}
+extern "C" {
+    /// \brief          Load reasonable default SSL configuration values.
+    ///                 (You need to call mbedtls_ssl_config_init() first.)
+    ///
+    /// \param conf     SSL configuration context
+    /// \param endpoint MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER
+    /// \param transport MBEDTLS_SSL_TRANSPORT_STREAM for TLS, or
+    ///                  MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS
+    /// \param preset   a MBEDTLS_SSL_PRESET_XXX value
+    ///
+    /// \note           See \c mbedtls_ssl_conf_transport() for notes on DTLS.
+    ///
+    /// \return         0 if successful, or
+    ///                 MBEDTLS_ERR_XXX_ALLOC_FAILED on memory allocation error.
+    pub fn mbedtls_ssl_config_defaults(
+        conf: *mut mbedtls_ssl_config,
+        endpoint: crate::c_types::c_int,
+        transport: crate::c_types::c_int,
+        preset: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Free an SSL configuration context
+    ///
+    /// \param conf     SSL configuration context
+    pub fn mbedtls_ssl_config_free(conf: *mut mbedtls_ssl_config);
+}
+extern "C" {
+    /// \brief          Initialize SSL session structure
+    ///
+    /// \param session  SSL session
+    pub fn mbedtls_ssl_session_init(session: *mut mbedtls_ssl_session);
+}
+extern "C" {
+    /// \brief          Free referenced items in an SSL session including the
+    ///                 peer certificate and clear memory
+    ///
+    /// \note           A session object can be freed even if the SSL context
+    ///                 that was used to retrieve the session is still in use.
+    ///
+    /// \param session  SSL session
+    pub fn mbedtls_ssl_session_free(session: *mut mbedtls_ssl_session);
+}
+extern "C" {
+    /// \brief          TLS-PRF function for key derivation.
+    ///
+    /// \param prf      The tls_prf type function type to be used.
+    /// \param secret   Secret for the key derivation function.
+    /// \param slen     Length of the secret.
+    /// \param label    String label for the key derivation function,
+    ///                 terminated with null character.
+    /// \param random   Random bytes.
+    /// \param rlen     Length of the random bytes buffer.
+    /// \param dstbuf   The buffer holding the derived key.
+    /// \param dlen     Length of the output buffer.
+    ///
+    /// \return         0 on success. An SSL specific error on failure.
+    pub fn mbedtls_ssl_tls_prf(
+        prf: mbedtls_tls_prf_types,
+        secret: *const crate::c_types::c_uchar,
+        slen: usize,
+        label: *const crate::c_types::c_char,
+        random: *const crate::c_types::c_uchar,
+        rlen: usize,
+        dstbuf: *mut crate::c_types::c_uchar,
+        dlen: usize,
+    ) -> crate::c_types::c_int;
+}
+/// \brief           Entropy poll callback pointer
+///
+/// \param data      Callback-specific data pointer
+/// \param output    Data to fill
+/// \param len       Maximum size to provide
+/// \param olen      The actual amount of bytes put into the buffer (Can be 0)
+///
+/// \return          0 if no critical failures occurred,
+///                  MBEDTLS_ERR_ENTROPY_SOURCE_FAILED otherwise
+pub type mbedtls_entropy_f_source_ptr = ::core::option::Option<
+    unsafe extern "C" fn(
+        data: *mut crate::c_types::c_void,
+        output: *mut crate::c_types::c_uchar,
+        len: usize,
+        olen: *mut usize,
+    ) -> crate::c_types::c_int,
+>;
+/// \brief           Entropy source state
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_entropy_source_state {
+    pub private_f_source: mbedtls_entropy_f_source_ptr,
+    pub private_p_source: *mut crate::c_types::c_void,
+    pub private_size: usize,
+    pub private_threshold: usize,
+    pub private_strong: crate::c_types::c_int,
+}
+/// \brief           Entropy context structure
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_entropy_context {
+    pub private_accumulator_started: crate::c_types::c_int,
+    pub private_accumulator: mbedtls_sha512_context,
+    pub private_source_count: crate::c_types::c_int,
+    pub private_source: [mbedtls_entropy_source_state; 20usize],
+}
+extern "C" {
+    /// \brief           Initialize the context
+    ///
+    /// \param ctx       Entropy context to initialize
+    pub fn mbedtls_entropy_init(ctx: *mut mbedtls_entropy_context);
+}
+extern "C" {
+    /// \brief           Free the data in the context
+    ///
+    /// \param ctx       Entropy context to free
+    pub fn mbedtls_entropy_free(ctx: *mut mbedtls_entropy_context);
+}
+extern "C" {
+    /// \brief           Adds an entropy source to poll
+    ///                  (Thread-safe if MBEDTLS_THREADING_C is enabled)
+    ///
+    /// \param ctx       Entropy context
+    /// \param f_source  Entropy function
+    /// \param p_source  Function data
+    /// \param threshold Minimum required from source before entropy is released
+    ///                  ( with mbedtls_entropy_func() ) (in bytes)
+    /// \param strong    MBEDTLS_ENTROPY_SOURCE_STRONG or
+    ///                  MBEDTLS_ENTROPY_SOURCE_WEAK.
+    ///                  At least one strong source needs to be added.
+    ///                  Weaker sources (such as the cycle counter) can be used as
+    ///                  a complement.
+    ///
+    /// \return          0 if successful or MBEDTLS_ERR_ENTROPY_MAX_SOURCES
+    pub fn mbedtls_entropy_add_source(
+        ctx: *mut mbedtls_entropy_context,
+        f_source: mbedtls_entropy_f_source_ptr,
+        p_source: *mut crate::c_types::c_void,
+        threshold: usize,
+        strong: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Trigger an extra gather poll for the accumulator
+    ///                  (Thread-safe if MBEDTLS_THREADING_C is enabled)
+    ///
+    /// \param ctx       Entropy context
+    ///
+    /// \return          0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+    pub fn mbedtls_entropy_gather(ctx: *mut mbedtls_entropy_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Retrieve entropy from the accumulator
+    ///                  (Maximum length: MBEDTLS_ENTROPY_BLOCK_SIZE)
+    ///                  (Thread-safe if MBEDTLS_THREADING_C is enabled)
+    ///
+    /// \param data      Entropy context
+    /// \param output    Buffer to fill
+    /// \param len       Number of bytes desired, must be at most MBEDTLS_ENTROPY_BLOCK_SIZE
+    ///
+    /// \return          0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+    pub fn mbedtls_entropy_func(
+        data: *mut crate::c_types::c_void,
+        output: *mut crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Add data to the accumulator manually
+    ///                  (Thread-safe if MBEDTLS_THREADING_C is enabled)
+    ///
+    /// \param ctx       Entropy context
+    /// \param data      Data to add
+    /// \param len       Length of data
+    ///
+    /// \return          0 if successful
+    pub fn mbedtls_entropy_update_manual(
+        ctx: *mut mbedtls_entropy_context,
+        data: *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Checkup routine
+    ///
+    ///                 This module self-test also calls the entropy self-test,
+    ///                 mbedtls_entropy_source_self_test();
+    ///
+    /// \return         0 if successful, or 1 if a test failed
+    pub fn mbedtls_entropy_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief   Set the threshold error level to handle globally all debug output.
+    ///          Debug messages that have a level over the threshold value are
+    ///          discarded.
+    ///          (Default value: 0 = No debug )
+    ///
+    /// \param threshold     threshold level of messages to filter on. Messages at a
+    ///                      higher level will be discarded.
+    ///                          - Debug levels
+    ///                              - 0 No debug
+    ///                              - 1 Error
+    ///                              - 2 State change
+    ///                              - 3 Informational
+    ///                              - 4 Verbose
+    pub fn mbedtls_debug_set_threshold(threshold: crate::c_types::c_int);
+}
+extern "C" {
+    /// \brief    Print a message to the debug output. This function is always used
+    ///          through the MBEDTLS_SSL_DEBUG_MSG() macro, which supplies the ssl
+    ///          context, file and line number parameters.
+    ///
+    /// \param ssl       SSL context
+    /// \param level     error level of the debug message
+    /// \param file      file the message has occurred in
+    /// \param line      line number the message has occurred at
+    /// \param format    format specifier, in printf format
+    /// \param ...       variables used by the format specifier
+    ///
+    /// \attention       This function is intended for INTERNAL usage within the
+    ///                  library only.
+    pub fn mbedtls_debug_print_msg(
+        ssl: *const mbedtls_ssl_context,
+        level: crate::c_types::c_int,
+        file: *const crate::c_types::c_char,
+        line: crate::c_types::c_int,
+        format: *const crate::c_types::c_char,
+        ...
+    );
+}
+extern "C" {
+    /// \brief   Print the return value of a function to the debug output. This
+    ///          function is always used through the MBEDTLS_SSL_DEBUG_RET() macro,
+    ///          which supplies the ssl context, file and line number parameters.
+    ///
+    /// \param ssl       SSL context
+    /// \param level     error level of the debug message
+    /// \param file      file the error has occurred in
+    /// \param line      line number the error has occurred in
+    /// \param text      the name of the function that returned the error
+    /// \param ret       the return code value
+    ///
+    /// \attention       This function is intended for INTERNAL usage within the
+    ///                  library only.
+    pub fn mbedtls_debug_print_ret(
+        ssl: *const mbedtls_ssl_context,
+        level: crate::c_types::c_int,
+        file: *const crate::c_types::c_char,
+        line: crate::c_types::c_int,
+        text: *const crate::c_types::c_char,
+        ret: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief   Output a buffer of size len bytes to the debug output. This function
+    ///          is always used through the MBEDTLS_SSL_DEBUG_BUF() macro,
+    ///          which supplies the ssl context, file and line number parameters.
+    ///
+    /// \param ssl       SSL context
+    /// \param level     error level of the debug message
+    /// \param file      file the error has occurred in
+    /// \param line      line number the error has occurred in
+    /// \param text      a name or label for the buffer being dumped. Normally the
+    ///                  variable or buffer name
+    /// \param buf       the buffer to be outputted
+    /// \param len       length of the buffer
+    ///
+    /// \attention       This function is intended for INTERNAL usage within the
+    ///                  library only.
+    pub fn mbedtls_debug_print_buf(
+        ssl: *const mbedtls_ssl_context,
+        level: crate::c_types::c_int,
+        file: *const crate::c_types::c_char,
+        line: crate::c_types::c_int,
+        text: *const crate::c_types::c_char,
+        buf: *const crate::c_types::c_uchar,
+        len: usize,
+    );
+}
+extern "C" {
+    /// \brief   Print a MPI variable to the debug output. This function is always
+    ///          used through the MBEDTLS_SSL_DEBUG_MPI() macro, which supplies the
+    ///          ssl context, file and line number parameters.
+    ///
+    /// \param ssl       SSL context
+    /// \param level     error level of the debug message
+    /// \param file      file the error has occurred in
+    /// \param line      line number the error has occurred in
+    /// \param text      a name or label for the MPI being output. Normally the
+    ///                  variable name
+    /// \param X         the MPI variable
+    ///
+    /// \attention       This function is intended for INTERNAL usage within the
+    ///                  library only.
+    pub fn mbedtls_debug_print_mpi(
+        ssl: *const mbedtls_ssl_context,
+        level: crate::c_types::c_int,
+        file: *const crate::c_types::c_char,
+        line: crate::c_types::c_int,
+        text: *const crate::c_types::c_char,
+        X: *const mbedtls_mpi,
+    );
+}
+extern "C" {
+    /// \brief   Print an ECP point to the debug output. This function is always
+    ///          used through the MBEDTLS_SSL_DEBUG_ECP() macro, which supplies the
+    ///          ssl context, file and line number parameters.
+    ///
+    /// \param ssl       SSL context
+    /// \param level     error level of the debug message
+    /// \param file      file the error has occurred in
+    /// \param line      line number the error has occurred in
+    /// \param text      a name or label for the ECP point being output. Normally the
+    ///                  variable name
+    /// \param X         the ECP point
+    ///
+    /// \attention       This function is intended for INTERNAL usage within the
+    ///                  library only.
+    pub fn mbedtls_debug_print_ecp(
+        ssl: *const mbedtls_ssl_context,
+        level: crate::c_types::c_int,
+        file: *const crate::c_types::c_char,
+        line: crate::c_types::c_int,
+        text: *const crate::c_types::c_char,
+        X: *const mbedtls_ecp_point,
+    );
+}
+extern "C" {
+    /// \brief   Print a X.509 certificate structure to the debug output. This
+    ///          function is always used through the MBEDTLS_SSL_DEBUG_CRT() macro,
+    ///          which supplies the ssl context, file and line number parameters.
+    ///
+    /// \param ssl       SSL context
+    /// \param level     error level of the debug message
+    /// \param file      file the error has occurred in
+    /// \param line      line number the error has occurred in
+    /// \param text      a name or label for the certificate being output
+    /// \param crt       X.509 certificate structure
+    ///
+    /// \attention       This function is intended for INTERNAL usage within the
+    ///                  library only.
+    pub fn mbedtls_debug_print_crt(
+        ssl: *const mbedtls_ssl_context,
+        level: crate::c_types::c_int,
+        file: *const crate::c_types::c_char,
+        line: crate::c_types::c_int,
+        text: *const crate::c_types::c_char,
+        crt: *const mbedtls_x509_crt,
+    );
+}
+pub const mbedtls_debug_ecdh_attr_MBEDTLS_DEBUG_ECDH_Q: mbedtls_debug_ecdh_attr = 0;
+pub const mbedtls_debug_ecdh_attr_MBEDTLS_DEBUG_ECDH_QP: mbedtls_debug_ecdh_attr = 1;
+pub const mbedtls_debug_ecdh_attr_MBEDTLS_DEBUG_ECDH_Z: mbedtls_debug_ecdh_attr = 2;
+pub type mbedtls_debug_ecdh_attr = crate::c_types::c_uint;
+extern "C" {
+    /// \brief   Print a field of the ECDH structure in the SSL context to the debug
+    ///          output. This function is always used through the
+    ///          MBEDTLS_SSL_DEBUG_ECDH() macro, which supplies the ssl context, file
+    ///          and line number parameters.
+    ///
+    /// \param ssl       SSL context
+    /// \param level     error level of the debug message
+    /// \param file      file the error has occurred in
+    /// \param line      line number the error has occurred in
+    /// \param ecdh      the ECDH context
+    /// \param attr      the identifier of the attribute being output
+    ///
+    /// \attention       This function is intended for INTERNAL usage within the
+    ///                  library only.
+    pub fn mbedtls_debug_printf_ecdh(
+        ssl: *const mbedtls_ssl_context,
+        level: crate::c_types::c_int,
+        file: *const crate::c_types::c_char,
+        line: crate::c_types::c_int,
+        ecdh: *const mbedtls_ecdh_context,
+        attr: mbedtls_debug_ecdh_attr,
+    );
+}
+/// \brief The AES context-type definition.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_aes_context {
+    pub private_nr: crate::c_types::c_int,
+    pub private_rk_offset: usize,
+    pub private_buf: [u32; 68usize],
+}
+/// \brief The AES XTS context-type definition.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_aes_xts_context {
+    pub private_crypt: mbedtls_aes_context,
+    pub private_tweak: mbedtls_aes_context,
+}
+extern "C" {
+    /// \brief          This function initializes the specified AES context.
+    ///
+    ///                 It must be the first API called before using
+    ///                 the context.
+    ///
+    /// \param ctx      The AES context to initialize. This must not be \c NULL.
+    pub fn mbedtls_aes_init(ctx: *mut mbedtls_aes_context);
+}
+extern "C" {
+    /// \brief          This function releases and clears the specified AES context.
+    ///
+    /// \param ctx      The AES context to clear.
+    ///                 If this is \c NULL, this function does nothing.
+    ///                 Otherwise, the context must have been at least initialized.
+    pub fn mbedtls_aes_free(ctx: *mut mbedtls_aes_context);
+}
+extern "C" {
+    /// \brief          This function initializes the specified AES XTS context.
+    ///
+    ///                 It must be the first API called before using
+    ///                 the context.
+    ///
+    /// \param ctx      The AES XTS context to initialize. This must not be \c NULL.
+    pub fn mbedtls_aes_xts_init(ctx: *mut mbedtls_aes_xts_context);
+}
+extern "C" {
+    /// \brief          This function releases and clears the specified AES XTS context.
+    ///
+    /// \param ctx      The AES XTS context to clear.
+    ///                 If this is \c NULL, this function does nothing.
+    ///                 Otherwise, the context must have been at least initialized.
+    pub fn mbedtls_aes_xts_free(ctx: *mut mbedtls_aes_xts_context);
+}
+extern "C" {
+    /// \brief          This function sets the encryption key.
+    ///
+    /// \param ctx      The AES context to which the key should be bound.
+    ///                 It must be initialized.
+    /// \param key      The encryption key.
+    ///                 This must be a readable buffer of size \p keybits bits.
+    /// \param keybits  The size of data passed in bits. Valid options are:
+    ///                 <ul><li>128 bits</li>
+    ///                 <li>192 bits</li>
+    ///                 <li>256 bits</li></ul>
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
+    pub fn mbedtls_aes_setkey_enc(
+        ctx: *mut mbedtls_aes_context,
+        key: *const crate::c_types::c_uchar,
+        keybits: crate::c_types::c_uint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function sets the decryption key.
+    ///
+    /// \param ctx      The AES context to which the key should be bound.
+    ///                 It must be initialized.
+    /// \param key      The decryption key.
+    ///                 This must be a readable buffer of size \p keybits bits.
+    /// \param keybits  The size of data passed. Valid options are:
+    ///                 <ul><li>128 bits</li>
+    ///                 <li>192 bits</li>
+    ///                 <li>256 bits</li></ul>
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
+    pub fn mbedtls_aes_setkey_dec(
+        ctx: *mut mbedtls_aes_context,
+        key: *const crate::c_types::c_uchar,
+        keybits: crate::c_types::c_uint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function prepares an XTS context for encryption and
+    ///                 sets the encryption key.
+    ///
+    /// \param ctx      The AES XTS context to which the key should be bound.
+    ///                 It must be initialized.
+    /// \param key      The encryption key. This is comprised of the XTS key1
+    ///                 concatenated with the XTS key2.
+    ///                 This must be a readable buffer of size \p keybits bits.
+    /// \param keybits  The size of \p key passed in bits. Valid options are:
+    ///                 <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li>
+    ///                 <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul>
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
+    pub fn mbedtls_aes_xts_setkey_enc(
+        ctx: *mut mbedtls_aes_xts_context,
+        key: *const crate::c_types::c_uchar,
+        keybits: crate::c_types::c_uint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function prepares an XTS context for decryption and
+    ///                 sets the decryption key.
+    ///
+    /// \param ctx      The AES XTS context to which the key should be bound.
+    ///                 It must be initialized.
+    /// \param key      The decryption key. This is comprised of the XTS key1
+    ///                 concatenated with the XTS key2.
+    ///                 This must be a readable buffer of size \p keybits bits.
+    /// \param keybits  The size of \p key passed in bits. Valid options are:
+    ///                 <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li>
+    ///                 <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul>
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
+    pub fn mbedtls_aes_xts_setkey_dec(
+        ctx: *mut mbedtls_aes_xts_context,
+        key: *const crate::c_types::c_uchar,
+        keybits: crate::c_types::c_uint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs an AES single-block encryption or
+    ///                 decryption operation.
+    ///
+    ///                 It performs the operation defined in the \p mode parameter
+    ///                 (encrypt or decrypt), on the input data buffer defined in
+    ///                 the \p input parameter.
+    ///
+    ///                 mbedtls_aes_init(), and either mbedtls_aes_setkey_enc() or
+    ///                 mbedtls_aes_setkey_dec() must be called before the first
+    ///                 call to this API with the same context.
+    ///
+    /// \param ctx      The AES context to use for encryption or decryption.
+    ///                 It must be initialized and bound to a key.
+    /// \param mode     The AES operation: #MBEDTLS_AES_ENCRYPT or
+    ///                 #MBEDTLS_AES_DECRYPT.
+    /// \param input    The buffer holding the input data.
+    ///                 It must be readable and at least \c 16 Bytes long.
+    /// \param output   The buffer where the output data will be written.
+    ///                 It must be writeable and at least \c 16 Bytes long.
+    ///
+    /// \return         \c 0 on success.
+    pub fn mbedtls_aes_crypt_ecb(
+        ctx: *mut mbedtls_aes_context,
+        mode: crate::c_types::c_int,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief  This function performs an AES-CBC encryption or decryption operation
+    ///         on full blocks.
+    ///
+    ///         It performs the operation defined in the \p mode
+    ///         parameter (encrypt/decrypt), on the input data buffer defined in
+    ///         the \p input parameter.
+    ///
+    ///         It can be called as many times as needed, until all the input
+    ///         data is processed. mbedtls_aes_init(), and either
+    ///         mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called
+    ///         before the first call to this API with the same context.
+    ///
+    /// \note   This function operates on full blocks, that is, the input size
+    ///         must be a multiple of the AES block size of \c 16 Bytes.
+    ///
+    /// \note   Upon exit, the content of the IV is updated so that you can
+    ///         call the same function again on the next
+    ///         block(s) of data and get the same result as if it was
+    ///         encrypted in one call. This allows a "streaming" usage.
+    ///         If you need to retain the contents of the IV, you should
+    ///         either save it manually or use the cipher module instead.
+    ///
+    ///
+    /// \param ctx      The AES context to use for encryption or decryption.
+    ///                 It must be initialized and bound to a key.
+    /// \param mode     The AES operation: #MBEDTLS_AES_ENCRYPT or
+    ///                 #MBEDTLS_AES_DECRYPT.
+    /// \param length   The length of the input data in Bytes. This must be a
+    ///                 multiple of the block size (\c 16 Bytes).
+    /// \param iv       Initialization vector (updated after use).
+    ///                 It must be a readable and writeable buffer of \c 16 Bytes.
+    /// \param input    The buffer holding the input data.
+    ///                 It must be readable and of size \p length Bytes.
+    /// \param output   The buffer holding the output data.
+    ///                 It must be writeable and of size \p length Bytes.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
+    ///                 on failure.
+    pub fn mbedtls_aes_crypt_cbc(
+        ctx: *mut mbedtls_aes_context,
+        mode: crate::c_types::c_int,
+        length: usize,
+        iv: *mut crate::c_types::c_uchar,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief      This function performs an AES-XTS encryption or decryption
+    ///             operation for an entire XTS data unit.
+    ///
+    ///             AES-XTS encrypts or decrypts blocks based on their location as
+    ///             defined by a data unit number. The data unit number must be
+    ///             provided by \p data_unit.
+    ///
+    ///             NIST SP 800-38E limits the maximum size of a data unit to 2^20
+    ///             AES blocks. If the data unit is larger than this, this function
+    ///             returns #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH.
+    ///
+    /// \param ctx          The AES XTS context to use for AES XTS operations.
+    ///                     It must be initialized and bound to a key.
+    /// \param mode         The AES operation: #MBEDTLS_AES_ENCRYPT or
+    ///                     #MBEDTLS_AES_DECRYPT.
+    /// \param length       The length of a data unit in Bytes. This can be any
+    ///                     length between 16 bytes and 2^24 bytes inclusive
+    ///                     (between 1 and 2^20 block cipher blocks).
+    /// \param data_unit    The address of the data unit encoded as an array of 16
+    ///                     bytes in little-endian format. For disk encryption, this
+    ///                     is typically the index of the block device sector that
+    ///                     contains the data.
+    /// \param input        The buffer holding the input data (which is an entire
+    ///                     data unit). This function reads \p length Bytes from \p
+    ///                     input.
+    /// \param output       The buffer holding the output data (which is an entire
+    ///                     data unit). This function writes \p length Bytes to \p
+    ///                     output.
+    ///
+    /// \return             \c 0 on success.
+    /// \return             #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH if \p length is
+    ///                     smaller than an AES block in size (16 Bytes) or if \p
+    ///                     length is larger than 2^20 blocks (16 MiB).
+    pub fn mbedtls_aes_crypt_xts(
+        ctx: *mut mbedtls_aes_xts_context,
+        mode: crate::c_types::c_int,
+        length: usize,
+        data_unit: *const crate::c_types::c_uchar,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief This function performs an AES-CFB128 encryption or decryption
+    ///        operation.
+    ///
+    ///        It performs the operation defined in the \p mode
+    ///        parameter (encrypt or decrypt), on the input data buffer
+    ///        defined in the \p input parameter.
+    ///
+    ///        For CFB, you must set up the context with mbedtls_aes_setkey_enc(),
+    ///        regardless of whether you are performing an encryption or decryption
+    ///        operation, that is, regardless of the \p mode parameter. This is
+    ///        because CFB mode uses the same key schedule for encryption and
+    ///        decryption.
+    ///
+    /// \note  Upon exit, the content of the IV is updated so that you can
+    ///        call the same function again on the next
+    ///        block(s) of data and get the same result as if it was
+    ///        encrypted in one call. This allows a "streaming" usage.
+    ///        If you need to retain the contents of the
+    ///        IV, you must either save it manually or use the cipher
+    ///        module instead.
+    ///
+    ///
+    /// \param ctx      The AES context to use for encryption or decryption.
+    ///                 It must be initialized and bound to a key.
+    /// \param mode     The AES operation: #MBEDTLS_AES_ENCRYPT or
+    ///                 #MBEDTLS_AES_DECRYPT.
+    /// \param length   The length of the input data in Bytes.
+    /// \param iv_off   The offset in IV (updated after use).
+    ///                 It must point to a valid \c size_t.
+    /// \param iv       The initialization vector (updated after use).
+    ///                 It must be a readable and writeable buffer of \c 16 Bytes.
+    /// \param input    The buffer holding the input data.
+    ///                 It must be readable and of size \p length Bytes.
+    /// \param output   The buffer holding the output data.
+    ///                 It must be writeable and of size \p length Bytes.
+    ///
+    /// \return         \c 0 on success.
+    pub fn mbedtls_aes_crypt_cfb128(
+        ctx: *mut mbedtls_aes_context,
+        mode: crate::c_types::c_int,
+        length: usize,
+        iv_off: *mut usize,
+        iv: *mut crate::c_types::c_uchar,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief This function performs an AES-CFB8 encryption or decryption
+    ///        operation.
+    ///
+    ///        It performs the operation defined in the \p mode
+    ///        parameter (encrypt/decrypt), on the input data buffer defined
+    ///        in the \p input parameter.
+    ///
+    ///        Due to the nature of CFB, you must use the same key schedule for
+    ///        both encryption and decryption operations. Therefore, you must
+    ///        use the context initialized with mbedtls_aes_setkey_enc() for
+    ///        both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT.
+    ///
+    /// \note  Upon exit, the content of the IV is updated so that you can
+    ///        call the same function again on the next
+    ///        block(s) of data and get the same result as if it was
+    ///        encrypted in one call. This allows a "streaming" usage.
+    ///        If you need to retain the contents of the
+    ///        IV, you should either save it manually or use the cipher
+    ///        module instead.
+    ///
+    ///
+    /// \param ctx      The AES context to use for encryption or decryption.
+    ///                 It must be initialized and bound to a key.
+    /// \param mode     The AES operation: #MBEDTLS_AES_ENCRYPT or
+    ///                 #MBEDTLS_AES_DECRYPT
+    /// \param length   The length of the input data.
+    /// \param iv       The initialization vector (updated after use).
+    ///                 It must be a readable and writeable buffer of \c 16 Bytes.
+    /// \param input    The buffer holding the input data.
+    ///                 It must be readable and of size \p length Bytes.
+    /// \param output   The buffer holding the output data.
+    ///                 It must be writeable and of size \p length Bytes.
+    ///
+    /// \return         \c 0 on success.
+    pub fn mbedtls_aes_crypt_cfb8(
+        ctx: *mut mbedtls_aes_context,
+        mode: crate::c_types::c_int,
+        length: usize,
+        iv: *mut crate::c_types::c_uchar,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       This function performs an AES-OFB (Output Feedback Mode)
+    ///              encryption or decryption operation.
+    ///
+    ///              For OFB, you must set up the context with
+    ///              mbedtls_aes_setkey_enc(), regardless of whether you are
+    ///              performing an encryption or decryption operation. This is
+    ///              because OFB mode uses the same key schedule for encryption and
+    ///              decryption.
+    ///
+    ///              The OFB operation is identical for encryption or decryption,
+    ///              therefore no operation mode needs to be specified.
+    ///
+    /// \note        Upon exit, the content of iv, the Initialisation Vector, is
+    ///              updated so that you can call the same function again on the next
+    ///              block(s) of data and get the same result as if it was encrypted
+    ///              in one call. This allows a "streaming" usage, by initialising
+    ///              iv_off to 0 before the first call, and preserving its value
+    ///              between calls.
+    ///
+    ///              For non-streaming use, the iv should be initialised on each call
+    ///              to a unique value, and iv_off set to 0 on each call.
+    ///
+    ///              If you need to retain the contents of the initialisation vector,
+    ///              you must either save it manually or use the cipher module
+    ///              instead.
+    ///
+    /// \warning     For the OFB mode, the initialisation vector must be unique
+    ///              every encryption operation. Reuse of an initialisation vector
+    ///              will compromise security.
+    ///
+    /// \param ctx      The AES context to use for encryption or decryption.
+    ///                 It must be initialized and bound to a key.
+    /// \param length   The length of the input data.
+    /// \param iv_off   The offset in IV (updated after use).
+    ///                 It must point to a valid \c size_t.
+    /// \param iv       The initialization vector (updated after use).
+    ///                 It must be a readable and writeable buffer of \c 16 Bytes.
+    /// \param input    The buffer holding the input data.
+    ///                 It must be readable and of size \p length Bytes.
+    /// \param output   The buffer holding the output data.
+    ///                 It must be writeable and of size \p length Bytes.
+    ///
+    /// \return         \c 0 on success.
+    pub fn mbedtls_aes_crypt_ofb(
+        ctx: *mut mbedtls_aes_context,
+        length: usize,
+        iv_off: *mut usize,
+        iv: *mut crate::c_types::c_uchar,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief      This function performs an AES-CTR encryption or decryption
+    ///             operation.
+    ///
+    ///             Due to the nature of CTR, you must use the same key schedule
+    ///             for both encryption and decryption operations. Therefore, you
+    ///             must use the context initialized with mbedtls_aes_setkey_enc()
+    ///             for both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT.
+    ///
+    /// \warning    You must never reuse a nonce value with the same key. Doing so
+    ///             would void the encryption for the two messages encrypted with
+    ///             the same nonce and key.
+    ///
+    ///             There are two common strategies for managing nonces with CTR:
+    ///
+    ///             1. You can handle everything as a single message processed over
+    ///             successive calls to this function. In that case, you want to
+    ///             set \p nonce_counter and \p nc_off to 0 for the first call, and
+    ///             then preserve the values of \p nonce_counter, \p nc_off and \p
+    ///             stream_block across calls to this function as they will be
+    ///             updated by this function.
+    ///
+    ///             With this strategy, you must not encrypt more than 2**128
+    ///             blocks of data with the same key.
+    ///
+    ///             2. You can encrypt separate messages by dividing the \p
+    ///             nonce_counter buffer in two areas: the first one used for a
+    ///             per-message nonce, handled by yourself, and the second one
+    ///             updated by this function internally.
+    ///
+    ///             For example, you might reserve the first 12 bytes for the
+    ///             per-message nonce, and the last 4 bytes for internal use. In that
+    ///             case, before calling this function on a new message you need to
+    ///             set the first 12 bytes of \p nonce_counter to your chosen nonce
+    ///             value, the last 4 to 0, and \p nc_off to 0 (which will cause \p
+    ///             stream_block to be ignored). That way, you can encrypt at most
+    ///             2**96 messages of up to 2**32 blocks each with the same key.
+    ///
+    ///             The per-message nonce (or information sufficient to reconstruct
+    ///             it) needs to be communicated with the ciphertext and must be unique.
+    ///             The recommended way to ensure uniqueness is to use a message
+    ///             counter. An alternative is to generate random nonces, but this
+    ///             limits the number of messages that can be securely encrypted:
+    ///             for example, with 96-bit random nonces, you should not encrypt
+    ///             more than 2**32 messages with the same key.
+    ///
+    ///             Note that for both strategies, sizes are measured in blocks and
+    ///             that an AES block is 16 bytes.
+    ///
+    /// \warning    Upon return, \p stream_block contains sensitive data. Its
+    ///             content must not be written to insecure storage and should be
+    ///             securely discarded as soon as it's no longer needed.
+    ///
+    /// \param ctx              The AES context to use for encryption or decryption.
+    ///                         It must be initialized and bound to a key.
+    /// \param length           The length of the input data.
+    /// \param nc_off           The offset in the current \p stream_block, for
+    ///                         resuming within the current cipher stream. The
+    ///                         offset pointer should be 0 at the start of a stream.
+    ///                         It must point to a valid \c size_t.
+    /// \param nonce_counter    The 128-bit nonce and counter.
+    ///                         It must be a readable-writeable buffer of \c 16 Bytes.
+    /// \param stream_block     The saved stream block for resuming. This is
+    ///                         overwritten by the function.
+    ///                         It must be a readable-writeable buffer of \c 16 Bytes.
+    /// \param input            The buffer holding the input data.
+    ///                         It must be readable and of size \p length Bytes.
+    /// \param output           The buffer holding the output data.
+    ///                         It must be writeable and of size \p length Bytes.
+    ///
+    /// \return                 \c 0 on success.
+    pub fn mbedtls_aes_crypt_ctr(
+        ctx: *mut mbedtls_aes_context,
+        length: usize,
+        nc_off: *mut usize,
+        nonce_counter: *mut crate::c_types::c_uchar,
+        stream_block: *mut crate::c_types::c_uchar,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Internal AES block encryption function. This is only
+    ///                  exposed to allow overriding it using
+    ///                  \c MBEDTLS_AES_ENCRYPT_ALT.
+    ///
+    /// \param ctx       The AES context to use for encryption.
+    /// \param input     The plaintext block.
+    /// \param output    The output (ciphertext) block.
+    ///
+    /// \return          \c 0 on success.
+    pub fn mbedtls_internal_aes_encrypt(
+        ctx: *mut mbedtls_aes_context,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Internal AES block decryption function. This is only
+    ///                  exposed to allow overriding it using see
+    ///                  \c MBEDTLS_AES_DECRYPT_ALT.
+    ///
+    /// \param ctx       The AES context to use for decryption.
+    /// \param input     The ciphertext block.
+    /// \param output    The output (plaintext) block.
+    ///
+    /// \return          \c 0 on success.
+    pub fn mbedtls_internal_aes_decrypt(
+        ctx: *mut mbedtls_aes_context,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Checkup routine.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_aes_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+/// \brief          The CTR_DRBG context structure.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ctr_drbg_context {
+    pub private_counter: [crate::c_types::c_uchar; 16usize],
+    pub private_reseed_counter: crate::c_types::c_int,
+    pub private_prediction_resistance: crate::c_types::c_int,
+    pub private_entropy_len: usize,
+    pub private_reseed_interval: crate::c_types::c_int,
+    pub private_aes_ctx: mbedtls_aes_context,
+    pub private_f_entropy: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut crate::c_types::c_void,
+            arg2: *mut crate::c_types::c_uchar,
+            arg3: usize,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_p_entropy: *mut crate::c_types::c_void,
+}
+extern "C" {
+    /// \brief               This function initializes the CTR_DRBG context,
+    ///                      and prepares it for mbedtls_ctr_drbg_seed()
+    ///                      or mbedtls_ctr_drbg_free().
+    ///
+    /// \note                The reseed interval is
+    ///                      #MBEDTLS_CTR_DRBG_RESEED_INTERVAL by default.
+    ///                      You can override it by calling
+    ///                      mbedtls_ctr_drbg_set_reseed_interval().
+    ///
+    /// \param ctx           The CTR_DRBG context to initialize.
+    pub fn mbedtls_ctr_drbg_init(ctx: *mut mbedtls_ctr_drbg_context);
+}
+extern "C" {
+    /// - The \p custom string.
+    ///
+    /// \note                To achieve the nominal security strength permitted
+    ///                      by CTR_DRBG, the entropy length must be:
+    ///                      - at least 16 bytes for a 128-bit strength
+    ///                      (maximum achievable strength when using AES-128);
+    ///                      - at least 32 bytes for a 256-bit strength
+    ///                      (maximum achievable strength when using AES-256).
+    ///
+    ///                      In addition, if you do not pass a nonce in \p custom,
+    ///                      the sum of the entropy length
+    ///                      and the entropy nonce length must be:
+    ///                      - at least 24 bytes for a 128-bit strength
+    ///                      (maximum achievable strength when using AES-128);
+    ///                      - at least 48 bytes for a 256-bit strength
+    ///                      (maximum achievable strength when using AES-256).
+    ///
+    /// \param ctx           The CTR_DRBG context to seed.
+    ///                      It must have been initialized with
+    ///                      mbedtls_ctr_drbg_init().
+    ///                      After a successful call to mbedtls_ctr_drbg_seed(),
+    ///                      you may not call mbedtls_ctr_drbg_seed() again on
+    ///                      the same context unless you call
+    ///                      mbedtls_ctr_drbg_free() and mbedtls_ctr_drbg_init()
+    ///                      again first.
+    ///                      After a failed call to mbedtls_ctr_drbg_seed(),
+    ///                      you must call mbedtls_ctr_drbg_free().
+    /// \param f_entropy     The entropy callback, taking as arguments the
+    ///                      \p p_entropy context, the buffer to fill, and the
+    ///                      length of the buffer.
+    ///                      \p f_entropy is always called with a buffer size
+    ///                      less than or equal to the entropy length.
+    /// \param p_entropy     The entropy context to pass to \p f_entropy.
+    /// \param custom        The personalization string.
+    ///                      This can be \c NULL, in which case the personalization
+    ///                      string is empty regardless of the value of \p len.
+    /// \param len           The length of the personalization string.
+    ///                      This must be at most
+    ///                      #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT
+    ///                      - #MBEDTLS_CTR_DRBG_ENTROPY_LEN.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
+    pub fn mbedtls_ctr_drbg_seed(
+        ctx: *mut mbedtls_ctr_drbg_context,
+        f_entropy: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_entropy: *mut crate::c_types::c_void,
+        custom: *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function resets CTR_DRBG context to the state immediately
+    ///                      after initial call of mbedtls_ctr_drbg_init().
+    ///
+    /// \param ctx           The CTR_DRBG context to clear.
+    pub fn mbedtls_ctr_drbg_free(ctx: *mut mbedtls_ctr_drbg_context);
+}
+extern "C" {
+    /// \brief               This function turns prediction resistance on or off.
+    ///                      The default value is off.
+    ///
+    /// \note                If enabled, entropy is gathered at the beginning of
+    ///                      every call to mbedtls_ctr_drbg_random_with_add()
+    ///                      or mbedtls_ctr_drbg_random().
+    ///                      Only use this if your entropy source has sufficient
+    ///                      throughput.
+    ///
+    /// \param ctx           The CTR_DRBG context.
+    /// \param resistance    #MBEDTLS_CTR_DRBG_PR_ON or #MBEDTLS_CTR_DRBG_PR_OFF.
+    pub fn mbedtls_ctr_drbg_set_prediction_resistance(
+        ctx: *mut mbedtls_ctr_drbg_context,
+        resistance: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief               This function sets the amount of entropy grabbed on each
+    ///                      seed or reseed.
+    ///
+    /// The default value is #MBEDTLS_CTR_DRBG_ENTROPY_LEN.
+    ///
+    /// \note                The security strength of CTR_DRBG is bounded by the
+    ///                      entropy length. Thus:
+    ///                      - When using AES-256
+    ///                        (\c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is disabled,
+    ///                        which is the default),
+    ///                        \p len must be at least 32 (in bytes)
+    ///                        to achieve a 256-bit strength.
+    ///                      - When using AES-128
+    ///                        (\c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is enabled)
+    ///                        \p len must be at least 16 (in bytes)
+    ///                        to achieve a 128-bit strength.
+    ///
+    /// \param ctx           The CTR_DRBG context.
+    /// \param len           The amount of entropy to grab, in bytes.
+    ///                      This must be at most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT
+    ///                      and at most the maximum length accepted by the
+    ///                      entropy function that is set in the context.
+    pub fn mbedtls_ctr_drbg_set_entropy_len(ctx: *mut mbedtls_ctr_drbg_context, len: usize);
+}
+extern "C" {
+    /// \brief               This function sets the amount of entropy grabbed
+    ///                      as a nonce for the initial seeding.
+    ///
+    /// Call this function before calling mbedtls_ctr_drbg_seed() to read
+    /// a nonce from the entropy source during the initial seeding.
+    ///
+    /// \param ctx           The CTR_DRBG context.
+    /// \param len           The amount of entropy to grab for the nonce, in bytes.
+    ///                      This must be at most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT
+    ///                      and at most the maximum length accepted by the
+    ///                      entropy function that is set in the context.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if \p len is
+    ///                      more than #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
+    /// \return              #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
+    ///                      if the initial seeding has already taken place.
+    pub fn mbedtls_ctr_drbg_set_nonce_len(
+        ctx: *mut mbedtls_ctr_drbg_context,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function sets the reseed interval.
+    ///
+    /// The reseed interval is the number of calls to mbedtls_ctr_drbg_random()
+    /// or mbedtls_ctr_drbg_random_with_add() after which the entropy function
+    /// is called again.
+    ///
+    /// The default value is #MBEDTLS_CTR_DRBG_RESEED_INTERVAL.
+    ///
+    /// \param ctx           The CTR_DRBG context.
+    /// \param interval      The reseed interval.
+    pub fn mbedtls_ctr_drbg_set_reseed_interval(
+        ctx: *mut mbedtls_ctr_drbg_context,
+        interval: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief               This function reseeds the CTR_DRBG context, that is
+    ///                      extracts data from the entropy source.
+    ///
+    /// \note                This function is not thread-safe. It is not safe
+    ///                      to call this function if another thread might be
+    ///                      concurrently obtaining random numbers from the same
+    ///                      context or updating or reseeding the same context.
+    ///
+    /// \param ctx           The CTR_DRBG context.
+    /// \param additional    Additional data to add to the state. Can be \c NULL.
+    /// \param len           The length of the additional data.
+    ///                      This must be less than
+    ///                      #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - \c entropy_len
+    ///                      where \c entropy_len is the entropy length
+    ///                      configured for the context.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
+    pub fn mbedtls_ctr_drbg_reseed(
+        ctx: *mut mbedtls_ctr_drbg_context,
+        additional: *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief              This function updates the state of the CTR_DRBG context.
+    ///
+    /// \note                This function is not thread-safe. It is not safe
+    ///                      to call this function if another thread might be
+    ///                      concurrently obtaining random numbers from the same
+    ///                      context or updating or reseeding the same context.
+    ///
+    /// \param ctx          The CTR_DRBG context.
+    /// \param additional   The data to update the state with. This must not be
+    ///                     \c NULL unless \p add_len is \c 0.
+    /// \param add_len      Length of \p additional in bytes. This must be at
+    ///                     most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
+    ///
+    /// \return             \c 0 on success.
+    /// \return             #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if
+    ///                     \p add_len is more than
+    ///                     #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
+    /// \return             An error from the underlying AES cipher on failure.
+    pub fn mbedtls_ctr_drbg_update(
+        ctx: *mut mbedtls_ctr_drbg_context,
+        additional: *const crate::c_types::c_uchar,
+        add_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief   This function updates a CTR_DRBG instance with additional
+    ///          data and uses it to generate random data.
+    ///
+    /// This function automatically reseeds if the reseed counter is exceeded
+    /// or prediction resistance is enabled.
+    ///
+    /// \note                This function is not thread-safe. It is not safe
+    ///                      to call this function if another thread might be
+    ///                      concurrently obtaining random numbers from the same
+    ///                      context or updating or reseeding the same context.
+    ///
+    /// \param p_rng         The CTR_DRBG context. This must be a pointer to a
+    ///                      #mbedtls_ctr_drbg_context structure.
+    /// \param output        The buffer to fill.
+    /// \param output_len    The length of the buffer in bytes.
+    /// \param additional    Additional data to update. Can be \c NULL, in which
+    ///                      case the additional data is empty regardless of
+    ///                      the value of \p add_len.
+    /// \param add_len       The length of the additional data
+    ///                      if \p additional is not \c NULL.
+    ///                      This must be less than #MBEDTLS_CTR_DRBG_MAX_INPUT
+    ///                      and less than
+    ///                      #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - \c entropy_len
+    ///                      where \c entropy_len is the entropy length
+    ///                      configured for the context.
+    ///
+    /// \return    \c 0 on success.
+    /// \return    #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
+    ///            #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure.
+    pub fn mbedtls_ctr_drbg_random_with_add(
+        p_rng: *mut crate::c_types::c_void,
+        output: *mut crate::c_types::c_uchar,
+        output_len: usize,
+        additional: *const crate::c_types::c_uchar,
+        add_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \param p_rng         The CTR_DRBG context. This must be a pointer to a
+    ///                      #mbedtls_ctr_drbg_context structure.
+    /// \param output        The buffer to fill.
+    /// \param output_len    The length of the buffer in bytes.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
+    ///                      #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure.
+    pub fn mbedtls_ctr_drbg_random(
+        p_rng: *mut crate::c_types::c_void,
+        output: *mut crate::c_types::c_uchar,
+        output_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               The CTR_DRBG checkup routine.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              \c 1 on failure.
+    pub fn mbedtls_ctr_drbg_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
diff --git a/esp-mbedtls-sys/src/include/esp32c3.rs b/esp-mbedtls-sys/src/include/esp32c3.rs
new file mode 100644
index 0000000..02e7202
--- /dev/null
+++ b/esp-mbedtls-sys/src/include/esp32c3.rs
@@ -0,0 +1,22633 @@
+/* automatically generated by rust-bindgen 0.68.1 */
+
+#![allow(
+    non_camel_case_types,
+    non_snake_case,
+    non_upper_case_globals,
+    dead_code
+)]
+
+#[repr(C)]
+#[derive(Copy, Clone, Debug, Default, Eq, Hash, Ord, PartialEq, PartialOrd)]
+pub struct __BindgenBitfieldUnit<Storage> {
+    storage: Storage,
+}
+impl<Storage> __BindgenBitfieldUnit<Storage> {
+    #[inline]
+    pub const fn new(storage: Storage) -> Self {
+        Self { storage }
+    }
+}
+impl<Storage> __BindgenBitfieldUnit<Storage>
+where
+    Storage: AsRef<[u8]> + AsMut<[u8]>,
+{
+    #[inline]
+    pub fn get_bit(&self, index: usize) -> bool {
+        debug_assert!(index / 8 < self.storage.as_ref().len());
+        let byte_index = index / 8;
+        let byte = self.storage.as_ref()[byte_index];
+        let bit_index = if cfg!(target_endian = "big") {
+            7 - (index % 8)
+        } else {
+            index % 8
+        };
+        let mask = 1 << bit_index;
+        byte & mask == mask
+    }
+    #[inline]
+    pub fn set_bit(&mut self, index: usize, val: bool) {
+        debug_assert!(index / 8 < self.storage.as_ref().len());
+        let byte_index = index / 8;
+        let byte = &mut self.storage.as_mut()[byte_index];
+        let bit_index = if cfg!(target_endian = "big") {
+            7 - (index % 8)
+        } else {
+            index % 8
+        };
+        let mask = 1 << bit_index;
+        if val {
+            *byte |= mask;
+        } else {
+            *byte &= !mask;
+        }
+    }
+    #[inline]
+    pub fn get(&self, bit_offset: usize, bit_width: u8) -> u64 {
+        debug_assert!(bit_width <= 64);
+        debug_assert!(bit_offset / 8 < self.storage.as_ref().len());
+        debug_assert!((bit_offset + (bit_width as usize)) / 8 <= self.storage.as_ref().len());
+        let mut val = 0;
+        for i in 0..(bit_width as usize) {
+            if self.get_bit(i + bit_offset) {
+                let index = if cfg!(target_endian = "big") {
+                    bit_width as usize - 1 - i
+                } else {
+                    i
+                };
+                val |= 1 << index;
+            }
+        }
+        val
+    }
+    #[inline]
+    pub fn set(&mut self, bit_offset: usize, bit_width: u8, val: u64) {
+        debug_assert!(bit_width <= 64);
+        debug_assert!(bit_offset / 8 < self.storage.as_ref().len());
+        debug_assert!((bit_offset + (bit_width as usize)) / 8 <= self.storage.as_ref().len());
+        for i in 0..(bit_width as usize) {
+            let mask = 1 << i;
+            let val_bit_is_set = val & mask == mask;
+            let index = if cfg!(target_endian = "big") {
+                bit_width as usize - 1 - i
+            } else {
+                i
+            };
+            self.set_bit(index + bit_offset, val_bit_is_set);
+        }
+    }
+}
+pub const MBEDTLS_CONFIG_FILE: &[u8; 9] = b"config.h\0";
+pub const MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT: u32 = 0;
+pub const MBEDTLS_SSL_MAX_EARLY_DATA_SIZE: u32 = 1024;
+pub const MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE: u32 = 6000;
+pub const MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH: u32 = 32;
+pub const MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS: u32 = 1;
+pub const MBEDTLS_VERSION_MAJOR: u32 = 3;
+pub const MBEDTLS_VERSION_MINOR: u32 = 4;
+pub const MBEDTLS_VERSION_PATCH: u32 = 0;
+pub const MBEDTLS_VERSION_NUMBER: u32 = 50593792;
+pub const MBEDTLS_VERSION_STRING: &[u8; 6] = b"3.4.0\0";
+pub const MBEDTLS_VERSION_STRING_FULL: &[u8; 15] = b"mbed TLS 3.4.0\0";
+pub const MBEDTLS_PSA_BUILTIN_ALG_CCM: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG: u32 = 1;
+pub const PSA_WANT_ALG_CCM: u32 = 1;
+pub const PSA_WANT_ALG_CCM_STAR_NO_TAG: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_CMAC: u32 = 1;
+pub const PSA_WANT_ALG_CMAC: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_ECDH: u32 = 1;
+pub const PSA_WANT_ALG_ECDH: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_ECDSA: u32 = 1;
+pub const PSA_WANT_ALG_ECDSA: u32 = 1;
+pub const PSA_WANT_ALG_ECDSA_ANY: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA: u32 = 1;
+pub const PSA_WANT_ALG_DETERMINISTIC_ECDSA: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_ECC_KEY_PAIR: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_GCM: u32 = 1;
+pub const PSA_WANT_ALG_GCM: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_HMAC: u32 = 1;
+pub const PSA_WANT_ALG_HMAC: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_HKDF: u32 = 1;
+pub const PSA_WANT_ALG_HKDF: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT: u32 = 1;
+pub const PSA_WANT_ALG_HKDF_EXTRACT: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND: u32 = 1;
+pub const PSA_WANT_ALG_HKDF_EXPAND: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF: u32 = 1;
+pub const PSA_WANT_ALG_TLS12_PRF: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS: u32 = 1;
+pub const PSA_WANT_ALG_TLS12_PSK_TO_MS: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_MD5: u32 = 1;
+pub const PSA_WANT_ALG_MD5: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_PAKE: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_JPAKE: u32 = 1;
+pub const PSA_WANT_ALG_JPAKE: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160: u32 = 1;
+pub const PSA_WANT_ALG_RIPEMD160: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT: u32 = 1;
+pub const PSA_WANT_ALG_RSA_PKCS1V15_CRYPT: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN: u32 = 1;
+pub const PSA_WANT_ALG_RSA_PKCS1V15_SIGN: u32 = 1;
+pub const PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP: u32 = 1;
+pub const PSA_WANT_ALG_RSA_OAEP: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS: u32 = 1;
+pub const PSA_WANT_ALG_RSA_PSS: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_RSA_KEY_PAIR: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_SHA_1: u32 = 1;
+pub const PSA_WANT_ALG_SHA_1: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_SHA_224: u32 = 1;
+pub const PSA_WANT_ALG_SHA_224: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_SHA_256: u32 = 1;
+pub const PSA_WANT_ALG_SHA_256: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_SHA_384: u32 = 1;
+pub const PSA_WANT_ALG_SHA_384: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_SHA_512: u32 = 1;
+pub const PSA_WANT_ALG_SHA_512: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_AES: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_ARIA: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_CAMELLIA: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_DES: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS: u32 = 1;
+pub const PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_CHACHA20: u32 = 1;
+pub const PSA_WANT_ALG_STREAM_CIPHER: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER: u32 = 1;
+pub const PSA_WANT_ALG_CHACHA20_POLY1305: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING: u32 = 1;
+pub const PSA_WANT_ALG_CBC_NO_PADDING: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7: u32 = 1;
+pub const PSA_WANT_ALG_CBC_PKCS7: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING: u32 = 1;
+pub const PSA_WANT_ALG_ECB_NO_PADDING: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_CFB: u32 = 1;
+pub const PSA_WANT_ALG_CFB: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_CTR: u32 = 1;
+pub const PSA_WANT_ALG_CTR: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_OFB: u32 = 1;
+pub const PSA_WANT_ALG_OFB: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256: u32 = 1;
+pub const PSA_HAVE_FULL_ECDSA: u32 = 1;
+pub const PSA_HAVE_FULL_JPAKE: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_DERIVE: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_PASSWORD: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_PASSWORD_HASH: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_RAW_DATA: u32 = 1;
+pub const _LIBC_LIMITS_H_: u32 = 1;
+pub const __NEWLIB_H__: u32 = 1;
+pub const _NEWLIB_VERSION_H__: u32 = 1;
+pub const _NEWLIB_VERSION: &[u8; 6] = b"3.3.0\0";
+pub const __NEWLIB__: u32 = 3;
+pub const __NEWLIB_MINOR__: u32 = 3;
+pub const __NEWLIB_PATCHLEVEL__: u32 = 0;
+pub const _WANT_IO_C99_FORMATS: u32 = 1;
+pub const _WANT_IO_LONG_LONG: u32 = 1;
+pub const _WANT_IO_POS_ARGS: u32 = 1;
+pub const _WANT_REENT_SMALL: u32 = 1;
+pub const _REENT_CHECK_VERIFY: u32 = 1;
+pub const _MB_LEN_MAX: u32 = 1;
+pub const _ICONV_ENABLED: u32 = 1;
+pub const HAVE_INITFINI_ARRAY: u32 = 1;
+pub const _ATEXIT_DYNAMIC_ALLOC: u32 = 1;
+pub const _HAVE_LONG_DOUBLE: u32 = 1;
+pub const _HAVE_CC_INHIBIT_LOOP_TO_LIBCALL: u32 = 1;
+pub const _FVWRITE_IN_STREAMIO: u32 = 1;
+pub const _FSEEK_OPTIMIZATION: u32 = 1;
+pub const _UNBUF_STREAM_OPT: u32 = 1;
+pub const _RETARGETABLE_LOCKING: u32 = 1;
+pub const _WANT_USE_LONG_TIME_T: u32 = 1;
+pub const _DEFAULT_SOURCE: u32 = 1;
+pub const _POSIX_SOURCE: u32 = 1;
+pub const _POSIX_C_SOURCE: u32 = 200809;
+pub const _ATFILE_SOURCE: u32 = 1;
+pub const __ATFILE_VISIBLE: u32 = 1;
+pub const __BSD_VISIBLE: u32 = 1;
+pub const __GNU_VISIBLE: u32 = 0;
+pub const __ISO_C_VISIBLE: u32 = 2011;
+pub const __LARGEFILE_VISIBLE: u32 = 0;
+pub const __MISC_VISIBLE: u32 = 1;
+pub const __POSIX_VISIBLE: u32 = 200809;
+pub const __SVID_VISIBLE: u32 = 1;
+pub const __XSI_VISIBLE: u32 = 0;
+pub const __SSP_FORTIFY_LEVEL: u32 = 0;
+pub const _POSIX_THREADS: u32 = 1;
+pub const _POSIX_TIMEOUTS: u32 = 1;
+pub const _POSIX_TIMERS: u32 = 1;
+pub const _POSIX_MONOTONIC_CLOCK: u32 = 200112;
+pub const _POSIX_CLOCK_SELECTION: u32 = 200112;
+pub const _UNIX98_THREAD_MUTEX_ATTRIBUTES: u32 = 1;
+pub const __have_longlong64: u32 = 1;
+pub const __have_long32: u32 = 1;
+pub const ___int8_t_defined: u32 = 1;
+pub const ___int16_t_defined: u32 = 1;
+pub const ___int32_t_defined: u32 = 1;
+pub const ___int64_t_defined: u32 = 1;
+pub const ___int_least8_t_defined: u32 = 1;
+pub const ___int_least16_t_defined: u32 = 1;
+pub const ___int_least32_t_defined: u32 = 1;
+pub const ___int_least64_t_defined: u32 = 1;
+pub const __GNUCLIKE_ASM: u32 = 3;
+pub const __GNUCLIKE___TYPEOF: u32 = 1;
+pub const __GNUCLIKE___OFFSETOF: u32 = 1;
+pub const __GNUCLIKE___SECTION: u32 = 1;
+pub const __GNUCLIKE_CTOR_SECTION_HANDLING: u32 = 1;
+pub const __GNUCLIKE_BUILTIN_CONSTANT_P: u32 = 1;
+pub const __GNUCLIKE_BUILTIN_VARARGS: u32 = 1;
+pub const __GNUCLIKE_BUILTIN_STDARG: u32 = 1;
+pub const __GNUCLIKE_BUILTIN_VAALIST: u32 = 1;
+pub const __GNUC_VA_LIST_COMPATIBILITY: u32 = 1;
+pub const __GNUCLIKE_BUILTIN_NEXT_ARG: u32 = 1;
+pub const __GNUCLIKE_BUILTIN_MEMCPY: u32 = 1;
+pub const __CC_SUPPORTS_INLINE: u32 = 1;
+pub const __CC_SUPPORTS___INLINE: u32 = 1;
+pub const __CC_SUPPORTS___INLINE__: u32 = 1;
+pub const __CC_SUPPORTS___FUNC__: u32 = 1;
+pub const __CC_SUPPORTS_WARNING: u32 = 1;
+pub const __CC_SUPPORTS_VARADIC_XXX: u32 = 1;
+pub const __CC_SUPPORTS_DYNAMIC_ARRAY_INIT: u32 = 1;
+pub const ARG_MAX: u32 = 4096;
+pub const CHILD_MAX: u32 = 40;
+pub const LINK_MAX: u32 = 32767;
+pub const MAX_CANON: u32 = 255;
+pub const MAX_INPUT: u32 = 255;
+pub const NAME_MAX: u32 = 255;
+pub const NGROUPS_MAX: u32 = 16;
+pub const OPEN_MAX: u32 = 64;
+pub const PATH_MAX: u32 = 1024;
+pub const PIPE_BUF: u32 = 512;
+pub const IOV_MAX: u32 = 1024;
+pub const BC_BASE_MAX: u32 = 99;
+pub const BC_DIM_MAX: u32 = 2048;
+pub const BC_SCALE_MAX: u32 = 99;
+pub const BC_STRING_MAX: u32 = 1000;
+pub const COLL_WEIGHTS_MAX: u32 = 0;
+pub const EXPR_NEST_MAX: u32 = 32;
+pub const LINE_MAX: u32 = 2048;
+pub const RE_DUP_MAX: u32 = 255;
+pub const MB_LEN_MAX: u32 = 1;
+pub const NL_ARGMAX: u32 = 32;
+pub const _POSIX2_RE_DUP_MAX: u32 = 255;
+pub const CHAR_MIN: u32 = 0;
+pub const __int20: u32 = 2;
+pub const __int20__: u32 = 2;
+pub const __INT8: &[u8; 3] = b"hh\0";
+pub const __INT16: &[u8; 2] = b"h\0";
+pub const __INT64: &[u8; 3] = b"ll\0";
+pub const __FAST8: &[u8; 3] = b"hh\0";
+pub const __FAST16: &[u8; 2] = b"h\0";
+pub const __FAST64: &[u8; 3] = b"ll\0";
+pub const __LEAST8: &[u8; 3] = b"hh\0";
+pub const __LEAST16: &[u8; 2] = b"h\0";
+pub const __LEAST64: &[u8; 3] = b"ll\0";
+pub const __int8_t_defined: u32 = 1;
+pub const __int16_t_defined: u32 = 1;
+pub const __int32_t_defined: u32 = 1;
+pub const __int64_t_defined: u32 = 1;
+pub const __int_least8_t_defined: u32 = 1;
+pub const __int_least16_t_defined: u32 = 1;
+pub const __int_least32_t_defined: u32 = 1;
+pub const __int_least64_t_defined: u32 = 1;
+pub const __int_fast8_t_defined: u32 = 1;
+pub const __int_fast16_t_defined: u32 = 1;
+pub const __int_fast32_t_defined: u32 = 1;
+pub const __int_fast64_t_defined: u32 = 1;
+pub const WINT_MIN: u32 = 0;
+pub const MBEDTLS_ERR_MPI_FILE_IO_ERROR: i32 = -2;
+pub const MBEDTLS_ERR_MPI_BAD_INPUT_DATA: i32 = -4;
+pub const MBEDTLS_ERR_MPI_INVALID_CHARACTER: i32 = -6;
+pub const MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL: i32 = -8;
+pub const MBEDTLS_ERR_MPI_NEGATIVE_VALUE: i32 = -10;
+pub const MBEDTLS_ERR_MPI_DIVISION_BY_ZERO: i32 = -12;
+pub const MBEDTLS_ERR_MPI_NOT_ACCEPTABLE: i32 = -14;
+pub const MBEDTLS_ERR_MPI_ALLOC_FAILED: i32 = -16;
+pub const MBEDTLS_MPI_MAX_LIMBS: u32 = 10000;
+pub const MBEDTLS_MPI_WINDOW_SIZE: u32 = 2;
+pub const MBEDTLS_MPI_MAX_SIZE: u32 = 1024;
+pub const MBEDTLS_MPI_MAX_BITS: u32 = 8192;
+pub const MBEDTLS_MPI_MAX_BITS_SCALE100: u32 = 819200;
+pub const MBEDTLS_LN_2_DIV_LN_10_SCALE100: u32 = 332;
+pub const MBEDTLS_MPI_RW_BUFFER_SIZE: u32 = 2484;
+pub const MBEDTLS_ERR_ECP_BAD_INPUT_DATA: i32 = -20352;
+pub const MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL: i32 = -20224;
+pub const MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE: i32 = -20096;
+pub const MBEDTLS_ERR_ECP_VERIFY_FAILED: i32 = -19968;
+pub const MBEDTLS_ERR_ECP_ALLOC_FAILED: i32 = -19840;
+pub const MBEDTLS_ERR_ECP_RANDOM_FAILED: i32 = -19712;
+pub const MBEDTLS_ERR_ECP_INVALID_KEY: i32 = -19584;
+pub const MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH: i32 = -19456;
+pub const MBEDTLS_ERR_ECP_IN_PROGRESS: i32 = -19200;
+pub const MBEDTLS_ECP_DP_MAX: u32 = 14;
+pub const MBEDTLS_ECP_WINDOW_SIZE: u32 = 4;
+pub const MBEDTLS_ECP_FIXED_POINT_OPTIM: u32 = 1;
+pub const MBEDTLS_ECP_MAX_BITS: u32 = 521;
+pub const MBEDTLS_ECP_MAX_BYTES: u32 = 66;
+pub const MBEDTLS_ECP_MAX_PT_LEN: u32 = 133;
+pub const MBEDTLS_ECP_PF_UNCOMPRESSED: u32 = 0;
+pub const MBEDTLS_ECP_PF_COMPRESSED: u32 = 1;
+pub const MBEDTLS_ECP_TLS_NAMED_CURVE: u32 = 3;
+pub const MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE: i32 = -20608;
+pub const MBEDTLS_ERR_MD_BAD_INPUT_DATA: i32 = -20736;
+pub const MBEDTLS_ERR_MD_ALLOC_FAILED: i32 = -20864;
+pub const MBEDTLS_ERR_MD_FILE_IO_ERROR: i32 = -20992;
+pub const MBEDTLS_MD_MAX_SIZE: u32 = 64;
+pub const MBEDTLS_MD_MAX_BLOCK_SIZE: u32 = 128;
+pub const MBEDTLS_ERR_RSA_BAD_INPUT_DATA: i32 = -16512;
+pub const MBEDTLS_ERR_RSA_INVALID_PADDING: i32 = -16640;
+pub const MBEDTLS_ERR_RSA_KEY_GEN_FAILED: i32 = -16768;
+pub const MBEDTLS_ERR_RSA_KEY_CHECK_FAILED: i32 = -16896;
+pub const MBEDTLS_ERR_RSA_PUBLIC_FAILED: i32 = -17024;
+pub const MBEDTLS_ERR_RSA_PRIVATE_FAILED: i32 = -17152;
+pub const MBEDTLS_ERR_RSA_VERIFY_FAILED: i32 = -17280;
+pub const MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE: i32 = -17408;
+pub const MBEDTLS_ERR_RSA_RNG_FAILED: i32 = -17536;
+pub const MBEDTLS_RSA_PKCS_V15: u32 = 0;
+pub const MBEDTLS_RSA_PKCS_V21: u32 = 1;
+pub const MBEDTLS_RSA_SIGN: u32 = 1;
+pub const MBEDTLS_RSA_CRYPT: u32 = 2;
+pub const MBEDTLS_RSA_SALT_LEN_ANY: i32 = -1;
+pub const MBEDTLS_ERR_PK_ALLOC_FAILED: i32 = -16256;
+pub const MBEDTLS_ERR_PK_TYPE_MISMATCH: i32 = -16128;
+pub const MBEDTLS_ERR_PK_BAD_INPUT_DATA: i32 = -16000;
+pub const MBEDTLS_ERR_PK_FILE_IO_ERROR: i32 = -15872;
+pub const MBEDTLS_ERR_PK_KEY_INVALID_VERSION: i32 = -15744;
+pub const MBEDTLS_ERR_PK_KEY_INVALID_FORMAT: i32 = -15616;
+pub const MBEDTLS_ERR_PK_UNKNOWN_PK_ALG: i32 = -15488;
+pub const MBEDTLS_ERR_PK_PASSWORD_REQUIRED: i32 = -15360;
+pub const MBEDTLS_ERR_PK_PASSWORD_MISMATCH: i32 = -15232;
+pub const MBEDTLS_ERR_PK_INVALID_PUBKEY: i32 = -15104;
+pub const MBEDTLS_ERR_PK_INVALID_ALG: i32 = -14976;
+pub const MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE: i32 = -14848;
+pub const MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE: i32 = -14720;
+pub const MBEDTLS_ERR_PK_SIG_LEN_MISMATCH: i32 = -14592;
+pub const MBEDTLS_ERR_PK_BUFFER_TOO_SMALL: i32 = -14464;
+pub const MBEDTLS_PK_SIGNATURE_MAX_SIZE: u32 = 0;
+pub const MBEDTLS_PK_DEBUG_MAX_ITEMS: u32 = 3;
+pub const MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE: i32 = -24704;
+pub const MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA: i32 = -24832;
+pub const MBEDTLS_ERR_CIPHER_ALLOC_FAILED: i32 = -24960;
+pub const MBEDTLS_ERR_CIPHER_INVALID_PADDING: i32 = -25088;
+pub const MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED: i32 = -25216;
+pub const MBEDTLS_ERR_CIPHER_AUTH_FAILED: i32 = -25344;
+pub const MBEDTLS_ERR_CIPHER_INVALID_CONTEXT: i32 = -25472;
+pub const MBEDTLS_CIPHER_VARIABLE_IV_LEN: u32 = 1;
+pub const MBEDTLS_CIPHER_VARIABLE_KEY_LEN: u32 = 2;
+pub const MBEDTLS_MAX_IV_LENGTH: u32 = 16;
+pub const MBEDTLS_MAX_BLOCK_LENGTH: u32 = 16;
+pub const MBEDTLS_MAX_KEY_LENGTH: u32 = 64;
+pub const MBEDTLS_TLS_RSA_WITH_NULL_MD5: u32 = 1;
+pub const MBEDTLS_TLS_RSA_WITH_NULL_SHA: u32 = 2;
+pub const MBEDTLS_TLS_PSK_WITH_NULL_SHA: u32 = 44;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA: u32 = 45;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA: u32 = 46;
+pub const MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA: u32 = 47;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA: u32 = 51;
+pub const MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA: u32 = 53;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA: u32 = 57;
+pub const MBEDTLS_TLS_RSA_WITH_NULL_SHA256: u32 = 59;
+pub const MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256: u32 = 60;
+pub const MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256: u32 = 61;
+pub const MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: u32 = 65;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: u32 = 69;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: u32 = 103;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: u32 = 107;
+pub const MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: u32 = 132;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: u32 = 136;
+pub const MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA: u32 = 140;
+pub const MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA: u32 = 141;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA: u32 = 144;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA: u32 = 145;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA: u32 = 148;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA: u32 = 149;
+pub const MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256: u32 = 156;
+pub const MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384: u32 = 157;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: u32 = 158;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: u32 = 159;
+pub const MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256: u32 = 168;
+pub const MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384: u32 = 169;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256: u32 = 170;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384: u32 = 171;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256: u32 = 172;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384: u32 = 173;
+pub const MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256: u32 = 174;
+pub const MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384: u32 = 175;
+pub const MBEDTLS_TLS_PSK_WITH_NULL_SHA256: u32 = 176;
+pub const MBEDTLS_TLS_PSK_WITH_NULL_SHA384: u32 = 177;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256: u32 = 178;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384: u32 = 179;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256: u32 = 180;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384: u32 = 181;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256: u32 = 182;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384: u32 = 183;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256: u32 = 184;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384: u32 = 185;
+pub const MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256: u32 = 186;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256: u32 = 190;
+pub const MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256: u32 = 192;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256: u32 = 196;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA: u32 = 49153;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: u32 = 49156;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: u32 = 49157;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA: u32 = 49158;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: u32 = 49161;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: u32 = 49162;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA: u32 = 49163;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: u32 = 49166;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: u32 = 49167;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA: u32 = 49168;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: u32 = 49171;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: u32 = 49172;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: u32 = 49187;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: u32 = 49188;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256: u32 = 49189;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384: u32 = 49190;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: u32 = 49191;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: u32 = 49192;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256: u32 = 49193;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384: u32 = 49194;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: u32 = 49195;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: u32 = 49196;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256: u32 = 49197;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384: u32 = 49198;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: u32 = 49199;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: u32 = 49200;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256: u32 = 49201;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384: u32 = 49202;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA: u32 = 49205;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA: u32 = 49206;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256: u32 = 49207;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384: u32 = 49208;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA: u32 = 49209;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256: u32 = 49210;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384: u32 = 49211;
+pub const MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256: u32 = 49212;
+pub const MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384: u32 = 49213;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256: u32 = 49220;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384: u32 = 49221;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256: u32 = 49224;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384: u32 = 49225;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256: u32 = 49226;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384: u32 = 49227;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256: u32 = 49228;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384: u32 = 49229;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256: u32 = 49230;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384: u32 = 49231;
+pub const MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256: u32 = 49232;
+pub const MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384: u32 = 49233;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256: u32 = 49234;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384: u32 = 49235;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256: u32 = 49244;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384: u32 = 49245;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256: u32 = 49246;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384: u32 = 49247;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256: u32 = 49248;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384: u32 = 49249;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256: u32 = 49250;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384: u32 = 49251;
+pub const MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256: u32 = 49252;
+pub const MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384: u32 = 49253;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256: u32 = 49254;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384: u32 = 49255;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256: u32 = 49256;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384: u32 = 49257;
+pub const MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256: u32 = 49258;
+pub const MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384: u32 = 49259;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256: u32 = 49260;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384: u32 = 49261;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256: u32 = 49262;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384: u32 = 49263;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256: u32 = 49264;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384: u32 = 49265;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256: u32 = 49266;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384: u32 = 49267;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256: u32 = 49268;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384: u32 = 49269;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256: u32 = 49270;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384: u32 = 49271;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256: u32 = 49272;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384: u32 = 49273;
+pub const MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256: u32 = 49274;
+pub const MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384: u32 = 49275;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256: u32 = 49276;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384: u32 = 49277;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256: u32 = 49286;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384: u32 = 49287;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256: u32 = 49288;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384: u32 = 49289;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256: u32 = 49290;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384: u32 = 49291;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256: u32 = 49292;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384: u32 = 49293;
+pub const MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256: u32 = 49294;
+pub const MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384: u32 = 49295;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256: u32 = 49296;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384: u32 = 49297;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256: u32 = 49298;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384: u32 = 49299;
+pub const MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256: u32 = 49300;
+pub const MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384: u32 = 49301;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256: u32 = 49302;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384: u32 = 49303;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256: u32 = 49304;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384: u32 = 49305;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256: u32 = 49306;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384: u32 = 49307;
+pub const MBEDTLS_TLS_RSA_WITH_AES_128_CCM: u32 = 49308;
+pub const MBEDTLS_TLS_RSA_WITH_AES_256_CCM: u32 = 49309;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM: u32 = 49310;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM: u32 = 49311;
+pub const MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8: u32 = 49312;
+pub const MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8: u32 = 49313;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8: u32 = 49314;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8: u32 = 49315;
+pub const MBEDTLS_TLS_PSK_WITH_AES_128_CCM: u32 = 49316;
+pub const MBEDTLS_TLS_PSK_WITH_AES_256_CCM: u32 = 49317;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM: u32 = 49318;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM: u32 = 49319;
+pub const MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8: u32 = 49320;
+pub const MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8: u32 = 49321;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8: u32 = 49322;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8: u32 = 49323;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM: u32 = 49324;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM: u32 = 49325;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8: u32 = 49326;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8: u32 = 49327;
+pub const MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8: u32 = 49407;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: u32 = 52392;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: u32 = 52393;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256: u32 = 52394;
+pub const MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256: u32 = 52395;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256: u32 = 52396;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256: u32 = 52397;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256: u32 = 52398;
+pub const MBEDTLS_TLS1_3_AES_128_GCM_SHA256: u32 = 4865;
+pub const MBEDTLS_TLS1_3_AES_256_GCM_SHA384: u32 = 4866;
+pub const MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256: u32 = 4867;
+pub const MBEDTLS_TLS1_3_AES_128_CCM_SHA256: u32 = 4868;
+pub const MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256: u32 = 4869;
+pub const MBEDTLS_CIPHERSUITE_WEAK: u32 = 1;
+pub const MBEDTLS_CIPHERSUITE_SHORT_TAG: u32 = 2;
+pub const MBEDTLS_CIPHERSUITE_NODTLS: u32 = 4;
+pub const PSA_CRYPTO_API_VERSION_MAJOR: u32 = 1;
+pub const PSA_CRYPTO_API_VERSION_MINOR: u32 = 0;
+pub const PSA_MAC_TRUNCATION_OFFSET: u32 = 16;
+pub const PSA_AEAD_TAG_LENGTH_OFFSET: u32 = 16;
+pub const PSA_HASH_MAX_SIZE: u32 = 64;
+pub const PSA_HMAC_MAX_HASH_BLOCK_SIZE: u32 = 128;
+pub const PSA_MAC_MAX_SIZE: u32 = 64;
+pub const PSA_AEAD_TAG_MAX_SIZE: u32 = 16;
+pub const PSA_VENDOR_RSA_MAX_KEY_BITS: u32 = 4096;
+pub const PSA_VENDOR_ECC_MAX_CURVE_BITS: u32 = 521;
+pub const PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE: u32 = 128;
+pub const PSA_TLS12_ECJPAKE_TO_PMS_INPUT_SIZE: u32 = 65;
+pub const PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE: u32 = 32;
+pub const PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE: u32 = 16;
+pub const PSA_AEAD_NONCE_MAX_SIZE: u32 = 13;
+pub const PSA_AEAD_FINISH_OUTPUT_MAX_SIZE: u32 = 16;
+pub const PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE: u32 = 16;
+pub const PSA_CIPHER_IV_MAX_SIZE: u32 = 16;
+pub const PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE: u32 = 16;
+pub const MBEDTLS_AES_BLOCK_SIZE: u32 = 16;
+pub const MBEDTLS_DES3_BLOCK_SIZE: u32 = 8;
+pub const MBEDTLS_CIPHER_BLKSIZE_MAX: u32 = 16;
+pub const MBEDTLS_GCM_ENCRYPT: u32 = 1;
+pub const MBEDTLS_GCM_DECRYPT: u32 = 0;
+pub const MBEDTLS_ERR_GCM_AUTH_FAILED: i32 = -18;
+pub const MBEDTLS_ERR_GCM_BAD_INPUT: i32 = -20;
+pub const MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL: i32 = -22;
+pub const MBEDTLS_CCM_DECRYPT: u32 = 0;
+pub const MBEDTLS_CCM_ENCRYPT: u32 = 1;
+pub const MBEDTLS_CCM_STAR_DECRYPT: u32 = 2;
+pub const MBEDTLS_CCM_STAR_ENCRYPT: u32 = 3;
+pub const MBEDTLS_ERR_CCM_BAD_INPUT: i32 = -13;
+pub const MBEDTLS_ERR_CCM_AUTH_FAILED: i32 = -15;
+pub const MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA: i32 = -87;
+pub const MBEDTLS_ERR_CHACHAPOLY_BAD_STATE: i32 = -84;
+pub const MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED: i32 = -86;
+pub const MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA: i32 = -81;
+pub const MBEDTLS_ERR_SHA1_BAD_INPUT_DATA: i32 = -115;
+pub const MBEDTLS_ERR_SHA256_BAD_INPUT_DATA: i32 = -116;
+pub const MBEDTLS_ERR_SHA512_BAD_INPUT_DATA: i32 = -117;
+pub const MBEDTLS_PSA_BUILTIN_CIPHER: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_AEAD: u32 = 1;
+pub const MBEDTLS_PSA_JPAKE_BUFFER_SIZE: u32 = 336;
+pub const PSA_MAX_KEY_BITS: u32 = 65528;
+pub const MBEDTLS_PSA_KA_MASK_DUAL_USE: u32 = 0;
+pub const PSA_CRYPTO_ITS_RANDOM_SEED_UID: u32 = 4294967122;
+pub const MBEDTLS_PSA_KEY_SLOT_COUNT: u32 = 32;
+pub const PSA_PAKE_OPERATION_STAGE_SETUP: u32 = 0;
+pub const PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS: u32 = 1;
+pub const PSA_PAKE_OPERATION_STAGE_COMPUTATION: u32 = 2;
+pub const PSA_PAKE_OUTPUT_MAX_SIZE: u32 = 65;
+pub const PSA_PAKE_INPUT_MAX_SIZE: u32 = 65;
+pub const MBEDTLS_ERR_ASN1_OUT_OF_DATA: i32 = -96;
+pub const MBEDTLS_ERR_ASN1_UNEXPECTED_TAG: i32 = -98;
+pub const MBEDTLS_ERR_ASN1_INVALID_LENGTH: i32 = -100;
+pub const MBEDTLS_ERR_ASN1_LENGTH_MISMATCH: i32 = -102;
+pub const MBEDTLS_ERR_ASN1_INVALID_DATA: i32 = -104;
+pub const MBEDTLS_ERR_ASN1_ALLOC_FAILED: i32 = -106;
+pub const MBEDTLS_ERR_ASN1_BUF_TOO_SMALL: i32 = -108;
+pub const MBEDTLS_ASN1_BOOLEAN: u32 = 1;
+pub const MBEDTLS_ASN1_INTEGER: u32 = 2;
+pub const MBEDTLS_ASN1_BIT_STRING: u32 = 3;
+pub const MBEDTLS_ASN1_OCTET_STRING: u32 = 4;
+pub const MBEDTLS_ASN1_NULL: u32 = 5;
+pub const MBEDTLS_ASN1_OID: u32 = 6;
+pub const MBEDTLS_ASN1_ENUMERATED: u32 = 10;
+pub const MBEDTLS_ASN1_UTF8_STRING: u32 = 12;
+pub const MBEDTLS_ASN1_SEQUENCE: u32 = 16;
+pub const MBEDTLS_ASN1_SET: u32 = 17;
+pub const MBEDTLS_ASN1_PRINTABLE_STRING: u32 = 19;
+pub const MBEDTLS_ASN1_T61_STRING: u32 = 20;
+pub const MBEDTLS_ASN1_IA5_STRING: u32 = 22;
+pub const MBEDTLS_ASN1_UTC_TIME: u32 = 23;
+pub const MBEDTLS_ASN1_GENERALIZED_TIME: u32 = 24;
+pub const MBEDTLS_ASN1_UNIVERSAL_STRING: u32 = 28;
+pub const MBEDTLS_ASN1_BMP_STRING: u32 = 30;
+pub const MBEDTLS_ASN1_PRIMITIVE: u32 = 0;
+pub const MBEDTLS_ASN1_CONSTRUCTED: u32 = 32;
+pub const MBEDTLS_ASN1_CONTEXT_SPECIFIC: u32 = 128;
+pub const MBEDTLS_ASN1_TAG_CLASS_MASK: u32 = 192;
+pub const MBEDTLS_ASN1_TAG_PC_MASK: u32 = 32;
+pub const MBEDTLS_ASN1_TAG_VALUE_MASK: u32 = 31;
+pub const MBEDTLS_X509_MAX_INTERMEDIATE_CA: u32 = 8;
+pub const MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE: i32 = -8320;
+pub const MBEDTLS_ERR_X509_UNKNOWN_OID: i32 = -8448;
+pub const MBEDTLS_ERR_X509_INVALID_FORMAT: i32 = -8576;
+pub const MBEDTLS_ERR_X509_INVALID_VERSION: i32 = -8704;
+pub const MBEDTLS_ERR_X509_INVALID_SERIAL: i32 = -8832;
+pub const MBEDTLS_ERR_X509_INVALID_ALG: i32 = -8960;
+pub const MBEDTLS_ERR_X509_INVALID_NAME: i32 = -9088;
+pub const MBEDTLS_ERR_X509_INVALID_DATE: i32 = -9216;
+pub const MBEDTLS_ERR_X509_INVALID_SIGNATURE: i32 = -9344;
+pub const MBEDTLS_ERR_X509_INVALID_EXTENSIONS: i32 = -9472;
+pub const MBEDTLS_ERR_X509_UNKNOWN_VERSION: i32 = -9600;
+pub const MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG: i32 = -9728;
+pub const MBEDTLS_ERR_X509_SIG_MISMATCH: i32 = -9856;
+pub const MBEDTLS_ERR_X509_CERT_VERIFY_FAILED: i32 = -9984;
+pub const MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT: i32 = -10112;
+pub const MBEDTLS_ERR_X509_BAD_INPUT_DATA: i32 = -10240;
+pub const MBEDTLS_ERR_X509_ALLOC_FAILED: i32 = -10368;
+pub const MBEDTLS_ERR_X509_FILE_IO_ERROR: i32 = -10496;
+pub const MBEDTLS_ERR_X509_BUFFER_TOO_SMALL: i32 = -10624;
+pub const MBEDTLS_ERR_X509_FATAL_ERROR: i32 = -12288;
+pub const MBEDTLS_X509_BADCERT_EXPIRED: u32 = 1;
+pub const MBEDTLS_X509_BADCERT_REVOKED: u32 = 2;
+pub const MBEDTLS_X509_BADCERT_CN_MISMATCH: u32 = 4;
+pub const MBEDTLS_X509_BADCERT_NOT_TRUSTED: u32 = 8;
+pub const MBEDTLS_X509_BADCRL_NOT_TRUSTED: u32 = 16;
+pub const MBEDTLS_X509_BADCRL_EXPIRED: u32 = 32;
+pub const MBEDTLS_X509_BADCERT_MISSING: u32 = 64;
+pub const MBEDTLS_X509_BADCERT_SKIP_VERIFY: u32 = 128;
+pub const MBEDTLS_X509_BADCERT_OTHER: u32 = 256;
+pub const MBEDTLS_X509_BADCERT_FUTURE: u32 = 512;
+pub const MBEDTLS_X509_BADCRL_FUTURE: u32 = 1024;
+pub const MBEDTLS_X509_BADCERT_KEY_USAGE: u32 = 2048;
+pub const MBEDTLS_X509_BADCERT_EXT_KEY_USAGE: u32 = 4096;
+pub const MBEDTLS_X509_BADCERT_NS_CERT_TYPE: u32 = 8192;
+pub const MBEDTLS_X509_BADCERT_BAD_MD: u32 = 16384;
+pub const MBEDTLS_X509_BADCERT_BAD_PK: u32 = 32768;
+pub const MBEDTLS_X509_BADCERT_BAD_KEY: u32 = 65536;
+pub const MBEDTLS_X509_BADCRL_BAD_MD: u32 = 131072;
+pub const MBEDTLS_X509_BADCRL_BAD_PK: u32 = 262144;
+pub const MBEDTLS_X509_BADCRL_BAD_KEY: u32 = 524288;
+pub const MBEDTLS_X509_SAN_OTHER_NAME: u32 = 0;
+pub const MBEDTLS_X509_SAN_RFC822_NAME: u32 = 1;
+pub const MBEDTLS_X509_SAN_DNS_NAME: u32 = 2;
+pub const MBEDTLS_X509_SAN_X400_ADDRESS_NAME: u32 = 3;
+pub const MBEDTLS_X509_SAN_DIRECTORY_NAME: u32 = 4;
+pub const MBEDTLS_X509_SAN_EDI_PARTY_NAME: u32 = 5;
+pub const MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER: u32 = 6;
+pub const MBEDTLS_X509_SAN_IP_ADDRESS: u32 = 7;
+pub const MBEDTLS_X509_SAN_REGISTERED_ID: u32 = 8;
+pub const MBEDTLS_X509_KU_DIGITAL_SIGNATURE: u32 = 128;
+pub const MBEDTLS_X509_KU_NON_REPUDIATION: u32 = 64;
+pub const MBEDTLS_X509_KU_KEY_ENCIPHERMENT: u32 = 32;
+pub const MBEDTLS_X509_KU_DATA_ENCIPHERMENT: u32 = 16;
+pub const MBEDTLS_X509_KU_KEY_AGREEMENT: u32 = 8;
+pub const MBEDTLS_X509_KU_KEY_CERT_SIGN: u32 = 4;
+pub const MBEDTLS_X509_KU_CRL_SIGN: u32 = 2;
+pub const MBEDTLS_X509_KU_ENCIPHER_ONLY: u32 = 1;
+pub const MBEDTLS_X509_KU_DECIPHER_ONLY: u32 = 32768;
+pub const MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT: u32 = 128;
+pub const MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER: u32 = 64;
+pub const MBEDTLS_X509_NS_CERT_TYPE_EMAIL: u32 = 32;
+pub const MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING: u32 = 16;
+pub const MBEDTLS_X509_NS_CERT_TYPE_RESERVED: u32 = 8;
+pub const MBEDTLS_X509_NS_CERT_TYPE_SSL_CA: u32 = 4;
+pub const MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA: u32 = 2;
+pub const MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA: u32 = 1;
+pub const MBEDTLS_X509_FORMAT_DER: u32 = 1;
+pub const MBEDTLS_X509_FORMAT_PEM: u32 = 2;
+pub const MBEDTLS_X509_MAX_DN_NAME_SIZE: u32 = 256;
+pub const MBEDTLS_X509_CRT_VERSION_1: u32 = 0;
+pub const MBEDTLS_X509_CRT_VERSION_2: u32 = 1;
+pub const MBEDTLS_X509_CRT_VERSION_3: u32 = 2;
+pub const MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN: u32 = 20;
+pub const MBEDTLS_X509_RFC5280_UTC_TIME_LEN: u32 = 15;
+pub const MBEDTLS_X509_MAX_FILE_PATH_LEN: u32 = 512;
+pub const MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE: u32 = 10;
+pub const MBEDTLS_ERR_DHM_BAD_INPUT_DATA: i32 = -12416;
+pub const MBEDTLS_ERR_DHM_READ_PARAMS_FAILED: i32 = -12544;
+pub const MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED: i32 = -12672;
+pub const MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED: i32 = -12800;
+pub const MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED: i32 = -12928;
+pub const MBEDTLS_ERR_DHM_CALC_SECRET_FAILED: i32 = -13056;
+pub const MBEDTLS_ERR_DHM_INVALID_FORMAT: i32 = -13184;
+pub const MBEDTLS_ERR_DHM_ALLOC_FAILED: i32 = -13312;
+pub const MBEDTLS_ERR_DHM_FILE_IO_ERROR: i32 = -13440;
+pub const MBEDTLS_ERR_DHM_SET_GROUP_FAILED: i32 = -13696;
+pub const MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS: i32 = -28672;
+pub const MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE: i32 = -28800;
+pub const MBEDTLS_ERR_SSL_BAD_INPUT_DATA: i32 = -28928;
+pub const MBEDTLS_ERR_SSL_INVALID_MAC: i32 = -29056;
+pub const MBEDTLS_ERR_SSL_INVALID_RECORD: i32 = -29184;
+pub const MBEDTLS_ERR_SSL_CONN_EOF: i32 = -29312;
+pub const MBEDTLS_ERR_SSL_DECODE_ERROR: i32 = -29440;
+pub const MBEDTLS_ERR_SSL_NO_RNG: i32 = -29696;
+pub const MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE: i32 = -29824;
+pub const MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION: i32 = -29952;
+pub const MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL: i32 = -30080;
+pub const MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED: i32 = -30208;
+pub const MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED: i32 = -30336;
+pub const MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE: i32 = -30464;
+pub const MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE: i32 = -30592;
+pub const MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME: i32 = -30720;
+pub const MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY: i32 = -30848;
+pub const MBEDTLS_ERR_SSL_BAD_CERTIFICATE: i32 = -31232;
+pub const MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET: i32 = -31488;
+pub const MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA: i32 = -31616;
+pub const MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA: i32 = -31744;
+pub const MBEDTLS_ERR_SSL_ALLOC_FAILED: i32 = -32512;
+pub const MBEDTLS_ERR_SSL_HW_ACCEL_FAILED: i32 = -32640;
+pub const MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH: i32 = -28544;
+pub const MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION: i32 = -28288;
+pub const MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE: i32 = -28160;
+pub const MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED: i32 = -28032;
+pub const MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH: i32 = -27904;
+pub const MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY: i32 = -27776;
+pub const MBEDTLS_ERR_SSL_INTERNAL_ERROR: i32 = -27648;
+pub const MBEDTLS_ERR_SSL_COUNTER_WRAPPING: i32 = -27520;
+pub const MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO: i32 = -27392;
+pub const MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED: i32 = -27264;
+pub const MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL: i32 = -27136;
+pub const MBEDTLS_ERR_SSL_WANT_READ: i32 = -26880;
+pub const MBEDTLS_ERR_SSL_WANT_WRITE: i32 = -26752;
+pub const MBEDTLS_ERR_SSL_TIMEOUT: i32 = -26624;
+pub const MBEDTLS_ERR_SSL_CLIENT_RECONNECT: i32 = -26496;
+pub const MBEDTLS_ERR_SSL_UNEXPECTED_RECORD: i32 = -26368;
+pub const MBEDTLS_ERR_SSL_NON_FATAL: i32 = -26240;
+pub const MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER: i32 = -26112;
+pub const MBEDTLS_ERR_SSL_CONTINUE_PROCESSING: i32 = -25984;
+pub const MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS: i32 = -25856;
+pub const MBEDTLS_ERR_SSL_EARLY_MESSAGE: i32 = -25728;
+pub const MBEDTLS_ERR_SSL_UNEXPECTED_CID: i32 = -24576;
+pub const MBEDTLS_ERR_SSL_VERSION_MISMATCH: i32 = -24320;
+pub const MBEDTLS_ERR_SSL_BAD_CONFIG: i32 = -24192;
+pub const MBEDTLS_SSL_TLS1_3_PSK_MODE_PURE: u32 = 0;
+pub const MBEDTLS_SSL_TLS1_3_PSK_MODE_ECDHE: u32 = 1;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_NONE: u32 = 0;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1: u32 = 18;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1: u32 = 19;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1: u32 = 20;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1: u32 = 21;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1: u32 = 22;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1: u32 = 23;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1: u32 = 24;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1: u32 = 25;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1: u32 = 26;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1: u32 = 27;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1: u32 = 28;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_X25519: u32 = 29;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_X448: u32 = 30;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048: u32 = 256;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072: u32 = 257;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096: u32 = 258;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144: u32 = 259;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192: u32 = 260;
+pub const MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK: u32 = 1;
+pub const MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL: u32 = 2;
+pub const MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL: u32 = 4;
+pub const MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL: u32 = 7;
+pub const MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL: u32 = 5;
+pub const MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL: u32 = 6;
+pub const MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE: u32 = 0;
+pub const MBEDTLS_SSL_MAJOR_VERSION_3: u32 = 3;
+pub const MBEDTLS_SSL_MINOR_VERSION_3: u32 = 3;
+pub const MBEDTLS_SSL_MINOR_VERSION_4: u32 = 4;
+pub const MBEDTLS_SSL_TRANSPORT_STREAM: u32 = 0;
+pub const MBEDTLS_SSL_TRANSPORT_DATAGRAM: u32 = 1;
+pub const MBEDTLS_SSL_MAX_HOST_NAME_LEN: u32 = 255;
+pub const MBEDTLS_SSL_MAX_ALPN_NAME_LEN: u32 = 255;
+pub const MBEDTLS_SSL_MAX_ALPN_LIST_LEN: u32 = 65535;
+pub const MBEDTLS_SSL_MAX_FRAG_LEN_NONE: u32 = 0;
+pub const MBEDTLS_SSL_MAX_FRAG_LEN_512: u32 = 1;
+pub const MBEDTLS_SSL_MAX_FRAG_LEN_1024: u32 = 2;
+pub const MBEDTLS_SSL_MAX_FRAG_LEN_2048: u32 = 3;
+pub const MBEDTLS_SSL_MAX_FRAG_LEN_4096: u32 = 4;
+pub const MBEDTLS_SSL_MAX_FRAG_LEN_INVALID: u32 = 5;
+pub const MBEDTLS_SSL_IS_CLIENT: u32 = 0;
+pub const MBEDTLS_SSL_IS_SERVER: u32 = 1;
+pub const MBEDTLS_SSL_EXTENDED_MS_DISABLED: u32 = 0;
+pub const MBEDTLS_SSL_EXTENDED_MS_ENABLED: u32 = 1;
+pub const MBEDTLS_SSL_CID_DISABLED: u32 = 0;
+pub const MBEDTLS_SSL_CID_ENABLED: u32 = 1;
+pub const MBEDTLS_SSL_ETM_DISABLED: u32 = 0;
+pub const MBEDTLS_SSL_ETM_ENABLED: u32 = 1;
+pub const MBEDTLS_SSL_COMPRESS_NULL: u32 = 0;
+pub const MBEDTLS_SSL_VERIFY_NONE: u32 = 0;
+pub const MBEDTLS_SSL_VERIFY_OPTIONAL: u32 = 1;
+pub const MBEDTLS_SSL_VERIFY_REQUIRED: u32 = 2;
+pub const MBEDTLS_SSL_VERIFY_UNSET: u32 = 3;
+pub const MBEDTLS_SSL_LEGACY_RENEGOTIATION: u32 = 0;
+pub const MBEDTLS_SSL_SECURE_RENEGOTIATION: u32 = 1;
+pub const MBEDTLS_SSL_RENEGOTIATION_DISABLED: u32 = 0;
+pub const MBEDTLS_SSL_RENEGOTIATION_ENABLED: u32 = 1;
+pub const MBEDTLS_SSL_ANTI_REPLAY_DISABLED: u32 = 0;
+pub const MBEDTLS_SSL_ANTI_REPLAY_ENABLED: u32 = 1;
+pub const MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED: i32 = -1;
+pub const MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT: u32 = 16;
+pub const MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION: u32 = 0;
+pub const MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION: u32 = 1;
+pub const MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE: u32 = 2;
+pub const MBEDTLS_SSL_TRUNC_HMAC_DISABLED: u32 = 0;
+pub const MBEDTLS_SSL_TRUNC_HMAC_ENABLED: u32 = 1;
+pub const MBEDTLS_SSL_TRUNCATED_HMAC_LEN: u32 = 10;
+pub const MBEDTLS_SSL_SESSION_TICKETS_DISABLED: u32 = 0;
+pub const MBEDTLS_SSL_SESSION_TICKETS_ENABLED: u32 = 1;
+pub const MBEDTLS_SSL_PRESET_DEFAULT: u32 = 0;
+pub const MBEDTLS_SSL_PRESET_SUITEB: u32 = 2;
+pub const MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED: u32 = 1;
+pub const MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED: u32 = 0;
+pub const MBEDTLS_SSL_EARLY_DATA_DISABLED: u32 = 0;
+pub const MBEDTLS_SSL_EARLY_DATA_ENABLED: u32 = 1;
+pub const MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED: u32 = 0;
+pub const MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED: u32 = 1;
+pub const MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT: u32 = 1;
+pub const MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER: u32 = 0;
+pub const MBEDTLS_SSL_TLS1_3_TICKET_RESUMPTION_KEY_LEN: u32 = 48;
+pub const MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN: u32 = 1000;
+pub const MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX: u32 = 60000;
+pub const MBEDTLS_SSL_IN_CONTENT_LEN: u32 = 16384;
+pub const MBEDTLS_SSL_OUT_CONTENT_LEN: u32 = 16384;
+pub const MBEDTLS_SSL_DTLS_MAX_BUFFERING: u32 = 32768;
+pub const MBEDTLS_SSL_CID_IN_LEN_MAX: u32 = 32;
+pub const MBEDTLS_SSL_CID_OUT_LEN_MAX: u32 = 32;
+pub const MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY: u32 = 16;
+pub const MBEDTLS_SSL_VERIFY_DATA_MAX_LEN: u32 = 12;
+pub const MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO: u32 = 255;
+pub const MBEDTLS_SSL_HASH_NONE: u32 = 0;
+pub const MBEDTLS_SSL_HASH_MD5: u32 = 1;
+pub const MBEDTLS_SSL_HASH_SHA1: u32 = 2;
+pub const MBEDTLS_SSL_HASH_SHA224: u32 = 3;
+pub const MBEDTLS_SSL_HASH_SHA256: u32 = 4;
+pub const MBEDTLS_SSL_HASH_SHA384: u32 = 5;
+pub const MBEDTLS_SSL_HASH_SHA512: u32 = 6;
+pub const MBEDTLS_SSL_SIG_ANON: u32 = 0;
+pub const MBEDTLS_SSL_SIG_RSA: u32 = 1;
+pub const MBEDTLS_SSL_SIG_ECDSA: u32 = 3;
+pub const MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256: u32 = 1025;
+pub const MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384: u32 = 1281;
+pub const MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512: u32 = 1537;
+pub const MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256: u32 = 1027;
+pub const MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384: u32 = 1283;
+pub const MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512: u32 = 1539;
+pub const MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: u32 = 2052;
+pub const MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: u32 = 2053;
+pub const MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: u32 = 2054;
+pub const MBEDTLS_TLS1_3_SIG_ED25519: u32 = 2055;
+pub const MBEDTLS_TLS1_3_SIG_ED448: u32 = 2056;
+pub const MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA256: u32 = 2057;
+pub const MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA384: u32 = 2058;
+pub const MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA512: u32 = 2059;
+pub const MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA1: u32 = 513;
+pub const MBEDTLS_TLS1_3_SIG_ECDSA_SHA1: u32 = 515;
+pub const MBEDTLS_TLS1_3_SIG_NONE: u32 = 0;
+pub const MBEDTLS_SSL_CERT_TYPE_RSA_SIGN: u32 = 1;
+pub const MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN: u32 = 64;
+pub const MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC: u32 = 20;
+pub const MBEDTLS_SSL_MSG_ALERT: u32 = 21;
+pub const MBEDTLS_SSL_MSG_HANDSHAKE: u32 = 22;
+pub const MBEDTLS_SSL_MSG_APPLICATION_DATA: u32 = 23;
+pub const MBEDTLS_SSL_MSG_CID: u32 = 25;
+pub const MBEDTLS_SSL_ALERT_LEVEL_WARNING: u32 = 1;
+pub const MBEDTLS_SSL_ALERT_LEVEL_FATAL: u32 = 2;
+pub const MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY: u32 = 0;
+pub const MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE: u32 = 10;
+pub const MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC: u32 = 20;
+pub const MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED: u32 = 21;
+pub const MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW: u32 = 22;
+pub const MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE: u32 = 30;
+pub const MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE: u32 = 40;
+pub const MBEDTLS_SSL_ALERT_MSG_NO_CERT: u32 = 41;
+pub const MBEDTLS_SSL_ALERT_MSG_BAD_CERT: u32 = 42;
+pub const MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT: u32 = 43;
+pub const MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED: u32 = 44;
+pub const MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED: u32 = 45;
+pub const MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN: u32 = 46;
+pub const MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER: u32 = 47;
+pub const MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA: u32 = 48;
+pub const MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED: u32 = 49;
+pub const MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR: u32 = 50;
+pub const MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR: u32 = 51;
+pub const MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION: u32 = 60;
+pub const MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION: u32 = 70;
+pub const MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY: u32 = 71;
+pub const MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR: u32 = 80;
+pub const MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK: u32 = 86;
+pub const MBEDTLS_SSL_ALERT_MSG_USER_CANCELED: u32 = 90;
+pub const MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION: u32 = 100;
+pub const MBEDTLS_SSL_ALERT_MSG_MISSING_EXTENSION: u32 = 109;
+pub const MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT: u32 = 110;
+pub const MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME: u32 = 112;
+pub const MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY: u32 = 115;
+pub const MBEDTLS_SSL_ALERT_MSG_CERT_REQUIRED: u32 = 116;
+pub const MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL: u32 = 120;
+pub const MBEDTLS_SSL_HS_HELLO_REQUEST: u32 = 0;
+pub const MBEDTLS_SSL_HS_CLIENT_HELLO: u32 = 1;
+pub const MBEDTLS_SSL_HS_SERVER_HELLO: u32 = 2;
+pub const MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST: u32 = 3;
+pub const MBEDTLS_SSL_HS_NEW_SESSION_TICKET: u32 = 4;
+pub const MBEDTLS_SSL_HS_END_OF_EARLY_DATA: u32 = 5;
+pub const MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS: u32 = 8;
+pub const MBEDTLS_SSL_HS_CERTIFICATE: u32 = 11;
+pub const MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE: u32 = 12;
+pub const MBEDTLS_SSL_HS_CERTIFICATE_REQUEST: u32 = 13;
+pub const MBEDTLS_SSL_HS_SERVER_HELLO_DONE: u32 = 14;
+pub const MBEDTLS_SSL_HS_CERTIFICATE_VERIFY: u32 = 15;
+pub const MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE: u32 = 16;
+pub const MBEDTLS_SSL_HS_FINISHED: u32 = 20;
+pub const MBEDTLS_SSL_HS_MESSAGE_HASH: u32 = 254;
+pub const MBEDTLS_TLS_EXT_SERVERNAME: u32 = 0;
+pub const MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME: u32 = 0;
+pub const MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH: u32 = 1;
+pub const MBEDTLS_TLS_EXT_TRUNCATED_HMAC: u32 = 4;
+pub const MBEDTLS_TLS_EXT_STATUS_REQUEST: u32 = 5;
+pub const MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES: u32 = 10;
+pub const MBEDTLS_TLS_EXT_SUPPORTED_GROUPS: u32 = 10;
+pub const MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS: u32 = 11;
+pub const MBEDTLS_TLS_EXT_SIG_ALG: u32 = 13;
+pub const MBEDTLS_TLS_EXT_USE_SRTP: u32 = 14;
+pub const MBEDTLS_TLS_EXT_HEARTBEAT: u32 = 15;
+pub const MBEDTLS_TLS_EXT_ALPN: u32 = 16;
+pub const MBEDTLS_TLS_EXT_SCT: u32 = 18;
+pub const MBEDTLS_TLS_EXT_CLI_CERT_TYPE: u32 = 19;
+pub const MBEDTLS_TLS_EXT_SERV_CERT_TYPE: u32 = 20;
+pub const MBEDTLS_TLS_EXT_PADDING: u32 = 21;
+pub const MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC: u32 = 22;
+pub const MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET: u32 = 23;
+pub const MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT: u32 = 28;
+pub const MBEDTLS_TLS_EXT_SESSION_TICKET: u32 = 35;
+pub const MBEDTLS_TLS_EXT_PRE_SHARED_KEY: u32 = 41;
+pub const MBEDTLS_TLS_EXT_EARLY_DATA: u32 = 42;
+pub const MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS: u32 = 43;
+pub const MBEDTLS_TLS_EXT_COOKIE: u32 = 44;
+pub const MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES: u32 = 45;
+pub const MBEDTLS_TLS_EXT_CERT_AUTH: u32 = 47;
+pub const MBEDTLS_TLS_EXT_OID_FILTERS: u32 = 48;
+pub const MBEDTLS_TLS_EXT_POST_HANDSHAKE_AUTH: u32 = 49;
+pub const MBEDTLS_TLS_EXT_SIG_ALG_CERT: u32 = 50;
+pub const MBEDTLS_TLS_EXT_KEY_SHARE: u32 = 51;
+pub const MBEDTLS_TLS_EXT_CID: u32 = 54;
+pub const MBEDTLS_TLS_EXT_ECJPAKE_KKPP: u32 = 256;
+pub const MBEDTLS_TLS_EXT_RENEGOTIATION_INFO: u32 = 65281;
+pub const MBEDTLS_PSK_MAX_LEN: u32 = 48;
+pub const MBEDTLS_TLS1_3_MD_MAX_SIZE: u32 = 64;
+pub const MBEDTLS_SSL_SEQUENCE_NUMBER_LEN: u32 = 8;
+pub const MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION: u32 = 1;
+pub const MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION: u32 = 4;
+pub const MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA: u32 = 8;
+pub const MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK: u32 = 13;
+pub const MBEDTLS_SSL_UNEXPECTED_CID_IGNORE: u32 = 0;
+pub const MBEDTLS_SSL_UNEXPECTED_CID_FAIL: u32 = 1;
+pub const MBEDTLS_ERR_ENTROPY_SOURCE_FAILED: i32 = -60;
+pub const MBEDTLS_ERR_ENTROPY_MAX_SOURCES: i32 = -62;
+pub const MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED: i32 = -64;
+pub const MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE: i32 = -61;
+pub const MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR: i32 = -63;
+pub const MBEDTLS_ENTROPY_MAX_SOURCES: u32 = 20;
+pub const MBEDTLS_ENTROPY_MAX_GATHER: u32 = 128;
+pub const MBEDTLS_ENTROPY_BLOCK_SIZE: u32 = 64;
+pub const MBEDTLS_ENTROPY_MAX_SEED_SIZE: u32 = 1024;
+pub const MBEDTLS_ENTROPY_SOURCE_MANUAL: u32 = 20;
+pub const MBEDTLS_ENTROPY_SOURCE_STRONG: u32 = 1;
+pub const MBEDTLS_ENTROPY_SOURCE_WEAK: u32 = 0;
+pub const MBEDTLS_PRINTF_SIZET: &[u8; 3] = b"zu\0";
+pub const MBEDTLS_PRINTF_LONGLONG: &[u8; 4] = b"lld\0";
+pub const MBEDTLS_AES_ENCRYPT: u32 = 1;
+pub const MBEDTLS_AES_DECRYPT: u32 = 0;
+pub const MBEDTLS_ERR_AES_INVALID_KEY_LENGTH: i32 = -32;
+pub const MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH: i32 = -34;
+pub const MBEDTLS_ERR_AES_BAD_INPUT_DATA: i32 = -33;
+pub const MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED: i32 = -52;
+pub const MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG: i32 = -54;
+pub const MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG: i32 = -56;
+pub const MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR: i32 = -58;
+pub const MBEDTLS_CTR_DRBG_BLOCKSIZE: u32 = 16;
+pub const MBEDTLS_CTR_DRBG_KEYSIZE: u32 = 32;
+pub const MBEDTLS_CTR_DRBG_KEYBITS: u32 = 256;
+pub const MBEDTLS_CTR_DRBG_SEEDLEN: u32 = 48;
+pub const MBEDTLS_CTR_DRBG_ENTROPY_LEN: u32 = 48;
+pub const MBEDTLS_CTR_DRBG_RESEED_INTERVAL: u32 = 10000;
+pub const MBEDTLS_CTR_DRBG_MAX_INPUT: u32 = 256;
+pub const MBEDTLS_CTR_DRBG_MAX_REQUEST: u32 = 1024;
+pub const MBEDTLS_CTR_DRBG_MAX_SEED_INPUT: u32 = 384;
+pub const MBEDTLS_CTR_DRBG_PR_OFF: u32 = 0;
+pub const MBEDTLS_CTR_DRBG_PR_ON: u32 = 1;
+pub const MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN: u32 = 0;
+pub type __int8_t = crate::c_types::c_schar;
+pub type __uint8_t = crate::c_types::c_uchar;
+pub type __int16_t = crate::c_types::c_short;
+pub type __uint16_t = crate::c_types::c_ushort;
+pub type __int32_t = crate::c_types::c_int;
+pub type __uint32_t = crate::c_types::c_uint;
+pub type __int64_t = crate::c_types::c_longlong;
+pub type __uint64_t = crate::c_types::c_ulonglong;
+pub type __int_least8_t = crate::c_types::c_schar;
+pub type __uint_least8_t = crate::c_types::c_uchar;
+pub type __int_least16_t = crate::c_types::c_short;
+pub type __uint_least16_t = crate::c_types::c_ushort;
+pub type __int_least32_t = crate::c_types::c_int;
+pub type __uint_least32_t = crate::c_types::c_uint;
+pub type __int_least64_t = crate::c_types::c_longlong;
+pub type __uint_least64_t = crate::c_types::c_ulonglong;
+pub type __intmax_t = crate::c_types::c_longlong;
+pub type __uintmax_t = crate::c_types::c_ulonglong;
+pub type __intptr_t = crate::c_types::c_int;
+pub type __uintptr_t = crate::c_types::c_uint;
+pub type wchar_t = crate::c_types::c_int;
+#[repr(C)]
+#[repr(align(16))]
+#[derive(Copy, Clone)]
+pub struct max_align_t {
+    pub __clang_max_align_nonce1: crate::c_types::c_longlong,
+    pub __bindgen_padding_0: u64,
+    pub __clang_max_align_nonce2: u128,
+}
+pub type intmax_t = __intmax_t;
+pub type uintmax_t = __uintmax_t;
+pub type int_least8_t = __int_least8_t;
+pub type uint_least8_t = __uint_least8_t;
+pub type int_least16_t = __int_least16_t;
+pub type uint_least16_t = __uint_least16_t;
+pub type int_least32_t = __int_least32_t;
+pub type uint_least32_t = __uint_least32_t;
+pub type int_least64_t = __int_least64_t;
+pub type uint_least64_t = __uint_least64_t;
+pub type int_fast8_t = crate::c_types::c_schar;
+pub type uint_fast8_t = crate::c_types::c_uchar;
+pub type int_fast16_t = crate::c_types::c_short;
+pub type uint_fast16_t = crate::c_types::c_ushort;
+pub type int_fast32_t = crate::c_types::c_int;
+pub type uint_fast32_t = crate::c_types::c_uint;
+pub type int_fast64_t = crate::c_types::c_longlong;
+pub type uint_fast64_t = crate::c_types::c_ulonglong;
+pub type mbedtls_iso_c_forbids_empty_translation_units = crate::c_types::c_int;
+extern "C" {
+    /// \brief       Securely zeroize a buffer
+    ///
+    ///              The function is meant to wipe the data contained in a buffer so
+    ///              that it can no longer be recovered even if the program memory
+    ///              is later compromised. Call this function on sensitive data
+    ///              stored on the stack before returning from a function, and on
+    ///              sensitive data stored on the heap before freeing the heap
+    ///              object.
+    ///
+    ///              It is extremely difficult to guarantee that calls to
+    ///              mbedtls_platform_zeroize() are not removed by aggressive
+    ///              compiler optimizations in a portable way. For this reason, Mbed
+    ///              TLS provides the configuration option
+    ///              MBEDTLS_PLATFORM_ZEROIZE_ALT, which allows users to configure
+    ///              mbedtls_platform_zeroize() to use a suitable implementation for
+    ///              their platform and needs
+    ///
+    /// \param buf   Buffer to be zeroized
+    /// \param len   Length of the buffer in bytes
+    pub fn mbedtls_platform_zeroize(buf: *mut crate::c_types::c_void, len: usize);
+}
+pub type mbedtls_mpi_sint = i32;
+pub type mbedtls_mpi_uint = u32;
+pub type mbedtls_t_udbl = u64;
+/// \brief          MPI structure
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_mpi {
+    pub private_s: crate::c_types::c_int,
+    pub private_n: usize,
+    pub private_p: *mut mbedtls_mpi_uint,
+}
+extern "C" {
+    /// \brief           Initialize an MPI context.
+    ///
+    ///                  This makes the MPI ready to be set or freed,
+    ///                  but does not define a value for the MPI.
+    ///
+    /// \param X         The MPI context to initialize. This must not be \c NULL.
+    pub fn mbedtls_mpi_init(X: *mut mbedtls_mpi);
+}
+extern "C" {
+    /// \brief          This function frees the components of an MPI context.
+    ///
+    /// \param X        The MPI context to be cleared. This may be \c NULL,
+    ///                 in which case this function is a no-op. If it is
+    ///                 not \c NULL, it must point to an initialized MPI.
+    pub fn mbedtls_mpi_free(X: *mut mbedtls_mpi);
+}
+extern "C" {
+    /// \brief          Enlarge an MPI to the specified number of limbs.
+    ///
+    /// \note           This function does nothing if the MPI is
+    ///                 already large enough.
+    ///
+    /// \param X        The MPI to grow. It must be initialized.
+    /// \param nblimbs  The target number of limbs.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+    /// \return         Another negative error code on other kinds of failure.
+    pub fn mbedtls_mpi_grow(X: *mut mbedtls_mpi, nblimbs: usize) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function resizes an MPI downwards, keeping at least the
+    ///                 specified number of limbs.
+    ///
+    ///                 If \c X is smaller than \c nblimbs, it is resized up
+    ///                 instead.
+    ///
+    /// \param X        The MPI to shrink. This must point to an initialized MPI.
+    /// \param nblimbs  The minimum number of limbs to keep.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+    ///                 (this can only happen when resizing up).
+    /// \return         Another negative error code on other kinds of failure.
+    pub fn mbedtls_mpi_shrink(X: *mut mbedtls_mpi, nblimbs: usize) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Make a copy of an MPI.
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param Y        The source MPI. This must point to an initialized MPI.
+    ///
+    /// \note           The limb-buffer in the destination MPI is enlarged
+    ///                 if necessary to hold the value in the source MPI.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+    /// \return         Another negative error code on other kinds of failure.
+    pub fn mbedtls_mpi_copy(X: *mut mbedtls_mpi, Y: *const mbedtls_mpi) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Swap the contents of two MPIs.
+    ///
+    /// \param X        The first MPI. It must be initialized.
+    /// \param Y        The second MPI. It must be initialized.
+    pub fn mbedtls_mpi_swap(X: *mut mbedtls_mpi, Y: *mut mbedtls_mpi);
+}
+extern "C" {
+    /// \brief          Perform a safe conditional copy of MPI which doesn't
+    ///                 reveal whether the condition was true or not.
+    ///
+    /// \param X        The MPI to conditionally assign to. This must point
+    ///                 to an initialized MPI.
+    /// \param Y        The MPI to be assigned from. This must point to an
+    ///                 initialized MPI.
+    /// \param assign   The condition deciding whether to perform the
+    ///                 assignment or not. Must be either 0 or 1:
+    ///                 * \c 1: Perform the assignment `X = Y`.
+    ///                 * \c 0: Keep the original value of \p X.
+    ///
+    /// \note           This function is equivalent to
+    ///                      `if( assign ) mbedtls_mpi_copy( X, Y );`
+    ///                 except that it avoids leaking any information about whether
+    ///                 the assignment was done or not (the above code may leak
+    ///                 information through branch prediction and/or memory access
+    ///                 patterns analysis).
+    ///
+    /// \warning        If \p assign is neither 0 nor 1, the result of this function
+    ///                 is indeterminate, and the resulting value in \p X might be
+    ///                 neither its original value nor the value in \p Y.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+    /// \return         Another negative error code on other kinds of failure.
+    pub fn mbedtls_mpi_safe_cond_assign(
+        X: *mut mbedtls_mpi,
+        Y: *const mbedtls_mpi,
+        assign: crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a safe conditional swap which doesn't
+    ///                 reveal whether the condition was true or not.
+    ///
+    /// \param X        The first MPI. This must be initialized.
+    /// \param Y        The second MPI. This must be initialized.
+    /// \param swap     The condition deciding whether to perform
+    ///                 the swap or not. Must be either 0 or 1:
+    ///                 * \c 1: Swap the values of \p X and \p Y.
+    ///                 * \c 0: Keep the original values of \p X and \p Y.
+    ///
+    /// \note           This function is equivalent to
+    ///                      if( swap ) mbedtls_mpi_swap( X, Y );
+    ///                 except that it avoids leaking any information about whether
+    ///                 the swap was done or not (the above code may leak
+    ///                 information through branch prediction and/or memory access
+    ///                 patterns analysis).
+    ///
+    /// \warning        If \p swap is neither 0 nor 1, the result of this function
+    ///                 is indeterminate, and both \p X and \p Y might end up with
+    ///                 values different to either of the original ones.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+    /// \return         Another negative error code on other kinds of failure.
+    pub fn mbedtls_mpi_safe_cond_swap(
+        X: *mut mbedtls_mpi,
+        Y: *mut mbedtls_mpi,
+        swap: crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Store integer value in MPI.
+    ///
+    /// \param X        The MPI to set. This must be initialized.
+    /// \param z        The value to use.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+    /// \return         Another negative error code on other kinds of failure.
+    pub fn mbedtls_mpi_lset(X: *mut mbedtls_mpi, z: mbedtls_mpi_sint) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Get a specific bit from an MPI.
+    ///
+    /// \param X        The MPI to query. This must be initialized.
+    /// \param pos      Zero-based index of the bit to query.
+    ///
+    /// \return         \c 0 or \c 1 on success, depending on whether bit \c pos
+    ///                 of \c X is unset or set.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_mpi_get_bit(X: *const mbedtls_mpi, pos: usize) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Modify a specific bit in an MPI.
+    ///
+    /// \note           This function will grow the target MPI if necessary to set a
+    ///                 bit to \c 1 in a not yet existing limb. It will not grow if
+    ///                 the bit should be set to \c 0.
+    ///
+    /// \param X        The MPI to modify. This must be initialized.
+    /// \param pos      Zero-based index of the bit to modify.
+    /// \param val      The desired value of bit \c pos: \c 0 or \c 1.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+    /// \return         Another negative error code on other kinds of failure.
+    pub fn mbedtls_mpi_set_bit(
+        X: *mut mbedtls_mpi,
+        pos: usize,
+        val: crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Return the number of bits of value \c 0 before the
+    ///                 least significant bit of value \c 1.
+    ///
+    /// \note           This is the same as the zero-based index of
+    ///                 the least significant bit of value \c 1.
+    ///
+    /// \param X        The MPI to query.
+    ///
+    /// \return         The number of bits of value \c 0 before the least significant
+    ///                 bit of value \c 1 in \p X.
+    pub fn mbedtls_mpi_lsb(X: *const mbedtls_mpi) -> usize;
+}
+extern "C" {
+    /// \brief          Return the number of bits up to and including the most
+    ///                 significant bit of value \c 1.
+    ///
+    /// * \note         This is same as the one-based index of the most
+    ///                 significant bit of value \c 1.
+    ///
+    /// \param X        The MPI to query. This must point to an initialized MPI.
+    ///
+    /// \return         The number of bits up to and including the most
+    ///                 significant bit of value \c 1.
+    pub fn mbedtls_mpi_bitlen(X: *const mbedtls_mpi) -> usize;
+}
+extern "C" {
+    /// \brief          Return the total size of an MPI value in bytes.
+    ///
+    /// \param X        The MPI to use. This must point to an initialized MPI.
+    ///
+    /// \note           The value returned by this function may be less than
+    ///                 the number of bytes used to store \p X internally.
+    ///                 This happens if and only if there are trailing bytes
+    ///                 of value zero.
+    ///
+    /// \return         The least number of bytes capable of storing
+    ///                 the absolute value of \p X.
+    pub fn mbedtls_mpi_size(X: *const mbedtls_mpi) -> usize;
+}
+extern "C" {
+    /// \brief          Import an MPI from an ASCII string.
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param radix    The numeric base of the input string.
+    /// \param s        Null-terminated string buffer.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_mpi_read_string(
+        X: *mut mbedtls_mpi,
+        radix: crate::c_types::c_int,
+        s: *const crate::c_types::c_char,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Export an MPI to an ASCII string.
+    ///
+    /// \param X        The source MPI. This must point to an initialized MPI.
+    /// \param radix    The numeric base of the output string.
+    /// \param buf      The buffer to write the string to. This must be writable
+    ///                 buffer of length \p buflen Bytes.
+    /// \param buflen   The available size in Bytes of \p buf.
+    /// \param olen     The address at which to store the length of the string
+    ///                 written, including the  final \c NULL byte. This must
+    ///                 not be \c NULL.
+    ///
+    /// \note           You can call this function with `buflen == 0` to obtain the
+    ///                 minimum required buffer size in `*olen`.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if the target buffer \p buf
+    ///                 is too small to hold the value of \p X in the desired base.
+    ///                 In this case, `*olen` is nonetheless updated to contain the
+    ///                 size of \p buf required for a successful call.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_write_string(
+        X: *const mbedtls_mpi,
+        radix: crate::c_types::c_int,
+        buf: *mut crate::c_types::c_char,
+        buflen: usize,
+        olen: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Import an MPI from unsigned big endian binary data.
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param buf      The input buffer. This must be a readable buffer of length
+    ///                 \p buflen Bytes.
+    /// \param buflen   The length of the input buffer \p p in Bytes.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_read_binary(
+        X: *mut mbedtls_mpi,
+        buf: *const crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Import X from unsigned binary data, little endian
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param buf      The input buffer. This must be a readable buffer of length
+    ///                 \p buflen Bytes.
+    /// \param buflen   The length of the input buffer \p p in Bytes.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_read_binary_le(
+        X: *mut mbedtls_mpi,
+        buf: *const crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Export X into unsigned binary data, big endian.
+    ///                 Always fills the whole buffer, which will start with zeros
+    ///                 if the number is smaller.
+    ///
+    /// \param X        The source MPI. This must point to an initialized MPI.
+    /// \param buf      The output buffer. This must be a writable buffer of length
+    ///                 \p buflen Bytes.
+    /// \param buflen   The size of the output buffer \p buf in Bytes.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't
+    ///                 large enough to hold the value of \p X.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_write_binary(
+        X: *const mbedtls_mpi,
+        buf: *mut crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Export X into unsigned binary data, little endian.
+    ///                 Always fills the whole buffer, which will end with zeros
+    ///                 if the number is smaller.
+    ///
+    /// \param X        The source MPI. This must point to an initialized MPI.
+    /// \param buf      The output buffer. This must be a writable buffer of length
+    ///                 \p buflen Bytes.
+    /// \param buflen   The size of the output buffer \p buf in Bytes.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't
+    ///                 large enough to hold the value of \p X.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_write_binary_le(
+        X: *const mbedtls_mpi,
+        buf: *mut crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a left-shift on an MPI: X <<= count
+    ///
+    /// \param X        The MPI to shift. This must point to an initialized MPI.
+    /// \param count    The number of bits to shift by.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_shift_l(X: *mut mbedtls_mpi, count: usize) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a right-shift on an MPI: X >>= count
+    ///
+    /// \param X        The MPI to shift. This must point to an initialized MPI.
+    /// \param count    The number of bits to shift by.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_shift_r(X: *mut mbedtls_mpi, count: usize) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Compare the absolute values of two MPIs.
+    ///
+    /// \param X        The left-hand MPI. This must point to an initialized MPI.
+    /// \param Y        The right-hand MPI. This must point to an initialized MPI.
+    ///
+    /// \return         \c 1 if `|X|` is greater than `|Y|`.
+    /// \return         \c -1 if `|X|` is lesser than `|Y|`.
+    /// \return         \c 0 if `|X|` is equal to `|Y|`.
+    pub fn mbedtls_mpi_cmp_abs(
+        X: *const mbedtls_mpi,
+        Y: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Compare two MPIs.
+    ///
+    /// \param X        The left-hand MPI. This must point to an initialized MPI.
+    /// \param Y        The right-hand MPI. This must point to an initialized MPI.
+    ///
+    /// \return         \c 1 if \p X is greater than \p Y.
+    /// \return         \c -1 if \p X is lesser than \p Y.
+    /// \return         \c 0 if \p X is equal to \p Y.
+    pub fn mbedtls_mpi_cmp_mpi(
+        X: *const mbedtls_mpi,
+        Y: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Check if an MPI is less than the other in constant time.
+    ///
+    /// \param X        The left-hand MPI. This must point to an initialized MPI
+    ///                 with the same allocated length as Y.
+    /// \param Y        The right-hand MPI. This must point to an initialized MPI
+    ///                 with the same allocated length as X.
+    /// \param ret      The result of the comparison:
+    ///                 \c 1 if \p X is less than \p Y.
+    ///                 \c 0 if \p X is greater than or equal to \p Y.
+    ///
+    /// \return         0 on success.
+    /// \return         MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the allocated length of
+    ///                 the two input MPIs is not the same.
+    pub fn mbedtls_mpi_lt_mpi_ct(
+        X: *const mbedtls_mpi,
+        Y: *const mbedtls_mpi,
+        ret: *mut crate::c_types::c_uint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Compare an MPI with an integer.
+    ///
+    /// \param X        The left-hand MPI. This must point to an initialized MPI.
+    /// \param z        The integer value to compare \p X to.
+    ///
+    /// \return         \c 1 if \p X is greater than \p z.
+    /// \return         \c -1 if \p X is lesser than \p z.
+    /// \return         \c 0 if \p X is equal to \p z.
+    pub fn mbedtls_mpi_cmp_int(X: *const mbedtls_mpi, z: mbedtls_mpi_sint)
+        -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform an unsigned addition of MPIs: X = |A| + |B|
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param A        The first summand. This must point to an initialized MPI.
+    /// \param B        The second summand. This must point to an initialized MPI.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_add_abs(
+        X: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        B: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform an unsigned subtraction of MPIs: X = |A| - |B|
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param A        The minuend. This must point to an initialized MPI.
+    /// \param B        The subtrahend. This must point to an initialized MPI.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p B is greater than \p A.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_sub_abs(
+        X: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        B: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a signed addition of MPIs: X = A + B
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param A        The first summand. This must point to an initialized MPI.
+    /// \param B        The second summand. This must point to an initialized MPI.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_add_mpi(
+        X: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        B: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a signed subtraction of MPIs: X = A - B
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param A        The minuend. This must point to an initialized MPI.
+    /// \param B        The subtrahend. This must point to an initialized MPI.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_sub_mpi(
+        X: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        B: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a signed addition of an MPI and an integer: X = A + b
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param A        The first summand. This must point to an initialized MPI.
+    /// \param b        The second summand.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_add_int(
+        X: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        b: mbedtls_mpi_sint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a signed subtraction of an MPI and an integer:
+    ///                 X = A - b
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param A        The minuend. This must point to an initialized MPI.
+    /// \param b        The subtrahend.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_sub_int(
+        X: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        b: mbedtls_mpi_sint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a multiplication of two MPIs: X = A * B
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param A        The first factor. This must point to an initialized MPI.
+    /// \param B        The second factor. This must point to an initialized MPI.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_mul_mpi(
+        X: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        B: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a multiplication of an MPI with an unsigned integer:
+    ///                 X = A * b
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param A        The first factor. This must point to an initialized MPI.
+    /// \param b        The second factor.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_mul_int(
+        X: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        b: mbedtls_mpi_uint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a division with remainder of two MPIs:
+    ///                 A = Q * B + R
+    ///
+    /// \param Q        The destination MPI for the quotient.
+    ///                 This may be \c NULL if the value of the
+    ///                 quotient is not needed. This must not alias A or B.
+    /// \param R        The destination MPI for the remainder value.
+    ///                 This may be \c NULL if the value of the
+    ///                 remainder is not needed. This must not alias A or B.
+    /// \param A        The dividend. This must point to an initialized MPI.
+    /// \param B        The divisor. This must point to an initialized MPI.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+    /// \return         #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p B equals zero.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_div_mpi(
+        Q: *mut mbedtls_mpi,
+        R: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        B: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a division with remainder of an MPI by an integer:
+    ///                 A = Q * b + R
+    ///
+    /// \param Q        The destination MPI for the quotient.
+    ///                 This may be \c NULL if the value of the
+    ///                 quotient is not needed.  This must not alias A.
+    /// \param R        The destination MPI for the remainder value.
+    ///                 This may be \c NULL if the value of the
+    ///                 remainder is not needed.  This must not alias A.
+    /// \param A        The dividend. This must point to an initialized MPi.
+    /// \param b        The divisor.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+    /// \return         #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p b equals zero.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_div_int(
+        Q: *mut mbedtls_mpi,
+        R: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        b: mbedtls_mpi_sint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a modular reduction. R = A mod B
+    ///
+    /// \param R        The destination MPI for the residue value.
+    ///                 This must point to an initialized MPI.
+    /// \param A        The MPI to compute the residue of.
+    ///                 This must point to an initialized MPI.
+    /// \param B        The base of the modular reduction.
+    ///                 This must point to an initialized MPI.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p B equals zero.
+    /// \return         #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p B is negative.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_mod_mpi(
+        R: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        B: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a modular reduction with respect to an integer.
+    ///                 r = A mod b
+    ///
+    /// \param r        The address at which to store the residue.
+    ///                 This must not be \c NULL.
+    /// \param A        The MPI to compute the residue of.
+    ///                 This must point to an initialized MPi.
+    /// \param b        The integer base of the modular reduction.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p b equals zero.
+    /// \return         #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p b is negative.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_mod_int(
+        r: *mut mbedtls_mpi_uint,
+        A: *const mbedtls_mpi,
+        b: mbedtls_mpi_sint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a sliding-window exponentiation: X = A^E mod N
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    ///                 This must not alias E or N.
+    /// \param A        The base of the exponentiation.
+    ///                 This must point to an initialized MPI.
+    /// \param E        The exponent MPI. This must point to an initialized MPI.
+    /// \param N        The base for the modular reduction. This must point to an
+    ///                 initialized MPI.
+    /// \param prec_RR  A helper MPI depending solely on \p N which can be used to
+    ///                 speed-up multiple modular exponentiations for the same value
+    ///                 of \p N. This may be \c NULL. If it is not \c NULL, it must
+    ///                 point to an initialized MPI. If it hasn't been used after
+    ///                 the call to mbedtls_mpi_init(), this function will compute
+    ///                 the helper value and store it in \p prec_RR for reuse on
+    ///                 subsequent calls to this function. Otherwise, the function
+    ///                 will assume that \p prec_RR holds the helper value set by a
+    ///                 previous call to mbedtls_mpi_exp_mod(), and reuse it.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \c N is negative or
+    ///                 even, or if \c E is negative.
+    /// \return         Another negative error code on different kinds of failures.
+    pub fn mbedtls_mpi_exp_mod(
+        X: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        E: *const mbedtls_mpi,
+        N: *const mbedtls_mpi,
+        prec_RR: *mut mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Fill an MPI with a number of random bytes.
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param size     The number of random bytes to generate.
+    /// \param f_rng    The RNG function to use. This must not be \c NULL.
+    /// \param p_rng    The RNG parameter to be passed to \p f_rng. This may be
+    ///                 \c NULL if \p f_rng doesn't need a context argument.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         Another negative error code on failure.
+    ///
+    /// \note           The bytes obtained from the RNG are interpreted
+    ///                 as a big-endian representation of an MPI; this can
+    ///                 be relevant in applications like deterministic ECDSA.
+    pub fn mbedtls_mpi_fill_random(
+        X: *mut mbedtls_mpi,
+        size: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// Generate a random number uniformly in a range.
+    ///
+    /// This function generates a random number between \p min inclusive and
+    /// \p N exclusive.
+    ///
+    /// The procedure complies with RFC 6979 §3.3 (deterministic ECDSA)
+    /// when the RNG is a suitably parametrized instance of HMAC_DRBG
+    /// and \p min is \c 1.
+    ///
+    /// \note           There are `N - min` possible outputs. The lower bound
+    ///                 \p min can be reached, but the upper bound \p N cannot.
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param min      The minimum value to return.
+    ///                 It must be nonnegative.
+    /// \param N        The upper bound of the range, exclusive.
+    ///                 In other words, this is one plus the maximum value to return.
+    ///                 \p N must be strictly larger than \p min.
+    /// \param f_rng    The RNG function to use. This must not be \c NULL.
+    /// \param p_rng    The RNG parameter to be passed to \p f_rng.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p min or \p N is invalid
+    ///                 or if they are incompatible.
+    /// \return         #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if the implementation was
+    ///                 unable to find a suitable value within a limited number
+    ///                 of attempts. This has a negligible probability if \p N
+    ///                 is significantly larger than \p min, which is the case
+    ///                 for all usual cryptographic applications.
+    /// \return         Another negative error code on failure.
+    pub fn mbedtls_mpi_random(
+        X: *mut mbedtls_mpi,
+        min: mbedtls_mpi_sint,
+        N: *const mbedtls_mpi,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Compute the greatest common divisor: G = gcd(A, B)
+    ///
+    /// \param G        The destination MPI. This must point to an initialized MPI.
+    /// \param A        The first operand. This must point to an initialized MPI.
+    /// \param B        The second operand. This must point to an initialized MPI.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_gcd(
+        G: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        B: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Compute the modular inverse: X = A^-1 mod N
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param A        The MPI to calculate the modular inverse of. This must point
+    ///                 to an initialized MPI.
+    /// \param N        The base of the modular inversion. This must point to an
+    ///                 initialized MPI.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p N is less than
+    ///                 or equal to one.
+    /// \return         #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p has no modular inverse
+    ///                 with respect to \p N.
+    pub fn mbedtls_mpi_inv_mod(
+        X: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        N: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Miller-Rabin primality test.
+    ///
+    /// \warning        If \p X is potentially generated by an adversary, for example
+    ///                 when validating cryptographic parameters that you didn't
+    ///                 generate yourself and that are supposed to be prime, then
+    ///                 \p rounds should be at least the half of the security
+    ///                 strength of the cryptographic algorithm. On the other hand,
+    ///                 if \p X is chosen uniformly or non-adversarially (as is the
+    ///                 case when mbedtls_mpi_gen_prime calls this function), then
+    ///                 \p rounds can be much lower.
+    ///
+    /// \param X        The MPI to check for primality.
+    ///                 This must point to an initialized MPI.
+    /// \param rounds   The number of bases to perform the Miller-Rabin primality
+    ///                 test for. The probability of returning 0 on a composite is
+    ///                 at most 2<sup>-2*\p rounds</sup>.
+    /// \param f_rng    The RNG function to use. This must not be \c NULL.
+    /// \param p_rng    The RNG parameter to be passed to \p f_rng.
+    ///                 This may be \c NULL if \p f_rng doesn't use
+    ///                 a context parameter.
+    ///
+    /// \return         \c 0 if successful, i.e. \p X is probably prime.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p X is not prime.
+    /// \return         Another negative error code on other kinds of failure.
+    pub fn mbedtls_mpi_is_prime_ext(
+        X: *const mbedtls_mpi,
+        rounds: crate::c_types::c_int,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+///< (X-1)/2 is prime too
+pub const mbedtls_mpi_gen_prime_flag_t_MBEDTLS_MPI_GEN_PRIME_FLAG_DH: mbedtls_mpi_gen_prime_flag_t =
+    1;
+///< lower error rate from 2<sup>-80</sup> to 2<sup>-128</sup>
+pub const mbedtls_mpi_gen_prime_flag_t_MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR:
+    mbedtls_mpi_gen_prime_flag_t = 2;
+/// \brief Flags for mbedtls_mpi_gen_prime()
+///
+/// Each of these flags is a constraint on the result X returned by
+/// mbedtls_mpi_gen_prime().
+pub type mbedtls_mpi_gen_prime_flag_t = crate::c_types::c_uint;
+extern "C" {
+    /// \brief          Generate a prime number.
+    ///
+    /// \param X        The destination MPI to store the generated prime in.
+    ///                 This must point to an initialized MPi.
+    /// \param nbits    The required size of the destination MPI in bits.
+    ///                 This must be between \c 3 and #MBEDTLS_MPI_MAX_BITS.
+    /// \param flags    A mask of flags of type #mbedtls_mpi_gen_prime_flag_t.
+    /// \param f_rng    The RNG function to use. This must not be \c NULL.
+    /// \param p_rng    The RNG parameter to be passed to \p f_rng.
+    ///                 This may be \c NULL if \p f_rng doesn't use
+    ///                 a context parameter.
+    ///
+    /// \return         \c 0 if successful, in which case \p X holds a
+    ///                 probably prime number.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if `nbits` is not between
+    ///                 \c 3 and #MBEDTLS_MPI_MAX_BITS.
+    pub fn mbedtls_mpi_gen_prime(
+        X: *mut mbedtls_mpi,
+        nbits: usize,
+        flags: crate::c_types::c_int,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Checkup routine
+    ///
+    /// \return         0 if successful, or 1 if the test failed
+    pub fn mbedtls_mpi_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+///< Curve not defined.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_NONE: mbedtls_ecp_group_id = 0;
+///< Domain parameters for the 192-bit curve defined by FIPS 186-4 and SEC1.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_SECP192R1: mbedtls_ecp_group_id = 1;
+///< Domain parameters for the 224-bit curve defined by FIPS 186-4 and SEC1.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_SECP224R1: mbedtls_ecp_group_id = 2;
+///< Domain parameters for the 256-bit curve defined by FIPS 186-4 and SEC1.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_SECP256R1: mbedtls_ecp_group_id = 3;
+///< Domain parameters for the 384-bit curve defined by FIPS 186-4 and SEC1.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_SECP384R1: mbedtls_ecp_group_id = 4;
+///< Domain parameters for the 521-bit curve defined by FIPS 186-4 and SEC1.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_SECP521R1: mbedtls_ecp_group_id = 5;
+///< Domain parameters for 256-bit Brainpool curve.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_BP256R1: mbedtls_ecp_group_id = 6;
+///< Domain parameters for 384-bit Brainpool curve.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_BP384R1: mbedtls_ecp_group_id = 7;
+///< Domain parameters for 512-bit Brainpool curve.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_BP512R1: mbedtls_ecp_group_id = 8;
+///< Domain parameters for Curve25519.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_CURVE25519: mbedtls_ecp_group_id = 9;
+///< Domain parameters for 192-bit "Koblitz" curve.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_SECP192K1: mbedtls_ecp_group_id = 10;
+///< Domain parameters for 224-bit "Koblitz" curve.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_SECP224K1: mbedtls_ecp_group_id = 11;
+///< Domain parameters for 256-bit "Koblitz" curve.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_SECP256K1: mbedtls_ecp_group_id = 12;
+///< Domain parameters for Curve448.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_CURVE448: mbedtls_ecp_group_id = 13;
+/// Domain-parameter identifiers: curve, subgroup, and generator.
+///
+/// \note Only curves over prime fields are supported.
+///
+/// \warning This library does not support validation of arbitrary domain
+/// parameters. Therefore, only standardized domain parameters from trusted
+/// sources should be used. See mbedtls_ecp_group_load().
+pub type mbedtls_ecp_group_id = crate::c_types::c_uint;
+pub const mbedtls_ecp_curve_type_MBEDTLS_ECP_TYPE_NONE: mbedtls_ecp_curve_type = 0;
+pub const mbedtls_ecp_curve_type_MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS: mbedtls_ecp_curve_type = 1;
+pub const mbedtls_ecp_curve_type_MBEDTLS_ECP_TYPE_MONTGOMERY: mbedtls_ecp_curve_type = 2;
+pub type mbedtls_ecp_curve_type = crate::c_types::c_uint;
+pub const mbedtls_ecp_modulus_type_MBEDTLS_ECP_MOD_NONE: mbedtls_ecp_modulus_type = 0;
+pub const mbedtls_ecp_modulus_type_MBEDTLS_ECP_MOD_COORDINATE: mbedtls_ecp_modulus_type = 1;
+pub const mbedtls_ecp_modulus_type_MBEDTLS_ECP_MOD_SCALAR: mbedtls_ecp_modulus_type = 2;
+pub type mbedtls_ecp_modulus_type = crate::c_types::c_uint;
+/// Curve information, for use by other modules.
+///
+/// The fields of this structure are part of the public API and can be
+/// accessed directly by applications. Future versions of the library may
+/// add extra fields or reorder existing fields.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ecp_curve_info {
+    ///< An internal identifier.
+    pub grp_id: mbedtls_ecp_group_id,
+    ///< The TLS NamedCurve identifier.
+    pub tls_id: u16,
+    ///< The curve size in bits.
+    pub bit_size: u16,
+    ///< A human-friendly name.
+    pub name: *const crate::c_types::c_char,
+}
+/// \brief           The ECP point structure, in Jacobian coordinates.
+///
+/// \note            All functions expect and return points satisfying
+///                  the following condition: <code>Z == 0</code> or
+///                  <code>Z == 1</code>. Other values of \p Z are
+///                  used only by internal functions.
+///                  The point is zero, or "at infinity", if <code>Z == 0</code>.
+///                  Otherwise, \p X and \p Y are its standard (affine)
+///                  coordinates.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ecp_point {
+    pub private_X: mbedtls_mpi,
+    pub private_Y: mbedtls_mpi,
+    pub private_Z: mbedtls_mpi,
+}
+/// \brief           The ECP group structure.
+///
+/// We consider two types of curve equations:
+/// <ul><li>Short Weierstrass: <code>y^2 = x^3 + A x + B mod P</code>
+/// (SEC1 + RFC-4492)</li>
+/// <li>Montgomery: <code>y^2 = x^3 + A x^2 + x mod P</code> (Curve25519,
+/// Curve448)</li></ul>
+/// In both cases, the generator (\p G) for a prime-order subgroup is fixed.
+///
+/// For Short Weierstrass, this subgroup is the whole curve, and its
+/// cardinality is denoted by \p N. Our code requires that \p N is an
+/// odd prime as mbedtls_ecp_mul() requires an odd number, and
+/// mbedtls_ecdsa_sign() requires that it is prime for blinding purposes.
+///
+/// For Montgomery curves, we do not store \p A, but <code>(A + 2) / 4</code>,
+/// which is the quantity used in the formulas. Additionally, \p nbits is
+/// not the size of \p N but the required size for private keys.
+///
+/// If \p modp is NULL, reduction modulo \p P is done using a generic algorithm.
+/// Otherwise, \p modp must point to a function that takes an \p mbedtls_mpi in the
+/// range of <code>0..2^(2*pbits)-1</code>, and transforms it in-place to an integer
+/// which is congruent mod \p P to the given MPI, and is close enough to \p pbits
+/// in size, so that it may be efficiently brought in the 0..P-1 range by a few
+/// additions or subtractions. Therefore, it is only an approximative modular
+/// reduction. It must return 0 on success and non-zero on failure.
+///
+/// \note        Alternative implementations of the ECP module must obey the
+///              following constraints.
+///              * Group IDs must be distinct: if two group structures have
+///                the same ID, then they must be identical.
+///              * The fields \c id, \c P, \c A, \c B, \c G, \c N,
+///                \c pbits and \c nbits must have the same type and semantics
+///                as in the built-in implementation.
+///                They must be available for reading, but direct modification
+///                of these fields does not need to be supported.
+///                They do not need to be at the same offset in the structure.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ecp_group {
+    ///< An internal group identifier.
+    pub id: mbedtls_ecp_group_id,
+    ///< The prime modulus of the base field.
+    pub P: mbedtls_mpi,
+    ///< For Short Weierstrass: \p A in the equation. For
+    ///Montgomery curves: <code>(A + 2) / 4</code>.
+    pub A: mbedtls_mpi,
+    ///< For Short Weierstrass: \p B in the equation.
+    ///For Montgomery curves: unused.
+    pub B: mbedtls_mpi,
+    ///< The generator of the subgroup used.
+    pub G: mbedtls_ecp_point,
+    ///< The order of \p G.
+    pub N: mbedtls_mpi,
+    ///< The number of bits in \p P.
+    pub pbits: usize,
+    ///< For Short Weierstrass: The number of bits in \p P.
+    ///For Montgomery curves: the number of bits in the
+    ///private keys.
+    pub nbits: usize,
+    pub private_h: crate::c_types::c_uint,
+    pub private_modp: ::core::option::Option<
+        unsafe extern "C" fn(arg1: *mut mbedtls_mpi) -> crate::c_types::c_int,
+    >,
+    pub private_t_pre: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut mbedtls_ecp_point,
+            arg2: *mut crate::c_types::c_void,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_t_post: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut mbedtls_ecp_point,
+            arg2: *mut crate::c_types::c_void,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_t_data: *mut crate::c_types::c_void,
+    pub private_T: *mut mbedtls_ecp_point,
+    pub private_T_size: usize,
+}
+pub type mbedtls_ecp_restart_ctx = crate::c_types::c_void;
+/// \brief    The ECP key-pair structure.
+///
+/// A generic key-pair that may be used for ECDSA and fixed ECDH, for example.
+///
+/// \note    Members are deliberately in the same order as in the
+///          ::mbedtls_ecdsa_context structure.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ecp_keypair {
+    pub private_grp: mbedtls_ecp_group,
+    pub private_d: mbedtls_mpi,
+    pub private_Q: mbedtls_ecp_point,
+}
+extern "C" {
+    pub fn mbedtls_ecp_get_type(grp: *const mbedtls_ecp_group) -> mbedtls_ecp_curve_type;
+}
+extern "C" {
+    /// \brief           This function retrieves the information defined in
+    ///                  mbedtls_ecp_curve_info() for all supported curves.
+    ///
+    /// \note            This function returns information about all curves
+    ///                  supported by the library. Some curves may not be
+    ///                  supported for all algorithms. Call mbedtls_ecdh_can_do()
+    ///                  or mbedtls_ecdsa_can_do() to check if a curve is
+    ///                  supported for ECDH or ECDSA.
+    ///
+    /// \return          A statically allocated array. The last entry is 0.
+    pub fn mbedtls_ecp_curve_list() -> *const mbedtls_ecp_curve_info;
+}
+extern "C" {
+    /// \brief           This function retrieves the list of internal group
+    ///                  identifiers of all supported curves in the order of
+    ///                  preference.
+    ///
+    /// \note            This function returns information about all curves
+    ///                  supported by the library. Some curves may not be
+    ///                  supported for all algorithms. Call mbedtls_ecdh_can_do()
+    ///                  or mbedtls_ecdsa_can_do() to check if a curve is
+    ///                  supported for ECDH or ECDSA.
+    ///
+    /// \return          A statically allocated array,
+    ///                  terminated with MBEDTLS_ECP_DP_NONE.
+    pub fn mbedtls_ecp_grp_id_list() -> *const mbedtls_ecp_group_id;
+}
+extern "C" {
+    /// \brief           This function retrieves curve information from an internal
+    ///                  group identifier.
+    ///
+    /// \param grp_id    An \c MBEDTLS_ECP_DP_XXX value.
+    ///
+    /// \return          The associated curve information on success.
+    /// \return          NULL on failure.
+    pub fn mbedtls_ecp_curve_info_from_grp_id(
+        grp_id: mbedtls_ecp_group_id,
+    ) -> *const mbedtls_ecp_curve_info;
+}
+extern "C" {
+    /// \brief           This function retrieves curve information from a TLS
+    ///                  NamedCurve value.
+    ///
+    /// \param tls_id    An \c MBEDTLS_ECP_DP_XXX value.
+    ///
+    /// \return          The associated curve information on success.
+    /// \return          NULL on failure.
+    pub fn mbedtls_ecp_curve_info_from_tls_id(tls_id: u16) -> *const mbedtls_ecp_curve_info;
+}
+extern "C" {
+    /// \brief           This function retrieves curve information from a
+    ///                  human-readable name.
+    ///
+    /// \param name      The human-readable name.
+    ///
+    /// \return          The associated curve information on success.
+    /// \return          NULL on failure.
+    pub fn mbedtls_ecp_curve_info_from_name(
+        name: *const crate::c_types::c_char,
+    ) -> *const mbedtls_ecp_curve_info;
+}
+extern "C" {
+    /// \brief           This function initializes a point as zero.
+    ///
+    /// \param pt        The point to initialize.
+    pub fn mbedtls_ecp_point_init(pt: *mut mbedtls_ecp_point);
+}
+extern "C" {
+    /// \brief           This function initializes an ECP group context
+    ///                  without loading any domain parameters.
+    ///
+    /// \note            After this function is called, domain parameters
+    ///                  for various ECP groups can be loaded through the
+    ///                  mbedtls_ecp_group_load() or mbedtls_ecp_tls_read_group()
+    ///                  functions.
+    pub fn mbedtls_ecp_group_init(grp: *mut mbedtls_ecp_group);
+}
+extern "C" {
+    /// \brief           This function initializes a key pair as an invalid one.
+    ///
+    /// \param key       The key pair to initialize.
+    pub fn mbedtls_ecp_keypair_init(key: *mut mbedtls_ecp_keypair);
+}
+extern "C" {
+    /// \brief           This function frees the components of a point.
+    ///
+    /// \param pt        The point to free.
+    pub fn mbedtls_ecp_point_free(pt: *mut mbedtls_ecp_point);
+}
+extern "C" {
+    /// \brief           This function frees the components of an ECP group.
+    ///
+    /// \param grp       The group to free. This may be \c NULL, in which
+    ///                  case this function returns immediately. If it is not
+    ///                  \c NULL, it must point to an initialized ECP group.
+    pub fn mbedtls_ecp_group_free(grp: *mut mbedtls_ecp_group);
+}
+extern "C" {
+    /// \brief           This function frees the components of a key pair.
+    ///
+    /// \param key       The key pair to free. This may be \c NULL, in which
+    ///                  case this function returns immediately. If it is not
+    ///                  \c NULL, it must point to an initialized ECP key pair.
+    pub fn mbedtls_ecp_keypair_free(key: *mut mbedtls_ecp_keypair);
+}
+extern "C" {
+    /// \brief           This function copies the contents of point \p Q into
+    ///                  point \p P.
+    ///
+    /// \param P         The destination point. This must be initialized.
+    /// \param Q         The source point. This must be initialized.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+    /// \return          Another negative error code for other kinds of failure.
+    pub fn mbedtls_ecp_copy(
+        P: *mut mbedtls_ecp_point,
+        Q: *const mbedtls_ecp_point,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function copies the contents of group \p src into
+    ///                  group \p dst.
+    ///
+    /// \param dst       The destination group. This must be initialized.
+    /// \param src       The source group. This must be initialized.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_group_copy(
+        dst: *mut mbedtls_ecp_group,
+        src: *const mbedtls_ecp_group,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function sets a point to the point at infinity.
+    ///
+    /// \param pt        The point to set. This must be initialized.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_set_zero(pt: *mut mbedtls_ecp_point) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function checks if a point is the point at infinity.
+    ///
+    /// \param pt        The point to test. This must be initialized.
+    ///
+    /// \return          \c 1 if the point is zero.
+    /// \return          \c 0 if the point is non-zero.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_ecp_is_zero(pt: *mut mbedtls_ecp_point) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function compares two points.
+    ///
+    /// \note            This assumes that the points are normalized. Otherwise,
+    ///                  they may compare as "not equal" even if they are.
+    ///
+    /// \param P         The first point to compare. This must be initialized.
+    /// \param Q         The second point to compare. This must be initialized.
+    ///
+    /// \return          \c 0 if the points are equal.
+    /// \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the points are not equal.
+    pub fn mbedtls_ecp_point_cmp(
+        P: *const mbedtls_ecp_point,
+        Q: *const mbedtls_ecp_point,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function imports a non-zero point from two ASCII
+    ///                  strings.
+    ///
+    /// \param P         The destination point. This must be initialized.
+    /// \param radix     The numeric base of the input.
+    /// \param x         The first affine coordinate, as a null-terminated string.
+    /// \param y         The second affine coordinate, as a null-terminated string.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_MPI_XXX error code on failure.
+    pub fn mbedtls_ecp_point_read_string(
+        P: *mut mbedtls_ecp_point,
+        radix: crate::c_types::c_int,
+        x: *const crate::c_types::c_char,
+        y: *const crate::c_types::c_char,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function exports a point into unsigned binary data.
+    ///
+    /// \param grp       The group to which the point should belong.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param P         The point to export. This must be initialized.
+    /// \param format    The point format. This must be either
+    ///                  #MBEDTLS_ECP_PF_COMPRESSED or #MBEDTLS_ECP_PF_UNCOMPRESSED.
+    ///                  (For groups without these formats, this parameter is
+    ///                  ignored. But it still has to be either of the above
+    ///                  values.)
+    /// \param olen      The address at which to store the length of
+    ///                  the output in Bytes. This must not be \c NULL.
+    /// \param buf       The output buffer. This must be a writable buffer
+    ///                  of length \p buflen Bytes.
+    /// \param buflen    The length of the output buffer \p buf in Bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the output buffer
+    ///                  is too small to hold the point.
+    /// \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the point format
+    ///                  or the export for the given group is not implemented.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_point_write_binary(
+        grp: *const mbedtls_ecp_group,
+        P: *const mbedtls_ecp_point,
+        format: crate::c_types::c_int,
+        olen: *mut usize,
+        buf: *mut crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function imports a point from unsigned binary data.
+    ///
+    /// \note            This function does not check that the point actually
+    ///                  belongs to the given group, see mbedtls_ecp_check_pubkey()
+    ///                  for that.
+    ///
+    /// \note            For compressed points, see #MBEDTLS_ECP_PF_COMPRESSED for
+    ///                  limitations.
+    ///
+    /// \param grp       The group to which the point should belong.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param P         The destination context to import the point to.
+    ///                  This must be initialized.
+    /// \param buf       The input buffer. This must be a readable buffer
+    ///                  of length \p ilen Bytes.
+    /// \param ilen      The length of the input buffer \p buf in Bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the input is invalid.
+    /// \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+    /// \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the import for the
+    ///                  given group is not implemented.
+    pub fn mbedtls_ecp_point_read_binary(
+        grp: *const mbedtls_ecp_group,
+        P: *mut mbedtls_ecp_point,
+        buf: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function imports a point from a TLS ECPoint record.
+    ///
+    /// \note            On function return, \p *buf is updated to point immediately
+    ///                  after the ECPoint record.
+    ///
+    /// \param grp       The ECP group to use.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param pt        The destination point.
+    /// \param buf       The address of the pointer to the start of the input buffer.
+    /// \param len       The length of the buffer.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_MPI_XXX error code on initialization
+    ///                  failure.
+    /// \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
+    pub fn mbedtls_ecp_tls_read_point(
+        grp: *const mbedtls_ecp_group,
+        pt: *mut mbedtls_ecp_point,
+        buf: *mut *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function exports a point as a TLS ECPoint record
+    ///                  defined in RFC 4492, Section 5.4.
+    ///
+    /// \param grp       The ECP group to use.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param pt        The point to be exported. This must be initialized.
+    /// \param format    The point format to use. This must be either
+    ///                  #MBEDTLS_ECP_PF_COMPRESSED or #MBEDTLS_ECP_PF_UNCOMPRESSED.
+    /// \param olen      The address at which to store the length in Bytes
+    ///                  of the data written.
+    /// \param buf       The target buffer. This must be a writable buffer of
+    ///                  length \p blen Bytes.
+    /// \param blen      The length of the target buffer \p buf in Bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the input is invalid.
+    /// \return          #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the target buffer
+    ///                  is too small to hold the exported point.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_tls_write_point(
+        grp: *const mbedtls_ecp_group,
+        pt: *const mbedtls_ecp_point,
+        format: crate::c_types::c_int,
+        olen: *mut usize,
+        buf: *mut crate::c_types::c_uchar,
+        blen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function sets up an ECP group context
+    ///                  from a standardized set of domain parameters.
+    ///
+    /// \note            The index should be a value of the NamedCurve enum,
+    ///                  as defined in <em>RFC-4492: Elliptic Curve Cryptography
+    ///                  (ECC) Cipher Suites for Transport Layer Security (TLS)</em>,
+    ///                  usually in the form of an \c MBEDTLS_ECP_DP_XXX macro.
+    ///
+    /// \param grp       The group context to setup. This must be initialized.
+    /// \param id        The identifier of the domain parameter set to load.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if \p id doesn't
+    ///                  correspond to a known group.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_group_load(
+        grp: *mut mbedtls_ecp_group,
+        id: mbedtls_ecp_group_id,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function sets up an ECP group context from a TLS
+    ///                  ECParameters record as defined in RFC 4492, Section 5.4.
+    ///
+    /// \note            The read pointer \p buf is updated to point right after
+    ///                  the ECParameters record on exit.
+    ///
+    /// \param grp       The group context to setup. This must be initialized.
+    /// \param buf       The address of the pointer to the start of the input buffer.
+    /// \param len       The length of the input buffer \c *buf in Bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
+    /// \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the group is not
+    ///                  recognized.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_tls_read_group(
+        grp: *mut mbedtls_ecp_group,
+        buf: *mut *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function extracts an elliptic curve group ID from a
+    ///                  TLS ECParameters record as defined in RFC 4492, Section 5.4.
+    ///
+    /// \note            The read pointer \p buf is updated to point right after
+    ///                  the ECParameters record on exit.
+    ///
+    /// \param grp       The address at which to store the group id.
+    ///                  This must not be \c NULL.
+    /// \param buf       The address of the pointer to the start of the input buffer.
+    /// \param len       The length of the input buffer \c *buf in Bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
+    /// \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the group is not
+    ///                  recognized.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_tls_read_group_id(
+        grp: *mut mbedtls_ecp_group_id,
+        buf: *mut *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function exports an elliptic curve as a TLS
+    ///                  ECParameters record as defined in RFC 4492, Section 5.4.
+    ///
+    /// \param grp       The ECP group to be exported.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param olen      The address at which to store the number of Bytes written.
+    ///                  This must not be \c NULL.
+    /// \param buf       The buffer to write to. This must be a writable buffer
+    ///                  of length \p blen Bytes.
+    /// \param blen      The length of the output buffer \p buf in Bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the output
+    ///                  buffer is too small to hold the exported group.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_tls_write_group(
+        grp: *const mbedtls_ecp_group,
+        olen: *mut usize,
+        buf: *mut crate::c_types::c_uchar,
+        blen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function performs a scalar multiplication of a point
+    ///                  by an integer: \p R = \p m * \p P.
+    ///
+    ///                  It is not thread-safe to use same group in multiple threads.
+    ///
+    /// \note            To prevent timing attacks, this function
+    ///                  executes the exact same sequence of base-field
+    ///                  operations for any valid \p m. It avoids any if-branch or
+    ///                  array index depending on the value of \p m. It also uses
+    ///                  \p f_rng to randomize some intermediate results.
+    ///
+    /// \param grp       The ECP group to use.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param R         The point in which to store the result of the calculation.
+    ///                  This must be initialized.
+    /// \param m         The integer by which to multiply. This must be initialized.
+    /// \param P         The point to multiply. This must be initialized.
+    /// \param f_rng     The RNG function. This must not be \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may be \c
+    ///                  NULL if \p f_rng doesn't need a context.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_INVALID_KEY if \p m is not a valid private
+    ///                  key, or \p P is not a valid public key.
+    /// \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_mul(
+        grp: *mut mbedtls_ecp_group,
+        R: *mut mbedtls_ecp_point,
+        m: *const mbedtls_mpi,
+        P: *const mbedtls_ecp_point,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function performs multiplication of a point by
+    ///                  an integer: \p R = \p m * \p P in a restartable way.
+    ///
+    /// \see             mbedtls_ecp_mul()
+    ///
+    /// \note            This function does the same as \c mbedtls_ecp_mul(), but
+    ///                  it can return early and restart according to the limit set
+    ///                  with \c mbedtls_ecp_set_max_ops() to reduce blocking.
+    ///
+    /// \param grp       The ECP group to use.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param R         The point in which to store the result of the calculation.
+    ///                  This must be initialized.
+    /// \param m         The integer by which to multiply. This must be initialized.
+    /// \param P         The point to multiply. This must be initialized.
+    /// \param f_rng     The RNG function. This must not be \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may be \c
+    ///                  NULL if \p f_rng doesn't need a context.
+    /// \param rs_ctx    The restart context (NULL disables restart).
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_INVALID_KEY if \p m is not a valid private
+    ///                  key, or \p P is not a valid public key.
+    /// \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+    /// \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                  operations was reached: see \c mbedtls_ecp_set_max_ops().
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_mul_restartable(
+        grp: *mut mbedtls_ecp_group,
+        R: *mut mbedtls_ecp_point,
+        m: *const mbedtls_mpi,
+        P: *const mbedtls_ecp_point,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        rs_ctx: *mut mbedtls_ecp_restart_ctx,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function performs multiplication and addition of two
+    ///                  points by integers: \p R = \p m * \p P + \p n * \p Q
+    ///
+    ///                  It is not thread-safe to use same group in multiple threads.
+    ///
+    /// \note            In contrast to mbedtls_ecp_mul(), this function does not
+    ///                  guarantee a constant execution flow and timing.
+    ///
+    /// \note            This function is only defined for short Weierstrass curves.
+    ///                  It may not be included in builds without any short
+    ///                  Weierstrass curve.
+    ///
+    /// \param grp       The ECP group to use.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param R         The point in which to store the result of the calculation.
+    ///                  This must be initialized.
+    /// \param m         The integer by which to multiply \p P.
+    ///                  This must be initialized.
+    /// \param P         The point to multiply by \p m. This must be initialized.
+    /// \param n         The integer by which to multiply \p Q.
+    ///                  This must be initialized.
+    /// \param Q         The point to be multiplied by \p n.
+    ///                  This must be initialized.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_INVALID_KEY if \p m or \p n are not
+    ///                  valid private keys, or \p P or \p Q are not valid public
+    ///                  keys.
+    /// \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+    /// \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if \p grp does not
+    ///                  designate a short Weierstrass curve.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_muladd(
+        grp: *mut mbedtls_ecp_group,
+        R: *mut mbedtls_ecp_point,
+        m: *const mbedtls_mpi,
+        P: *const mbedtls_ecp_point,
+        n: *const mbedtls_mpi,
+        Q: *const mbedtls_ecp_point,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function performs multiplication and addition of two
+    ///                  points by integers: \p R = \p m * \p P + \p n * \p Q in a
+    ///                  restartable way.
+    ///
+    /// \see             \c mbedtls_ecp_muladd()
+    ///
+    /// \note            This function works the same as \c mbedtls_ecp_muladd(),
+    ///                  but it can return early and restart according to the limit
+    ///                  set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
+    ///
+    /// \note            This function is only defined for short Weierstrass curves.
+    ///                  It may not be included in builds without any short
+    ///                  Weierstrass curve.
+    ///
+    /// \param grp       The ECP group to use.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param R         The point in which to store the result of the calculation.
+    ///                  This must be initialized.
+    /// \param m         The integer by which to multiply \p P.
+    ///                  This must be initialized.
+    /// \param P         The point to multiply by \p m. This must be initialized.
+    /// \param n         The integer by which to multiply \p Q.
+    ///                  This must be initialized.
+    /// \param Q         The point to be multiplied by \p n.
+    ///                  This must be initialized.
+    /// \param rs_ctx    The restart context (NULL disables restart).
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_INVALID_KEY if \p m or \p n are not
+    ///                  valid private keys, or \p P or \p Q are not valid public
+    ///                  keys.
+    /// \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+    /// \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if \p grp does not
+    ///                  designate a short Weierstrass curve.
+    /// \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                  operations was reached: see \c mbedtls_ecp_set_max_ops().
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_muladd_restartable(
+        grp: *mut mbedtls_ecp_group,
+        R: *mut mbedtls_ecp_point,
+        m: *const mbedtls_mpi,
+        P: *const mbedtls_ecp_point,
+        n: *const mbedtls_mpi,
+        Q: *const mbedtls_ecp_point,
+        rs_ctx: *mut mbedtls_ecp_restart_ctx,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function checks that a point is a valid public key
+    ///                  on this curve.
+    ///
+    ///                  It only checks that the point is non-zero, has
+    ///                  valid coordinates and lies on the curve. It does not verify
+    ///                  that it is indeed a multiple of \p G. This additional
+    ///                  check is computationally more expensive, is not required
+    ///                  by standards, and should not be necessary if the group
+    ///                  used has a small cofactor. In particular, it is useless for
+    ///                  the NIST groups which all have a cofactor of 1.
+    ///
+    /// \note            This function uses bare components rather than an
+    ///                  ::mbedtls_ecp_keypair structure, to ease use with other
+    ///                  structures, such as ::mbedtls_ecdh_context or
+    ///                  ::mbedtls_ecdsa_context.
+    ///
+    /// \param grp       The ECP group the point should belong to.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param pt        The point to check. This must be initialized.
+    ///
+    /// \return          \c 0 if the point is a valid public key.
+    /// \return          #MBEDTLS_ERR_ECP_INVALID_KEY if the point is not
+    ///                  a valid public key for the given curve.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_check_pubkey(
+        grp: *const mbedtls_ecp_group,
+        pt: *const mbedtls_ecp_point,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function checks that an \p mbedtls_mpi is a
+    ///                  valid private key for this curve.
+    ///
+    /// \note            This function uses bare components rather than an
+    ///                  ::mbedtls_ecp_keypair structure to ease use with other
+    ///                  structures, such as ::mbedtls_ecdh_context or
+    ///                  ::mbedtls_ecdsa_context.
+    ///
+    /// \param grp       The ECP group the private key should belong to.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param d         The integer to check. This must be initialized.
+    ///
+    /// \return          \c 0 if the point is a valid private key.
+    /// \return          #MBEDTLS_ERR_ECP_INVALID_KEY if the point is not a valid
+    ///                  private key for the given curve.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_check_privkey(
+        grp: *const mbedtls_ecp_group,
+        d: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function generates a private key.
+    ///
+    /// \param grp       The ECP group to generate a private key for.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param d         The destination MPI (secret part). This must be initialized.
+    /// \param f_rng     The RNG function. This must not be \c NULL.
+    /// \param p_rng     The RNG parameter to be passed to \p f_rng. This may be
+    ///                  \c NULL if \p f_rng doesn't need a context argument.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
+    ///                  on failure.
+    pub fn mbedtls_ecp_gen_privkey(
+        grp: *const mbedtls_ecp_group,
+        d: *mut mbedtls_mpi,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function generates a keypair with a configurable base
+    ///                  point.
+    ///
+    /// \note            This function uses bare components rather than an
+    ///                  ::mbedtls_ecp_keypair structure to ease use with other
+    ///                  structures, such as ::mbedtls_ecdh_context or
+    ///                  ::mbedtls_ecdsa_context.
+    ///
+    /// \param grp       The ECP group to generate a key pair for.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param G         The base point to use. This must be initialized
+    ///                  and belong to \p grp. It replaces the default base
+    ///                  point \c grp->G used by mbedtls_ecp_gen_keypair().
+    /// \param d         The destination MPI (secret part).
+    ///                  This must be initialized.
+    /// \param Q         The destination point (public part).
+    ///                  This must be initialized.
+    /// \param f_rng     The RNG function. This must not be \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may
+    ///                  be \c NULL if \p f_rng doesn't need a context argument.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
+    ///                  on failure.
+    pub fn mbedtls_ecp_gen_keypair_base(
+        grp: *mut mbedtls_ecp_group,
+        G: *const mbedtls_ecp_point,
+        d: *mut mbedtls_mpi,
+        Q: *mut mbedtls_ecp_point,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function generates an ECP keypair.
+    ///
+    /// \note            This function uses bare components rather than an
+    ///                  ::mbedtls_ecp_keypair structure to ease use with other
+    ///                  structures, such as ::mbedtls_ecdh_context or
+    ///                  ::mbedtls_ecdsa_context.
+    ///
+    /// \param grp       The ECP group to generate a key pair for.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param d         The destination MPI (secret part).
+    ///                  This must be initialized.
+    /// \param Q         The destination point (public part).
+    ///                  This must be initialized.
+    /// \param f_rng     The RNG function. This must not be \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may
+    ///                  be \c NULL if \p f_rng doesn't need a context argument.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
+    ///                  on failure.
+    pub fn mbedtls_ecp_gen_keypair(
+        grp: *mut mbedtls_ecp_group,
+        d: *mut mbedtls_mpi,
+        Q: *mut mbedtls_ecp_point,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function generates an ECP key.
+    ///
+    /// \param grp_id    The ECP group identifier.
+    /// \param key       The destination key. This must be initialized.
+    /// \param f_rng     The RNG function to use. This must not be \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may
+    ///                  be \c NULL if \p f_rng doesn't need a context argument.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
+    ///                  on failure.
+    pub fn mbedtls_ecp_gen_key(
+        grp_id: mbedtls_ecp_group_id,
+        key: *mut mbedtls_ecp_keypair,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function reads an elliptic curve private key.
+    ///
+    /// \param grp_id    The ECP group identifier.
+    /// \param key       The destination key.
+    /// \param buf       The buffer containing the binary representation of the
+    ///                  key. (Big endian integer for Weierstrass curves, byte
+    ///                  string for Montgomery curves.)
+    /// \param buflen    The length of the buffer in bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_INVALID_KEY error if the key is
+    ///                  invalid.
+    /// \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+    /// \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the operation for
+    ///                  the group is not implemented.
+    /// \return          Another negative error code on different kinds of failure.
+    pub fn mbedtls_ecp_read_key(
+        grp_id: mbedtls_ecp_group_id,
+        key: *mut mbedtls_ecp_keypair,
+        buf: *const crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function exports an elliptic curve private key.
+    ///
+    /// \param key       The private key.
+    /// \param buf       The output buffer for containing the binary representation
+    ///                  of the key. (Big endian integer for Weierstrass curves, byte
+    ///                  string for Montgomery curves.)
+    /// \param buflen    The total length of the buffer in bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the \p key
+    ///representation is larger than the available space in \p buf.
+    /// \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the operation for
+    ///                  the group is not implemented.
+    /// \return          Another negative error code on different kinds of failure.
+    pub fn mbedtls_ecp_write_key(
+        key: *mut mbedtls_ecp_keypair,
+        buf: *mut crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function checks that the keypair objects
+    ///                  \p pub and \p prv have the same group and the
+    ///                  same public point, and that the private key in
+    ///                  \p prv is consistent with the public key.
+    ///
+    /// \param pub       The keypair structure holding the public key. This
+    ///                  must be initialized. If it contains a private key, that
+    ///                  part is ignored.
+    /// \param prv       The keypair structure holding the full keypair.
+    ///                  This must be initialized.
+    /// \param f_rng     The RNG function. This must not be \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may be \c
+    ///                  NULL if \p f_rng doesn't need a context.
+    ///
+    /// \return          \c 0 on success, meaning that the keys are valid and match.
+    /// \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the keys are invalid or do not match.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX or an \c MBEDTLS_ERR_MPI_XXX
+    ///                  error code on calculation failure.
+    pub fn mbedtls_ecp_check_pub_priv(
+        pub_: *const mbedtls_ecp_keypair,
+        prv: *const mbedtls_ecp_keypair,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function exports generic key-pair parameters.
+    ///
+    /// \param key       The key pair to export from.
+    /// \param grp       Slot for exported ECP group.
+    ///                  It must point to an initialized ECP group.
+    /// \param d         Slot for the exported secret value.
+    ///                  It must point to an initialized mpi.
+    /// \param Q         Slot for the exported public value.
+    ///                  It must point to an initialized ECP point.
+    ///
+    /// \return          \c 0 on success,
+    /// \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+    /// \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if key id doesn't
+    ///                  correspond to a known group.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_export(
+        key: *const mbedtls_ecp_keypair,
+        grp: *mut mbedtls_ecp_group,
+        d: *mut mbedtls_mpi,
+        Q: *mut mbedtls_ecp_point,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          The ECP checkup routine.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_ecp_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+///< None.
+pub const mbedtls_md_type_t_MBEDTLS_MD_NONE: mbedtls_md_type_t = 0;
+///< The MD5 message digest.
+pub const mbedtls_md_type_t_MBEDTLS_MD_MD5: mbedtls_md_type_t = 1;
+///< The SHA-1 message digest.
+pub const mbedtls_md_type_t_MBEDTLS_MD_SHA1: mbedtls_md_type_t = 2;
+///< The SHA-224 message digest.
+pub const mbedtls_md_type_t_MBEDTLS_MD_SHA224: mbedtls_md_type_t = 3;
+///< The SHA-256 message digest.
+pub const mbedtls_md_type_t_MBEDTLS_MD_SHA256: mbedtls_md_type_t = 4;
+///< The SHA-384 message digest.
+pub const mbedtls_md_type_t_MBEDTLS_MD_SHA384: mbedtls_md_type_t = 5;
+///< The SHA-512 message digest.
+pub const mbedtls_md_type_t_MBEDTLS_MD_SHA512: mbedtls_md_type_t = 6;
+///< The RIPEMD-160 message digest.
+pub const mbedtls_md_type_t_MBEDTLS_MD_RIPEMD160: mbedtls_md_type_t = 7;
+/// \brief     Supported message digests.
+///
+/// \warning   MD5 and SHA-1 are considered weak message digests and
+///            their use constitutes a security risk. We recommend considering
+///            stronger message digests instead.
+pub type mbedtls_md_type_t = crate::c_types::c_uint;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_md_info_t {
+    _unused: [u8; 0],
+}
+pub const mbedtls_md_engine_t_MBEDTLS_MD_ENGINE_LEGACY: mbedtls_md_engine_t = 0;
+pub const mbedtls_md_engine_t_MBEDTLS_MD_ENGINE_PSA: mbedtls_md_engine_t = 1;
+/// Used internally to indicate whether a context uses legacy or PSA.
+///
+/// Internal use only.
+pub type mbedtls_md_engine_t = crate::c_types::c_uint;
+/// The generic message-digest context.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_md_context_t {
+    pub private_md_info: *const mbedtls_md_info_t,
+    pub private_md_ctx: *mut crate::c_types::c_void,
+    pub private_hmac_ctx: *mut crate::c_types::c_void,
+}
+extern "C" {
+    /// \brief           This function returns the message-digest information
+    ///                  associated with the given digest type.
+    ///
+    /// \param md_type   The type of digest to search for.
+    ///
+    /// \return          The message-digest information associated with \p md_type.
+    /// \return          NULL if the associated message-digest information is not found.
+    pub fn mbedtls_md_info_from_type(md_type: mbedtls_md_type_t) -> *const mbedtls_md_info_t;
+}
+extern "C" {
+    /// \brief           This function initializes a message-digest context without
+    ///                  binding it to a particular message-digest algorithm.
+    ///
+    ///                  This function should always be called first. It prepares the
+    ///                  context for mbedtls_md_setup() for binding it to a
+    ///                  message-digest algorithm.
+    pub fn mbedtls_md_init(ctx: *mut mbedtls_md_context_t);
+}
+extern "C" {
+    /// \brief           This function clears the internal structure of \p ctx and
+    ///                  frees any embedded internal structure, but does not free
+    ///                  \p ctx itself.
+    ///
+    ///                  If you have called mbedtls_md_setup() on \p ctx, you must
+    ///                  call mbedtls_md_free() when you are no longer using the
+    ///                  context.
+    ///                  Calling this function if you have previously
+    ///                  called mbedtls_md_init() and nothing else is optional.
+    ///                  You must not call this function if you have not called
+    ///                  mbedtls_md_init().
+    pub fn mbedtls_md_free(ctx: *mut mbedtls_md_context_t);
+}
+extern "C" {
+    /// \brief           This function selects the message digest algorithm to use,
+    ///                  and allocates internal structures.
+    ///
+    ///                  It should be called after mbedtls_md_init() or
+    ///                  mbedtls_md_free(). Makes it necessary to call
+    ///                  mbedtls_md_free() later.
+    ///
+    /// \param ctx       The context to set up.
+    /// \param md_info   The information structure of the message-digest algorithm
+    ///                  to use.
+    /// \param hmac      Defines if HMAC is used. 0: HMAC is not used (saves some memory),
+    ///                  or non-zero: HMAC is used with this context.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+    ///                  failure.
+    /// \return          #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure.
+    pub fn mbedtls_md_setup(
+        ctx: *mut mbedtls_md_context_t,
+        md_info: *const mbedtls_md_info_t,
+        hmac: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function clones the state of a message-digest
+    ///                  context.
+    ///
+    /// \note            You must call mbedtls_md_setup() on \c dst before calling
+    ///                  this function.
+    ///
+    /// \note            The two contexts must have the same type,
+    ///                  for example, both are SHA-256.
+    ///
+    /// \warning         This function clones the message-digest state, not the
+    ///                  HMAC state.
+    ///
+    /// \param dst       The destination context.
+    /// \param src       The context to be cloned.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification failure.
+    /// \return          #MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE if both contexts are
+    ///                  not using the same engine. This can be avoided by moving
+    ///                  the call to psa_crypto_init() before the first call to
+    ///                  mbedtls_md_setup().
+    pub fn mbedtls_md_clone(
+        dst: *mut mbedtls_md_context_t,
+        src: *const mbedtls_md_context_t,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function extracts the message-digest size from the
+    ///                  message-digest information structure.
+    ///
+    /// \param md_info   The information structure of the message-digest algorithm
+    ///                  to use.
+    ///
+    /// \return          The size of the message-digest output in Bytes.
+    pub fn mbedtls_md_get_size(md_info: *const mbedtls_md_info_t) -> crate::c_types::c_uchar;
+}
+extern "C" {
+    /// \brief           This function extracts the message-digest type from the
+    ///                  message-digest information structure.
+    ///
+    /// \param md_info   The information structure of the message-digest algorithm
+    ///                  to use.
+    ///
+    /// \return          The type of the message digest.
+    pub fn mbedtls_md_get_type(md_info: *const mbedtls_md_info_t) -> mbedtls_md_type_t;
+}
+extern "C" {
+    /// \brief           This function starts a message-digest computation.
+    ///
+    ///                  You must call this function after setting up the context
+    ///                  with mbedtls_md_setup(), and before passing data with
+    ///                  mbedtls_md_update().
+    ///
+    /// \param ctx       The generic message-digest context.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+    ///                  failure.
+    pub fn mbedtls_md_starts(ctx: *mut mbedtls_md_context_t) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function feeds an input buffer into an ongoing
+    ///                  message-digest computation.
+    ///
+    ///                  You must call mbedtls_md_starts() before calling this
+    ///                  function. You may call this function multiple times.
+    ///                  Afterwards, call mbedtls_md_finish().
+    ///
+    /// \param ctx       The generic message-digest context.
+    /// \param input     The buffer holding the input data.
+    /// \param ilen      The length of the input data.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+    ///                  failure.
+    pub fn mbedtls_md_update(
+        ctx: *mut mbedtls_md_context_t,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function finishes the digest operation,
+    ///                  and writes the result to the output buffer.
+    ///
+    ///                  Call this function after a call to mbedtls_md_starts(),
+    ///                  followed by any number of calls to mbedtls_md_update().
+    ///                  Afterwards, you may either clear the context with
+    ///                  mbedtls_md_free(), or call mbedtls_md_starts() to reuse
+    ///                  the context for another digest operation with the same
+    ///                  algorithm.
+    ///
+    /// \param ctx       The generic message-digest context.
+    /// \param output    The buffer for the generic message-digest checksum result.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+    ///                  failure.
+    pub fn mbedtls_md_finish(
+        ctx: *mut mbedtls_md_context_t,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function calculates the message-digest of a buffer,
+    ///                 with respect to a configurable message-digest algorithm
+    ///                 in a single call.
+    ///
+    ///                 The result is calculated as
+    ///                 Output = message_digest(input buffer).
+    ///
+    /// \param md_info  The information structure of the message-digest algorithm
+    ///                 to use.
+    /// \param input    The buffer holding the data.
+    /// \param ilen     The length of the input data.
+    /// \param output   The generic message-digest checksum result.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+    ///                 failure.
+    pub fn mbedtls_md(
+        md_info: *const mbedtls_md_info_t,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function returns the list of digests supported by the
+    ///                  generic digest module.
+    ///
+    /// \note            The list starts with the strongest available hashes.
+    ///
+    /// \return          A statically allocated array of digests. Each element
+    ///                  in the returned list is an integer belonging to the
+    ///                  message-digest enumeration #mbedtls_md_type_t.
+    ///                  The last entry is 0.
+    pub fn mbedtls_md_list() -> *const crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function returns the message-digest information
+    ///                  associated with the given digest name.
+    ///
+    /// \param md_name   The name of the digest to search for.
+    ///
+    /// \return          The message-digest information associated with \p md_name.
+    /// \return          NULL if the associated message-digest information is not found.
+    pub fn mbedtls_md_info_from_string(
+        md_name: *const crate::c_types::c_char,
+    ) -> *const mbedtls_md_info_t;
+}
+extern "C" {
+    /// \brief           This function extracts the message-digest name from the
+    ///                  message-digest information structure.
+    ///
+    /// \param md_info   The information structure of the message-digest algorithm
+    ///                  to use.
+    ///
+    /// \return          The name of the message digest.
+    pub fn mbedtls_md_get_name(md_info: *const mbedtls_md_info_t) -> *const crate::c_types::c_char;
+}
+extern "C" {
+    /// \brief           This function returns the message-digest information
+    ///                  from the given context.
+    ///
+    /// \param ctx       The context from which to extract the information.
+    ///                  This must be initialized (or \c NULL).
+    ///
+    /// \return          The message-digest information associated with \p ctx.
+    /// \return          \c NULL if \p ctx is \c NULL.
+    pub fn mbedtls_md_info_from_ctx(ctx: *const mbedtls_md_context_t) -> *const mbedtls_md_info_t;
+}
+extern "C" {
+    /// \brief           This function sets the HMAC key and prepares to
+    ///                  authenticate a new message.
+    ///
+    ///                  Call this function after mbedtls_md_setup(), to use
+    ///                  the MD context for an HMAC calculation, then call
+    ///                  mbedtls_md_hmac_update() to provide the input data, and
+    ///                  mbedtls_md_hmac_finish() to get the HMAC value.
+    ///
+    /// \param ctx       The message digest context containing an embedded HMAC
+    ///                  context.
+    /// \param key       The HMAC secret key.
+    /// \param keylen    The length of the HMAC key in Bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+    ///                  failure.
+    pub fn mbedtls_md_hmac_starts(
+        ctx: *mut mbedtls_md_context_t,
+        key: *const crate::c_types::c_uchar,
+        keylen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function feeds an input buffer into an ongoing HMAC
+    ///                  computation.
+    ///
+    ///                  Call mbedtls_md_hmac_starts() or mbedtls_md_hmac_reset()
+    ///                  before calling this function.
+    ///                  You may call this function multiple times to pass the
+    ///                  input piecewise.
+    ///                  Afterwards, call mbedtls_md_hmac_finish().
+    ///
+    /// \param ctx       The message digest context containing an embedded HMAC
+    ///                  context.
+    /// \param input     The buffer holding the input data.
+    /// \param ilen      The length of the input data.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+    ///                  failure.
+    pub fn mbedtls_md_hmac_update(
+        ctx: *mut mbedtls_md_context_t,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function finishes the HMAC operation, and writes
+    ///                  the result to the output buffer.
+    ///
+    ///                  Call this function after mbedtls_md_hmac_starts() and
+    ///                  mbedtls_md_hmac_update() to get the HMAC value. Afterwards
+    ///                  you may either call mbedtls_md_free() to clear the context,
+    ///                  or call mbedtls_md_hmac_reset() to reuse the context with
+    ///                  the same HMAC key.
+    ///
+    /// \param ctx       The message digest context containing an embedded HMAC
+    ///                  context.
+    /// \param output    The generic HMAC checksum result.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+    ///                  failure.
+    pub fn mbedtls_md_hmac_finish(
+        ctx: *mut mbedtls_md_context_t,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function prepares to authenticate a new message with
+    ///                  the same key as the previous HMAC operation.
+    ///
+    ///                  You may call this function after mbedtls_md_hmac_finish().
+    ///                  Afterwards call mbedtls_md_hmac_update() to pass the new
+    ///                  input.
+    ///
+    /// \param ctx       The message digest context containing an embedded HMAC
+    ///                  context.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+    ///                  failure.
+    pub fn mbedtls_md_hmac_reset(ctx: *mut mbedtls_md_context_t) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function calculates the full generic HMAC
+    ///                 on the input buffer with the provided key.
+    ///
+    ///                 The function allocates the context, performs the
+    ///                 calculation, and frees the context.
+    ///
+    ///                 The HMAC result is calculated as
+    ///                 output = generic HMAC(hmac key, input buffer).
+    ///
+    /// \param md_info  The information structure of the message-digest algorithm
+    ///                 to use.
+    /// \param key      The HMAC secret key.
+    /// \param keylen   The length of the HMAC secret key in Bytes.
+    /// \param input    The buffer holding the input data.
+    /// \param ilen     The length of the input data.
+    /// \param output   The generic HMAC result.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+    ///                 failure.
+    pub fn mbedtls_md_hmac(
+        md_info: *const mbedtls_md_info_t,
+        key: *const crate::c_types::c_uchar,
+        keylen: usize,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+/// \brief   The RSA context structure.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_rsa_context {
+    pub private_ver: crate::c_types::c_int,
+    pub private_len: usize,
+    pub private_N: mbedtls_mpi,
+    pub private_E: mbedtls_mpi,
+    pub private_D: mbedtls_mpi,
+    pub private_P: mbedtls_mpi,
+    pub private_Q: mbedtls_mpi,
+    pub private_DP: mbedtls_mpi,
+    pub private_DQ: mbedtls_mpi,
+    pub private_QP: mbedtls_mpi,
+    pub private_RN: mbedtls_mpi,
+    pub private_RP: mbedtls_mpi,
+    pub private_RQ: mbedtls_mpi,
+    pub private_Vi: mbedtls_mpi,
+    pub private_Vf: mbedtls_mpi,
+    pub private_padding: crate::c_types::c_int,
+    pub private_hash_id: crate::c_types::c_int,
+}
+extern "C" {
+    /// \brief          This function initializes an RSA context.
+    ///
+    /// \note           This function initializes the padding and the hash
+    ///                 identifier to respectively #MBEDTLS_RSA_PKCS_V15 and
+    ///                 #MBEDTLS_MD_NONE. See mbedtls_rsa_set_padding() for more
+    ///                 information about those parameters.
+    ///
+    /// \param ctx      The RSA context to initialize. This must not be \c NULL.
+    pub fn mbedtls_rsa_init(ctx: *mut mbedtls_rsa_context);
+}
+extern "C" {
+    /// \brief          This function sets padding for an already initialized RSA
+    ///                 context.
+    ///
+    /// \note           Set padding to #MBEDTLS_RSA_PKCS_V21 for the RSAES-OAEP
+    ///                 encryption scheme and the RSASSA-PSS signature scheme.
+    ///
+    /// \note           The \p hash_id parameter is ignored when using
+    ///                 #MBEDTLS_RSA_PKCS_V15 padding.
+    ///
+    /// \note           The choice of padding mode is strictly enforced for private
+    ///                 key operations, since there might be security concerns in
+    ///                 mixing padding modes. For public key operations it is
+    ///                 a default value, which can be overridden by calling specific
+    ///                 \c mbedtls_rsa_rsaes_xxx or \c mbedtls_rsa_rsassa_xxx
+    ///                 functions.
+    ///
+    /// \note           The hash selected in \p hash_id is always used for OEAP
+    ///                 encryption. For PSS signatures, it is always used for
+    ///                 making signatures, but can be overridden for verifying them.
+    ///                 If set to #MBEDTLS_MD_NONE, it is always overridden.
+    ///
+    /// \param ctx      The initialized RSA context to be configured.
+    /// \param padding  The padding mode to use. This must be either
+    ///                 #MBEDTLS_RSA_PKCS_V15 or #MBEDTLS_RSA_PKCS_V21.
+    /// \param hash_id  The hash identifier for PSS or OAEP, if \p padding is
+    ///                 #MBEDTLS_RSA_PKCS_V21. #MBEDTLS_MD_NONE is accepted by this
+    ///                 function but may be not suitable for some operations.
+    ///                 Ignored if \p padding is #MBEDTLS_RSA_PKCS_V15.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_RSA_INVALID_PADDING failure:
+    ///                 \p padding or \p hash_id is invalid.
+    pub fn mbedtls_rsa_set_padding(
+        ctx: *mut mbedtls_rsa_context,
+        padding: crate::c_types::c_int,
+        hash_id: mbedtls_md_type_t,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function retrieves padding mode of initialized
+    ///                 RSA context.
+    ///
+    /// \param ctx      The initialized RSA context.
+    ///
+    /// \return         RSA padding mode.
+    pub fn mbedtls_rsa_get_padding_mode(ctx: *const mbedtls_rsa_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function retrieves hash identifier of mbedtls_md_type_t
+    ///                 type.
+    ///
+    /// \param ctx      The initialized RSA context.
+    ///
+    /// \return         Hash identifier of mbedtls_md_type_t type.
+    pub fn mbedtls_rsa_get_md_alg(ctx: *const mbedtls_rsa_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function imports a set of core parameters into an
+    ///                 RSA context.
+    ///
+    /// \note           This function can be called multiple times for successive
+    ///                 imports, if the parameters are not simultaneously present.
+    ///
+    ///                 Any sequence of calls to this function should be followed
+    ///                 by a call to mbedtls_rsa_complete(), which checks and
+    ///                 completes the provided information to a ready-for-use
+    ///                 public or private RSA key.
+    ///
+    /// \note           See mbedtls_rsa_complete() for more information on which
+    ///                 parameters are necessary to set up a private or public
+    ///                 RSA key.
+    ///
+    /// \note           The imported parameters are copied and need not be preserved
+    ///                 for the lifetime of the RSA context being set up.
+    ///
+    /// \param ctx      The initialized RSA context to store the parameters in.
+    /// \param N        The RSA modulus. This may be \c NULL.
+    /// \param P        The first prime factor of \p N. This may be \c NULL.
+    /// \param Q        The second prime factor of \p N. This may be \c NULL.
+    /// \param D        The private exponent. This may be \c NULL.
+    /// \param E        The public exponent. This may be \c NULL.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A non-zero error code on failure.
+    pub fn mbedtls_rsa_import(
+        ctx: *mut mbedtls_rsa_context,
+        N: *const mbedtls_mpi,
+        P: *const mbedtls_mpi,
+        Q: *const mbedtls_mpi,
+        D: *const mbedtls_mpi,
+        E: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function imports core RSA parameters, in raw big-endian
+    ///                 binary format, into an RSA context.
+    ///
+    /// \note           This function can be called multiple times for successive
+    ///                 imports, if the parameters are not simultaneously present.
+    ///
+    ///                 Any sequence of calls to this function should be followed
+    ///                 by a call to mbedtls_rsa_complete(), which checks and
+    ///                 completes the provided information to a ready-for-use
+    ///                 public or private RSA key.
+    ///
+    /// \note           See mbedtls_rsa_complete() for more information on which
+    ///                 parameters are necessary to set up a private or public
+    ///                 RSA key.
+    ///
+    /// \note           The imported parameters are copied and need not be preserved
+    ///                 for the lifetime of the RSA context being set up.
+    ///
+    /// \param ctx      The initialized RSA context to store the parameters in.
+    /// \param N        The RSA modulus. This may be \c NULL.
+    /// \param N_len    The Byte length of \p N; it is ignored if \p N == NULL.
+    /// \param P        The first prime factor of \p N. This may be \c NULL.
+    /// \param P_len    The Byte length of \p P; it is ignored if \p P == NULL.
+    /// \param Q        The second prime factor of \p N. This may be \c NULL.
+    /// \param Q_len    The Byte length of \p Q; it is ignored if \p Q == NULL.
+    /// \param D        The private exponent. This may be \c NULL.
+    /// \param D_len    The Byte length of \p D; it is ignored if \p D == NULL.
+    /// \param E        The public exponent. This may be \c NULL.
+    /// \param E_len    The Byte length of \p E; it is ignored if \p E == NULL.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A non-zero error code on failure.
+    pub fn mbedtls_rsa_import_raw(
+        ctx: *mut mbedtls_rsa_context,
+        N: *const crate::c_types::c_uchar,
+        N_len: usize,
+        P: *const crate::c_types::c_uchar,
+        P_len: usize,
+        Q: *const crate::c_types::c_uchar,
+        Q_len: usize,
+        D: *const crate::c_types::c_uchar,
+        D_len: usize,
+        E: *const crate::c_types::c_uchar,
+        E_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function completes an RSA context from
+    ///                 a set of imported core parameters.
+    ///
+    ///                 To setup an RSA public key, precisely \p N and \p E
+    ///                 must have been imported.
+    ///
+    ///                 To setup an RSA private key, sufficient information must
+    ///                 be present for the other parameters to be derivable.
+    ///
+    ///                 The default implementation supports the following:
+    ///                 <ul><li>Derive \p P, \p Q from \p N, \p D, \p E.</li>
+    ///                 <li>Derive \p N, \p D from \p P, \p Q, \p E.</li></ul>
+    ///                 Alternative implementations need not support these.
+    ///
+    ///                 If this function runs successfully, it guarantees that
+    ///                 the RSA context can be used for RSA operations without
+    ///                 the risk of failure or crash.
+    ///
+    /// \warning        This function need not perform consistency checks
+    ///                 for the imported parameters. In particular, parameters that
+    ///                 are not needed by the implementation might be silently
+    ///                 discarded and left unchecked. To check the consistency
+    ///                 of the key material, see mbedtls_rsa_check_privkey().
+    ///
+    /// \param ctx      The initialized RSA context holding imported parameters.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the attempted derivations
+    ///                 failed.
+    pub fn mbedtls_rsa_complete(ctx: *mut mbedtls_rsa_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function exports the core parameters of an RSA key.
+    ///
+    ///                 If this function runs successfully, the non-NULL buffers
+    ///                 pointed to by \p N, \p P, \p Q, \p D, and \p E are fully
+    ///                 written, with additional unused space filled leading by
+    ///                 zero Bytes.
+    ///
+    ///                 Possible reasons for returning
+    ///                 #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED:<ul>
+    ///                 <li>An alternative RSA implementation is in use, which
+    ///                 stores the key externally, and either cannot or should
+    ///                 not export it into RAM.</li>
+    ///                 <li>A SW or HW implementation might not support a certain
+    ///                 deduction. For example, \p P, \p Q from \p N, \p D,
+    ///                 and \p E if the former are not part of the
+    ///                 implementation.</li></ul>
+    ///
+    ///                 If the function fails due to an unsupported operation,
+    ///                 the RSA context stays intact and remains usable.
+    ///
+    /// \param ctx      The initialized RSA context.
+    /// \param N        The MPI to hold the RSA modulus.
+    ///                 This may be \c NULL if this field need not be exported.
+    /// \param P        The MPI to hold the first prime factor of \p N.
+    ///                 This may be \c NULL if this field need not be exported.
+    /// \param Q        The MPI to hold the second prime factor of \p N.
+    ///                 This may be \c NULL if this field need not be exported.
+    /// \param D        The MPI to hold the private exponent.
+    ///                 This may be \c NULL if this field need not be exported.
+    /// \param E        The MPI to hold the public exponent.
+    ///                 This may be \c NULL if this field need not be exported.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED if exporting the
+    ///                 requested parameters cannot be done due to missing
+    ///                 functionality or because of security policies.
+    /// \return         A non-zero return code on any other failure.
+    pub fn mbedtls_rsa_export(
+        ctx: *const mbedtls_rsa_context,
+        N: *mut mbedtls_mpi,
+        P: *mut mbedtls_mpi,
+        Q: *mut mbedtls_mpi,
+        D: *mut mbedtls_mpi,
+        E: *mut mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function exports core parameters of an RSA key
+    ///                 in raw big-endian binary format.
+    ///
+    ///                 If this function runs successfully, the non-NULL buffers
+    ///                 pointed to by \p N, \p P, \p Q, \p D, and \p E are fully
+    ///                 written, with additional unused space filled leading by
+    ///                 zero Bytes.
+    ///
+    ///                 Possible reasons for returning
+    ///                 #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED:<ul>
+    ///                 <li>An alternative RSA implementation is in use, which
+    ///                 stores the key externally, and either cannot or should
+    ///                 not export it into RAM.</li>
+    ///                 <li>A SW or HW implementation might not support a certain
+    ///                 deduction. For example, \p P, \p Q from \p N, \p D,
+    ///                 and \p E if the former are not part of the
+    ///                 implementation.</li></ul>
+    ///                 If the function fails due to an unsupported operation,
+    ///                 the RSA context stays intact and remains usable.
+    ///
+    /// \note           The length parameters are ignored if the corresponding
+    ///                 buffer pointers are NULL.
+    ///
+    /// \param ctx      The initialized RSA context.
+    /// \param N        The Byte array to store the RSA modulus,
+    ///                 or \c NULL if this field need not be exported.
+    /// \param N_len    The size of the buffer for the modulus.
+    /// \param P        The Byte array to hold the first prime factor of \p N,
+    ///                 or \c NULL if this field need not be exported.
+    /// \param P_len    The size of the buffer for the first prime factor.
+    /// \param Q        The Byte array to hold the second prime factor of \p N,
+    ///                 or \c NULL if this field need not be exported.
+    /// \param Q_len    The size of the buffer for the second prime factor.
+    /// \param D        The Byte array to hold the private exponent,
+    ///                 or \c NULL if this field need not be exported.
+    /// \param D_len    The size of the buffer for the private exponent.
+    /// \param E        The Byte array to hold the public exponent,
+    ///                 or \c NULL if this field need not be exported.
+    /// \param E_len    The size of the buffer for the public exponent.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED if exporting the
+    ///                 requested parameters cannot be done due to missing
+    ///                 functionality or because of security policies.
+    /// \return         A non-zero return code on any other failure.
+    pub fn mbedtls_rsa_export_raw(
+        ctx: *const mbedtls_rsa_context,
+        N: *mut crate::c_types::c_uchar,
+        N_len: usize,
+        P: *mut crate::c_types::c_uchar,
+        P_len: usize,
+        Q: *mut crate::c_types::c_uchar,
+        Q_len: usize,
+        D: *mut crate::c_types::c_uchar,
+        D_len: usize,
+        E: *mut crate::c_types::c_uchar,
+        E_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function exports CRT parameters of a private RSA key.
+    ///
+    /// \note           Alternative RSA implementations not using CRT-parameters
+    ///                 internally can implement this function based on
+    ///                 mbedtls_rsa_deduce_opt().
+    ///
+    /// \param ctx      The initialized RSA context.
+    /// \param DP       The MPI to hold \c D modulo `P-1`,
+    ///                 or \c NULL if it need not be exported.
+    /// \param DQ       The MPI to hold \c D modulo `Q-1`,
+    ///                 or \c NULL if it need not be exported.
+    /// \param QP       The MPI to hold modular inverse of \c Q modulo \c P,
+    ///                 or \c NULL if it need not be exported.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A non-zero error code on failure.
+    pub fn mbedtls_rsa_export_crt(
+        ctx: *const mbedtls_rsa_context,
+        DP: *mut mbedtls_mpi,
+        DQ: *mut mbedtls_mpi,
+        QP: *mut mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function retrieves the length of RSA modulus in Bytes.
+    ///
+    /// \param ctx      The initialized RSA context.
+    ///
+    /// \return         The length of the RSA modulus in Bytes.
+    pub fn mbedtls_rsa_get_len(ctx: *const mbedtls_rsa_context) -> usize;
+}
+extern "C" {
+    /// \brief          This function generates an RSA keypair.
+    ///
+    /// \note           mbedtls_rsa_init() must be called before this function,
+    ///                 to set up the RSA context.
+    ///
+    /// \param ctx      The initialized RSA context used to hold the key.
+    /// \param f_rng    The RNG function to be used for key generation.
+    ///                 This is mandatory and must not be \c NULL.
+    /// \param p_rng    The RNG context to be passed to \p f_rng.
+    ///                 This may be \c NULL if \p f_rng doesn't need a context.
+    /// \param nbits    The size of the public key in bits.
+    /// \param exponent The public exponent to use. For example, \c 65537.
+    ///                 This must be odd and greater than \c 1.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_gen_key(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        nbits: crate::c_types::c_uint,
+        exponent: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function checks if a context contains at least an RSA
+    ///                 public key.
+    ///
+    ///                 If the function runs successfully, it is guaranteed that
+    ///                 enough information is present to perform an RSA public key
+    ///                 operation using mbedtls_rsa_public().
+    ///
+    /// \param ctx      The initialized RSA context to check.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_check_pubkey(ctx: *const mbedtls_rsa_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief      This function checks if a context contains an RSA private key
+    ///             and perform basic consistency checks.
+    ///
+    /// \note       The consistency checks performed by this function not only
+    ///             ensure that mbedtls_rsa_private() can be called successfully
+    ///             on the given context, but that the various parameters are
+    ///             mutually consistent with high probability, in the sense that
+    ///             mbedtls_rsa_public() and mbedtls_rsa_private() are inverses.
+    ///
+    /// \warning    This function should catch accidental misconfigurations
+    ///             like swapping of parameters, but it cannot establish full
+    ///             trust in neither the quality nor the consistency of the key
+    ///             material that was used to setup the given RSA context:
+    ///             <ul><li>Consistency: Imported parameters that are irrelevant
+    ///             for the implementation might be silently dropped. If dropped,
+    ///             the current function does not have access to them,
+    ///             and therefore cannot check them. See mbedtls_rsa_complete().
+    ///             If you want to check the consistency of the entire
+    ///             content of a PKCS1-encoded RSA private key, for example, you
+    ///             should use mbedtls_rsa_validate_params() before setting
+    ///             up the RSA context.
+    ///             Additionally, if the implementation performs empirical checks,
+    ///             these checks substantiate but do not guarantee consistency.</li>
+    ///             <li>Quality: This function is not expected to perform
+    ///             extended quality assessments like checking that the prime
+    ///             factors are safe. Additionally, it is the responsibility of the
+    ///             user to ensure the trustworthiness of the source of his RSA
+    ///             parameters, which goes beyond what is effectively checkable
+    ///             by the library.</li></ul>
+    ///
+    /// \param ctx  The initialized RSA context to check.
+    ///
+    /// \return     \c 0 on success.
+    /// \return     An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_check_privkey(ctx: *const mbedtls_rsa_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function checks a public-private RSA key pair.
+    ///
+    ///                 It checks each of the contexts, and makes sure they match.
+    ///
+    /// \param pub      The initialized RSA context holding the public key.
+    /// \param prv      The initialized RSA context holding the private key.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_check_pub_priv(
+        pub_: *const mbedtls_rsa_context,
+        prv: *const mbedtls_rsa_context,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs an RSA public key operation.
+    ///
+    /// \param ctx      The initialized RSA context to use.
+    /// \param input    The input buffer. This must be a readable buffer
+    ///                 of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    /// \param output   The output buffer. This must be a writable buffer
+    ///                 of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    ///
+    /// \note           This function does not handle message padding.
+    ///
+    /// \note           Make sure to set \p input[0] = 0 or ensure that
+    ///                 input is smaller than \p N.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_public(
+        ctx: *mut mbedtls_rsa_context,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs an RSA private key operation.
+    ///
+    /// \note           Blinding is used if and only if a PRNG is provided.
+    ///
+    /// \note           If blinding is used, both the base of exponentiation
+    ///                 and the exponent are blinded, providing protection
+    ///                 against some side-channel attacks.
+    ///
+    /// \warning        It is deprecated and a security risk to not provide
+    ///                 a PRNG here and thereby prevent the use of blinding.
+    ///                 Future versions of the library may enforce the presence
+    ///                 of a PRNG.
+    ///
+    /// \param ctx      The initialized RSA context to use.
+    /// \param f_rng    The RNG function, used for blinding. It is mandatory.
+    /// \param p_rng    The RNG context to pass to \p f_rng. This may be \c NULL
+    ///                 if \p f_rng doesn't need a context.
+    /// \param input    The input buffer. This must be a readable buffer
+    ///                 of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    /// \param output   The output buffer. This must be a writable buffer
+    ///                 of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_private(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function adds the message padding, then performs an RSA
+    ///                 operation.
+    ///
+    ///                 It is the generic wrapper for performing a PKCS#1 encryption
+    ///                 operation.
+    ///
+    /// \param ctx      The initialized RSA context to use.
+    /// \param f_rng    The RNG to use. It is used for padding generation
+    ///                 and it is mandatory.
+    /// \param p_rng    The RNG context to be passed to \p f_rng. May be
+    ///                 \c NULL if \p f_rng doesn't need a context argument.
+    /// \param ilen     The length of the plaintext in Bytes.
+    /// \param input    The input data to encrypt. This must be a readable
+    ///                 buffer of size \p ilen Bytes. It may be \c NULL if
+    ///                 `ilen == 0`.
+    /// \param output   The output buffer. This must be a writable buffer
+    ///                 of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_pkcs1_encrypt(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        ilen: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs a PKCS#1 v1.5 encryption operation
+    ///                 (RSAES-PKCS1-v1_5-ENCRYPT).
+    ///
+    /// \param ctx      The initialized RSA context to use.
+    /// \param f_rng    The RNG function to use. It is mandatory and used for
+    ///                 padding generation.
+    /// \param p_rng    The RNG context to be passed to \p f_rng. This may
+    ///                 be \c NULL if \p f_rng doesn't need a context argument.
+    /// \param ilen     The length of the plaintext in Bytes.
+    /// \param input    The input data to encrypt. This must be a readable
+    ///                 buffer of size \p ilen Bytes. It may be \c NULL if
+    ///                 `ilen == 0`.
+    /// \param output   The output buffer. This must be a writable buffer
+    ///                 of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_rsaes_pkcs1_v15_encrypt(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        ilen: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief            This function performs a PKCS#1 v2.1 OAEP encryption
+    ///                   operation (RSAES-OAEP-ENCRYPT).
+    ///
+    /// \note             The output buffer must be as large as the size
+    ///                   of ctx->N. For example, 128 Bytes if RSA-1024 is used.
+    ///
+    /// \param ctx        The initialized RSA context to use.
+    /// \param f_rng      The RNG function to use. This is needed for padding
+    ///                   generation and is mandatory.
+    /// \param p_rng      The RNG context to be passed to \p f_rng. This may
+    ///                   be \c NULL if \p f_rng doesn't need a context argument.
+    /// \param label      The buffer holding the custom label to use.
+    ///                   This must be a readable buffer of length \p label_len
+    ///                   Bytes. It may be \c NULL if \p label_len is \c 0.
+    /// \param label_len  The length of the label in Bytes.
+    /// \param ilen       The length of the plaintext buffer \p input in Bytes.
+    /// \param input      The input data to encrypt. This must be a readable
+    ///                   buffer of size \p ilen Bytes. It may be \c NULL if
+    ///                   `ilen == 0`.
+    /// \param output     The output buffer. This must be a writable buffer
+    ///                   of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                   for an 2048-bit RSA modulus.
+    ///
+    /// \return           \c 0 on success.
+    /// \return           An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_rsaes_oaep_encrypt(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        label: *const crate::c_types::c_uchar,
+        label_len: usize,
+        ilen: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs an RSA operation, then removes the
+    ///                 message padding.
+    ///
+    ///                 It is the generic wrapper for performing a PKCS#1 decryption
+    ///                 operation.
+    ///
+    /// \note           The output buffer length \c output_max_len should be
+    ///                 as large as the size \p ctx->len of \p ctx->N (for example,
+    ///                 128 Bytes if RSA-1024 is used) to be able to hold an
+    ///                 arbitrary decrypted message. If it is not large enough to
+    ///                 hold the decryption of the particular ciphertext provided,
+    ///                 the function returns \c MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
+    ///
+    /// \param ctx      The initialized RSA context to use.
+    /// \param f_rng    The RNG function. This is used for blinding and is
+    ///                 mandatory; see mbedtls_rsa_private() for more.
+    /// \param p_rng    The RNG context to be passed to \p f_rng. This may be
+    ///                 \c NULL if \p f_rng doesn't need a context.
+    /// \param olen     The address at which to store the length of
+    ///                 the plaintext. This must not be \c NULL.
+    /// \param input    The ciphertext buffer. This must be a readable buffer
+    ///                 of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    /// \param output   The buffer used to hold the plaintext. This must
+    ///                 be a writable buffer of length \p output_max_len Bytes.
+    /// \param output_max_len The length in Bytes of the output buffer \p output.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_pkcs1_decrypt(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        olen: *mut usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+        output_max_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs a PKCS#1 v1.5 decryption
+    ///                 operation (RSAES-PKCS1-v1_5-DECRYPT).
+    ///
+    /// \note           The output buffer length \c output_max_len should be
+    ///                 as large as the size \p ctx->len of \p ctx->N, for example,
+    ///                 128 Bytes if RSA-1024 is used, to be able to hold an
+    ///                 arbitrary decrypted message. If it is not large enough to
+    ///                 hold the decryption of the particular ciphertext provided,
+    ///                 the function returns #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
+    ///
+    /// \param ctx      The initialized RSA context to use.
+    /// \param f_rng    The RNG function. This is used for blinding and is
+    ///                 mandatory; see mbedtls_rsa_private() for more.
+    /// \param p_rng    The RNG context to be passed to \p f_rng. This may be
+    ///                 \c NULL if \p f_rng doesn't need a context.
+    /// \param olen     The address at which to store the length of
+    ///                 the plaintext. This must not be \c NULL.
+    /// \param input    The ciphertext buffer. This must be a readable buffer
+    ///                 of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    /// \param output   The buffer used to hold the plaintext. This must
+    ///                 be a writable buffer of length \p output_max_len Bytes.
+    /// \param output_max_len The length in Bytes of the output buffer \p output.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_rsaes_pkcs1_v15_decrypt(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        olen: *mut usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+        output_max_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief            This function performs a PKCS#1 v2.1 OAEP decryption
+    ///                   operation (RSAES-OAEP-DECRYPT).
+    ///
+    /// \note             The output buffer length \c output_max_len should be
+    ///                   as large as the size \p ctx->len of \p ctx->N, for
+    ///                   example, 128 Bytes if RSA-1024 is used, to be able to
+    ///                   hold an arbitrary decrypted message. If it is not
+    ///                   large enough to hold the decryption of the particular
+    ///                   ciphertext provided, the function returns
+    ///                   #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
+    ///
+    /// \param ctx        The initialized RSA context to use.
+    /// \param f_rng      The RNG function. This is used for blinding and is
+    ///                   mandatory.
+    /// \param p_rng      The RNG context to be passed to \p f_rng. This may be
+    ///                   \c NULL if \p f_rng doesn't need a context.
+    /// \param label      The buffer holding the custom label to use.
+    ///                   This must be a readable buffer of length \p label_len
+    ///                   Bytes. It may be \c NULL if \p label_len is \c 0.
+    /// \param label_len  The length of the label in Bytes.
+    /// \param olen       The address at which to store the length of
+    ///                   the plaintext. This must not be \c NULL.
+    /// \param input      The ciphertext buffer. This must be a readable buffer
+    ///                   of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                   for an 2048-bit RSA modulus.
+    /// \param output     The buffer used to hold the plaintext. This must
+    ///                   be a writable buffer of length \p output_max_len Bytes.
+    /// \param output_max_len The length in Bytes of the output buffer \p output.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_rsaes_oaep_decrypt(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        label: *const crate::c_types::c_uchar,
+        label_len: usize,
+        olen: *mut usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+        output_max_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs a private RSA operation to sign
+    ///                 a message digest using PKCS#1.
+    ///
+    ///                 It is the generic wrapper for performing a PKCS#1
+    ///                 signature.
+    ///
+    /// \note           The \p sig buffer must be as large as the size
+    ///                 of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
+    ///
+    /// \note           For PKCS#1 v2.1 encoding, see comments on
+    ///                 mbedtls_rsa_rsassa_pss_sign() for details on
+    ///                 \p md_alg and \p hash_id.
+    ///
+    /// \param ctx      The initialized RSA context to use.
+    /// \param f_rng    The RNG function to use. This is mandatory and
+    ///                 must not be \c NULL.
+    /// \param p_rng    The RNG context to be passed to \p f_rng. This may be \c NULL
+    ///                 if \p f_rng doesn't need a context argument.
+    /// \param md_alg   The message-digest algorithm used to hash the original data.
+    ///                 Use #MBEDTLS_MD_NONE for signing raw data.
+    /// \param hashlen  The length of the message digest or raw data in Bytes.
+    ///                 If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+    ///                 output length of the corresponding hash algorithm.
+    /// \param hash     The buffer holding the message digest or raw data.
+    ///                 This must be a readable buffer of at least \p hashlen Bytes.
+    /// \param sig      The buffer to hold the signature. This must be a writable
+    ///                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus. A buffer length of
+    ///                 #MBEDTLS_MPI_MAX_SIZE is always safe.
+    ///
+    /// \return         \c 0 if the signing operation was successful.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_pkcs1_sign(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        md_alg: mbedtls_md_type_t,
+        hashlen: crate::c_types::c_uint,
+        hash: *const crate::c_types::c_uchar,
+        sig: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs a PKCS#1 v1.5 signature
+    ///                 operation (RSASSA-PKCS1-v1_5-SIGN).
+    ///
+    /// \param ctx      The initialized RSA context to use.
+    /// \param f_rng    The RNG function. This is used for blinding and is
+    ///                 mandatory; see mbedtls_rsa_private() for more.
+    /// \param p_rng    The RNG context to be passed to \p f_rng. This may be \c NULL
+    ///                 if \p f_rng doesn't need a context argument.
+    /// \param md_alg   The message-digest algorithm used to hash the original data.
+    ///                 Use #MBEDTLS_MD_NONE for signing raw data.
+    /// \param hashlen  The length of the message digest or raw data in Bytes.
+    ///                 If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+    ///                 output length of the corresponding hash algorithm.
+    /// \param hash     The buffer holding the message digest or raw data.
+    ///                 This must be a readable buffer of at least \p hashlen Bytes.
+    /// \param sig      The buffer to hold the signature. This must be a writable
+    ///                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus. A buffer length of
+    ///                 #MBEDTLS_MPI_MAX_SIZE is always safe.
+    ///
+    /// \return         \c 0 if the signing operation was successful.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_rsassa_pkcs1_v15_sign(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        md_alg: mbedtls_md_type_t,
+        hashlen: crate::c_types::c_uint,
+        hash: *const crate::c_types::c_uchar,
+        sig: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs a PKCS#1 v2.1 PSS signature
+    ///                 operation (RSASSA-PSS-SIGN).
+    ///
+    /// \note           The \c hash_id set in \p ctx by calling
+    ///                 mbedtls_rsa_set_padding() selects the hash used for the
+    ///                 encoding operation and for the mask generation function
+    ///                 (MGF1). For more details on the encoding operation and the
+    ///                 mask generation function, consult <em>RFC-3447: Public-Key
+    ///                 Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography
+    ///                 Specifications</em>.
+    ///
+    /// \note           This function enforces that the provided salt length complies
+    ///                 with FIPS 186-4 §5.5 (e) and RFC 8017 (PKCS#1 v2.2) §9.1.1
+    ///                 step 3. The constraint is that the hash length plus the salt
+    ///                 length plus 2 bytes must be at most the key length. If this
+    ///                 constraint is not met, this function returns
+    ///                 #MBEDTLS_ERR_RSA_BAD_INPUT_DATA.
+    ///
+    /// \param ctx      The initialized RSA context to use.
+    /// \param f_rng    The RNG function. It is mandatory and must not be \c NULL.
+    /// \param p_rng    The RNG context to be passed to \p f_rng. This may be \c NULL
+    ///                 if \p f_rng doesn't need a context argument.
+    /// \param md_alg   The message-digest algorithm used to hash the original data.
+    ///                 Use #MBEDTLS_MD_NONE for signing raw data.
+    /// \param hashlen  The length of the message digest or raw data in Bytes.
+    ///                 If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+    ///                 output length of the corresponding hash algorithm.
+    /// \param hash     The buffer holding the message digest or raw data.
+    ///                 This must be a readable buffer of at least \p hashlen Bytes.
+    /// \param saltlen  The length of the salt that should be used.
+    ///                 If passed #MBEDTLS_RSA_SALT_LEN_ANY, the function will use
+    ///                 the largest possible salt length up to the hash length,
+    ///                 which is the largest permitted by some standards including
+    ///                 FIPS 186-4 §5.5.
+    /// \param sig      The buffer to hold the signature. This must be a writable
+    ///                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus. A buffer length of
+    ///                 #MBEDTLS_MPI_MAX_SIZE is always safe.
+    ///
+    /// \return         \c 0 if the signing operation was successful.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_rsassa_pss_sign_ext(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        md_alg: mbedtls_md_type_t,
+        hashlen: crate::c_types::c_uint,
+        hash: *const crate::c_types::c_uchar,
+        saltlen: crate::c_types::c_int,
+        sig: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs a PKCS#1 v2.1 PSS signature
+    ///                 operation (RSASSA-PSS-SIGN).
+    ///
+    /// \note           The \c hash_id set in \p ctx by calling
+    ///                 mbedtls_rsa_set_padding() selects the hash used for the
+    ///                 encoding operation and for the mask generation function
+    ///                 (MGF1). For more details on the encoding operation and the
+    ///                 mask generation function, consult <em>RFC-3447: Public-Key
+    ///                 Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography
+    ///                 Specifications</em>.
+    ///
+    /// \note           This function always uses the maximum possible salt size,
+    ///                 up to the length of the payload hash. This choice of salt
+    ///                 size complies with FIPS 186-4 §5.5 (e) and RFC 8017 (PKCS#1
+    ///                 v2.2) §9.1.1 step 3. Furthermore this function enforces a
+    ///                 minimum salt size which is the hash size minus 2 bytes. If
+    ///                 this minimum size is too large given the key size (the salt
+    ///                 size, plus the hash size, plus 2 bytes must be no more than
+    ///                 the key size in bytes), this function returns
+    ///                 #MBEDTLS_ERR_RSA_BAD_INPUT_DATA.
+    ///
+    /// \param ctx      The initialized RSA context to use.
+    /// \param f_rng    The RNG function. It is mandatory and must not be \c NULL.
+    /// \param p_rng    The RNG context to be passed to \p f_rng. This may be \c NULL
+    ///                 if \p f_rng doesn't need a context argument.
+    /// \param md_alg   The message-digest algorithm used to hash the original data.
+    ///                 Use #MBEDTLS_MD_NONE for signing raw data.
+    /// \param hashlen  The length of the message digest or raw data in Bytes.
+    ///                 If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+    ///                 output length of the corresponding hash algorithm.
+    /// \param hash     The buffer holding the message digest or raw data.
+    ///                 This must be a readable buffer of at least \p hashlen Bytes.
+    /// \param sig      The buffer to hold the signature. This must be a writable
+    ///                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus. A buffer length of
+    ///                 #MBEDTLS_MPI_MAX_SIZE is always safe.
+    ///
+    /// \return         \c 0 if the signing operation was successful.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_rsassa_pss_sign(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        md_alg: mbedtls_md_type_t,
+        hashlen: crate::c_types::c_uint,
+        hash: *const crate::c_types::c_uchar,
+        sig: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs a public RSA operation and checks
+    ///                 the message digest.
+    ///
+    ///                 This is the generic wrapper for performing a PKCS#1
+    ///                 verification.
+    ///
+    /// \note           For PKCS#1 v2.1 encoding, see comments on
+    ///                 mbedtls_rsa_rsassa_pss_verify() about \p md_alg and
+    ///                 \p hash_id.
+    ///
+    /// \param ctx      The initialized RSA public key context to use.
+    /// \param md_alg   The message-digest algorithm used to hash the original data.
+    ///                 Use #MBEDTLS_MD_NONE for signing raw data.
+    /// \param hashlen  The length of the message digest or raw data in Bytes.
+    ///                 If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+    ///                 output length of the corresponding hash algorithm.
+    /// \param hash     The buffer holding the message digest or raw data.
+    ///                 This must be a readable buffer of at least \p hashlen Bytes.
+    /// \param sig      The buffer holding the signature. This must be a readable
+    ///                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    ///
+    /// \return         \c 0 if the verify operation was successful.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_pkcs1_verify(
+        ctx: *mut mbedtls_rsa_context,
+        md_alg: mbedtls_md_type_t,
+        hashlen: crate::c_types::c_uint,
+        hash: *const crate::c_types::c_uchar,
+        sig: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs a PKCS#1 v1.5 verification
+    ///                 operation (RSASSA-PKCS1-v1_5-VERIFY).
+    ///
+    /// \param ctx      The initialized RSA public key context to use.
+    /// \param md_alg   The message-digest algorithm used to hash the original data.
+    ///                 Use #MBEDTLS_MD_NONE for signing raw data.
+    /// \param hashlen  The length of the message digest or raw data in Bytes.
+    ///                 If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+    ///                 output length of the corresponding hash algorithm.
+    /// \param hash     The buffer holding the message digest or raw data.
+    ///                 This must be a readable buffer of at least \p hashlen Bytes.
+    /// \param sig      The buffer holding the signature. This must be a readable
+    ///                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    ///
+    /// \return         \c 0 if the verify operation was successful.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_rsassa_pkcs1_v15_verify(
+        ctx: *mut mbedtls_rsa_context,
+        md_alg: mbedtls_md_type_t,
+        hashlen: crate::c_types::c_uint,
+        hash: *const crate::c_types::c_uchar,
+        sig: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs a PKCS#1 v2.1 PSS verification
+    ///                 operation (RSASSA-PSS-VERIFY).
+    ///
+    /// \note           The \c hash_id set in \p ctx by calling
+    ///                 mbedtls_rsa_set_padding() selects the hash used for the
+    ///                 encoding operation and for the mask generation function
+    ///                 (MGF1). For more details on the encoding operation and the
+    ///                 mask generation function, consult <em>RFC-3447: Public-Key
+    ///                 Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography
+    ///                 Specifications</em>. If the \c hash_id set in \p ctx by
+    ///                 mbedtls_rsa_set_padding() is #MBEDTLS_MD_NONE, the \p md_alg
+    ///                 parameter is used.
+    ///
+    /// \param ctx      The initialized RSA public key context to use.
+    /// \param md_alg   The message-digest algorithm used to hash the original data.
+    ///                 Use #MBEDTLS_MD_NONE for signing raw data.
+    /// \param hashlen  The length of the message digest or raw data in Bytes.
+    ///                 If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+    ///                 output length of the corresponding hash algorithm.
+    /// \param hash     The buffer holding the message digest or raw data.
+    ///                 This must be a readable buffer of at least \p hashlen Bytes.
+    /// \param sig      The buffer holding the signature. This must be a readable
+    ///                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    ///
+    /// \return         \c 0 if the verify operation was successful.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_rsassa_pss_verify(
+        ctx: *mut mbedtls_rsa_context,
+        md_alg: mbedtls_md_type_t,
+        hashlen: crate::c_types::c_uint,
+        hash: *const crate::c_types::c_uchar,
+        sig: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs a PKCS#1 v2.1 PSS verification
+    ///                 operation (RSASSA-PSS-VERIFY).
+    ///
+    /// \note           The \p sig buffer must be as large as the size
+    ///                 of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
+    ///
+    /// \note           The \c hash_id set in \p ctx by mbedtls_rsa_set_padding() is
+    ///                 ignored.
+    ///
+    /// \param ctx      The initialized RSA public key context to use.
+    /// \param md_alg   The message-digest algorithm used to hash the original data.
+    ///                 Use #MBEDTLS_MD_NONE for signing raw data.
+    /// \param hashlen  The length of the message digest or raw data in Bytes.
+    ///                 If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+    ///                 output length of the corresponding hash algorithm.
+    /// \param hash     The buffer holding the message digest or raw data.
+    ///                 This must be a readable buffer of at least \p hashlen Bytes.
+    /// \param mgf1_hash_id      The message digest algorithm used for the
+    ///                          verification operation and the mask generation
+    ///                          function (MGF1). For more details on the encoding
+    ///                          operation and the mask generation function, consult
+    ///                          <em>RFC-3447: Public-Key Cryptography Standards
+    ///                          (PKCS) #1 v2.1: RSA Cryptography
+    ///                          Specifications</em>.
+    /// \param expected_salt_len The length of the salt used in padding. Use
+    ///                          #MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length.
+    /// \param sig      The buffer holding the signature. This must be a readable
+    ///                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    ///
+    /// \return         \c 0 if the verify operation was successful.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_rsassa_pss_verify_ext(
+        ctx: *mut mbedtls_rsa_context,
+        md_alg: mbedtls_md_type_t,
+        hashlen: crate::c_types::c_uint,
+        hash: *const crate::c_types::c_uchar,
+        mgf1_hash_id: mbedtls_md_type_t,
+        expected_salt_len: crate::c_types::c_int,
+        sig: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function copies the components of an RSA context.
+    ///
+    /// \param dst      The destination context. This must be initialized.
+    /// \param src      The source context. This must be initialized.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure.
+    pub fn mbedtls_rsa_copy(
+        dst: *mut mbedtls_rsa_context,
+        src: *const mbedtls_rsa_context,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function frees the components of an RSA key.
+    ///
+    /// \param ctx      The RSA context to free. May be \c NULL, in which case
+    ///                 this function is a no-op. If it is not \c NULL, it must
+    ///                 point to an initialized RSA context.
+    pub fn mbedtls_rsa_free(ctx: *mut mbedtls_rsa_context);
+}
+extern "C" {
+    /// \brief          The RSA checkup routine.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_rsa_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+/// \brief           The ECDSA context structure.
+///
+/// \warning         Performing multiple operations concurrently on the same
+///                  ECDSA context is not supported; objects of this type
+///                  should not be shared between multiple threads.
+///
+/// \note            pk_wrap module assumes that "ecdsa_context" is identical
+///                  to "ecp_keypair" (see for example structure
+///                  "mbedtls_eckey_info" where ECDSA sign/verify functions
+///                  are used also for EC key)
+pub type mbedtls_ecdsa_context = mbedtls_ecp_keypair;
+pub type mbedtls_ecdsa_restart_ctx = crate::c_types::c_void;
+extern "C" {
+    /// \brief          This function checks whether a given group can be used
+    ///                 for ECDSA.
+    ///
+    /// \param gid      The ECP group ID to check.
+    ///
+    /// \return         \c 1 if the group can be used, \c 0 otherwise
+    pub fn mbedtls_ecdsa_can_do(gid: mbedtls_ecp_group_id) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function computes the ECDSA signature of a
+    ///                  previously-hashed message.
+    ///
+    /// \note            The deterministic version implemented in
+    ///                  mbedtls_ecdsa_sign_det_ext() is usually preferred.
+    ///
+    /// \note            If the bitlength of the message hash is larger than the
+    ///                  bitlength of the group order, then the hash is truncated
+    ///                  as defined in <em>Standards for Efficient Cryptography Group
+    ///                  (SECG): SEC1 Elliptic Curve Cryptography</em>, section
+    ///                  4.1.3, step 5.
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param grp       The context for the elliptic curve to use.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param r         The MPI context in which to store the first part
+    ///                  the signature. This must be initialized.
+    /// \param s         The MPI context in which to store the second part
+    ///                  the signature. This must be initialized.
+    /// \param d         The private signing key. This must be initialized.
+    /// \param buf       The content to be signed. This is usually the hash of
+    ///                  the original data to be signed. This must be a readable
+    ///                  buffer of length \p blen Bytes. It may be \c NULL if
+    ///                  \p blen is zero.
+    /// \param blen      The length of \p buf in Bytes.
+    /// \param f_rng     The RNG function. This must not be \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may be
+    ///                  \c NULL if \p f_rng doesn't need a context parameter.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX
+    ///                  or \c MBEDTLS_MPI_XXX error code on failure.
+    pub fn mbedtls_ecdsa_sign(
+        grp: *mut mbedtls_ecp_group,
+        r: *mut mbedtls_mpi,
+        s: *mut mbedtls_mpi,
+        d: *const mbedtls_mpi,
+        buf: *const crate::c_types::c_uchar,
+        blen: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function computes the ECDSA signature of a
+    ///                  previously-hashed message, deterministic version.
+    ///
+    ///                  For more information, see <em>RFC-6979: Deterministic
+    ///                  Usage of the Digital Signature Algorithm (DSA) and Elliptic
+    ///                  Curve Digital Signature Algorithm (ECDSA)</em>.
+    ///
+    /// \note            If the bitlength of the message hash is larger than the
+    ///                  bitlength of the group order, then the hash is truncated as
+    ///                  defined in <em>Standards for Efficient Cryptography Group
+    ///                  (SECG): SEC1 Elliptic Curve Cryptography</em>, section
+    ///                  4.1.3, step 5.
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param grp           The context for the elliptic curve to use.
+    ///                      This must be initialized and have group parameters
+    ///                      set, for example through mbedtls_ecp_group_load().
+    /// \param r             The MPI context in which to store the first part
+    ///                      the signature. This must be initialized.
+    /// \param s             The MPI context in which to store the second part
+    ///                      the signature. This must be initialized.
+    /// \param d             The private signing key. This must be initialized
+    ///                      and setup, for example through mbedtls_ecp_gen_privkey().
+    /// \param buf           The hashed content to be signed. This must be a readable
+    ///                      buffer of length \p blen Bytes. It may be \c NULL if
+    ///                      \p blen is zero.
+    /// \param blen          The length of \p buf in Bytes.
+    /// \param md_alg        The hash algorithm used to hash the original data.
+    /// \param f_rng_blind   The RNG function used for blinding. This must not be
+    ///                      \c NULL.
+    /// \param p_rng_blind   The RNG context to be passed to \p f_rng. This may be
+    ///                      \c NULL if \p f_rng doesn't need a context parameter.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
+    ///                  error code on failure.
+    pub fn mbedtls_ecdsa_sign_det_ext(
+        grp: *mut mbedtls_ecp_group,
+        r: *mut mbedtls_mpi,
+        s: *mut mbedtls_mpi,
+        d: *const mbedtls_mpi,
+        buf: *const crate::c_types::c_uchar,
+        blen: usize,
+        md_alg: mbedtls_md_type_t,
+        f_rng_blind: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng_blind: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function computes the ECDSA signature of a
+    ///                      previously-hashed message, in a restartable way.
+    ///
+    /// \note                The deterministic version implemented in
+    ///                      mbedtls_ecdsa_sign_det_restartable() is usually
+    ///                      preferred.
+    ///
+    /// \note                This function is like \c mbedtls_ecdsa_sign() but
+    ///                      it can return early and restart according to the
+    ///                      limit set with \c mbedtls_ecp_set_max_ops() to
+    ///                      reduce blocking.
+    ///
+    /// \note                If the bitlength of the message hash is larger
+    ///                      than the bitlength of the group order, then the
+    ///                      hash is truncated as defined in <em>Standards for
+    ///                      Efficient Cryptography Group (SECG): SEC1 Elliptic
+    ///                      Curve Cryptography</em>, section 4.1.3, step 5.
+    ///
+    /// \see                 ecp.h
+    ///
+    /// \param grp           The context for the elliptic curve to use.
+    ///                      This must be initialized and have group parameters
+    ///                      set, for example through mbedtls_ecp_group_load().
+    /// \param r             The MPI context in which to store the first part
+    ///                      the signature. This must be initialized.
+    /// \param s             The MPI context in which to store the second part
+    ///                      the signature. This must be initialized.
+    /// \param d             The private signing key. This must be initialized
+    ///                      and setup, for example through
+    ///                      mbedtls_ecp_gen_privkey().
+    /// \param buf           The hashed content to be signed. This must be a readable
+    ///                      buffer of length \p blen Bytes. It may be \c NULL if
+    ///                      \p blen is zero.
+    /// \param blen          The length of \p buf in Bytes.
+    /// \param f_rng         The RNG function. This must not be \c NULL.
+    /// \param p_rng         The RNG context to be passed to \p f_rng. This may be
+    ///                      \c NULL if \p f_rng doesn't need a context parameter.
+    /// \param f_rng_blind   The RNG function used for blinding. This must not be
+    ///                      \c NULL.
+    /// \param p_rng_blind   The RNG context to be passed to \p f_rng. This may be
+    ///                      \c NULL if \p f_rng doesn't need a context parameter.
+    /// \param rs_ctx        The restart context to use. This may be \c NULL
+    ///                      to disable restarting. If it is not \c NULL, it
+    ///                      must point to an initialized restart context.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                      operations was reached: see \c
+    ///                      mbedtls_ecp_set_max_ops().
+    /// \return              Another \c MBEDTLS_ERR_ECP_XXX, \c
+    ///                      MBEDTLS_ERR_MPI_XXX or \c MBEDTLS_ERR_ASN1_XXX
+    ///                      error code on failure.
+    pub fn mbedtls_ecdsa_sign_restartable(
+        grp: *mut mbedtls_ecp_group,
+        r: *mut mbedtls_mpi,
+        s: *mut mbedtls_mpi,
+        d: *const mbedtls_mpi,
+        buf: *const crate::c_types::c_uchar,
+        blen: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        f_rng_blind: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng_blind: *mut crate::c_types::c_void,
+        rs_ctx: *mut mbedtls_ecdsa_restart_ctx,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function computes the ECDSA signature of a
+    ///                      previously-hashed message, in a restartable way.
+    ///
+    /// \note                This function is like \c
+    ///                      mbedtls_ecdsa_sign_det_ext() but it can return
+    ///                      early and restart according to the limit set with
+    ///                      \c mbedtls_ecp_set_max_ops() to reduce blocking.
+    ///
+    /// \note                If the bitlength of the message hash is larger
+    ///                      than the bitlength of the group order, then the
+    ///                      hash is truncated as defined in <em>Standards for
+    ///                      Efficient Cryptography Group (SECG): SEC1 Elliptic
+    ///                      Curve Cryptography</em>, section 4.1.3, step 5.
+    ///
+    /// \see                 ecp.h
+    ///
+    /// \param grp           The context for the elliptic curve to use.
+    ///                      This must be initialized and have group parameters
+    ///                      set, for example through mbedtls_ecp_group_load().
+    /// \param r             The MPI context in which to store the first part
+    ///                      the signature. This must be initialized.
+    /// \param s             The MPI context in which to store the second part
+    ///                      the signature. This must be initialized.
+    /// \param d             The private signing key. This must be initialized
+    ///                      and setup, for example through
+    ///                      mbedtls_ecp_gen_privkey().
+    /// \param buf           The hashed content to be signed. This must be a readable
+    ///                      buffer of length \p blen Bytes. It may be \c NULL if
+    ///                      \p blen is zero.
+    /// \param blen          The length of \p buf in Bytes.
+    /// \param f_rng_blind   The RNG function used for blinding. This must not be
+    ///                      \c NULL.
+    /// \param p_rng_blind   The RNG context to be passed to \p f_rng. This may be
+    ///                      \c NULL if \p f_rng doesn't need a context parameter.
+    /// \param rs_ctx        The restart context to use. This may be \c NULL
+    ///                      to disable restarting. If it is not \c NULL, it
+    ///                      must point to an initialized restart context.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                      operations was reached: see \c
+    ///                      mbedtls_ecp_set_max_ops().
+    /// \return              Another \c MBEDTLS_ERR_ECP_XXX, \c
+    ///                      MBEDTLS_ERR_MPI_XXX or \c MBEDTLS_ERR_ASN1_XXX
+    ///                      error code on failure.
+    pub fn mbedtls_ecdsa_sign_det_restartable(
+        grp: *mut mbedtls_ecp_group,
+        r: *mut mbedtls_mpi,
+        s: *mut mbedtls_mpi,
+        d: *const mbedtls_mpi,
+        buf: *const crate::c_types::c_uchar,
+        blen: usize,
+        md_alg: mbedtls_md_type_t,
+        f_rng_blind: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng_blind: *mut crate::c_types::c_void,
+        rs_ctx: *mut mbedtls_ecdsa_restart_ctx,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function verifies the ECDSA signature of a
+    ///                  previously-hashed message.
+    ///
+    /// \note            If the bitlength of the message hash is larger than the
+    ///                  bitlength of the group order, then the hash is truncated as
+    ///                  defined in <em>Standards for Efficient Cryptography Group
+    ///                  (SECG): SEC1 Elliptic Curve Cryptography</em>, section
+    ///                  4.1.4, step 3.
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param grp       The ECP group to use.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param buf       The hashed content that was signed. This must be a readable
+    ///                  buffer of length \p blen Bytes. It may be \c NULL if
+    ///                  \p blen is zero.
+    /// \param blen      The length of \p buf in Bytes.
+    /// \param Q         The public key to use for verification. This must be
+    ///                  initialized and setup.
+    /// \param r         The first integer of the signature.
+    ///                  This must be initialized.
+    /// \param s         The second integer of the signature.
+    ///                  This must be initialized.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
+    ///                  error code on failure.
+    pub fn mbedtls_ecdsa_verify(
+        grp: *mut mbedtls_ecp_group,
+        buf: *const crate::c_types::c_uchar,
+        blen: usize,
+        Q: *const mbedtls_ecp_point,
+        r: *const mbedtls_mpi,
+        s: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function verifies the ECDSA signature of a
+    ///                  previously-hashed message, in a restartable manner
+    ///
+    /// \note            If the bitlength of the message hash is larger than the
+    ///                  bitlength of the group order, then the hash is truncated as
+    ///                  defined in <em>Standards for Efficient Cryptography Group
+    ///                  (SECG): SEC1 Elliptic Curve Cryptography</em>, section
+    ///                  4.1.4, step 3.
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param grp       The ECP group to use.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param buf       The hashed content that was signed. This must be a readable
+    ///                  buffer of length \p blen Bytes. It may be \c NULL if
+    ///                  \p blen is zero.
+    /// \param blen      The length of \p buf in Bytes.
+    /// \param Q         The public key to use for verification. This must be
+    ///                  initialized and setup.
+    /// \param r         The first integer of the signature.
+    ///                  This must be initialized.
+    /// \param s         The second integer of the signature.
+    ///                  This must be initialized.
+    /// \param rs_ctx    The restart context to use. This may be \c NULL to disable
+    ///                  restarting. If it is not \c NULL, it must point to an
+    ///                  initialized restart context.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                  operations was reached: see \c mbedtls_ecp_set_max_ops().
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
+    ///                  error code on failure.
+    pub fn mbedtls_ecdsa_verify_restartable(
+        grp: *mut mbedtls_ecp_group,
+        buf: *const crate::c_types::c_uchar,
+        blen: usize,
+        Q: *const mbedtls_ecp_point,
+        r: *const mbedtls_mpi,
+        s: *const mbedtls_mpi,
+        rs_ctx: *mut mbedtls_ecdsa_restart_ctx,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function computes the ECDSA signature and writes it
+    ///                  to a buffer, serialized as defined in <em>RFC-4492:
+    ///                  Elliptic Curve Cryptography (ECC) Cipher Suites for
+    ///                  Transport Layer Security (TLS)</em>.
+    ///
+    /// \warning         It is not thread-safe to use the same context in
+    ///                  multiple threads.
+    ///
+    /// \note            The deterministic version is used if
+    ///                  #MBEDTLS_ECDSA_DETERMINISTIC is defined. For more
+    ///                  information, see <em>RFC-6979: Deterministic Usage
+    ///                  of the Digital Signature Algorithm (DSA) and Elliptic
+    ///                  Curve Digital Signature Algorithm (ECDSA)</em>.
+    ///
+    /// \note            If the bitlength of the message hash is larger than the
+    ///                  bitlength of the group order, then the hash is truncated as
+    ///                  defined in <em>Standards for Efficient Cryptography Group
+    ///                  (SECG): SEC1 Elliptic Curve Cryptography</em>, section
+    ///                  4.1.3, step 5.
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param ctx       The ECDSA context to use. This must be initialized
+    ///                  and have a group and private key bound to it, for example
+    ///                  via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair().
+    /// \param md_alg    The message digest that was used to hash the message.
+    /// \param hash      The message hash to be signed. This must be a readable
+    ///                  buffer of length \p blen Bytes.
+    /// \param hlen      The length of the hash \p hash in Bytes.
+    /// \param sig       The buffer to which to write the signature. This must be a
+    ///                  writable buffer of length at least twice as large as the
+    ///                  size of the curve used, plus 9. For example, 73 Bytes if
+    ///                  a 256-bit curve is used. A buffer length of
+    ///                  #MBEDTLS_ECDSA_MAX_LEN is always safe.
+    /// \param sig_size  The size of the \p sig buffer in bytes.
+    /// \param slen      The address at which to store the actual length of
+    ///                  the signature written. Must not be \c NULL.
+    /// \param f_rng     The RNG function. This must not be \c NULL if
+    ///                  #MBEDTLS_ECDSA_DETERMINISTIC is unset. Otherwise,
+    ///                  it is used only for blinding and may be set to \c NULL, but
+    ///                  doing so is DEPRECATED.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may be
+    ///                  \c NULL if \p f_rng is \c NULL or doesn't use a context.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
+    ///                  \c MBEDTLS_ERR_ASN1_XXX error code on failure.
+    pub fn mbedtls_ecdsa_write_signature(
+        ctx: *mut mbedtls_ecdsa_context,
+        md_alg: mbedtls_md_type_t,
+        hash: *const crate::c_types::c_uchar,
+        hlen: usize,
+        sig: *mut crate::c_types::c_uchar,
+        sig_size: usize,
+        slen: *mut usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function computes the ECDSA signature and writes it
+    ///                  to a buffer, in a restartable way.
+    ///
+    /// \see             \c mbedtls_ecdsa_write_signature()
+    ///
+    /// \note            This function is like \c mbedtls_ecdsa_write_signature()
+    ///                  but it can return early and restart according to the limit
+    ///                  set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
+    ///
+    /// \param ctx       The ECDSA context to use. This must be initialized
+    ///                  and have a group and private key bound to it, for example
+    ///                  via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair().
+    /// \param md_alg    The message digest that was used to hash the message.
+    /// \param hash      The message hash to be signed. This must be a readable
+    ///                  buffer of length \p blen Bytes.
+    /// \param hlen      The length of the hash \p hash in Bytes.
+    /// \param sig       The buffer to which to write the signature. This must be a
+    ///                  writable buffer of length at least twice as large as the
+    ///                  size of the curve used, plus 9. For example, 73 Bytes if
+    ///                  a 256-bit curve is used. A buffer length of
+    ///                  #MBEDTLS_ECDSA_MAX_LEN is always safe.
+    /// \param sig_size  The size of the \p sig buffer in bytes.
+    /// \param slen      The address at which to store the actual length of
+    ///                  the signature written. Must not be \c NULL.
+    /// \param f_rng     The RNG function. This must not be \c NULL if
+    ///                  #MBEDTLS_ECDSA_DETERMINISTIC is unset. Otherwise,
+    ///                  it is unused and may be set to \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may be
+    ///                  \c NULL if \p f_rng is \c NULL or doesn't use a context.
+    /// \param rs_ctx    The restart context to use. This may be \c NULL to disable
+    ///                  restarting. If it is not \c NULL, it must point to an
+    ///                  initialized restart context.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                  operations was reached: see \c mbedtls_ecp_set_max_ops().
+    /// \return          Another \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
+    ///                  \c MBEDTLS_ERR_ASN1_XXX error code on failure.
+    pub fn mbedtls_ecdsa_write_signature_restartable(
+        ctx: *mut mbedtls_ecdsa_context,
+        md_alg: mbedtls_md_type_t,
+        hash: *const crate::c_types::c_uchar,
+        hlen: usize,
+        sig: *mut crate::c_types::c_uchar,
+        sig_size: usize,
+        slen: *mut usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        rs_ctx: *mut mbedtls_ecdsa_restart_ctx,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function reads and verifies an ECDSA signature.
+    ///
+    /// \note            If the bitlength of the message hash is larger than the
+    ///                  bitlength of the group order, then the hash is truncated as
+    ///                  defined in <em>Standards for Efficient Cryptography Group
+    ///                  (SECG): SEC1 Elliptic Curve Cryptography</em>, section
+    ///                  4.1.4, step 3.
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param ctx       The ECDSA context to use. This must be initialized
+    ///                  and have a group and public key bound to it.
+    /// \param hash      The message hash that was signed. This must be a readable
+    ///                  buffer of length \p size Bytes.
+    /// \param hlen      The size of the hash \p hash.
+    /// \param sig       The signature to read and verify. This must be a readable
+    ///                  buffer of length \p slen Bytes.
+    /// \param slen      The size of \p sig in Bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid.
+    /// \return          #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if there is a valid
+    ///                  signature in \p sig, but its length is less than \p siglen.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
+    ///                  error code on failure for any other reason.
+    pub fn mbedtls_ecdsa_read_signature(
+        ctx: *mut mbedtls_ecdsa_context,
+        hash: *const crate::c_types::c_uchar,
+        hlen: usize,
+        sig: *const crate::c_types::c_uchar,
+        slen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function reads and verifies an ECDSA signature,
+    ///                  in a restartable way.
+    ///
+    /// \see             \c mbedtls_ecdsa_read_signature()
+    ///
+    /// \note            This function is like \c mbedtls_ecdsa_read_signature()
+    ///                  but it can return early and restart according to the limit
+    ///                  set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
+    ///
+    /// \param ctx       The ECDSA context to use. This must be initialized
+    ///                  and have a group and public key bound to it.
+    /// \param hash      The message hash that was signed. This must be a readable
+    ///                  buffer of length \p size Bytes.
+    /// \param hlen      The size of the hash \p hash.
+    /// \param sig       The signature to read and verify. This must be a readable
+    ///                  buffer of length \p slen Bytes.
+    /// \param slen      The size of \p sig in Bytes.
+    /// \param rs_ctx    The restart context to use. This may be \c NULL to disable
+    ///                  restarting. If it is not \c NULL, it must point to an
+    ///                  initialized restart context.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid.
+    /// \return          #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if there is a valid
+    ///                  signature in \p sig, but its length is less than \p siglen.
+    /// \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                  operations was reached: see \c mbedtls_ecp_set_max_ops().
+    /// \return          Another \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
+    ///                  error code on failure for any other reason.
+    pub fn mbedtls_ecdsa_read_signature_restartable(
+        ctx: *mut mbedtls_ecdsa_context,
+        hash: *const crate::c_types::c_uchar,
+        hlen: usize,
+        sig: *const crate::c_types::c_uchar,
+        slen: usize,
+        rs_ctx: *mut mbedtls_ecdsa_restart_ctx,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function generates an ECDSA keypair on the given curve.
+    ///
+    /// \see            ecp.h
+    ///
+    /// \param ctx      The ECDSA context to store the keypair in.
+    ///                 This must be initialized.
+    /// \param gid      The elliptic curve to use. One of the various
+    ///                 \c MBEDTLS_ECP_DP_XXX macros depending on configuration.
+    /// \param f_rng    The RNG function to use. This must not be \c NULL.
+    /// \param p_rng    The RNG context to be passed to \p f_rng. This may be
+    ///                 \c NULL if \p f_rng doesn't need a context argument.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_ECP_XXX code on failure.
+    pub fn mbedtls_ecdsa_genkey(
+        ctx: *mut mbedtls_ecdsa_context,
+        gid: mbedtls_ecp_group_id,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function sets up an ECDSA context from an EC key pair.
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param ctx       The ECDSA context to setup. This must be initialized.
+    /// \param key       The EC key to use. This must be initialized and hold
+    ///                  a private-public key pair or a public key. In the former
+    ///                  case, the ECDSA context may be used for signature creation
+    ///                  and verification after this call. In the latter case, it
+    ///                  may be used for signature verification.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX code on failure.
+    pub fn mbedtls_ecdsa_from_keypair(
+        ctx: *mut mbedtls_ecdsa_context,
+        key: *const mbedtls_ecp_keypair,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function initializes an ECDSA context.
+    ///
+    /// \param ctx       The ECDSA context to initialize.
+    ///                  This must not be \c NULL.
+    pub fn mbedtls_ecdsa_init(ctx: *mut mbedtls_ecdsa_context);
+}
+extern "C" {
+    /// \brief           This function frees an ECDSA context.
+    ///
+    /// \param ctx       The ECDSA context to free. This may be \c NULL,
+    ///                  in which case this function does nothing. If it
+    ///                  is not \c NULL, it must be initialized.
+    pub fn mbedtls_ecdsa_free(ctx: *mut mbedtls_ecdsa_context);
+}
+pub const mbedtls_pk_type_t_MBEDTLS_PK_NONE: mbedtls_pk_type_t = 0;
+pub const mbedtls_pk_type_t_MBEDTLS_PK_RSA: mbedtls_pk_type_t = 1;
+pub const mbedtls_pk_type_t_MBEDTLS_PK_ECKEY: mbedtls_pk_type_t = 2;
+pub const mbedtls_pk_type_t_MBEDTLS_PK_ECKEY_DH: mbedtls_pk_type_t = 3;
+pub const mbedtls_pk_type_t_MBEDTLS_PK_ECDSA: mbedtls_pk_type_t = 4;
+pub const mbedtls_pk_type_t_MBEDTLS_PK_RSA_ALT: mbedtls_pk_type_t = 5;
+pub const mbedtls_pk_type_t_MBEDTLS_PK_RSASSA_PSS: mbedtls_pk_type_t = 6;
+pub const mbedtls_pk_type_t_MBEDTLS_PK_OPAQUE: mbedtls_pk_type_t = 7;
+/// \brief          Public key types
+pub type mbedtls_pk_type_t = crate::c_types::c_uint;
+/// \brief           Options for RSASSA-PSS signature verification.
+///                  See \c mbedtls_rsa_rsassa_pss_verify_ext()
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_pk_rsassa_pss_options {
+    /// The digest to use for MGF1 in PSS.
+    ///
+    /// \note When #MBEDTLS_USE_PSA_CRYPTO is enabled and #MBEDTLS_RSA_C is
+    ///       disabled, this must be equal to the \c md_alg argument passed
+    ///       to mbedtls_pk_verify_ext(). In a future version of the library,
+    ///       this constraint may apply whenever #MBEDTLS_USE_PSA_CRYPTO is
+    ///       enabled regardless of the status of #MBEDTLS_RSA_C.
+    pub mgf1_hash_id: mbedtls_md_type_t,
+    /// The expected length of the salt, in bytes. This may be
+    /// #MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length.
+    ///
+    /// \note When #MBEDTLS_USE_PSA_CRYPTO is enabled, only
+    ///       #MBEDTLS_RSA_SALT_LEN_ANY is valid. Any other value may be
+    ///       ignored (allowing any salt length).
+    pub expected_salt_len: crate::c_types::c_int,
+}
+pub const mbedtls_pk_debug_type_MBEDTLS_PK_DEBUG_NONE: mbedtls_pk_debug_type = 0;
+pub const mbedtls_pk_debug_type_MBEDTLS_PK_DEBUG_MPI: mbedtls_pk_debug_type = 1;
+pub const mbedtls_pk_debug_type_MBEDTLS_PK_DEBUG_ECP: mbedtls_pk_debug_type = 2;
+/// \brief           Types for interfacing with the debug module
+pub type mbedtls_pk_debug_type = crate::c_types::c_uint;
+/// \brief           Item to send to the debug module
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_pk_debug_item {
+    pub private_type: mbedtls_pk_debug_type,
+    pub private_name: *const crate::c_types::c_char,
+    pub private_value: *mut crate::c_types::c_void,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_pk_info_t {
+    _unused: [u8; 0],
+}
+/// \brief           Public key container
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_pk_context {
+    pub private_pk_info: *const mbedtls_pk_info_t,
+    pub private_pk_ctx: *mut crate::c_types::c_void,
+}
+pub type mbedtls_pk_restart_ctx = crate::c_types::c_void;
+/// \brief           Types for RSA-alt abstraction
+pub type mbedtls_pk_rsa_alt_decrypt_func = ::core::option::Option<
+    unsafe extern "C" fn(
+        ctx: *mut crate::c_types::c_void,
+        olen: *mut usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+        output_max_len: usize,
+    ) -> crate::c_types::c_int,
+>;
+pub type mbedtls_pk_rsa_alt_sign_func = ::core::option::Option<
+    unsafe extern "C" fn(
+        ctx: *mut crate::c_types::c_void,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        md_alg: mbedtls_md_type_t,
+        hashlen: crate::c_types::c_uint,
+        hash: *const crate::c_types::c_uchar,
+        sig: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int,
+>;
+pub type mbedtls_pk_rsa_alt_key_len_func =
+    ::core::option::Option<unsafe extern "C" fn(ctx: *mut crate::c_types::c_void) -> usize>;
+extern "C" {
+    /// \brief           Return information associated with the given PK type
+    ///
+    /// \param pk_type   PK type to search for.
+    ///
+    /// \return          The PK info associated with the type or NULL if not found.
+    pub fn mbedtls_pk_info_from_type(pk_type: mbedtls_pk_type_t) -> *const mbedtls_pk_info_t;
+}
+extern "C" {
+    /// \brief           Initialize a #mbedtls_pk_context (as NONE).
+    ///
+    /// \param ctx       The context to initialize.
+    ///                  This must not be \c NULL.
+    pub fn mbedtls_pk_init(ctx: *mut mbedtls_pk_context);
+}
+extern "C" {
+    /// \brief           Free the components of a #mbedtls_pk_context.
+    ///
+    /// \param ctx       The context to clear. It must have been initialized.
+    ///                  If this is \c NULL, this function does nothing.
+    ///
+    /// \note            For contexts that have been set up with
+    ///                  mbedtls_pk_setup_opaque(), this does not free the underlying
+    ///                  PSA key and you still need to call psa_destroy_key()
+    ///                  independently if you want to destroy that key.
+    pub fn mbedtls_pk_free(ctx: *mut mbedtls_pk_context);
+}
+extern "C" {
+    /// \brief           Initialize a PK context with the information given
+    ///                  and allocates the type-specific PK subcontext.
+    ///
+    /// \param ctx       Context to initialize. It must not have been set
+    ///                  up yet (type #MBEDTLS_PK_NONE).
+    /// \param info      Information to use
+    ///
+    /// \return          0 on success,
+    ///                  MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input,
+    ///                  MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure.
+    ///
+    /// \note            For contexts holding an RSA-alt key, use
+    ///                  \c mbedtls_pk_setup_rsa_alt() instead.
+    pub fn mbedtls_pk_setup(
+        ctx: *mut mbedtls_pk_context,
+        info: *const mbedtls_pk_info_t,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Initialize an RSA-alt context
+    ///
+    /// \param ctx       Context to initialize. It must not have been set
+    ///                  up yet (type #MBEDTLS_PK_NONE).
+    /// \param key       RSA key pointer
+    /// \param decrypt_func  Decryption function
+    /// \param sign_func     Signing function
+    /// \param key_len_func  Function returning key length in bytes
+    ///
+    /// \return          0 on success, or MBEDTLS_ERR_PK_BAD_INPUT_DATA if the
+    ///                  context wasn't already initialized as RSA_ALT.
+    ///
+    /// \note            This function replaces \c mbedtls_pk_setup() for RSA-alt.
+    pub fn mbedtls_pk_setup_rsa_alt(
+        ctx: *mut mbedtls_pk_context,
+        key: *mut crate::c_types::c_void,
+        decrypt_func: mbedtls_pk_rsa_alt_decrypt_func,
+        sign_func: mbedtls_pk_rsa_alt_sign_func,
+        key_len_func: mbedtls_pk_rsa_alt_key_len_func,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Get the size in bits of the underlying key
+    ///
+    /// \param ctx       The context to query. It must have been initialized.
+    ///
+    /// \return          Key size in bits, or 0 on error
+    pub fn mbedtls_pk_get_bitlen(ctx: *const mbedtls_pk_context) -> usize;
+}
+extern "C" {
+    /// \brief           Tell if a context can do the operation given by type
+    ///
+    /// \param ctx       The context to query. It must have been initialized.
+    /// \param type      The desired type.
+    ///
+    /// \return          1 if the context can do operations on the given type.
+    /// \return          0 if the context cannot do the operations on the given
+    ///                  type. This is always the case for a context that has
+    ///                  been initialized but not set up, or that has been
+    ///                  cleared with mbedtls_pk_free().
+    pub fn mbedtls_pk_can_do(
+        ctx: *const mbedtls_pk_context,
+        type_: mbedtls_pk_type_t,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Verify signature (including padding if relevant).
+    ///
+    /// \param ctx       The PK context to use. It must have been set up.
+    /// \param md_alg    Hash algorithm used.
+    ///                  This can be #MBEDTLS_MD_NONE if the signature algorithm
+    ///                  does not rely on a hash algorithm (non-deterministic
+    ///                  ECDSA, RSA PKCS#1 v1.5).
+    ///                  For PKCS#1 v1.5, if \p md_alg is #MBEDTLS_MD_NONE, then
+    ///                  \p hash is the DigestInfo structure used by RFC 8017
+    ///                  &sect;9.2 steps 3&ndash;6. If \p md_alg is a valid hash
+    ///                  algorithm then \p hash is the digest itself, and this
+    ///                  function calculates the DigestInfo encoding internally.
+    /// \param hash      Hash of the message to sign
+    /// \param hash_len  Hash length
+    /// \param sig       Signature to verify
+    /// \param sig_len   Signature length
+    ///
+    /// \return          0 on success (signature is valid),
+    ///                  #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid
+    ///                  signature in sig but its length is less than \p siglen,
+    ///                  or a specific error code.
+    ///
+    /// \note            For RSA keys, the default padding type is PKCS#1 v1.5.
+    ///                  Use \c mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, ... )
+    ///                  to verify RSASSA_PSS signatures.
+    pub fn mbedtls_pk_verify(
+        ctx: *mut mbedtls_pk_context,
+        md_alg: mbedtls_md_type_t,
+        hash: *const crate::c_types::c_uchar,
+        hash_len: usize,
+        sig: *const crate::c_types::c_uchar,
+        sig_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Restartable version of \c mbedtls_pk_verify()
+    ///
+    /// \note            Performs the same job as \c mbedtls_pk_verify(), but can
+    ///                  return early and restart according to the limit set with
+    ///                  \c mbedtls_ecp_set_max_ops() to reduce blocking for ECC
+    ///                  operations. For RSA, same as \c mbedtls_pk_verify().
+    ///
+    /// \param ctx       The PK context to use. It must have been set up.
+    /// \param md_alg    Hash algorithm used (see notes)
+    /// \param hash      Hash of the message to sign
+    /// \param hash_len  Hash length or 0 (see notes)
+    /// \param sig       Signature to verify
+    /// \param sig_len   Signature length
+    /// \param rs_ctx    Restart context (NULL to disable restart)
+    ///
+    /// \return          See \c mbedtls_pk_verify(), or
+    /// \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                  operations was reached: see \c mbedtls_ecp_set_max_ops().
+    pub fn mbedtls_pk_verify_restartable(
+        ctx: *mut mbedtls_pk_context,
+        md_alg: mbedtls_md_type_t,
+        hash: *const crate::c_types::c_uchar,
+        hash_len: usize,
+        sig: *const crate::c_types::c_uchar,
+        sig_len: usize,
+        rs_ctx: *mut mbedtls_pk_restart_ctx,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Verify signature, with options.
+    ///                  (Includes verification of the padding depending on type.)
+    ///
+    /// \param type      Signature type (inc. possible padding type) to verify
+    /// \param options   Pointer to type-specific options, or NULL
+    /// \param ctx       The PK context to use. It must have been set up.
+    /// \param md_alg    Hash algorithm used (see notes)
+    /// \param hash      Hash of the message to sign
+    /// \param hash_len  Hash length or 0 (see notes)
+    /// \param sig       Signature to verify
+    /// \param sig_len   Signature length
+    ///
+    /// \return          0 on success (signature is valid),
+    ///                  #MBEDTLS_ERR_PK_TYPE_MISMATCH if the PK context can't be
+    ///                  used for this type of signatures,
+    ///                  #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid
+    ///                  signature in sig but its length is less than \p siglen,
+    ///                  or a specific error code.
+    ///
+    /// \note            If hash_len is 0, then the length associated with md_alg
+    ///                  is used instead, or an error returned if it is invalid.
+    ///
+    /// \note            md_alg may be MBEDTLS_MD_NONE, only if hash_len != 0
+    ///
+    /// \note            If type is MBEDTLS_PK_RSASSA_PSS, then options must point
+    ///                  to a mbedtls_pk_rsassa_pss_options structure,
+    ///                  otherwise it must be NULL. Note that if
+    ///                  #MBEDTLS_USE_PSA_CRYPTO is defined, the salt length is not
+    ///                  verified as PSA_ALG_RSA_PSS_ANY_SALT is used.
+    pub fn mbedtls_pk_verify_ext(
+        type_: mbedtls_pk_type_t,
+        options: *const crate::c_types::c_void,
+        ctx: *mut mbedtls_pk_context,
+        md_alg: mbedtls_md_type_t,
+        hash: *const crate::c_types::c_uchar,
+        hash_len: usize,
+        sig: *const crate::c_types::c_uchar,
+        sig_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Make signature, including padding if relevant.
+    ///
+    /// \param ctx       The PK context to use. It must have been set up
+    ///                  with a private key.
+    /// \param md_alg    Hash algorithm used (see notes)
+    /// \param hash      Hash of the message to sign
+    /// \param hash_len  Hash length
+    /// \param sig       Place to write the signature.
+    ///                  It must have enough room for the signature.
+    ///                  #MBEDTLS_PK_SIGNATURE_MAX_SIZE is always enough.
+    ///                  You may use a smaller buffer if it is large enough
+    ///                  given the key type.
+    /// \param sig_size  The size of the \p sig buffer in bytes.
+    /// \param sig_len   On successful return,
+    ///                  the number of bytes written to \p sig.
+    /// \param f_rng     RNG function, must not be \c NULL.
+    /// \param p_rng     RNG parameter
+    ///
+    /// \return          0 on success, or a specific error code.
+    ///
+    /// \note            For RSA keys, the default padding type is PKCS#1 v1.5.
+    ///                  There is no interface in the PK module to make RSASSA-PSS
+    ///                  signatures yet.
+    ///
+    /// \note            For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0.
+    ///                  For ECDSA, md_alg may never be MBEDTLS_MD_NONE.
+    pub fn mbedtls_pk_sign(
+        ctx: *mut mbedtls_pk_context,
+        md_alg: mbedtls_md_type_t,
+        hash: *const crate::c_types::c_uchar,
+        hash_len: usize,
+        sig: *mut crate::c_types::c_uchar,
+        sig_size: usize,
+        sig_len: *mut usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Make signature given a signature type.
+    ///
+    /// \param pk_type   Signature type.
+    /// \param ctx       The PK context to use. It must have been set up
+    ///                  with a private key.
+    /// \param md_alg    Hash algorithm used (see notes)
+    /// \param hash      Hash of the message to sign
+    /// \param hash_len  Hash length
+    /// \param sig       Place to write the signature.
+    ///                  It must have enough room for the signature.
+    ///                  #MBEDTLS_PK_SIGNATURE_MAX_SIZE is always enough.
+    ///                  You may use a smaller buffer if it is large enough
+    ///                  given the key type.
+    /// \param sig_size  The size of the \p sig buffer in bytes.
+    /// \param sig_len   On successful return,
+    ///                  the number of bytes written to \p sig.
+    /// \param f_rng     RNG function, must not be \c NULL.
+    /// \param p_rng     RNG parameter
+    ///
+    /// \return          0 on success, or a specific error code.
+    ///
+    /// \note            When \p pk_type is #MBEDTLS_PK_RSASSA_PSS,
+    ///                  see #PSA_ALG_RSA_PSS for a description of PSS options used.
+    ///
+    /// \note            For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0.
+    ///                  For ECDSA, md_alg may never be MBEDTLS_MD_NONE.
+    pub fn mbedtls_pk_sign_ext(
+        pk_type: mbedtls_pk_type_t,
+        ctx: *mut mbedtls_pk_context,
+        md_alg: mbedtls_md_type_t,
+        hash: *const crate::c_types::c_uchar,
+        hash_len: usize,
+        sig: *mut crate::c_types::c_uchar,
+        sig_size: usize,
+        sig_len: *mut usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Restartable version of \c mbedtls_pk_sign()
+    ///
+    /// \note            Performs the same job as \c mbedtls_pk_sign(), but can
+    ///                  return early and restart according to the limit set with
+    ///                  \c mbedtls_ecp_set_max_ops() to reduce blocking for ECC
+    ///                  operations. For RSA, same as \c mbedtls_pk_sign().
+    ///
+    /// \param ctx       The PK context to use. It must have been set up
+    ///                  with a private key.
+    /// \param md_alg    Hash algorithm used (see notes for mbedtls_pk_sign())
+    /// \param hash      Hash of the message to sign
+    /// \param hash_len  Hash length
+    /// \param sig       Place to write the signature.
+    ///                  It must have enough room for the signature.
+    ///                  #MBEDTLS_PK_SIGNATURE_MAX_SIZE is always enough.
+    ///                  You may use a smaller buffer if it is large enough
+    ///                  given the key type.
+    /// \param sig_size  The size of the \p sig buffer in bytes.
+    /// \param sig_len   On successful return,
+    ///                  the number of bytes written to \p sig.
+    /// \param f_rng     RNG function, must not be \c NULL.
+    /// \param p_rng     RNG parameter
+    /// \param rs_ctx    Restart context (NULL to disable restart)
+    ///
+    /// \return          See \c mbedtls_pk_sign().
+    /// \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                  operations was reached: see \c mbedtls_ecp_set_max_ops().
+    pub fn mbedtls_pk_sign_restartable(
+        ctx: *mut mbedtls_pk_context,
+        md_alg: mbedtls_md_type_t,
+        hash: *const crate::c_types::c_uchar,
+        hash_len: usize,
+        sig: *mut crate::c_types::c_uchar,
+        sig_size: usize,
+        sig_len: *mut usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        rs_ctx: *mut mbedtls_pk_restart_ctx,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Decrypt message (including padding if relevant).
+    ///
+    /// \param ctx       The PK context to use. It must have been set up
+    ///                  with a private key.
+    /// \param input     Input to decrypt
+    /// \param ilen      Input size
+    /// \param output    Decrypted output
+    /// \param olen      Decrypted message length
+    /// \param osize     Size of the output buffer
+    /// \param f_rng     RNG function, must not be \c NULL.
+    /// \param p_rng     RNG parameter
+    ///
+    /// \note            For RSA keys, the default padding type is PKCS#1 v1.5.
+    ///
+    /// \return          0 on success, or a specific error code.
+    pub fn mbedtls_pk_decrypt(
+        ctx: *mut mbedtls_pk_context,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+        olen: *mut usize,
+        osize: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Encrypt message (including padding if relevant).
+    ///
+    /// \param ctx       The PK context to use. It must have been set up.
+    /// \param input     Message to encrypt
+    /// \param ilen      Message size
+    /// \param output    Encrypted output
+    /// \param olen      Encrypted output length
+    /// \param osize     Size of the output buffer
+    /// \param f_rng     RNG function, must not be \c NULL.
+    /// \param p_rng     RNG parameter
+    ///
+    /// \note            \p f_rng is used for padding generation.
+    ///
+    /// \note            For RSA keys, the default padding type is PKCS#1 v1.5.
+    ///
+    /// \return          0 on success, or a specific error code.
+    pub fn mbedtls_pk_encrypt(
+        ctx: *mut mbedtls_pk_context,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+        olen: *mut usize,
+        osize: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Check if a public-private pair of keys matches.
+    ///
+    /// \param pub       Context holding a public key.
+    /// \param prv       Context holding a private (and public) key.
+    /// \param f_rng     RNG function, must not be \c NULL.
+    /// \param p_rng     RNG parameter
+    ///
+    /// \return          \c 0 on success (keys were checked and match each other).
+    /// \return          #MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE if the keys could not
+    ///                  be checked - in that case they may or may not match.
+    /// \return          #MBEDTLS_ERR_PK_BAD_INPUT_DATA if a context is invalid.
+    /// \return          Another non-zero value if the keys do not match.
+    pub fn mbedtls_pk_check_pair(
+        pub_: *const mbedtls_pk_context,
+        prv: *const mbedtls_pk_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Export debug information
+    ///
+    /// \param ctx       The PK context to use. It must have been initialized.
+    /// \param items     Place to write debug items
+    ///
+    /// \return          0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA
+    pub fn mbedtls_pk_debug(
+        ctx: *const mbedtls_pk_context,
+        items: *mut mbedtls_pk_debug_item,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Access the type name
+    ///
+    /// \param ctx       The PK context to use. It must have been initialized.
+    ///
+    /// \return          Type name on success, or "invalid PK"
+    pub fn mbedtls_pk_get_name(ctx: *const mbedtls_pk_context) -> *const crate::c_types::c_char;
+}
+extern "C" {
+    /// \brief           Get the key type
+    ///
+    /// \param ctx       The PK context to use. It must have been initialized.
+    ///
+    /// \return          Type on success.
+    /// \return          #MBEDTLS_PK_NONE for a context that has not been set up.
+    pub fn mbedtls_pk_get_type(ctx: *const mbedtls_pk_context) -> mbedtls_pk_type_t;
+}
+extern "C" {
+    /// \ingroup pk_module */
+    ////**
+    /// \brief           Parse a private key in PEM or DER format
+    ///
+    /// \note            If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+    ///                  subsystem must have been initialized by calling
+    ///                  psa_crypto_init() before calling this function.
+    ///
+    /// \param ctx       The PK context to fill. It must have been initialized
+    ///                  but not set up.
+    /// \param key       Input buffer to parse.
+    ///                  The buffer must contain the input exactly, with no
+    ///                  extra trailing material. For PEM, the buffer must
+    ///                  contain a null-terminated string.
+    /// \param keylen    Size of \b key in bytes.
+    ///                  For PEM data, this includes the terminating null byte,
+    ///                  so \p keylen must be equal to `strlen(key) + 1`.
+    /// \param pwd       Optional password for decryption.
+    ///                  Pass \c NULL if expecting a non-encrypted key.
+    ///                  Pass a string of \p pwdlen bytes if expecting an encrypted
+    ///                  key; a non-encrypted key will also be accepted.
+    ///                  The empty password is not supported.
+    /// \param pwdlen    Size of the password in bytes.
+    ///                  Ignored if \p pwd is \c NULL.
+    /// \param f_rng     RNG function, must not be \c NULL. Used for blinding.
+    /// \param p_rng     RNG parameter
+    ///
+    /// \note            On entry, ctx must be empty, either freshly initialised
+    ///                  with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
+    ///                  specific key type, check the result with mbedtls_pk_can_do().
+    ///
+    /// \note            The key is also checked for correctness.
+    ///
+    /// \return          0 if successful, or a specific PK or PEM error code
+    pub fn mbedtls_pk_parse_key(
+        ctx: *mut mbedtls_pk_context,
+        key: *const crate::c_types::c_uchar,
+        keylen: usize,
+        pwd: *const crate::c_types::c_uchar,
+        pwdlen: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \ingroup pk_module */
+    ////**
+    /// \brief           Parse a public key in PEM or DER format
+    ///
+    /// \note            If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+    ///                  subsystem must have been initialized by calling
+    ///                  psa_crypto_init() before calling this function.
+    ///
+    /// \param ctx       The PK context to fill. It must have been initialized
+    ///                  but not set up.
+    /// \param key       Input buffer to parse.
+    ///                  The buffer must contain the input exactly, with no
+    ///                  extra trailing material. For PEM, the buffer must
+    ///                  contain a null-terminated string.
+    /// \param keylen    Size of \b key in bytes.
+    ///                  For PEM data, this includes the terminating null byte,
+    ///                  so \p keylen must be equal to `strlen(key) + 1`.
+    ///
+    /// \note            On entry, ctx must be empty, either freshly initialised
+    ///                  with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
+    ///                  specific key type, check the result with mbedtls_pk_can_do().
+    ///
+    /// \note            For compressed points, see #MBEDTLS_ECP_PF_COMPRESSED for
+    ///                  limitations.
+    ///
+    /// \note            The key is also checked for correctness.
+    ///
+    /// \return          0 if successful, or a specific PK or PEM error code
+    pub fn mbedtls_pk_parse_public_key(
+        ctx: *mut mbedtls_pk_context,
+        key: *const crate::c_types::c_uchar,
+        keylen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Write a private key to a PKCS#1 or SEC1 DER structure
+    ///                  Note: data is written at the end of the buffer! Use the
+    ///                        return value to determine where you should start
+    ///                        using the buffer
+    ///
+    /// \param ctx       PK context which must contain a valid private key.
+    /// \param buf       buffer to write to
+    /// \param size      size of the buffer
+    ///
+    /// \return          length of data written if successful, or a specific
+    ///                  error code
+    pub fn mbedtls_pk_write_key_der(
+        ctx: *const mbedtls_pk_context,
+        buf: *mut crate::c_types::c_uchar,
+        size: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Write a public key to a SubjectPublicKeyInfo DER structure
+    ///                  Note: data is written at the end of the buffer! Use the
+    ///                        return value to determine where you should start
+    ///                        using the buffer
+    ///
+    /// \param ctx       PK context which must contain a valid public or private key.
+    /// \param buf       buffer to write to
+    /// \param size      size of the buffer
+    ///
+    /// \return          length of data written if successful, or a specific
+    ///                  error code
+    pub fn mbedtls_pk_write_pubkey_der(
+        ctx: *const mbedtls_pk_context,
+        buf: *mut crate::c_types::c_uchar,
+        size: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Write a public key to a PEM string
+    ///
+    /// \param ctx       PK context which must contain a valid public or private key.
+    /// \param buf       Buffer to write to. The output includes a
+    ///                  terminating null byte.
+    /// \param size      Size of the buffer in bytes.
+    ///
+    /// \return          0 if successful, or a specific error code
+    pub fn mbedtls_pk_write_pubkey_pem(
+        ctx: *const mbedtls_pk_context,
+        buf: *mut crate::c_types::c_uchar,
+        size: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Write a private key to a PKCS#1 or SEC1 PEM string
+    ///
+    /// \param ctx       PK context which must contain a valid private key.
+    /// \param buf       Buffer to write to. The output includes a
+    ///                  terminating null byte.
+    /// \param size      Size of the buffer in bytes.
+    ///
+    /// \return          0 if successful, or a specific error code
+    pub fn mbedtls_pk_write_key_pem(
+        ctx: *const mbedtls_pk_context,
+        buf: *mut crate::c_types::c_uchar,
+        size: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Parse a SubjectPublicKeyInfo DER structure
+    ///
+    /// \param p         the position in the ASN.1 data
+    /// \param end       end of the buffer
+    /// \param pk        The PK context to fill. It must have been initialized
+    ///                  but not set up.
+    ///
+    /// \return          0 if successful, or a specific PK error code
+    pub fn mbedtls_pk_parse_subpubkey(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        pk: *mut mbedtls_pk_context,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Write a subjectPublicKey to ASN.1 data
+    ///                  Note: function works backwards in data buffer
+    ///
+    /// \param p         reference to current position pointer
+    /// \param start     start of the buffer (for bounds-checking)
+    /// \param key       PK context which must contain a valid public or private key.
+    ///
+    /// \return          the length written or a negative error code
+    pub fn mbedtls_pk_write_pubkey(
+        p: *mut *mut crate::c_types::c_uchar,
+        start: *mut crate::c_types::c_uchar,
+        key: *const mbedtls_pk_context,
+    ) -> crate::c_types::c_int;
+}
+///< Placeholder to mark the end of cipher ID lists.
+pub const mbedtls_cipher_id_t_MBEDTLS_CIPHER_ID_NONE: mbedtls_cipher_id_t = 0;
+///< The identity cipher, treated as a stream cipher.
+pub const mbedtls_cipher_id_t_MBEDTLS_CIPHER_ID_NULL: mbedtls_cipher_id_t = 1;
+///< The AES cipher.
+pub const mbedtls_cipher_id_t_MBEDTLS_CIPHER_ID_AES: mbedtls_cipher_id_t = 2;
+///< The DES cipher. \warning DES is considered weak.
+pub const mbedtls_cipher_id_t_MBEDTLS_CIPHER_ID_DES: mbedtls_cipher_id_t = 3;
+///< The Triple DES cipher. \warning 3DES is considered weak.
+pub const mbedtls_cipher_id_t_MBEDTLS_CIPHER_ID_3DES: mbedtls_cipher_id_t = 4;
+///< The Camellia cipher.
+pub const mbedtls_cipher_id_t_MBEDTLS_CIPHER_ID_CAMELLIA: mbedtls_cipher_id_t = 5;
+///< The Aria cipher.
+pub const mbedtls_cipher_id_t_MBEDTLS_CIPHER_ID_ARIA: mbedtls_cipher_id_t = 6;
+///< The ChaCha20 cipher.
+pub const mbedtls_cipher_id_t_MBEDTLS_CIPHER_ID_CHACHA20: mbedtls_cipher_id_t = 7;
+/// \brief     Supported cipher types.
+///
+/// \warning   DES/3DES are considered weak ciphers and their use
+///            constitutes a security risk. We recommend considering stronger
+///            ciphers instead.
+pub type mbedtls_cipher_id_t = crate::c_types::c_uint;
+///< Placeholder to mark the end of cipher-pair lists.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_NONE: mbedtls_cipher_type_t = 0;
+///< The identity stream cipher.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_NULL: mbedtls_cipher_type_t = 1;
+///< AES cipher with 128-bit ECB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_ECB: mbedtls_cipher_type_t = 2;
+///< AES cipher with 192-bit ECB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_ECB: mbedtls_cipher_type_t = 3;
+///< AES cipher with 256-bit ECB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_ECB: mbedtls_cipher_type_t = 4;
+///< AES cipher with 128-bit CBC mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_CBC: mbedtls_cipher_type_t = 5;
+///< AES cipher with 192-bit CBC mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_CBC: mbedtls_cipher_type_t = 6;
+///< AES cipher with 256-bit CBC mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_CBC: mbedtls_cipher_type_t = 7;
+///< AES cipher with 128-bit CFB128 mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_CFB128: mbedtls_cipher_type_t = 8;
+///< AES cipher with 192-bit CFB128 mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_CFB128: mbedtls_cipher_type_t = 9;
+///< AES cipher with 256-bit CFB128 mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_CFB128: mbedtls_cipher_type_t = 10;
+///< AES cipher with 128-bit CTR mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_CTR: mbedtls_cipher_type_t = 11;
+///< AES cipher with 192-bit CTR mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_CTR: mbedtls_cipher_type_t = 12;
+///< AES cipher with 256-bit CTR mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_CTR: mbedtls_cipher_type_t = 13;
+///< AES cipher with 128-bit GCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_GCM: mbedtls_cipher_type_t = 14;
+///< AES cipher with 192-bit GCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_GCM: mbedtls_cipher_type_t = 15;
+///< AES cipher with 256-bit GCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_GCM: mbedtls_cipher_type_t = 16;
+///< Camellia cipher with 128-bit ECB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_128_ECB: mbedtls_cipher_type_t = 17;
+///< Camellia cipher with 192-bit ECB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_192_ECB: mbedtls_cipher_type_t = 18;
+///< Camellia cipher with 256-bit ECB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_256_ECB: mbedtls_cipher_type_t = 19;
+///< Camellia cipher with 128-bit CBC mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_128_CBC: mbedtls_cipher_type_t = 20;
+///< Camellia cipher with 192-bit CBC mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_192_CBC: mbedtls_cipher_type_t = 21;
+///< Camellia cipher with 256-bit CBC mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_256_CBC: mbedtls_cipher_type_t = 22;
+///< Camellia cipher with 128-bit CFB128 mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_128_CFB128: mbedtls_cipher_type_t = 23;
+///< Camellia cipher with 192-bit CFB128 mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_192_CFB128: mbedtls_cipher_type_t = 24;
+///< Camellia cipher with 256-bit CFB128 mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_256_CFB128: mbedtls_cipher_type_t = 25;
+///< Camellia cipher with 128-bit CTR mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_128_CTR: mbedtls_cipher_type_t = 26;
+///< Camellia cipher with 192-bit CTR mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_192_CTR: mbedtls_cipher_type_t = 27;
+///< Camellia cipher with 256-bit CTR mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_256_CTR: mbedtls_cipher_type_t = 28;
+///< Camellia cipher with 128-bit GCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_128_GCM: mbedtls_cipher_type_t = 29;
+///< Camellia cipher with 192-bit GCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_192_GCM: mbedtls_cipher_type_t = 30;
+///< Camellia cipher with 256-bit GCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_256_GCM: mbedtls_cipher_type_t = 31;
+///< DES cipher with ECB mode. \warning DES is considered weak.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_DES_ECB: mbedtls_cipher_type_t = 32;
+///< DES cipher with CBC mode. \warning DES is considered weak.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_DES_CBC: mbedtls_cipher_type_t = 33;
+///< DES cipher with EDE ECB mode. \warning 3DES is considered weak.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_DES_EDE_ECB: mbedtls_cipher_type_t = 34;
+///< DES cipher with EDE CBC mode. \warning 3DES is considered weak.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_DES_EDE_CBC: mbedtls_cipher_type_t = 35;
+///< DES cipher with EDE3 ECB mode. \warning 3DES is considered weak.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_DES_EDE3_ECB: mbedtls_cipher_type_t = 36;
+///< DES cipher with EDE3 CBC mode. \warning 3DES is considered weak.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_DES_EDE3_CBC: mbedtls_cipher_type_t = 37;
+///< AES cipher with 128-bit CCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_CCM: mbedtls_cipher_type_t = 38;
+///< AES cipher with 192-bit CCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_CCM: mbedtls_cipher_type_t = 39;
+///< AES cipher with 256-bit CCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_CCM: mbedtls_cipher_type_t = 40;
+///< AES cipher with 128-bit CCM_STAR_NO_TAG mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG: mbedtls_cipher_type_t = 41;
+///< AES cipher with 192-bit CCM_STAR_NO_TAG mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG: mbedtls_cipher_type_t = 42;
+///< AES cipher with 256-bit CCM_STAR_NO_TAG mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG: mbedtls_cipher_type_t = 43;
+///< Camellia cipher with 128-bit CCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_128_CCM: mbedtls_cipher_type_t = 44;
+///< Camellia cipher with 192-bit CCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_192_CCM: mbedtls_cipher_type_t = 45;
+///< Camellia cipher with 256-bit CCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_256_CCM: mbedtls_cipher_type_t = 46;
+///< Camellia cipher with 128-bit CCM_STAR_NO_TAG mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG: mbedtls_cipher_type_t =
+    47;
+///< Camellia cipher with 192-bit CCM_STAR_NO_TAG mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG: mbedtls_cipher_type_t =
+    48;
+///< Camellia cipher with 256-bit CCM_STAR_NO_TAG mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG: mbedtls_cipher_type_t =
+    49;
+///< Aria cipher with 128-bit key and ECB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_128_ECB: mbedtls_cipher_type_t = 50;
+///< Aria cipher with 192-bit key and ECB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_192_ECB: mbedtls_cipher_type_t = 51;
+///< Aria cipher with 256-bit key and ECB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_256_ECB: mbedtls_cipher_type_t = 52;
+///< Aria cipher with 128-bit key and CBC mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_128_CBC: mbedtls_cipher_type_t = 53;
+///< Aria cipher with 192-bit key and CBC mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_192_CBC: mbedtls_cipher_type_t = 54;
+///< Aria cipher with 256-bit key and CBC mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_256_CBC: mbedtls_cipher_type_t = 55;
+///< Aria cipher with 128-bit key and CFB-128 mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_128_CFB128: mbedtls_cipher_type_t = 56;
+///< Aria cipher with 192-bit key and CFB-128 mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_192_CFB128: mbedtls_cipher_type_t = 57;
+///< Aria cipher with 256-bit key and CFB-128 mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_256_CFB128: mbedtls_cipher_type_t = 58;
+///< Aria cipher with 128-bit key and CTR mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_128_CTR: mbedtls_cipher_type_t = 59;
+///< Aria cipher with 192-bit key and CTR mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_192_CTR: mbedtls_cipher_type_t = 60;
+///< Aria cipher with 256-bit key and CTR mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_256_CTR: mbedtls_cipher_type_t = 61;
+///< Aria cipher with 128-bit key and GCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_128_GCM: mbedtls_cipher_type_t = 62;
+///< Aria cipher with 192-bit key and GCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_192_GCM: mbedtls_cipher_type_t = 63;
+///< Aria cipher with 256-bit key and GCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_256_GCM: mbedtls_cipher_type_t = 64;
+///< Aria cipher with 128-bit key and CCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_128_CCM: mbedtls_cipher_type_t = 65;
+///< Aria cipher with 192-bit key and CCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_192_CCM: mbedtls_cipher_type_t = 66;
+///< Aria cipher with 256-bit key and CCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_256_CCM: mbedtls_cipher_type_t = 67;
+///< Aria cipher with 128-bit key and CCM_STAR_NO_TAG mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG: mbedtls_cipher_type_t = 68;
+///< Aria cipher with 192-bit key and CCM_STAR_NO_TAG mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG: mbedtls_cipher_type_t = 69;
+///< Aria cipher with 256-bit key and CCM_STAR_NO_TAG mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG: mbedtls_cipher_type_t = 70;
+///< AES 128-bit cipher in OFB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_OFB: mbedtls_cipher_type_t = 71;
+///< AES 192-bit cipher in OFB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_OFB: mbedtls_cipher_type_t = 72;
+///< AES 256-bit cipher in OFB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_OFB: mbedtls_cipher_type_t = 73;
+///< AES 128-bit cipher in XTS block mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_XTS: mbedtls_cipher_type_t = 74;
+///< AES 256-bit cipher in XTS block mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_XTS: mbedtls_cipher_type_t = 75;
+///< ChaCha20 stream cipher.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CHACHA20: mbedtls_cipher_type_t = 76;
+///< ChaCha20-Poly1305 AEAD cipher.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CHACHA20_POLY1305: mbedtls_cipher_type_t = 77;
+///< AES cipher with 128-bit NIST KW mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_KW: mbedtls_cipher_type_t = 78;
+///< AES cipher with 192-bit NIST KW mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_KW: mbedtls_cipher_type_t = 79;
+///< AES cipher with 256-bit NIST KW mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_KW: mbedtls_cipher_type_t = 80;
+///< AES cipher with 128-bit NIST KWP mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_KWP: mbedtls_cipher_type_t = 81;
+///< AES cipher with 192-bit NIST KWP mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_KWP: mbedtls_cipher_type_t = 82;
+///< AES cipher with 256-bit NIST KWP mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_KWP: mbedtls_cipher_type_t = 83;
+/// \brief     Supported {cipher type, cipher mode} pairs.
+///
+/// \warning   DES/3DES are considered weak ciphers and their use
+///            constitutes a security risk. We recommend considering stronger
+///            ciphers instead.
+pub type mbedtls_cipher_type_t = crate::c_types::c_uint;
+///< None.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_NONE: mbedtls_cipher_mode_t = 0;
+///< The ECB cipher mode.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_ECB: mbedtls_cipher_mode_t = 1;
+///< The CBC cipher mode.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_CBC: mbedtls_cipher_mode_t = 2;
+///< The CFB cipher mode.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_CFB: mbedtls_cipher_mode_t = 3;
+///< The OFB cipher mode.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_OFB: mbedtls_cipher_mode_t = 4;
+///< The CTR cipher mode.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_CTR: mbedtls_cipher_mode_t = 5;
+///< The GCM cipher mode.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_GCM: mbedtls_cipher_mode_t = 6;
+///< The stream cipher mode.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_STREAM: mbedtls_cipher_mode_t = 7;
+///< The CCM cipher mode.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_CCM: mbedtls_cipher_mode_t = 8;
+///< The CCM*-no-tag cipher mode.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_CCM_STAR_NO_TAG: mbedtls_cipher_mode_t = 9;
+///< The XTS cipher mode.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_XTS: mbedtls_cipher_mode_t = 10;
+///< The ChaCha-Poly cipher mode.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_CHACHAPOLY: mbedtls_cipher_mode_t = 11;
+///< The SP800-38F KW mode
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_KW: mbedtls_cipher_mode_t = 12;
+///< The SP800-38F KWP mode
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_KWP: mbedtls_cipher_mode_t = 13;
+/// Supported cipher modes.
+pub type mbedtls_cipher_mode_t = crate::c_types::c_uint;
+///< PKCS7 padding (default).
+pub const mbedtls_cipher_padding_t_MBEDTLS_PADDING_PKCS7: mbedtls_cipher_padding_t = 0;
+///< ISO/IEC 7816-4 padding.
+pub const mbedtls_cipher_padding_t_MBEDTLS_PADDING_ONE_AND_ZEROS: mbedtls_cipher_padding_t = 1;
+///< ANSI X.923 padding.
+pub const mbedtls_cipher_padding_t_MBEDTLS_PADDING_ZEROS_AND_LEN: mbedtls_cipher_padding_t = 2;
+///< Zero padding (not reversible).
+pub const mbedtls_cipher_padding_t_MBEDTLS_PADDING_ZEROS: mbedtls_cipher_padding_t = 3;
+///< Never pad (full blocks only).
+pub const mbedtls_cipher_padding_t_MBEDTLS_PADDING_NONE: mbedtls_cipher_padding_t = 4;
+/// Supported cipher padding types.
+pub type mbedtls_cipher_padding_t = crate::c_types::c_uint;
+pub const mbedtls_operation_t_MBEDTLS_OPERATION_NONE: mbedtls_operation_t = -1;
+pub const mbedtls_operation_t_MBEDTLS_DECRYPT: mbedtls_operation_t = 0;
+pub const mbedtls_operation_t_MBEDTLS_ENCRYPT: mbedtls_operation_t = 1;
+/// Type of operation.
+pub type mbedtls_operation_t = crate::c_types::c_int;
+/// Undefined key length.
+pub const MBEDTLS_KEY_LENGTH_NONE: _bindgen_ty_1 = 0;
+/// Key length, in bits (including parity), for DES keys. \warning DES is considered weak.
+pub const MBEDTLS_KEY_LENGTH_DES: _bindgen_ty_1 = 64;
+/// Key length in bits, including parity, for DES in two-key EDE. \warning 3DES is considered weak.
+pub const MBEDTLS_KEY_LENGTH_DES_EDE: _bindgen_ty_1 = 128;
+/// Key length in bits, including parity, for DES in three-key EDE. \warning 3DES is considered weak.
+pub const MBEDTLS_KEY_LENGTH_DES_EDE3: _bindgen_ty_1 = 192;
+pub type _bindgen_ty_1 = crate::c_types::c_uint;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_cipher_base_t {
+    _unused: [u8; 0],
+}
+/// Cipher information. Allows calling cipher functions
+/// in a generic way.
+///
+/// \note        The library does not support custom cipher info structures,
+///              only built-in structures returned by the functions
+///              mbedtls_cipher_info_from_string(),
+///              mbedtls_cipher_info_from_type(),
+///              mbedtls_cipher_info_from_values(),
+///              mbedtls_cipher_info_from_psa().
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_cipher_info_t {
+    pub private_type: mbedtls_cipher_type_t,
+    pub private_mode: mbedtls_cipher_mode_t,
+    pub private_key_bitlen: crate::c_types::c_uint,
+    pub private_name: *const crate::c_types::c_char,
+    pub private_iv_size: crate::c_types::c_uint,
+    pub private_flags: crate::c_types::c_int,
+    pub private_block_size: crate::c_types::c_uint,
+    pub private_base: *const mbedtls_cipher_base_t,
+}
+/// Generic cipher context.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_cipher_context_t {
+    pub private_cipher_info: *const mbedtls_cipher_info_t,
+    pub private_key_bitlen: crate::c_types::c_int,
+    pub private_operation: mbedtls_operation_t,
+    pub private_add_padding: ::core::option::Option<
+        unsafe extern "C" fn(output: *mut crate::c_types::c_uchar, olen: usize, data_len: usize),
+    >,
+    pub private_get_padding: ::core::option::Option<
+        unsafe extern "C" fn(
+            input: *mut crate::c_types::c_uchar,
+            ilen: usize,
+            data_len: *mut usize,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_unprocessed_data: [crate::c_types::c_uchar; 16usize],
+    pub private_unprocessed_len: usize,
+    pub private_iv: [crate::c_types::c_uchar; 16usize],
+    pub private_iv_size: usize,
+    pub private_cipher_ctx: *mut crate::c_types::c_void,
+    pub private_cmac_ctx: *mut mbedtls_cmac_context_t,
+}
+extern "C" {
+    /// \brief This function retrieves the list of ciphers supported
+    ///        by the generic cipher module.
+    ///
+    ///        For any cipher identifier in the returned list, you can
+    ///        obtain the corresponding generic cipher information structure
+    ///        via mbedtls_cipher_info_from_type(), which can then be used
+    ///        to prepare a cipher context via mbedtls_cipher_setup().
+    ///
+    ///
+    /// \return      A statically-allocated array of cipher identifiers
+    ///              of type cipher_type_t. The last entry is zero.
+    pub fn mbedtls_cipher_list() -> *const crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function retrieves the cipher-information
+    ///                      structure associated with the given cipher name.
+    ///
+    /// \param cipher_name   Name of the cipher to search for. This must not be
+    ///                      \c NULL.
+    ///
+    /// \return              The cipher information structure associated with the
+    ///                      given \p cipher_name.
+    /// \return              \c NULL if the associated cipher information is not found.
+    pub fn mbedtls_cipher_info_from_string(
+        cipher_name: *const crate::c_types::c_char,
+    ) -> *const mbedtls_cipher_info_t;
+}
+extern "C" {
+    /// \brief               This function retrieves the cipher-information
+    ///                      structure associated with the given cipher type.
+    ///
+    /// \param cipher_type   Type of the cipher to search for.
+    ///
+    /// \return              The cipher information structure associated with the
+    ///                      given \p cipher_type.
+    /// \return              \c NULL if the associated cipher information is not found.
+    pub fn mbedtls_cipher_info_from_type(
+        cipher_type: mbedtls_cipher_type_t,
+    ) -> *const mbedtls_cipher_info_t;
+}
+extern "C" {
+    /// \brief               This function retrieves the cipher-information
+    ///                      structure associated with the given cipher ID,
+    ///                      key size and mode.
+    ///
+    /// \param cipher_id     The ID of the cipher to search for. For example,
+    ///                      #MBEDTLS_CIPHER_ID_AES.
+    /// \param key_bitlen    The length of the key in bits.
+    /// \param mode          The cipher mode. For example, #MBEDTLS_MODE_CBC.
+    ///
+    /// \return              The cipher information structure associated with the
+    ///                      given \p cipher_id.
+    /// \return              \c NULL if the associated cipher information is not found.
+    pub fn mbedtls_cipher_info_from_values(
+        cipher_id: mbedtls_cipher_id_t,
+        key_bitlen: crate::c_types::c_int,
+        mode: mbedtls_cipher_mode_t,
+    ) -> *const mbedtls_cipher_info_t;
+}
+extern "C" {
+    /// \brief               This function initializes a \p cipher_context as NONE.
+    ///
+    /// \param ctx           The context to be initialized. This must not be \c NULL.
+    pub fn mbedtls_cipher_init(ctx: *mut mbedtls_cipher_context_t);
+}
+extern "C" {
+    /// \brief               This function frees and clears the cipher-specific
+    ///                      context of \p ctx. Freeing \p ctx itself remains the
+    ///                      responsibility of the caller.
+    ///
+    /// \param ctx           The context to be freed. If this is \c NULL, the
+    ///                      function has no effect, otherwise this must point to an
+    ///                      initialized context.
+    pub fn mbedtls_cipher_free(ctx: *mut mbedtls_cipher_context_t);
+}
+extern "C" {
+    /// \brief               This function prepares a cipher context for
+    ///                      use with the given cipher primitive.
+    ///
+    /// \note                After calling this function, you should call
+    ///                      mbedtls_cipher_setkey() and, if the mode uses padding,
+    ///                      mbedtls_cipher_set_padding_mode(), then for each
+    ///                      message to encrypt or decrypt with this key, either:
+    ///                      - mbedtls_cipher_crypt() for one-shot processing with
+    ///                      non-AEAD modes;
+    ///                      - mbedtls_cipher_auth_encrypt_ext() or
+    ///                      mbedtls_cipher_auth_decrypt_ext() for one-shot
+    ///                      processing with AEAD modes or NIST_KW;
+    ///                      - for multi-part processing, see the documentation of
+    ///                      mbedtls_cipher_reset().
+    ///
+    /// \param ctx           The context to prepare. This must be initialized by
+    ///                      a call to mbedtls_cipher_init() first.
+    /// \param cipher_info   The cipher to use.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+    ///                      parameter-verification failure.
+    /// \return              #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
+    ///                      cipher-specific context fails.
+    pub fn mbedtls_cipher_setup(
+        ctx: *mut mbedtls_cipher_context_t,
+        cipher_info: *const mbedtls_cipher_info_t,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function sets the key to use with the given context.
+    ///
+    /// \param ctx           The generic cipher context. This must be initialized and
+    ///                      bound to a cipher information structure.
+    /// \param key           The key to use. This must be a readable buffer of at
+    ///                      least \p key_bitlen Bits.
+    /// \param key_bitlen    The key length to use, in Bits.
+    /// \param operation     The operation that the key will be used for:
+    ///                      #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+    ///                      parameter-verification failure.
+    /// \return              A cipher-specific error code on failure.
+    pub fn mbedtls_cipher_setkey(
+        ctx: *mut mbedtls_cipher_context_t,
+        key: *const crate::c_types::c_uchar,
+        key_bitlen: crate::c_types::c_int,
+        operation: mbedtls_operation_t,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function sets the padding mode, for cipher modes
+    ///                      that use padding.
+    ///
+    ///                      The default passing mode is PKCS7 padding.
+    ///
+    /// \param ctx           The generic cipher context. This must be initialized and
+    ///                      bound to a cipher information structure.
+    /// \param mode          The padding mode.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
+    ///                      if the selected padding mode is not supported.
+    /// \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode
+    ///                      does not support padding.
+    pub fn mbedtls_cipher_set_padding_mode(
+        ctx: *mut mbedtls_cipher_context_t,
+        mode: mbedtls_cipher_padding_t,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function sets the initialization vector (IV)
+    ///                  or nonce.
+    ///
+    /// \note            Some ciphers do not use IVs nor nonce. For these
+    ///                  ciphers, this function has no effect.
+    ///
+    /// \note            For #MBEDTLS_CIPHER_CHACHA20, the nonce length must
+    ///                  be 12, and the initial counter value is 0.
+    ///
+    /// \note            For #MBEDTLS_CIPHER_CHACHA20_POLY1305, the nonce length
+    ///                  must be 12.
+    ///
+    /// \param ctx       The generic cipher context. This must be initialized and
+    ///                  bound to a cipher information structure.
+    /// \param iv        The IV to use, or NONCE_COUNTER for CTR-mode ciphers. This
+    ///                  must be a readable buffer of at least \p iv_len Bytes.
+    /// \param iv_len    The IV length for ciphers with variable-size IV.
+    ///                  This parameter is discarded by ciphers with fixed-size IV.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+    ///                  parameter-verification failure.
+    pub fn mbedtls_cipher_set_iv(
+        ctx: *mut mbedtls_cipher_context_t,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief         This function resets the cipher state.
+    ///
+    /// \note          With non-AEAD ciphers, the order of calls for each message
+    ///                is as follows:
+    ///                1. mbedtls_cipher_set_iv() if the mode uses an IV/nonce.
+    ///                2. mbedtls_cipher_reset()
+    ///                3. mbedtls_cipher_update() one or more times
+    ///                4. mbedtls_cipher_finish()
+    ///                .
+    ///                This sequence can be repeated to encrypt or decrypt multiple
+    ///                messages with the same key.
+    ///
+    /// \note          With AEAD ciphers, the order of calls for each message
+    ///                is as follows:
+    ///                1. mbedtls_cipher_set_iv() if the mode uses an IV/nonce.
+    ///                2. mbedtls_cipher_reset()
+    ///                3. mbedtls_cipher_update_ad()
+    ///                4. mbedtls_cipher_update() one or more times
+    ///                5. mbedtls_cipher_finish()
+    ///                6. mbedtls_cipher_check_tag() (for decryption) or
+    ///                mbedtls_cipher_write_tag() (for encryption).
+    ///                .
+    ///                This sequence can be repeated to encrypt or decrypt multiple
+    ///                messages with the same key.
+    ///
+    /// \param ctx     The generic cipher context. This must be bound to a key.
+    ///
+    /// \return        \c 0 on success.
+    /// \return        #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+    ///                parameter-verification failure.
+    pub fn mbedtls_cipher_reset(ctx: *mut mbedtls_cipher_context_t) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function adds additional data for AEAD ciphers.
+    ///                      Currently supported with GCM and ChaCha20+Poly1305.
+    ///
+    /// \param ctx           The generic cipher context. This must be initialized.
+    /// \param ad            The additional data to use. This must be a readable
+    ///                      buffer of at least \p ad_len Bytes.
+    /// \param ad_len        The length of \p ad in Bytes.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              A specific error code on failure.
+    pub fn mbedtls_cipher_update_ad(
+        ctx: *mut mbedtls_cipher_context_t,
+        ad: *const crate::c_types::c_uchar,
+        ad_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               The generic cipher update function. It encrypts or
+    ///                      decrypts using the given cipher context. Writes as
+    ///                      many block-sized blocks of data as possible to output.
+    ///                      Any data that cannot be written immediately is either
+    ///                      added to the next block, or flushed when
+    ///                      mbedtls_cipher_finish() is called.
+    ///                      Exception: For MBEDTLS_MODE_ECB, expects a single block
+    ///                      in size. For example, 16 Bytes for AES.
+    ///
+    /// \param ctx           The generic cipher context. This must be initialized and
+    ///                      bound to a key.
+    /// \param input         The buffer holding the input data. This must be a
+    ///                      readable buffer of at least \p ilen Bytes.
+    /// \param ilen          The length of the input data.
+    /// \param output        The buffer for the output data. This must be able to
+    ///                      hold at least `ilen + block_size`. This must not be the
+    ///                      same buffer as \p input.
+    /// \param olen          The length of the output data, to be updated with the
+    ///                      actual number of Bytes written. This must not be
+    ///                      \c NULL.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+    ///                      parameter-verification failure.
+    /// \return              #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an
+    ///                      unsupported mode for a cipher.
+    /// \return              A cipher-specific error code on failure.
+    pub fn mbedtls_cipher_update(
+        ctx: *mut mbedtls_cipher_context_t,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+        olen: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               The generic cipher finalization function. If data still
+    ///                      needs to be flushed from an incomplete block, the data
+    ///                      contained in it is padded to the size of
+    ///                      the last block, and written to the \p output buffer.
+    ///
+    /// \param ctx           The generic cipher context. This must be initialized and
+    ///                      bound to a key.
+    /// \param output        The buffer to write data to. This needs to be a writable
+    ///                      buffer of at least \p block_size Bytes.
+    /// \param olen          The length of the data written to the \p output buffer.
+    ///                      This may not be \c NULL.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+    ///                      parameter-verification failure.
+    /// \return              #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED on decryption
+    ///                      expecting a full block but not receiving one.
+    /// \return              #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
+    ///                      while decrypting.
+    /// \return              A cipher-specific error code on failure.
+    pub fn mbedtls_cipher_finish(
+        ctx: *mut mbedtls_cipher_context_t,
+        output: *mut crate::c_types::c_uchar,
+        olen: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function writes a tag for AEAD ciphers.
+    ///                      Currently supported with GCM and ChaCha20+Poly1305.
+    ///                      This must be called after mbedtls_cipher_finish().
+    ///
+    /// \param ctx           The generic cipher context. This must be initialized,
+    ///                      bound to a key, and have just completed a cipher
+    ///                      operation through mbedtls_cipher_finish() the tag for
+    ///                      which should be written.
+    /// \param tag           The buffer to write the tag to. This must be a writable
+    ///                      buffer of at least \p tag_len Bytes.
+    /// \param tag_len       The length of the tag to write.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              A specific error code on failure.
+    pub fn mbedtls_cipher_write_tag(
+        ctx: *mut mbedtls_cipher_context_t,
+        tag: *mut crate::c_types::c_uchar,
+        tag_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function checks the tag for AEAD ciphers.
+    ///                      Currently supported with GCM and ChaCha20+Poly1305.
+    ///                      This must be called after mbedtls_cipher_finish().
+    ///
+    /// \param ctx           The generic cipher context. This must be initialized.
+    /// \param tag           The buffer holding the tag. This must be a readable
+    ///                      buffer of at least \p tag_len Bytes.
+    /// \param tag_len       The length of the tag to check.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              A specific error code on failure.
+    pub fn mbedtls_cipher_check_tag(
+        ctx: *mut mbedtls_cipher_context_t,
+        tag: *const crate::c_types::c_uchar,
+        tag_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               The generic all-in-one encryption/decryption function,
+    ///                      for all ciphers except AEAD constructs.
+    ///
+    /// \param ctx           The generic cipher context. This must be initialized.
+    /// \param iv            The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
+    ///                      This must be a readable buffer of at least \p iv_len
+    ///                      Bytes.
+    /// \param iv_len        The IV length for ciphers with variable-size IV.
+    ///                      This parameter is discarded by ciphers with fixed-size
+    ///                      IV.
+    /// \param input         The buffer holding the input data. This must be a
+    ///                      readable buffer of at least \p ilen Bytes.
+    /// \param ilen          The length of the input data in Bytes.
+    /// \param output        The buffer for the output data. This must be able to
+    ///                      hold at least `ilen + block_size`. This must not be the
+    ///                      same buffer as \p input.
+    /// \param olen          The length of the output data, to be updated with the
+    ///                      actual number of Bytes written. This must not be
+    ///                      \c NULL.
+    ///
+    /// \note                Some ciphers do not use IVs nor nonce. For these
+    ///                      ciphers, use \p iv = NULL and \p iv_len = 0.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+    ///                      parameter-verification failure.
+    /// \return              #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED on decryption
+    ///                      expecting a full block but not receiving one.
+    /// \return              #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
+    ///                      while decrypting.
+    /// \return              A cipher-specific error code on failure.
+    pub fn mbedtls_cipher_crypt(
+        ctx: *mut mbedtls_cipher_context_t,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+        olen: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               The authenticated encryption (AEAD/NIST_KW) function.
+    ///
+    /// \note                For AEAD modes, the tag will be appended to the
+    ///                      ciphertext, as recommended by RFC 5116.
+    ///                      (NIST_KW doesn't have a separate tag.)
+    ///
+    /// \param ctx           The generic cipher context. This must be initialized and
+    ///                      bound to a key, with an AEAD algorithm or NIST_KW.
+    /// \param iv            The nonce to use. This must be a readable buffer of
+    ///                      at least \p iv_len Bytes and may be \c NULL if \p
+    ///                      iv_len is \c 0.
+    /// \param iv_len        The length of the nonce. For AEAD ciphers, this must
+    ///                      satisfy the constraints imposed by the cipher used.
+    ///                      For NIST_KW, this must be \c 0.
+    /// \param ad            The additional data to authenticate. This must be a
+    ///                      readable buffer of at least \p ad_len Bytes, and may
+    ///                      be \c NULL is \p ad_len is \c 0.
+    /// \param ad_len        The length of \p ad. For NIST_KW, this must be \c 0.
+    /// \param input         The buffer holding the input data. This must be a
+    ///                      readable buffer of at least \p ilen Bytes, and may be
+    ///                      \c NULL if \p ilen is \c 0.
+    /// \param ilen          The length of the input data.
+    /// \param output        The buffer for the output data. This must be a
+    ///                      writable buffer of at least \p output_len Bytes, and
+    ///                      must not be \c NULL.
+    /// \param output_len    The length of the \p output buffer in Bytes. For AEAD
+    ///                      ciphers, this must be at least \p ilen + \p tag_len.
+    ///                      For NIST_KW, this must be at least \p ilen + 8
+    ///                      (rounded up to a multiple of 8 if KWP is used);
+    ///                      \p ilen + 15 is always a safe value.
+    /// \param olen          This will be filled with the actual number of Bytes
+    ///                      written to the \p output buffer. This must point to a
+    ///                      writable object of type \c size_t.
+    /// \param tag_len       The desired length of the authentication tag. For AEAD
+    ///                      ciphers, this must match the constraints imposed by
+    ///                      the cipher used, and in particular must not be \c 0.
+    ///                      For NIST_KW, this must be \c 0.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+    ///                      parameter-verification failure.
+    /// \return              A cipher-specific error code on failure.
+    pub fn mbedtls_cipher_auth_encrypt_ext(
+        ctx: *mut mbedtls_cipher_context_t,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+        ad: *const crate::c_types::c_uchar,
+        ad_len: usize,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+        output_len: usize,
+        olen: *mut usize,
+        tag_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               The authenticated encryption (AEAD/NIST_KW) function.
+    ///
+    /// \note                If the data is not authentic, then the output buffer
+    ///                      is zeroed out to prevent the unauthentic plaintext being
+    ///                      used, making this interface safer.
+    ///
+    /// \note                For AEAD modes, the tag must be appended to the
+    ///                      ciphertext, as recommended by RFC 5116.
+    ///                      (NIST_KW doesn't have a separate tag.)
+    ///
+    /// \param ctx           The generic cipher context. This must be initialized and
+    ///                      bound to a key, with an AEAD algorithm or NIST_KW.
+    /// \param iv            The nonce to use. This must be a readable buffer of
+    ///                      at least \p iv_len Bytes and may be \c NULL if \p
+    ///                      iv_len is \c 0.
+    /// \param iv_len        The length of the nonce. For AEAD ciphers, this must
+    ///                      satisfy the constraints imposed by the cipher used.
+    ///                      For NIST_KW, this must be \c 0.
+    /// \param ad            The additional data to authenticate. This must be a
+    ///                      readable buffer of at least \p ad_len Bytes, and may
+    ///                      be \c NULL is \p ad_len is \c 0.
+    /// \param ad_len        The length of \p ad. For NIST_KW, this must be \c 0.
+    /// \param input         The buffer holding the input data. This must be a
+    ///                      readable buffer of at least \p ilen Bytes, and may be
+    ///                      \c NULL if \p ilen is \c 0.
+    /// \param ilen          The length of the input data. For AEAD ciphers this
+    ///                      must be at least \p tag_len. For NIST_KW this must be
+    ///                      at least \c 8.
+    /// \param output        The buffer for the output data. This must be a
+    ///                      writable buffer of at least \p output_len Bytes, and
+    ///                      may be \c NULL if \p output_len is \c 0.
+    /// \param output_len    The length of the \p output buffer in Bytes. For AEAD
+    ///                      ciphers, this must be at least \p ilen - \p tag_len.
+    ///                      For NIST_KW, this must be at least \p ilen - 8.
+    /// \param olen          This will be filled with the actual number of Bytes
+    ///                      written to the \p output buffer. This must point to a
+    ///                      writable object of type \c size_t.
+    /// \param tag_len       The actual length of the authentication tag. For AEAD
+    ///                      ciphers, this must match the constraints imposed by
+    ///                      the cipher used, and in particular must not be \c 0.
+    ///                      For NIST_KW, this must be \c 0.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+    ///                      parameter-verification failure.
+    /// \return              #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic.
+    /// \return              A cipher-specific error code on failure.
+    pub fn mbedtls_cipher_auth_decrypt_ext(
+        ctx: *mut mbedtls_cipher_context_t,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+        ad: *const crate::c_types::c_uchar,
+        ad_len: usize,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+        output_len: usize,
+        olen: *mut usize,
+        tag_len: usize,
+    ) -> crate::c_types::c_int;
+}
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_NONE: mbedtls_key_exchange_type_t = 0;
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_RSA: mbedtls_key_exchange_type_t = 1;
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_DHE_RSA: mbedtls_key_exchange_type_t = 2;
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: mbedtls_key_exchange_type_t =
+    3;
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
+    mbedtls_key_exchange_type_t = 4;
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_PSK: mbedtls_key_exchange_type_t = 5;
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_DHE_PSK: mbedtls_key_exchange_type_t = 6;
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_RSA_PSK: mbedtls_key_exchange_type_t = 7;
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: mbedtls_key_exchange_type_t =
+    8;
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_ECDH_RSA: mbedtls_key_exchange_type_t =
+    9;
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: mbedtls_key_exchange_type_t =
+    10;
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_ECJPAKE: mbedtls_key_exchange_type_t =
+    11;
+pub type mbedtls_key_exchange_type_t = crate::c_types::c_uint;
+/// \brief   This structure is used for storing ciphersuite information
+///
+/// \note    members are defined using integral types instead of enums
+///          in order to pack structure and reduce memory usage by internal
+///          \c ciphersuite_definitions[]
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ssl_ciphersuite_t {
+    pub private_id: crate::c_types::c_int,
+    pub private_name: *const crate::c_types::c_char,
+    pub private_cipher: u8,
+    pub private_mac: u8,
+    pub private_key_exchange: u8,
+    pub private_flags: u8,
+    pub private_min_tls_version: u16,
+    pub private_max_tls_version: u16,
+}
+extern "C" {
+    pub fn mbedtls_ssl_list_ciphersuites() -> *const crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_ssl_ciphersuite_from_string(
+        ciphersuite_name: *const crate::c_types::c_char,
+    ) -> *const mbedtls_ssl_ciphersuite_t;
+}
+extern "C" {
+    pub fn mbedtls_ssl_ciphersuite_from_id(
+        ciphersuite_id: crate::c_types::c_int,
+    ) -> *const mbedtls_ssl_ciphersuite_t;
+}
+extern "C" {
+    pub fn mbedtls_ssl_get_ciphersuite_sig_pk_alg(
+        info: *const mbedtls_ssl_ciphersuite_t,
+    ) -> mbedtls_pk_type_t;
+}
+extern "C" {
+    pub fn mbedtls_ssl_get_ciphersuite_sig_alg(
+        info: *const mbedtls_ssl_ciphersuite_t,
+    ) -> mbedtls_pk_type_t;
+}
+extern "C" {
+    pub fn mbedtls_ssl_ciphersuite_uses_ec(
+        info: *const mbedtls_ssl_ciphersuite_t,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_ssl_ciphersuite_uses_psk(
+        info: *const mbedtls_ssl_ciphersuite_t,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(
+        info: *const mbedtls_ssl_ciphersuite_t,
+    ) -> usize;
+}
+/// The type of the context passed to mbedtls_psa_external_get_random().
+///
+/// Mbed TLS initializes the context to all-bits-zero before calling
+/// mbedtls_psa_external_get_random() for the first time.
+///
+/// The definition of this type in the Mbed TLS source code is for
+/// demonstration purposes. Implementers of mbedtls_psa_external_get_random()
+/// are expected to replace it with a custom definition.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_psa_external_random_context_t {
+    pub private_opaque: [usize; 2usize],
+}
+pub type psa_status_t = i32;
+/// \brief Encoding of a key type.
+///
+/// Values of this type are generally constructed by macros called
+/// `PSA_KEY_TYPE_xxx`.
+///
+/// \note Values of this type are encoded in the persistent key store.
+///       Any changes to existing values will require bumping the storage
+///       format version and providing a translation when reading the old
+///       format.
+pub type psa_key_type_t = u16;
+/// The type of PSA elliptic curve family identifiers.
+///
+/// Values of this type are generally constructed by macros called
+/// `PSA_ECC_FAMILY_xxx`.
+///
+/// The curve identifier is required to create an ECC key using the
+/// PSA_KEY_TYPE_ECC_KEY_PAIR() or PSA_KEY_TYPE_ECC_PUBLIC_KEY()
+/// macros.
+///
+/// Values defined by this standard will never be in the range 0x80-0xff.
+/// Vendors who define additional families must use an encoding in this range.
+///
+/// \note Values of this type are encoded in the persistent key store.
+///       Any changes to existing values will require bumping the storage
+///       format version and providing a translation when reading the old
+///       format.
+pub type psa_ecc_family_t = u8;
+/// The type of PSA Diffie-Hellman group family identifiers.
+///
+/// Values of this type are generally constructed by macros called
+/// `PSA_DH_FAMILY_xxx`.
+///
+/// The group identifier is required to create a Diffie-Hellman key using the
+/// PSA_KEY_TYPE_DH_KEY_PAIR() or PSA_KEY_TYPE_DH_PUBLIC_KEY()
+/// macros.
+///
+/// Values defined by this standard will never be in the range 0x80-0xff.
+/// Vendors who define additional families must use an encoding in this range.
+///
+/// \note Values of this type are encoded in the persistent key store.
+///       Any changes to existing values will require bumping the storage
+///       format version and providing a translation when reading the old
+///       format.
+pub type psa_dh_family_t = u8;
+/// \brief Encoding of a cryptographic algorithm.
+///
+/// Values of this type are generally constructed by macros called
+/// `PSA_ALG_xxx`.
+///
+/// For algorithms that can be applied to multiple key types, this type
+/// does not encode the key type. For example, for symmetric ciphers
+/// based on a block cipher, #psa_algorithm_t encodes the block cipher
+/// mode and the padding mode while the block cipher itself is encoded
+/// via #psa_key_type_t.
+///
+/// \note Values of this type are encoded in the persistent key store.
+///       Any changes to existing values will require bumping the storage
+///       format version and providing a translation when reading the old
+///       format.
+pub type psa_algorithm_t = u32;
+/// Encoding of key lifetimes.
+///
+/// The lifetime of a key indicates where it is stored and what system actions
+/// may create and destroy it.
+///
+/// Lifetime values have the following structure:
+/// - Bits 0-7 (#PSA_KEY_LIFETIME_GET_PERSISTENCE(\c lifetime)):
+///   persistence level. This value indicates what device management
+///   actions can cause it to be destroyed. In particular, it indicates
+///   whether the key is _volatile_ or _persistent_.
+///   See ::psa_key_persistence_t for more information.
+/// - Bits 8-31 (#PSA_KEY_LIFETIME_GET_LOCATION(\c lifetime)):
+///   location indicator. This value indicates which part of the system
+///   has access to the key material and can perform operations using the key.
+///   See ::psa_key_location_t for more information.
+///
+/// Volatile keys are automatically destroyed when the application instance
+/// terminates or on a power reset of the device. Persistent keys are
+/// preserved until the application explicitly destroys them or until an
+/// integration-specific device management event occurs (for example,
+/// a factory reset).
+///
+/// Persistent keys have a key identifier of type #mbedtls_svc_key_id_t.
+/// This identifier remains valid throughout the lifetime of the key,
+/// even if the application instance that created the key terminates.
+/// The application can call psa_open_key() to open a persistent key that
+/// it created previously.
+///
+/// The default lifetime of a key is #PSA_KEY_LIFETIME_VOLATILE. The lifetime
+/// #PSA_KEY_LIFETIME_PERSISTENT is supported if persistent storage is
+/// available. Other lifetime values may be supported depending on the
+/// library configuration.
+///
+/// Values of this type are generally constructed by macros called
+/// `PSA_KEY_LIFETIME_xxx`.
+///
+/// \note Values of this type are encoded in the persistent key store.
+///       Any changes to existing values will require bumping the storage
+///       format version and providing a translation when reading the old
+///       format.
+pub type psa_key_lifetime_t = u32;
+/// Encoding of key persistence levels.
+///
+/// What distinguishes different persistence levels is what device management
+/// events may cause keys to be destroyed. _Volatile_ keys are destroyed
+/// by a power reset. Persistent keys may be destroyed by events such as
+/// a transfer of ownership or a factory reset. What management events
+/// actually affect persistent keys at different levels is outside the
+/// scope of the PSA Cryptography specification.
+///
+/// The PSA Cryptography specification defines the following values of
+/// persistence levels:
+/// - \c 0 = #PSA_KEY_PERSISTENCE_VOLATILE: volatile key.
+///   A volatile key is automatically destroyed by the implementation when
+///   the application instance terminates. In particular, a volatile key
+///   is automatically destroyed on a power reset of the device.
+/// - \c 1 = #PSA_KEY_PERSISTENCE_DEFAULT:
+///   persistent key with a default lifetime.
+/// - \c 2-254: currently not supported by Mbed TLS.
+/// - \c 255 = #PSA_KEY_PERSISTENCE_READ_ONLY:
+///   read-only or write-once key.
+///   A key with this persistence level cannot be destroyed.
+///   Mbed TLS does not currently offer a way to create such keys, but
+///   integrations of Mbed TLS can use it for built-in keys that the
+///   application cannot modify (for example, a hardware unique key (HUK)).
+///
+/// \note Key persistence levels are 8-bit values. Key management
+///       interfaces operate on lifetimes (type ::psa_key_lifetime_t) which
+///       encode the persistence as the lower 8 bits of a 32-bit value.
+///
+/// \note Values of this type are encoded in the persistent key store.
+///       Any changes to existing values will require bumping the storage
+///       format version and providing a translation when reading the old
+///       format.
+pub type psa_key_persistence_t = u8;
+/// Encoding of key location indicators.
+///
+/// If an integration of Mbed TLS can make calls to external
+/// cryptoprocessors such as secure elements, the location of a key
+/// indicates which secure element performs the operations on the key.
+/// Depending on the design of the secure element, the key
+/// material may be stored either in the secure element, or
+/// in wrapped (encrypted) form alongside the key metadata in the
+/// primary local storage.
+///
+/// The PSA Cryptography API specification defines the following values of
+/// location indicators:
+/// - \c 0: primary local storage.
+///   This location is always available.
+///   The primary local storage is typically the same storage area that
+///   contains the key metadata.
+/// - \c 1: primary secure element.
+///   Integrations of Mbed TLS should support this value if there is a secure
+///   element attached to the operating environment.
+///   As a guideline, secure elements may provide higher resistance against
+///   side channel and physical attacks than the primary local storage, but may
+///   have restrictions on supported key types, sizes, policies and operations
+///   and may have different performance characteristics.
+/// - \c 2-0x7fffff: other locations defined by a PSA specification.
+///   The PSA Cryptography API does not currently assign any meaning to these
+///   locations, but future versions of that specification or other PSA
+///   specifications may do so.
+/// - \c 0x800000-0xffffff: vendor-defined locations.
+///   No PSA specification will assign a meaning to locations in this range.
+///
+/// \note Key location indicators are 24-bit values. Key management
+///       interfaces operate on lifetimes (type ::psa_key_lifetime_t) which
+///       encode the location as the upper 24 bits of a 32-bit value.
+///
+/// \note Values of this type are encoded in the persistent key store.
+///       Any changes to existing values will require bumping the storage
+///       format version and providing a translation when reading the old
+///       format.
+pub type psa_key_location_t = u32;
+/// Encoding of identifiers of persistent keys.
+///
+/// - Applications may freely choose key identifiers in the range
+///   #PSA_KEY_ID_USER_MIN to #PSA_KEY_ID_USER_MAX.
+/// - The implementation may define additional key identifiers in the range
+///   #PSA_KEY_ID_VENDOR_MIN to #PSA_KEY_ID_VENDOR_MAX.
+/// - 0 is reserved as an invalid key identifier.
+/// - Key identifiers outside these ranges are reserved for future use.
+///
+/// \note Values of this type are encoded in the persistent key store.
+///       Any changes to how values are allocated must require careful
+///       consideration to allow backward compatibility.
+pub type psa_key_id_t = u32;
+pub type mbedtls_svc_key_id_t = psa_key_id_t;
+/// \brief Encoding of permitted usage on a key.
+///
+/// Values of this type are generally constructed as bitwise-ors of macros
+/// called `PSA_KEY_USAGE_xxx`.
+///
+/// \note Values of this type are encoded in the persistent key store.
+///       Any changes to existing values will require bumping the storage
+///       format version and providing a translation when reading the old
+///       format.
+pub type psa_key_usage_t = u32;
+/// The type of a structure containing key attributes.
+///
+/// This is an opaque structure that can represent the metadata of a key
+/// object. Metadata that can be stored in attributes includes:
+/// - The location of the key in storage, indicated by its key identifier
+///   and its lifetime.
+/// - The key's policy, comprising usage flags and a specification of
+///   the permitted algorithm(s).
+/// - Information about the key itself: the key type and its size.
+/// - Additional implementation-defined attributes.
+///
+/// The actual key material is not considered an attribute of a key.
+/// Key attributes do not contain information that is generally considered
+/// highly confidential.
+///
+/// An attribute structure works like a simple data structure where each function
+/// `psa_set_key_xxx` sets a field and the corresponding function
+/// `psa_get_key_xxx` retrieves the value of the corresponding field.
+/// However, a future version of the library  may report values that are
+/// equivalent to the original one, but have a different encoding. Invalid
+/// values may be mapped to different, also invalid values.
+///
+/// An attribute structure may contain references to auxiliary resources,
+/// for example pointers to allocated memory or indirect references to
+/// pre-calculated values. In order to free such resources, the application
+/// must call psa_reset_key_attributes(). As an exception, calling
+/// psa_reset_key_attributes() on an attribute structure is optional if
+/// the structure has only been modified by the following functions
+/// since it was initialized or last reset with psa_reset_key_attributes():
+/// - psa_set_key_id()
+/// - psa_set_key_lifetime()
+/// - psa_set_key_type()
+/// - psa_set_key_bits()
+/// - psa_set_key_usage_flags()
+/// - psa_set_key_algorithm()
+///
+/// Before calling any function on a key attribute structure, the application
+/// must initialize it by any of the following means:
+/// - Set the structure to all-bits-zero, for example:
+///   \code
+///   psa_key_attributes_t attributes;
+///   memset(&attributes, 0, sizeof(attributes));
+///   \endcode
+/// - Initialize the structure to logical zero values, for example:
+///   \code
+///   psa_key_attributes_t attributes = {0};
+///   \endcode
+/// - Initialize the structure to the initializer #PSA_KEY_ATTRIBUTES_INIT,
+///   for example:
+///   \code
+///   psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+///   \endcode
+/// - Assign the result of the function psa_key_attributes_init()
+///   to the structure, for example:
+///   \code
+///   psa_key_attributes_t attributes;
+///   attributes = psa_key_attributes_init();
+///   \endcode
+///
+/// A freshly initialized attribute structure contains the following
+/// values:
+///
+/// - lifetime: #PSA_KEY_LIFETIME_VOLATILE.
+/// - key identifier: 0 (which is not a valid key identifier).
+/// - type: \c 0 (meaning that the type is unspecified).
+/// - key size: \c 0 (meaning that the size is unspecified).
+/// - usage flags: \c 0 (which allows no usage except exporting a public key).
+/// - algorithm: \c 0 (which allows no cryptographic usage, but allows
+///   exporting).
+///
+/// A typical sequence to create a key is as follows:
+/// -# Create and initialize an attribute structure.
+/// -# If the key is persistent, call psa_set_key_id().
+///    Also call psa_set_key_lifetime() to place the key in a non-default
+///    location.
+/// -# Set the key policy with psa_set_key_usage_flags() and
+///    psa_set_key_algorithm().
+/// -# Set the key type with psa_set_key_type().
+///    Skip this step if copying an existing key with psa_copy_key().
+/// -# When generating a random key with psa_generate_key() or deriving a key
+///    with psa_key_derivation_output_key(), set the desired key size with
+///    psa_set_key_bits().
+/// -# Call a key creation function: psa_import_key(), psa_generate_key(),
+///    psa_key_derivation_output_key() or psa_copy_key(). This function reads
+///    the attribute structure, creates a key with these attributes, and
+///    outputs a key identifier to the newly created key.
+/// -# The attribute structure is now no longer necessary.
+///    You may call psa_reset_key_attributes(), although this is optional
+///    with the workflow presented here because the attributes currently
+///    defined in this specification do not require any additional resources
+///    beyond the structure itself.
+///
+/// A typical sequence to query a key's attributes is as follows:
+/// -# Call psa_get_key_attributes().
+/// -# Call `psa_get_key_xxx` functions to retrieve the attribute(s) that
+///    you are interested in.
+/// -# Call psa_reset_key_attributes() to free any resources that may be
+///    used by the attribute structure.
+///
+/// Once a key has been created, it is impossible to change its attributes.
+pub type psa_key_attributes_t = psa_key_attributes_s;
+/// \brief Encoding of the step of a key derivation.
+///
+/// Values of this type are generally constructed by macros called
+/// `PSA_KEY_DERIVATION_INPUT_xxx`.
+pub type psa_key_derivation_step_t = u16;
+extern "C" {
+    /// \brief Library initialization.
+    ///
+    /// Applications must call this function before calling any other
+    /// function in this module.
+    ///
+    /// Applications may call this function more than once. Once a call
+    /// succeeds, subsequent calls are guaranteed to succeed.
+    ///
+    /// If the application calls other functions before calling psa_crypto_init(),
+    /// the behavior is undefined. Implementations are encouraged to either perform
+    /// the operation as if the library had been initialized or to return
+    /// #PSA_ERROR_BAD_STATE or some other applicable error. In particular,
+    /// implementations should not return a success status if the lack of
+    /// initialization may have security implications, for example due to improper
+    /// seeding of the random number generator.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    pub fn psa_crypto_init() -> psa_status_t;
+}
+extern "C" {
+    /// Retrieve the attributes of a key.
+    ///
+    /// This function first resets the attribute structure as with
+    /// psa_reset_key_attributes(). It then copies the attributes of
+    /// the given key into the given attribute structure.
+    ///
+    /// \note This function may allocate memory or other resources.
+    ///       Once you have called this function on an attribute structure,
+    ///       you must call psa_reset_key_attributes() to free these resources.
+    ///
+    /// \param[in] key               Identifier of the key to query.
+    /// \param[in,out] attributes    On success, the attributes of the key.
+    ///                              On failure, equivalent to a
+    ///                              freshly-initialized structure.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_get_key_attributes(
+        key: mbedtls_svc_key_id_t,
+        attributes: *mut psa_key_attributes_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Reset a key attribute structure to a freshly initialized state.
+    ///
+    /// You must initialize the attribute structure as described in the
+    /// documentation of the type #psa_key_attributes_t before calling this
+    /// function. Once the structure has been initialized, you may call this
+    /// function at any time.
+    ///
+    /// This function frees any auxiliary resources that the structure
+    /// may contain.
+    ///
+    /// \param[in,out] attributes    The attribute structure to reset.
+    pub fn psa_reset_key_attributes(attributes: *mut psa_key_attributes_t);
+}
+extern "C" {
+    /// Remove non-essential copies of key material from memory.
+    ///
+    /// If the key identifier designates a volatile key, this functions does not do
+    /// anything and returns successfully.
+    ///
+    /// If the key identifier designates a persistent key, then this function will
+    /// free all resources associated with the key in volatile memory. The key
+    /// data in persistent storage is not affected and the key can still be used.
+    ///
+    /// \param key Identifier of the key to purge.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         The key material will have been removed from memory if it is not
+    ///         currently required.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not a valid key identifier.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_purge_key(key: mbedtls_svc_key_id_t) -> psa_status_t;
+}
+extern "C" {
+    /// Make a copy of a key.
+    ///
+    /// Copy key material from one location to another.
+    ///
+    /// This function is primarily useful to copy a key from one location
+    /// to another, since it populates a key using the material from
+    /// another key which may have a different lifetime.
+    ///
+    /// This function may be used to share a key with a different party,
+    /// subject to implementation-defined restrictions on key sharing.
+    ///
+    /// The policy on the source key must have the usage flag
+    /// #PSA_KEY_USAGE_COPY set.
+    /// This flag is sufficient to permit the copy if the key has the lifetime
+    /// #PSA_KEY_LIFETIME_VOLATILE or #PSA_KEY_LIFETIME_PERSISTENT.
+    /// Some secure elements do not provide a way to copy a key without
+    /// making it extractable from the secure element. If a key is located
+    /// in such a secure element, then the key must have both usage flags
+    /// #PSA_KEY_USAGE_COPY and #PSA_KEY_USAGE_EXPORT in order to make
+    /// a copy of the key outside the secure element.
+    ///
+    /// The resulting key may only be used in a way that conforms to
+    /// both the policy of the original key and the policy specified in
+    /// the \p attributes parameter:
+    /// - The usage flags on the resulting key are the bitwise-and of the
+    ///   usage flags on the source policy and the usage flags in \p attributes.
+    /// - If both allow the same algorithm or wildcard-based
+    ///   algorithm policy, the resulting key has the same algorithm policy.
+    /// - If either of the policies allows an algorithm and the other policy
+    ///   allows a wildcard-based algorithm policy that includes this algorithm,
+    ///   the resulting key allows the same algorithm.
+    /// - If the policies do not allow any algorithm in common, this function
+    ///   fails with the status #PSA_ERROR_INVALID_ARGUMENT.
+    ///
+    /// The effect of this function on implementation-defined attributes is
+    /// implementation-defined.
+    ///
+    /// \param source_key        The key to copy. It must allow the usage
+    ///                          #PSA_KEY_USAGE_COPY. If a private or secret key is
+    ///                          being copied outside of a secure element it must
+    ///                          also allow #PSA_KEY_USAGE_EXPORT.
+    /// \param[in] attributes    The attributes for the new key.
+    ///                          They are used as follows:
+    ///                          - The key type and size may be 0. If either is
+    ///                            nonzero, it must match the corresponding
+    ///                            attribute of the source key.
+    ///                          - The key location (the lifetime and, for
+    ///                            persistent keys, the key identifier) is
+    ///                            used directly.
+    ///                          - The policy constraints (usage flags and
+    ///                            algorithm policy) are combined from
+    ///                            the source key and \p attributes so that
+    ///                            both sets of restrictions apply, as
+    ///                            described in the documentation of this function.
+    /// \param[out] target_key   On success, an identifier for the newly created
+    ///                          key. For persistent keys, this is the key
+    ///                          identifier defined in \p attributes.
+    ///                          \c 0 on failure.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_HANDLE
+    ///         \p source_key is invalid.
+    /// \retval #PSA_ERROR_ALREADY_EXISTS
+    ///         This is an attempt to create a persistent key, and there is
+    ///         already a persistent key with the given identifier.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The lifetime or identifier in \p attributes are invalid, or
+    ///         the policy constraints on the source and specified in
+    ///         \p attributes are incompatible, or
+    ///         \p attributes specifies a key type or key size
+    ///         which does not match the attributes of the source key.
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The source key does not have the #PSA_KEY_USAGE_COPY usage flag, or
+    ///         the source key is not exportable and its lifetime does not
+    ///         allow copying it to the target's lifetime.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_copy_key(
+        source_key: mbedtls_svc_key_id_t,
+        attributes: *const psa_key_attributes_t,
+        target_key: *mut mbedtls_svc_key_id_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Destroy a key.
+    ///
+    /// This function destroys a key from both volatile
+    /// memory and, if applicable, non-volatile storage. Implementations shall
+    /// make a best effort to ensure that the key material cannot be recovered.
+    ///
+    /// This function also erases any metadata such as policies and frees
+    /// resources associated with the key.
+    ///
+    /// If a key is currently in use in a multipart operation, then destroying the
+    /// key will cause the multipart operation to fail.
+    ///
+    /// \param key  Identifier of the key to erase. If this is \c 0, do nothing and
+    ///             return #PSA_SUCCESS.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         \p key was a valid identifier and the key material that it
+    ///         referred to has been erased. Alternatively, \p key is \c 0.
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The key cannot be erased because it is
+    ///         read-only, either due to a policy or due to physical restrictions.
+    /// \retval #PSA_ERROR_INVALID_HANDLE
+    ///         \p key is not a valid identifier nor \c 0.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE
+    ///         There was a failure in communication with the cryptoprocessor.
+    ///         The key material may still be present in the cryptoprocessor.
+    /// \retval #PSA_ERROR_DATA_INVALID
+    ///         This error is typically a result of either storage corruption on a
+    ///         cleartext storage backend, or an attempt to read data that was
+    ///         written by an incompatible version of the library.
+    /// \retval #PSA_ERROR_STORAGE_FAILURE
+    ///         The storage is corrupted. Implementations shall make a best effort
+    ///         to erase key material even in this stage, however applications
+    ///         should be aware that it may be impossible to guarantee that the
+    ///         key material is not recoverable in such cases.
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED
+    ///         An unexpected condition which is not a storage corruption or
+    ///         a communication failure occurred. The cryptoprocessor may have
+    ///         been compromised.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_destroy_key(key: mbedtls_svc_key_id_t) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Import a key in binary format.
+    ///
+    /// This function supports any output from psa_export_key(). Refer to the
+    /// documentation of psa_export_public_key() for the format of public keys
+    /// and to the documentation of psa_export_key() for the format for
+    /// other key types.
+    ///
+    /// The key data determines the key size. The attributes may optionally
+    /// specify a key size; in this case it must match the size determined
+    /// from the key data. A key size of 0 in \p attributes indicates that
+    /// the key size is solely determined by the key data.
+    ///
+    /// Implementations must reject an attempt to import a key of size 0.
+    ///
+    /// This specification supports a single format for each key type.
+    /// Implementations may support other formats as long as the standard
+    /// format is supported. Implementations that support other formats
+    /// should ensure that the formats are clearly unambiguous so as to
+    /// minimize the risk that an invalid input is accidentally interpreted
+    /// according to a different format.
+    ///
+    /// \param[in] attributes    The attributes for the new key.
+    ///                          The key size is always determined from the
+    ///                          \p data buffer.
+    ///                          If the key size in \p attributes is nonzero,
+    ///                          it must be equal to the size from \p data.
+    /// \param[out] key          On success, an identifier to the newly created key.
+    ///                          For persistent keys, this is the key identifier
+    ///                          defined in \p attributes.
+    ///                          \c 0 on failure.
+    /// \param[in] data    Buffer containing the key data. The content of this
+    ///                    buffer is interpreted according to the type declared
+    ///                    in \p attributes.
+    ///                    All implementations must support at least the format
+    ///                    described in the documentation
+    ///                    of psa_export_key() or psa_export_public_key() for
+    ///                    the chosen type. Implementations may allow other
+    ///                    formats, but should be conservative: implementations
+    ///                    should err on the side of rejecting content if it
+    ///                    may be erroneous (e.g. wrong type or truncated data).
+    /// \param data_length Size of the \p data buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    ///         If the key is persistent, the key material and the key's metadata
+    ///         have been saved to persistent storage.
+    /// \retval #PSA_ERROR_ALREADY_EXISTS
+    ///         This is an attempt to create a persistent key, and there is
+    ///         already a persistent key with the given identifier.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         The key type or key size is not supported, either by the
+    ///         implementation in general or in this particular persistent location.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The key attributes, as a whole, are invalid, or
+    ///         the key data is not correctly formatted, or
+    ///         the size in \p attributes is nonzero and does not match the size
+    ///         of the key data.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_import_key(
+        attributes: *const psa_key_attributes_t,
+        data: *const u8,
+        data_length: usize,
+        key: *mut mbedtls_svc_key_id_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Export a key in binary format.
+    ///
+    /// The output of this function can be passed to psa_import_key() to
+    /// create an equivalent object.
+    ///
+    /// If the implementation of psa_import_key() supports other formats
+    /// beyond the format specified here, the output from psa_export_key()
+    /// must use the representation specified here, not the original
+    /// representation.
+    ///
+    /// For standard key types, the output format is as follows:
+    ///
+    /// - For symmetric keys (including MAC keys), the format is the
+    ///   raw bytes of the key.
+    /// - For DES, the key data consists of 8 bytes. The parity bits must be
+    ///   correct.
+    /// - For Triple-DES, the format is the concatenation of the
+    ///   two or three DES keys.
+    /// - For RSA key pairs (#PSA_KEY_TYPE_RSA_KEY_PAIR), the format
+    ///   is the non-encrypted DER encoding of the representation defined by
+    ///   PKCS\#1 (RFC 8017) as `RSAPrivateKey`, version 0.
+    ///   ```
+    ///   RSAPrivateKey ::= SEQUENCE {
+    ///       version             INTEGER,  -- must be 0
+    ///       modulus             INTEGER,  -- n
+    ///       publicExponent      INTEGER,  -- e
+    ///       privateExponent     INTEGER,  -- d
+    ///       prime1              INTEGER,  -- p
+    ///       prime2              INTEGER,  -- q
+    ///       exponent1           INTEGER,  -- d mod (p-1)
+    ///       exponent2           INTEGER,  -- d mod (q-1)
+    ///       coefficient         INTEGER,  -- (inverse of q) mod p
+    ///   }
+    ///   ```
+    /// - For elliptic curve key pairs (key types for which
+    ///   #PSA_KEY_TYPE_IS_ECC_KEY_PAIR is true), the format is
+    ///   a representation of the private value as a `ceiling(m/8)`-byte string
+    ///   where `m` is the bit size associated with the curve, i.e. the bit size
+    ///   of the order of the curve's coordinate field. This byte string is
+    ///   in little-endian order for Montgomery curves (curve types
+    ///   `PSA_ECC_FAMILY_CURVEXXX`), and in big-endian order for Weierstrass
+    ///   curves (curve types `PSA_ECC_FAMILY_SECTXXX`, `PSA_ECC_FAMILY_SECPXXX`
+    ///   and `PSA_ECC_FAMILY_BRAINPOOL_PXXX`).
+    ///   For Weierstrass curves, this is the content of the `privateKey` field of
+    ///   the `ECPrivateKey` format defined by RFC 5915.  For Montgomery curves,
+    ///   the format is defined by RFC 7748, and output is masked according to §5.
+    ///   For twisted Edwards curves, the private key is as defined by RFC 8032
+    ///   (a 32-byte string for Edwards25519, a 57-byte string for Edwards448).
+    /// - For Diffie-Hellman key exchange key pairs (key types for which
+    ///   #PSA_KEY_TYPE_IS_DH_KEY_PAIR is true), the
+    ///   format is the representation of the private key `x` as a big-endian byte
+    ///   string. The length of the byte string is the private key size in bytes
+    ///   (leading zeroes are not stripped).
+    /// - For public keys (key types for which #PSA_KEY_TYPE_IS_PUBLIC_KEY is
+    ///   true), the format is the same as for psa_export_public_key().
+    ///
+    /// The policy on the key must have the usage flag #PSA_KEY_USAGE_EXPORT set.
+    ///
+    /// \param key               Identifier of the key to export. It must allow the
+    ///                          usage #PSA_KEY_USAGE_EXPORT, unless it is a public
+    ///                          key.
+    /// \param[out] data         Buffer where the key data is to be written.
+    /// \param data_size         Size of the \p data buffer in bytes.
+    /// \param[out] data_length  On success, the number of bytes
+    ///                          that make up the key data.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The key does not have the #PSA_KEY_USAGE_EXPORT flag.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p data buffer is too small. You can determine a
+    ///         sufficient buffer size by calling
+    ///         #PSA_EXPORT_KEY_OUTPUT_SIZE(\c type, \c bits)
+    ///         where \c type is the key type
+    ///         and \c bits is the key size in bits.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_export_key(
+        key: mbedtls_svc_key_id_t,
+        data: *mut u8,
+        data_size: usize,
+        data_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Export a public key or the public part of a key pair in binary format.
+    ///
+    /// The output of this function can be passed to psa_import_key() to
+    /// create an object that is equivalent to the public key.
+    ///
+    /// This specification supports a single format for each key type.
+    /// Implementations may support other formats as long as the standard
+    /// format is supported. Implementations that support other formats
+    /// should ensure that the formats are clearly unambiguous so as to
+    /// minimize the risk that an invalid input is accidentally interpreted
+    /// according to a different format.
+    ///
+    /// For standard key types, the output format is as follows:
+    /// - For RSA public keys (#PSA_KEY_TYPE_RSA_PUBLIC_KEY), the DER encoding of
+    ///   the representation defined by RFC 3279 &sect;2.3.1 as `RSAPublicKey`.
+    ///   ```
+    ///   RSAPublicKey ::= SEQUENCE {
+    ///      modulus            INTEGER,    -- n
+    ///      publicExponent     INTEGER  }  -- e
+    ///   ```
+    /// - For elliptic curve keys on a twisted Edwards curve (key types for which
+    ///   #PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY is true and #PSA_KEY_TYPE_ECC_GET_FAMILY
+    ///   returns #PSA_ECC_FAMILY_TWISTED_EDWARDS), the public key is as defined
+    ///   by RFC 8032
+    ///   (a 32-byte string for Edwards25519, a 57-byte string for Edwards448).
+    /// - For other elliptic curve public keys (key types for which
+    ///   #PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY is true), the format is the uncompressed
+    ///   representation defined by SEC1 &sect;2.3.3 as the content of an ECPoint.
+    ///   Let `m` be the bit size associated with the curve, i.e. the bit size of
+    ///   `q` for a curve over `F_q`. The representation consists of:
+    ///      - The byte 0x04;
+    ///      - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
+    ///      - `y_P` as a `ceiling(m/8)`-byte string, big-endian.
+    /// - For Diffie-Hellman key exchange public keys (key types for which
+    ///   #PSA_KEY_TYPE_IS_DH_PUBLIC_KEY is true),
+    ///   the format is the representation of the public key `y = g^x mod p` as a
+    ///   big-endian byte string. The length of the byte string is the length of the
+    ///   base prime `p` in bytes.
+    ///
+    /// Exporting a public key object or the public part of a key pair is
+    /// always permitted, regardless of the key's usage flags.
+    ///
+    /// \param key               Identifier of the key to export.
+    /// \param[out] data         Buffer where the key data is to be written.
+    /// \param data_size         Size of the \p data buffer in bytes.
+    /// \param[out] data_length  On success, the number of bytes
+    ///                          that make up the key data.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The key is neither a public key nor a key pair.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p data buffer is too small. You can determine a
+    ///         sufficient buffer size by calling
+    ///         #PSA_EXPORT_KEY_OUTPUT_SIZE(#PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(\c type), \c bits)
+    ///         where \c type is the key type
+    ///         and \c bits is the key size in bits.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_export_public_key(
+        key: mbedtls_svc_key_id_t,
+        data: *mut u8,
+        data_size: usize,
+        data_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Calculate the hash (digest) of a message.
+    ///
+    /// \note To verify the hash of a message against an
+    ///       expected value, use psa_hash_compare() instead.
+    ///
+    /// \param alg               The hash algorithm to compute (\c PSA_ALG_XXX value
+    ///                          such that #PSA_ALG_IS_HASH(\p alg) is true).
+    /// \param[in] input         Buffer containing the message to hash.
+    /// \param input_length      Size of the \p input buffer in bytes.
+    /// \param[out] hash         Buffer where the hash is to be written.
+    /// \param hash_size         Size of the \p hash buffer in bytes.
+    /// \param[out] hash_length  On success, the number of bytes
+    ///                          that make up the hash value. This is always
+    ///                          #PSA_HASH_LENGTH(\p alg).
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not a hash algorithm.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         \p hash_size is too small
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_hash_compute(
+        alg: psa_algorithm_t,
+        input: *const u8,
+        input_length: usize,
+        hash: *mut u8,
+        hash_size: usize,
+        hash_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Calculate the hash (digest) of a message and compare it with a
+    /// reference value.
+    ///
+    /// \param alg               The hash algorithm to compute (\c PSA_ALG_XXX value
+    ///                          such that #PSA_ALG_IS_HASH(\p alg) is true).
+    /// \param[in] input         Buffer containing the message to hash.
+    /// \param input_length      Size of the \p input buffer in bytes.
+    /// \param[out] hash         Buffer containing the expected hash value.
+    /// \param hash_length       Size of the \p hash buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         The expected hash is identical to the actual hash of the input.
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The hash of the message was calculated successfully, but it
+    ///         differs from the expected hash.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not a hash algorithm.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p input_length or \p hash_length do not match the hash size for \p alg
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_hash_compare(
+        alg: psa_algorithm_t,
+        input: *const u8,
+        input_length: usize,
+        hash: *const u8,
+        hash_length: usize,
+    ) -> psa_status_t;
+}
+/// The type of the state data structure for multipart hash operations.
+///
+/// Before calling any function on a hash operation object, the application must
+/// initialize it by any of the following means:
+/// - Set the structure to all-bits-zero, for example:
+///   \code
+///   psa_hash_operation_t operation;
+///   memset(&operation, 0, sizeof(operation));
+///   \endcode
+/// - Initialize the structure to logical zero values, for example:
+///   \code
+///   psa_hash_operation_t operation = {0};
+///   \endcode
+/// - Initialize the structure to the initializer #PSA_HASH_OPERATION_INIT,
+///   for example:
+///   \code
+///   psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
+///   \endcode
+/// - Assign the result of the function psa_hash_operation_init()
+///   to the structure, for example:
+///   \code
+///   psa_hash_operation_t operation;
+///   operation = psa_hash_operation_init();
+///   \endcode
+///
+/// This is an implementation-defined \c struct. Applications should not
+/// make any assumptions about the content of this structure.
+/// Implementation details can change in future versions without notice.
+pub type psa_hash_operation_t = psa_hash_operation_s;
+extern "C" {
+    /// Set up a multipart hash operation.
+    ///
+    /// The sequence of operations to calculate a hash (message digest)
+    /// is as follows:
+    /// -# Allocate an operation object which will be passed to all the functions
+    ///    listed here.
+    /// -# Initialize the operation object with one of the methods described in the
+    ///    documentation for #psa_hash_operation_t, e.g. #PSA_HASH_OPERATION_INIT.
+    /// -# Call psa_hash_setup() to specify the algorithm.
+    /// -# Call psa_hash_update() zero, one or more times, passing a fragment
+    ///    of the message each time. The hash that is calculated is the hash
+    ///    of the concatenation of these messages in order.
+    /// -# To calculate the hash, call psa_hash_finish().
+    ///    To compare the hash with an expected value, call psa_hash_verify().
+    ///
+    /// If an error occurs at any step after a call to psa_hash_setup(), the
+    /// operation will need to be reset by a call to psa_hash_abort(). The
+    /// application may call psa_hash_abort() at any time after the operation
+    /// has been initialized.
+    ///
+    /// After a successful call to psa_hash_setup(), the application must
+    /// eventually terminate the operation. The following events terminate an
+    /// operation:
+    /// - A successful call to psa_hash_finish() or psa_hash_verify().
+    /// - A call to psa_hash_abort().
+    ///
+    /// \param[in,out] operation The operation object to set up. It must have
+    ///                          been initialized as per the documentation for
+    ///                          #psa_hash_operation_t and not yet in use.
+    /// \param alg               The hash algorithm to compute (\c PSA_ALG_XXX value
+    ///                          such that #PSA_ALG_IS_HASH(\p alg) is true).
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not a supported hash algorithm.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p alg is not a hash algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be inactive), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_hash_setup(
+        operation: *mut psa_hash_operation_t,
+        alg: psa_algorithm_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Add a message fragment to a multipart hash operation.
+    ///
+    /// The application must call psa_hash_setup() before calling this function.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_hash_abort().
+    ///
+    /// \param[in,out] operation Active hash operation.
+    /// \param[in] input         Buffer containing the message fragment to hash.
+    /// \param input_length      Size of the \p input buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_hash_update(
+        operation: *mut psa_hash_operation_t,
+        input: *const u8,
+        input_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Finish the calculation of the hash of a message.
+    ///
+    /// The application must call psa_hash_setup() before calling this function.
+    /// This function calculates the hash of the message formed by concatenating
+    /// the inputs passed to preceding calls to psa_hash_update().
+    ///
+    /// When this function returns successfully, the operation becomes inactive.
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_hash_abort().
+    ///
+    /// \warning Applications should not call this function if they expect
+    ///          a specific value for the hash. Call psa_hash_verify() instead.
+    ///          Beware that comparing integrity or authenticity data such as
+    ///          hash values with a function such as \c memcmp is risky
+    ///          because the time taken by the comparison may leak information
+    ///          about the hashed data which could allow an attacker to guess
+    ///          a valid hash and thereby bypass security controls.
+    ///
+    /// \param[in,out] operation     Active hash operation.
+    /// \param[out] hash             Buffer where the hash is to be written.
+    /// \param hash_size             Size of the \p hash buffer in bytes.
+    /// \param[out] hash_length      On success, the number of bytes
+    ///                              that make up the hash value. This is always
+    ///                              #PSA_HASH_LENGTH(\c alg) where \c alg is the
+    ///                              hash algorithm that is calculated.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p hash buffer is too small. You can determine a
+    ///         sufficient buffer size by calling #PSA_HASH_LENGTH(\c alg)
+    ///         where \c alg is the hash algorithm that is calculated.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_hash_finish(
+        operation: *mut psa_hash_operation_t,
+        hash: *mut u8,
+        hash_size: usize,
+        hash_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Finish the calculation of the hash of a message and compare it with
+    /// an expected value.
+    ///
+    /// The application must call psa_hash_setup() before calling this function.
+    /// This function calculates the hash of the message formed by concatenating
+    /// the inputs passed to preceding calls to psa_hash_update(). It then
+    /// compares the calculated hash with the expected hash passed as a
+    /// parameter to this function.
+    ///
+    /// When this function returns successfully, the operation becomes inactive.
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_hash_abort().
+    ///
+    /// \note Implementations shall make the best effort to ensure that the
+    /// comparison between the actual hash and the expected hash is performed
+    /// in constant time.
+    ///
+    /// \param[in,out] operation     Active hash operation.
+    /// \param[in] hash              Buffer containing the expected hash value.
+    /// \param hash_length           Size of the \p hash buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         The expected hash is identical to the actual hash of the message.
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The hash of the message was calculated successfully, but it
+    ///         differs from the expected hash.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_hash_verify(
+        operation: *mut psa_hash_operation_t,
+        hash: *const u8,
+        hash_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Abort a hash operation.
+    ///
+    /// Aborting an operation frees all associated resources except for the
+    /// \p operation structure itself. Once aborted, the operation object
+    /// can be reused for another operation by calling
+    /// psa_hash_setup() again.
+    ///
+    /// You may call this function any time after the operation object has
+    /// been initialized by one of the methods described in #psa_hash_operation_t.
+    ///
+    /// In particular, calling psa_hash_abort() after the operation has been
+    /// terminated by a call to psa_hash_abort(), psa_hash_finish() or
+    /// psa_hash_verify() is safe and has no effect.
+    ///
+    /// \param[in,out] operation     Initialized hash operation.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_hash_abort(operation: *mut psa_hash_operation_t) -> psa_status_t;
+}
+extern "C" {
+    /// Clone a hash operation.
+    ///
+    /// This function copies the state of an ongoing hash operation to
+    /// a new operation object. In other words, this function is equivalent
+    /// to calling psa_hash_setup() on \p target_operation with the same
+    /// algorithm that \p source_operation was set up for, then
+    /// psa_hash_update() on \p target_operation with the same input that
+    /// that was passed to \p source_operation. After this function returns, the
+    /// two objects are independent, i.e. subsequent calls involving one of
+    /// the objects do not affect the other object.
+    ///
+    /// \param[in] source_operation      The active hash operation to clone.
+    /// \param[in,out] target_operation  The operation object to set up.
+    ///                                  It must be initialized but not active.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The \p source_operation state is not valid (it must be active), or
+    ///         the \p target_operation state is not valid (it must be inactive), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_hash_clone(
+        source_operation: *const psa_hash_operation_t,
+        target_operation: *mut psa_hash_operation_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Calculate the MAC (message authentication code) of a message.
+    ///
+    /// \note To verify the MAC of a message against an
+    ///       expected value, use psa_mac_verify() instead.
+    ///       Beware that comparing integrity or authenticity data such as
+    ///       MAC values with a function such as \c memcmp is risky
+    ///       because the time taken by the comparison may leak information
+    ///       about the MAC value which could allow an attacker to guess
+    ///       a valid MAC and thereby bypass security controls.
+    ///
+    /// \param key               Identifier of the key to use for the operation. It
+    ///                          must allow the usage PSA_KEY_USAGE_SIGN_MESSAGE.
+    /// \param alg               The MAC algorithm to compute (\c PSA_ALG_XXX value
+    ///                          such that #PSA_ALG_IS_MAC(\p alg) is true).
+    /// \param[in] input         Buffer containing the input message.
+    /// \param input_length      Size of the \p input buffer in bytes.
+    /// \param[out] mac          Buffer where the MAC value is to be written.
+    /// \param mac_size          Size of the \p mac buffer in bytes.
+    /// \param[out] mac_length   On success, the number of bytes
+    ///                          that make up the MAC value.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not compatible with \p alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not a MAC algorithm.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         \p mac_size is too small
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE
+    ///         The key could not be retrieved from storage.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_mac_compute(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        input: *const u8,
+        input_length: usize,
+        mac: *mut u8,
+        mac_size: usize,
+        mac_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Calculate the MAC of a message and compare it with a reference value.
+    ///
+    /// \param key               Identifier of the key to use for the operation. It
+    ///                          must allow the usage PSA_KEY_USAGE_VERIFY_MESSAGE.
+    /// \param alg               The MAC algorithm to compute (\c PSA_ALG_XXX value
+    ///                          such that #PSA_ALG_IS_MAC(\p alg) is true).
+    /// \param[in] input         Buffer containing the input message.
+    /// \param input_length      Size of the \p input buffer in bytes.
+    /// \param[out] mac          Buffer containing the expected MAC value.
+    /// \param mac_length        Size of the \p mac buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         The expected MAC is identical to the actual MAC of the input.
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The MAC of the message was calculated successfully, but it
+    ///         differs from the expected value.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not compatible with \p alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not a MAC algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE
+    ///         The key could not be retrieved from storage.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_mac_verify(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        input: *const u8,
+        input_length: usize,
+        mac: *const u8,
+        mac_length: usize,
+    ) -> psa_status_t;
+}
+/// The type of the state data structure for multipart MAC operations.
+///
+/// Before calling any function on a MAC operation object, the application must
+/// initialize it by any of the following means:
+/// - Set the structure to all-bits-zero, for example:
+///   \code
+///   psa_mac_operation_t operation;
+///   memset(&operation, 0, sizeof(operation));
+///   \endcode
+/// - Initialize the structure to logical zero values, for example:
+///   \code
+///   psa_mac_operation_t operation = {0};
+///   \endcode
+/// - Initialize the structure to the initializer #PSA_MAC_OPERATION_INIT,
+///   for example:
+///   \code
+///   psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+///   \endcode
+/// - Assign the result of the function psa_mac_operation_init()
+///   to the structure, for example:
+///   \code
+///   psa_mac_operation_t operation;
+///   operation = psa_mac_operation_init();
+///   \endcode
+///
+///
+/// This is an implementation-defined \c struct. Applications should not
+/// make any assumptions about the content of this structure.
+/// Implementation details can change in future versions without notice.
+pub type psa_mac_operation_t = psa_mac_operation_s;
+extern "C" {
+    /// Set up a multipart MAC calculation operation.
+    ///
+    /// This function sets up the calculation of the MAC
+    /// (message authentication code) of a byte string.
+    /// To verify the MAC of a message against an
+    /// expected value, use psa_mac_verify_setup() instead.
+    ///
+    /// The sequence of operations to calculate a MAC is as follows:
+    /// -# Allocate an operation object which will be passed to all the functions
+    ///    listed here.
+    /// -# Initialize the operation object with one of the methods described in the
+    ///    documentation for #psa_mac_operation_t, e.g. #PSA_MAC_OPERATION_INIT.
+    /// -# Call psa_mac_sign_setup() to specify the algorithm and key.
+    /// -# Call psa_mac_update() zero, one or more times, passing a fragment
+    ///    of the message each time. The MAC that is calculated is the MAC
+    ///    of the concatenation of these messages in order.
+    /// -# At the end of the message, call psa_mac_sign_finish() to finish
+    ///    calculating the MAC value and retrieve it.
+    ///
+    /// If an error occurs at any step after a call to psa_mac_sign_setup(), the
+    /// operation will need to be reset by a call to psa_mac_abort(). The
+    /// application may call psa_mac_abort() at any time after the operation
+    /// has been initialized.
+    ///
+    /// After a successful call to psa_mac_sign_setup(), the application must
+    /// eventually terminate the operation through one of the following methods:
+    /// - A successful call to psa_mac_sign_finish().
+    /// - A call to psa_mac_abort().
+    ///
+    /// \param[in,out] operation The operation object to set up. It must have
+    ///                          been initialized as per the documentation for
+    ///                          #psa_mac_operation_t and not yet in use.
+    /// \param key               Identifier of the key to use for the operation. It
+    ///                          must remain valid until the operation terminates.
+    ///                          It must allow the usage PSA_KEY_USAGE_SIGN_MESSAGE.
+    /// \param alg               The MAC algorithm to compute (\c PSA_ALG_XXX value
+    ///                          such that #PSA_ALG_IS_MAC(\p alg) is true).
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not compatible with \p alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not a MAC algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE
+    ///         The key could not be retrieved from storage.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be inactive), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_mac_sign_setup(
+        operation: *mut psa_mac_operation_t,
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Set up a multipart MAC verification operation.
+    ///
+    /// This function sets up the verification of the MAC
+    /// (message authentication code) of a byte string against an expected value.
+    ///
+    /// The sequence of operations to verify a MAC is as follows:
+    /// -# Allocate an operation object which will be passed to all the functions
+    ///    listed here.
+    /// -# Initialize the operation object with one of the methods described in the
+    ///    documentation for #psa_mac_operation_t, e.g. #PSA_MAC_OPERATION_INIT.
+    /// -# Call psa_mac_verify_setup() to specify the algorithm and key.
+    /// -# Call psa_mac_update() zero, one or more times, passing a fragment
+    ///    of the message each time. The MAC that is calculated is the MAC
+    ///    of the concatenation of these messages in order.
+    /// -# At the end of the message, call psa_mac_verify_finish() to finish
+    ///    calculating the actual MAC of the message and verify it against
+    ///    the expected value.
+    ///
+    /// If an error occurs at any step after a call to psa_mac_verify_setup(), the
+    /// operation will need to be reset by a call to psa_mac_abort(). The
+    /// application may call psa_mac_abort() at any time after the operation
+    /// has been initialized.
+    ///
+    /// After a successful call to psa_mac_verify_setup(), the application must
+    /// eventually terminate the operation through one of the following methods:
+    /// - A successful call to psa_mac_verify_finish().
+    /// - A call to psa_mac_abort().
+    ///
+    /// \param[in,out] operation The operation object to set up. It must have
+    ///                          been initialized as per the documentation for
+    ///                          #psa_mac_operation_t and not yet in use.
+    /// \param key               Identifier of the key to use for the operation. It
+    ///                          must remain valid until the operation terminates.
+    ///                          It must allow the usage
+    ///                          PSA_KEY_USAGE_VERIFY_MESSAGE.
+    /// \param alg               The MAC algorithm to compute (\c PSA_ALG_XXX value
+    ///                          such that #PSA_ALG_IS_MAC(\p alg) is true).
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \c key is not compatible with \c alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \c alg is not supported or is not a MAC algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE
+    ///         The key could not be retrieved from storage.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be inactive), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_mac_verify_setup(
+        operation: *mut psa_mac_operation_t,
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Add a message fragment to a multipart MAC operation.
+    ///
+    /// The application must call psa_mac_sign_setup() or psa_mac_verify_setup()
+    /// before calling this function.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_mac_abort().
+    ///
+    /// \param[in,out] operation Active MAC operation.
+    /// \param[in] input         Buffer containing the message fragment to add to
+    ///                          the MAC calculation.
+    /// \param input_length      Size of the \p input buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_mac_update(
+        operation: *mut psa_mac_operation_t,
+        input: *const u8,
+        input_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Finish the calculation of the MAC of a message.
+    ///
+    /// The application must call psa_mac_sign_setup() before calling this function.
+    /// This function calculates the MAC of the message formed by concatenating
+    /// the inputs passed to preceding calls to psa_mac_update().
+    ///
+    /// When this function returns successfully, the operation becomes inactive.
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_mac_abort().
+    ///
+    /// \warning Applications should not call this function if they expect
+    ///          a specific value for the MAC. Call psa_mac_verify_finish() instead.
+    ///          Beware that comparing integrity or authenticity data such as
+    ///          MAC values with a function such as \c memcmp is risky
+    ///          because the time taken by the comparison may leak information
+    ///          about the MAC value which could allow an attacker to guess
+    ///          a valid MAC and thereby bypass security controls.
+    ///
+    /// \param[in,out] operation Active MAC operation.
+    /// \param[out] mac          Buffer where the MAC value is to be written.
+    /// \param mac_size          Size of the \p mac buffer in bytes.
+    /// \param[out] mac_length   On success, the number of bytes
+    ///                          that make up the MAC value. This is always
+    ///                          #PSA_MAC_LENGTH(\c key_type, \c key_bits, \c alg)
+    ///                          where \c key_type and \c key_bits are the type and
+    ///                          bit-size respectively of the key and \c alg is the
+    ///                          MAC algorithm that is calculated.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p mac buffer is too small. You can determine a
+    ///         sufficient buffer size by calling PSA_MAC_LENGTH().
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be an active mac sign
+    ///         operation), or the library has not been previously initialized
+    ///         by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_mac_sign_finish(
+        operation: *mut psa_mac_operation_t,
+        mac: *mut u8,
+        mac_size: usize,
+        mac_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Finish the calculation of the MAC of a message and compare it with
+    /// an expected value.
+    ///
+    /// The application must call psa_mac_verify_setup() before calling this function.
+    /// This function calculates the MAC of the message formed by concatenating
+    /// the inputs passed to preceding calls to psa_mac_update(). It then
+    /// compares the calculated MAC with the expected MAC passed as a
+    /// parameter to this function.
+    ///
+    /// When this function returns successfully, the operation becomes inactive.
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_mac_abort().
+    ///
+    /// \note Implementations shall make the best effort to ensure that the
+    /// comparison between the actual MAC and the expected MAC is performed
+    /// in constant time.
+    ///
+    /// \param[in,out] operation Active MAC operation.
+    /// \param[in] mac           Buffer containing the expected MAC value.
+    /// \param mac_length        Size of the \p mac buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         The expected MAC is identical to the actual MAC of the message.
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The MAC of the message was calculated successfully, but it
+    ///         differs from the expected MAC.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be an active mac verify
+    ///         operation), or the library has not been previously initialized
+    ///         by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_mac_verify_finish(
+        operation: *mut psa_mac_operation_t,
+        mac: *const u8,
+        mac_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Abort a MAC operation.
+    ///
+    /// Aborting an operation frees all associated resources except for the
+    /// \p operation structure itself. Once aborted, the operation object
+    /// can be reused for another operation by calling
+    /// psa_mac_sign_setup() or psa_mac_verify_setup() again.
+    ///
+    /// You may call this function any time after the operation object has
+    /// been initialized by one of the methods described in #psa_mac_operation_t.
+    ///
+    /// In particular, calling psa_mac_abort() after the operation has been
+    /// terminated by a call to psa_mac_abort(), psa_mac_sign_finish() or
+    /// psa_mac_verify_finish() is safe and has no effect.
+    ///
+    /// \param[in,out] operation Initialized MAC operation.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_mac_abort(operation: *mut psa_mac_operation_t) -> psa_status_t;
+}
+extern "C" {
+    /// Encrypt a message using a symmetric cipher.
+    ///
+    /// This function encrypts a message with a random IV (initialization
+    /// vector). Use the multipart operation interface with a
+    /// #psa_cipher_operation_t object to provide other forms of IV.
+    ///
+    /// \param key                   Identifier of the key to use for the operation.
+    ///                              It must allow the usage #PSA_KEY_USAGE_ENCRYPT.
+    /// \param alg                   The cipher algorithm to compute
+    ///                              (\c PSA_ALG_XXX value such that
+    ///                              #PSA_ALG_IS_CIPHER(\p alg) is true).
+    /// \param[in] input             Buffer containing the message to encrypt.
+    /// \param input_length          Size of the \p input buffer in bytes.
+    /// \param[out] output           Buffer where the output is to be written.
+    ///                              The output contains the IV followed by
+    ///                              the ciphertext proper.
+    /// \param output_size           Size of the \p output buffer in bytes.
+    /// \param[out] output_length    On success, the number of bytes
+    ///                              that make up the output.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not compatible with \p alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not a cipher algorithm.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_cipher_encrypt(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        input: *const u8,
+        input_length: usize,
+        output: *mut u8,
+        output_size: usize,
+        output_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Decrypt a message using a symmetric cipher.
+    ///
+    /// This function decrypts a message encrypted with a symmetric cipher.
+    ///
+    /// \param key                   Identifier of the key to use for the operation.
+    ///                              It must remain valid until the operation
+    ///                              terminates. It must allow the usage
+    ///                              #PSA_KEY_USAGE_DECRYPT.
+    /// \param alg                   The cipher algorithm to compute
+    ///                              (\c PSA_ALG_XXX value such that
+    ///                              #PSA_ALG_IS_CIPHER(\p alg) is true).
+    /// \param[in] input             Buffer containing the message to decrypt.
+    ///                              This consists of the IV followed by the
+    ///                              ciphertext proper.
+    /// \param input_length          Size of the \p input buffer in bytes.
+    /// \param[out] output           Buffer where the plaintext is to be written.
+    /// \param output_size           Size of the \p output buffer in bytes.
+    /// \param[out] output_length    On success, the number of bytes
+    ///                              that make up the output.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not compatible with \p alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not a cipher algorithm.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_cipher_decrypt(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        input: *const u8,
+        input_length: usize,
+        output: *mut u8,
+        output_size: usize,
+        output_length: *mut usize,
+    ) -> psa_status_t;
+}
+/// The type of the state data structure for multipart cipher operations.
+///
+/// Before calling any function on a cipher operation object, the application
+/// must initialize it by any of the following means:
+/// - Set the structure to all-bits-zero, for example:
+///   \code
+///   psa_cipher_operation_t operation;
+///   memset(&operation, 0, sizeof(operation));
+///   \endcode
+/// - Initialize the structure to logical zero values, for example:
+///   \code
+///   psa_cipher_operation_t operation = {0};
+///   \endcode
+/// - Initialize the structure to the initializer #PSA_CIPHER_OPERATION_INIT,
+///   for example:
+///   \code
+///   psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+///   \endcode
+/// - Assign the result of the function psa_cipher_operation_init()
+///   to the structure, for example:
+///   \code
+///   psa_cipher_operation_t operation;
+///   operation = psa_cipher_operation_init();
+///   \endcode
+///
+/// This is an implementation-defined \c struct. Applications should not
+/// make any assumptions about the content of this structure.
+/// Implementation details can change in future versions without notice.
+pub type psa_cipher_operation_t = psa_cipher_operation_s;
+extern "C" {
+    /// Set the key for a multipart symmetric encryption operation.
+    ///
+    /// The sequence of operations to encrypt a message with a symmetric cipher
+    /// is as follows:
+    /// -# Allocate an operation object which will be passed to all the functions
+    ///    listed here.
+    /// -# Initialize the operation object with one of the methods described in the
+    ///    documentation for #psa_cipher_operation_t, e.g.
+    ///    #PSA_CIPHER_OPERATION_INIT.
+    /// -# Call psa_cipher_encrypt_setup() to specify the algorithm and key.
+    /// -# Call either psa_cipher_generate_iv() or psa_cipher_set_iv() to
+    ///    generate or set the IV (initialization vector). You should use
+    ///    psa_cipher_generate_iv() unless the protocol you are implementing
+    ///    requires a specific IV value.
+    /// -# Call psa_cipher_update() zero, one or more times, passing a fragment
+    ///    of the message each time.
+    /// -# Call psa_cipher_finish().
+    ///
+    /// If an error occurs at any step after a call to psa_cipher_encrypt_setup(),
+    /// the operation will need to be reset by a call to psa_cipher_abort(). The
+    /// application may call psa_cipher_abort() at any time after the operation
+    /// has been initialized.
+    ///
+    /// After a successful call to psa_cipher_encrypt_setup(), the application must
+    /// eventually terminate the operation. The following events terminate an
+    /// operation:
+    /// - A successful call to psa_cipher_finish().
+    /// - A call to psa_cipher_abort().
+    ///
+    /// \param[in,out] operation     The operation object to set up. It must have
+    ///                              been initialized as per the documentation for
+    ///                              #psa_cipher_operation_t and not yet in use.
+    /// \param key                   Identifier of the key to use for the operation.
+    ///                              It must remain valid until the operation
+    ///                              terminates. It must allow the usage
+    ///                              #PSA_KEY_USAGE_ENCRYPT.
+    /// \param alg                   The cipher algorithm to compute
+    ///                              (\c PSA_ALG_XXX value such that
+    ///                              #PSA_ALG_IS_CIPHER(\p alg) is true).
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not compatible with \p alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not a cipher algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be inactive), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_cipher_encrypt_setup(
+        operation: *mut psa_cipher_operation_t,
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Set the key for a multipart symmetric decryption operation.
+    ///
+    /// The sequence of operations to decrypt a message with a symmetric cipher
+    /// is as follows:
+    /// -# Allocate an operation object which will be passed to all the functions
+    ///    listed here.
+    /// -# Initialize the operation object with one of the methods described in the
+    ///    documentation for #psa_cipher_operation_t, e.g.
+    ///    #PSA_CIPHER_OPERATION_INIT.
+    /// -# Call psa_cipher_decrypt_setup() to specify the algorithm and key.
+    /// -# Call psa_cipher_set_iv() with the IV (initialization vector) for the
+    ///    decryption. If the IV is prepended to the ciphertext, you can call
+    ///    psa_cipher_update() on a buffer containing the IV followed by the
+    ///    beginning of the message.
+    /// -# Call psa_cipher_update() zero, one or more times, passing a fragment
+    ///    of the message each time.
+    /// -# Call psa_cipher_finish().
+    ///
+    /// If an error occurs at any step after a call to psa_cipher_decrypt_setup(),
+    /// the operation will need to be reset by a call to psa_cipher_abort(). The
+    /// application may call psa_cipher_abort() at any time after the operation
+    /// has been initialized.
+    ///
+    /// After a successful call to psa_cipher_decrypt_setup(), the application must
+    /// eventually terminate the operation. The following events terminate an
+    /// operation:
+    /// - A successful call to psa_cipher_finish().
+    /// - A call to psa_cipher_abort().
+    ///
+    /// \param[in,out] operation     The operation object to set up. It must have
+    ///                              been initialized as per the documentation for
+    ///                              #psa_cipher_operation_t and not yet in use.
+    /// \param key                   Identifier of the key to use for the operation.
+    ///                              It must remain valid until the operation
+    ///                              terminates. It must allow the usage
+    ///                              #PSA_KEY_USAGE_DECRYPT.
+    /// \param alg                   The cipher algorithm to compute
+    ///                              (\c PSA_ALG_XXX value such that
+    ///                              #PSA_ALG_IS_CIPHER(\p alg) is true).
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not compatible with \p alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not a cipher algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be inactive), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_cipher_decrypt_setup(
+        operation: *mut psa_cipher_operation_t,
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Generate an IV for a symmetric encryption operation.
+    ///
+    /// This function generates a random IV (initialization vector), nonce
+    /// or initial counter value for the encryption operation as appropriate
+    /// for the chosen algorithm, key type and key size.
+    ///
+    /// The application must call psa_cipher_encrypt_setup() before
+    /// calling this function.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_cipher_abort().
+    ///
+    /// \param[in,out] operation     Active cipher operation.
+    /// \param[out] iv               Buffer where the generated IV is to be written.
+    /// \param iv_size               Size of the \p iv buffer in bytes.
+    /// \param[out] iv_length        On success, the number of bytes of the
+    ///                              generated IV.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p iv buffer is too small.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active, with no IV set),
+    ///         or the library has not been previously initialized
+    ///         by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_cipher_generate_iv(
+        operation: *mut psa_cipher_operation_t,
+        iv: *mut u8,
+        iv_size: usize,
+        iv_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Set the IV for a symmetric encryption or decryption operation.
+    ///
+    /// This function sets the IV (initialization vector), nonce
+    /// or initial counter value for the encryption or decryption operation.
+    ///
+    /// The application must call psa_cipher_encrypt_setup() before
+    /// calling this function.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_cipher_abort().
+    ///
+    /// \note When encrypting, applications should use psa_cipher_generate_iv()
+    /// instead of this function, unless implementing a protocol that requires
+    /// a non-random IV.
+    ///
+    /// \param[in,out] operation     Active cipher operation.
+    /// \param[in] iv                Buffer containing the IV to use.
+    /// \param iv_length             Size of the IV in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The size of \p iv is not acceptable for the chosen algorithm,
+    ///         or the chosen algorithm does not use an IV.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be an active cipher
+    ///         encrypt operation, with no IV set), or the library has not been
+    ///         previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_cipher_set_iv(
+        operation: *mut psa_cipher_operation_t,
+        iv: *const u8,
+        iv_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Encrypt or decrypt a message fragment in an active cipher operation.
+    ///
+    /// Before calling this function, you must:
+    /// 1. Call either psa_cipher_encrypt_setup() or psa_cipher_decrypt_setup().
+    ///    The choice of setup function determines whether this function
+    ///    encrypts or decrypts its input.
+    /// 2. If the algorithm requires an IV, call psa_cipher_generate_iv()
+    ///    (recommended when encrypting) or psa_cipher_set_iv().
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_cipher_abort().
+    ///
+    /// \param[in,out] operation     Active cipher operation.
+    /// \param[in] input             Buffer containing the message fragment to
+    ///                              encrypt or decrypt.
+    /// \param input_length          Size of the \p input buffer in bytes.
+    /// \param[out] output           Buffer where the output is to be written.
+    /// \param output_size           Size of the \p output buffer in bytes.
+    /// \param[out] output_length    On success, the number of bytes
+    ///                              that make up the returned output.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p output buffer is too small.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active, with an IV set
+    ///         if required for the algorithm), or the library has not been
+    ///         previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_cipher_update(
+        operation: *mut psa_cipher_operation_t,
+        input: *const u8,
+        input_length: usize,
+        output: *mut u8,
+        output_size: usize,
+        output_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Finish encrypting or decrypting a message in a cipher operation.
+    ///
+    /// The application must call psa_cipher_encrypt_setup() or
+    /// psa_cipher_decrypt_setup() before calling this function. The choice
+    /// of setup function determines whether this function encrypts or
+    /// decrypts its input.
+    ///
+    /// This function finishes the encryption or decryption of the message
+    /// formed by concatenating the inputs passed to preceding calls to
+    /// psa_cipher_update().
+    ///
+    /// When this function returns successfully, the operation becomes inactive.
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_cipher_abort().
+    ///
+    /// \param[in,out] operation     Active cipher operation.
+    /// \param[out] output           Buffer where the output is to be written.
+    /// \param output_size           Size of the \p output buffer in bytes.
+    /// \param[out] output_length    On success, the number of bytes
+    ///                              that make up the returned output.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The total input size passed to this operation is not valid for
+    ///         this particular algorithm. For example, the algorithm is a based
+    ///         on block cipher and requires a whole number of blocks, but the
+    ///         total input size is not a multiple of the block size.
+    /// \retval #PSA_ERROR_INVALID_PADDING
+    ///         This is a decryption operation for an algorithm that includes
+    ///         padding, and the ciphertext does not contain valid padding.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p output buffer is too small.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active, with an IV set
+    ///         if required for the algorithm), or the library has not been
+    ///         previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_cipher_finish(
+        operation: *mut psa_cipher_operation_t,
+        output: *mut u8,
+        output_size: usize,
+        output_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Abort a cipher operation.
+    ///
+    /// Aborting an operation frees all associated resources except for the
+    /// \p operation structure itself. Once aborted, the operation object
+    /// can be reused for another operation by calling
+    /// psa_cipher_encrypt_setup() or psa_cipher_decrypt_setup() again.
+    ///
+    /// You may call this function any time after the operation object has
+    /// been initialized as described in #psa_cipher_operation_t.
+    ///
+    /// In particular, calling psa_cipher_abort() after the operation has been
+    /// terminated by a call to psa_cipher_abort() or psa_cipher_finish()
+    /// is safe and has no effect.
+    ///
+    /// \param[in,out] operation     Initialized cipher operation.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_cipher_abort(operation: *mut psa_cipher_operation_t) -> psa_status_t;
+}
+extern "C" {
+    /// Process an authenticated encryption operation.
+    ///
+    /// \param key                     Identifier of the key to use for the
+    ///                                operation. It must allow the usage
+    ///                                #PSA_KEY_USAGE_ENCRYPT.
+    /// \param alg                     The AEAD algorithm to compute
+    ///                                (\c PSA_ALG_XXX value such that
+    ///                                #PSA_ALG_IS_AEAD(\p alg) is true).
+    /// \param[in] nonce               Nonce or IV to use.
+    /// \param nonce_length            Size of the \p nonce buffer in bytes.
+    /// \param[in] additional_data     Additional data that will be authenticated
+    ///                                but not encrypted.
+    /// \param additional_data_length  Size of \p additional_data in bytes.
+    /// \param[in] plaintext           Data that will be authenticated and
+    ///                                encrypted.
+    /// \param plaintext_length        Size of \p plaintext in bytes.
+    /// \param[out] ciphertext         Output buffer for the authenticated and
+    ///                                encrypted data. The additional data is not
+    ///                                part of this output. For algorithms where the
+    ///                                encrypted data and the authentication tag
+    ///                                are defined as separate outputs, the
+    ///                                authentication tag is appended to the
+    ///                                encrypted data.
+    /// \param ciphertext_size         Size of the \p ciphertext buffer in bytes.
+    ///                                This must be appropriate for the selected
+    ///                                algorithm and key:
+    ///                                - A sufficient output size is
+    ///                                  #PSA_AEAD_ENCRYPT_OUTPUT_SIZE(\c key_type,
+    ///                                  \p alg, \p plaintext_length) where
+    ///                                  \c key_type is the type of \p key.
+    ///                                - #PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(\p
+    ///                                  plaintext_length) evaluates to the maximum
+    ///                                  ciphertext size of any supported AEAD
+    ///                                  encryption.
+    /// \param[out] ciphertext_length  On success, the size of the output
+    ///                                in the \p ciphertext buffer.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not compatible with \p alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not an AEAD algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         \p ciphertext_size is too small.
+    ///         #PSA_AEAD_ENCRYPT_OUTPUT_SIZE(\c key_type, \p alg,
+    ///         \p plaintext_length) or
+    ///         #PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(\p plaintext_length) can be used to
+    ///         determine the required buffer size.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_encrypt(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        nonce: *const u8,
+        nonce_length: usize,
+        additional_data: *const u8,
+        additional_data_length: usize,
+        plaintext: *const u8,
+        plaintext_length: usize,
+        ciphertext: *mut u8,
+        ciphertext_size: usize,
+        ciphertext_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Process an authenticated decryption operation.
+    ///
+    /// \param key                     Identifier of the key to use for the
+    ///                                operation. It must allow the usage
+    ///                                #PSA_KEY_USAGE_DECRYPT.
+    /// \param alg                     The AEAD algorithm to compute
+    ///                                (\c PSA_ALG_XXX value such that
+    ///                                #PSA_ALG_IS_AEAD(\p alg) is true).
+    /// \param[in] nonce               Nonce or IV to use.
+    /// \param nonce_length            Size of the \p nonce buffer in bytes.
+    /// \param[in] additional_data     Additional data that has been authenticated
+    ///                                but not encrypted.
+    /// \param additional_data_length  Size of \p additional_data in bytes.
+    /// \param[in] ciphertext          Data that has been authenticated and
+    ///                                encrypted. For algorithms where the
+    ///                                encrypted data and the authentication tag
+    ///                                are defined as separate inputs, the buffer
+    ///                                must contain the encrypted data followed
+    ///                                by the authentication tag.
+    /// \param ciphertext_length       Size of \p ciphertext in bytes.
+    /// \param[out] plaintext          Output buffer for the decrypted data.
+    /// \param plaintext_size          Size of the \p plaintext buffer in bytes.
+    ///                                This must be appropriate for the selected
+    ///                                algorithm and key:
+    ///                                - A sufficient output size is
+    ///                                  #PSA_AEAD_DECRYPT_OUTPUT_SIZE(\c key_type,
+    ///                                  \p alg, \p ciphertext_length) where
+    ///                                  \c key_type is the type of \p key.
+    ///                                - #PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(\p
+    ///                                  ciphertext_length) evaluates to the maximum
+    ///                                  plaintext size of any supported AEAD
+    ///                                  decryption.
+    /// \param[out] plaintext_length   On success, the size of the output
+    ///                                in the \p plaintext buffer.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The ciphertext is not authentic.
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not compatible with \p alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not an AEAD algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         \p plaintext_size is too small.
+    ///         #PSA_AEAD_DECRYPT_OUTPUT_SIZE(\c key_type, \p alg,
+    ///         \p ciphertext_length) or
+    ///         #PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(\p ciphertext_length) can be used
+    ///         to determine the required buffer size.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_decrypt(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        nonce: *const u8,
+        nonce_length: usize,
+        additional_data: *const u8,
+        additional_data_length: usize,
+        ciphertext: *const u8,
+        ciphertext_length: usize,
+        plaintext: *mut u8,
+        plaintext_size: usize,
+        plaintext_length: *mut usize,
+    ) -> psa_status_t;
+}
+/// The type of the state data structure for multipart AEAD operations.
+///
+/// Before calling any function on an AEAD operation object, the application
+/// must initialize it by any of the following means:
+/// - Set the structure to all-bits-zero, for example:
+///   \code
+///   psa_aead_operation_t operation;
+///   memset(&operation, 0, sizeof(operation));
+///   \endcode
+/// - Initialize the structure to logical zero values, for example:
+///   \code
+///   psa_aead_operation_t operation = {0};
+///   \endcode
+/// - Initialize the structure to the initializer #PSA_AEAD_OPERATION_INIT,
+///   for example:
+///   \code
+///   psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
+///   \endcode
+/// - Assign the result of the function psa_aead_operation_init()
+///   to the structure, for example:
+///   \code
+///   psa_aead_operation_t operation;
+///   operation = psa_aead_operation_init();
+///   \endcode
+///
+/// This is an implementation-defined \c struct. Applications should not
+/// make any assumptions about the content of this structure.
+/// Implementation details can change in future versions without notice.
+pub type psa_aead_operation_t = psa_aead_operation_s;
+extern "C" {
+    /// Set the key for a multipart authenticated encryption operation.
+    ///
+    /// The sequence of operations to encrypt a message with authentication
+    /// is as follows:
+    /// -# Allocate an operation object which will be passed to all the functions
+    ///    listed here.
+    /// -# Initialize the operation object with one of the methods described in the
+    ///    documentation for #psa_aead_operation_t, e.g.
+    ///    #PSA_AEAD_OPERATION_INIT.
+    /// -# Call psa_aead_encrypt_setup() to specify the algorithm and key.
+    /// -# If needed, call psa_aead_set_lengths() to specify the length of the
+    ///    inputs to the subsequent calls to psa_aead_update_ad() and
+    ///    psa_aead_update(). See the documentation of psa_aead_set_lengths()
+    ///    for details.
+    /// -# Call either psa_aead_generate_nonce() or psa_aead_set_nonce() to
+    ///    generate or set the nonce. You should use
+    ///    psa_aead_generate_nonce() unless the protocol you are implementing
+    ///    requires a specific nonce value.
+    /// -# Call psa_aead_update_ad() zero, one or more times, passing a fragment
+    ///    of the non-encrypted additional authenticated data each time.
+    /// -# Call psa_aead_update() zero, one or more times, passing a fragment
+    ///    of the message to encrypt each time.
+    /// -# Call psa_aead_finish().
+    ///
+    /// If an error occurs at any step after a call to psa_aead_encrypt_setup(),
+    /// the operation will need to be reset by a call to psa_aead_abort(). The
+    /// application may call psa_aead_abort() at any time after the operation
+    /// has been initialized.
+    ///
+    /// After a successful call to psa_aead_encrypt_setup(), the application must
+    /// eventually terminate the operation. The following events terminate an
+    /// operation:
+    /// - A successful call to psa_aead_finish().
+    /// - A call to psa_aead_abort().
+    ///
+    /// \param[in,out] operation     The operation object to set up. It must have
+    ///                              been initialized as per the documentation for
+    ///                              #psa_aead_operation_t and not yet in use.
+    /// \param key                   Identifier of the key to use for the operation.
+    ///                              It must remain valid until the operation
+    ///                              terminates. It must allow the usage
+    ///                              #PSA_KEY_USAGE_ENCRYPT.
+    /// \param alg                   The AEAD algorithm to compute
+    ///                              (\c PSA_ALG_XXX value such that
+    ///                              #PSA_ALG_IS_AEAD(\p alg) is true).
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be inactive), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not compatible with \p alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not an AEAD algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_encrypt_setup(
+        operation: *mut psa_aead_operation_t,
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Set the key for a multipart authenticated decryption operation.
+    ///
+    /// The sequence of operations to decrypt a message with authentication
+    /// is as follows:
+    /// -# Allocate an operation object which will be passed to all the functions
+    ///    listed here.
+    /// -# Initialize the operation object with one of the methods described in the
+    ///    documentation for #psa_aead_operation_t, e.g.
+    ///    #PSA_AEAD_OPERATION_INIT.
+    /// -# Call psa_aead_decrypt_setup() to specify the algorithm and key.
+    /// -# If needed, call psa_aead_set_lengths() to specify the length of the
+    ///    inputs to the subsequent calls to psa_aead_update_ad() and
+    ///    psa_aead_update(). See the documentation of psa_aead_set_lengths()
+    ///    for details.
+    /// -# Call psa_aead_set_nonce() with the nonce for the decryption.
+    /// -# Call psa_aead_update_ad() zero, one or more times, passing a fragment
+    ///    of the non-encrypted additional authenticated data each time.
+    /// -# Call psa_aead_update() zero, one or more times, passing a fragment
+    ///    of the ciphertext to decrypt each time.
+    /// -# Call psa_aead_verify().
+    ///
+    /// If an error occurs at any step after a call to psa_aead_decrypt_setup(),
+    /// the operation will need to be reset by a call to psa_aead_abort(). The
+    /// application may call psa_aead_abort() at any time after the operation
+    /// has been initialized.
+    ///
+    /// After a successful call to psa_aead_decrypt_setup(), the application must
+    /// eventually terminate the operation. The following events terminate an
+    /// operation:
+    /// - A successful call to psa_aead_verify().
+    /// - A call to psa_aead_abort().
+    ///
+    /// \param[in,out] operation     The operation object to set up. It must have
+    ///                              been initialized as per the documentation for
+    ///                              #psa_aead_operation_t and not yet in use.
+    /// \param key                   Identifier of the key to use for the operation.
+    ///                              It must remain valid until the operation
+    ///                              terminates. It must allow the usage
+    ///                              #PSA_KEY_USAGE_DECRYPT.
+    /// \param alg                   The AEAD algorithm to compute
+    ///                              (\c PSA_ALG_XXX value such that
+    ///                              #PSA_ALG_IS_AEAD(\p alg) is true).
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not compatible with \p alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not an AEAD algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be inactive), or the
+    ///         library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_decrypt_setup(
+        operation: *mut psa_aead_operation_t,
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Generate a random nonce for an authenticated encryption operation.
+    ///
+    /// This function generates a random nonce for the authenticated encryption
+    /// operation with an appropriate size for the chosen algorithm, key type
+    /// and key size.
+    ///
+    /// The application must call psa_aead_encrypt_setup() before
+    /// calling this function.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_aead_abort().
+    ///
+    /// \param[in,out] operation     Active AEAD operation.
+    /// \param[out] nonce            Buffer where the generated nonce is to be
+    ///                              written.
+    /// \param nonce_size            Size of the \p nonce buffer in bytes.
+    /// \param[out] nonce_length     On success, the number of bytes of the
+    ///                              generated nonce.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p nonce buffer is too small.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be an active aead encrypt
+    ///         operation, with no nonce set), or the library has not been
+    ///         previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_generate_nonce(
+        operation: *mut psa_aead_operation_t,
+        nonce: *mut u8,
+        nonce_size: usize,
+        nonce_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Set the nonce for an authenticated encryption or decryption operation.
+    ///
+    /// This function sets the nonce for the authenticated
+    /// encryption or decryption operation.
+    ///
+    /// The application must call psa_aead_encrypt_setup() or
+    /// psa_aead_decrypt_setup() before calling this function.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_aead_abort().
+    ///
+    /// \note When encrypting, applications should use psa_aead_generate_nonce()
+    /// instead of this function, unless implementing a protocol that requires
+    /// a non-random IV.
+    ///
+    /// \param[in,out] operation     Active AEAD operation.
+    /// \param[in] nonce             Buffer containing the nonce to use.
+    /// \param nonce_length          Size of the nonce in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The size of \p nonce is not acceptable for the chosen algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active, with no nonce
+    ///         set), or the library has not been previously initialized
+    ///         by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_set_nonce(
+        operation: *mut psa_aead_operation_t,
+        nonce: *const u8,
+        nonce_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Declare the lengths of the message and additional data for AEAD.
+    ///
+    /// The application must call this function before calling
+    /// psa_aead_update_ad() or psa_aead_update() if the algorithm for
+    /// the operation requires it. If the algorithm does not require it,
+    /// calling this function is optional, but if this function is called
+    /// then the implementation must enforce the lengths.
+    ///
+    /// You may call this function before or after setting the nonce with
+    /// psa_aead_set_nonce() or psa_aead_generate_nonce().
+    ///
+    /// - For #PSA_ALG_CCM, calling this function is required.
+    /// - For the other AEAD algorithms defined in this specification, calling
+    ///   this function is not required.
+    /// - For vendor-defined algorithm, refer to the vendor documentation.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_aead_abort().
+    ///
+    /// \param[in,out] operation     Active AEAD operation.
+    /// \param ad_length             Size of the non-encrypted additional
+    ///                              authenticated data in bytes.
+    /// \param plaintext_length      Size of the plaintext to encrypt in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         At least one of the lengths is not acceptable for the chosen
+    ///         algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active, and
+    ///         psa_aead_update_ad() and psa_aead_update() must not have been
+    ///         called yet), or the library has not been previously initialized
+    ///         by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_set_lengths(
+        operation: *mut psa_aead_operation_t,
+        ad_length: usize,
+        plaintext_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Pass additional data to an active AEAD operation.
+    ///
+    /// Additional data is authenticated, but not encrypted.
+    ///
+    /// You may call this function multiple times to pass successive fragments
+    /// of the additional data. You may not call this function after passing
+    /// data to encrypt or decrypt with psa_aead_update().
+    ///
+    /// Before calling this function, you must:
+    /// 1. Call either psa_aead_encrypt_setup() or psa_aead_decrypt_setup().
+    /// 2. Set the nonce with psa_aead_generate_nonce() or psa_aead_set_nonce().
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_aead_abort().
+    ///
+    /// \warning When decrypting, until psa_aead_verify() has returned #PSA_SUCCESS,
+    ///          there is no guarantee that the input is valid. Therefore, until
+    ///          you have called psa_aead_verify() and it has returned #PSA_SUCCESS,
+    ///          treat the input as untrusted and prepare to undo any action that
+    ///          depends on the input if psa_aead_verify() returns an error status.
+    ///
+    /// \param[in,out] operation     Active AEAD operation.
+    /// \param[in] input             Buffer containing the fragment of
+    ///                              additional data.
+    /// \param input_length          Size of the \p input buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The total input length overflows the additional data length that
+    ///         was previously specified with psa_aead_set_lengths().
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active, have a nonce
+    ///         set, have lengths set if required by the algorithm, and
+    ///         psa_aead_update() must not have been called yet), or the library
+    ///         has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_update_ad(
+        operation: *mut psa_aead_operation_t,
+        input: *const u8,
+        input_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Encrypt or decrypt a message fragment in an active AEAD operation.
+    ///
+    /// Before calling this function, you must:
+    /// 1. Call either psa_aead_encrypt_setup() or psa_aead_decrypt_setup().
+    ///    The choice of setup function determines whether this function
+    ///    encrypts or decrypts its input.
+    /// 2. Set the nonce with psa_aead_generate_nonce() or psa_aead_set_nonce().
+    /// 3. Call psa_aead_update_ad() to pass all the additional data.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_aead_abort().
+    ///
+    /// \warning When decrypting, until psa_aead_verify() has returned #PSA_SUCCESS,
+    ///          there is no guarantee that the input is valid. Therefore, until
+    ///          you have called psa_aead_verify() and it has returned #PSA_SUCCESS:
+    ///          - Do not use the output in any way other than storing it in a
+    ///            confidential location. If you take any action that depends
+    ///            on the tentative decrypted data, this action will need to be
+    ///            undone if the input turns out not to be valid. Furthermore,
+    ///            if an adversary can observe that this action took place
+    ///            (for example through timing), they may be able to use this
+    ///            fact as an oracle to decrypt any message encrypted with the
+    ///            same key.
+    ///          - In particular, do not copy the output anywhere but to a
+    ///            memory or storage space that you have exclusive access to.
+    ///
+    /// This function does not require the input to be aligned to any
+    /// particular block boundary. If the implementation can only process
+    /// a whole block at a time, it must consume all the input provided, but
+    /// it may delay the end of the corresponding output until a subsequent
+    /// call to psa_aead_update(), psa_aead_finish() or psa_aead_verify()
+    /// provides sufficient input. The amount of data that can be delayed
+    /// in this way is bounded by #PSA_AEAD_UPDATE_OUTPUT_SIZE.
+    ///
+    /// \param[in,out] operation     Active AEAD operation.
+    /// \param[in] input             Buffer containing the message fragment to
+    ///                              encrypt or decrypt.
+    /// \param input_length          Size of the \p input buffer in bytes.
+    /// \param[out] output           Buffer where the output is to be written.
+    /// \param output_size           Size of the \p output buffer in bytes.
+    ///                              This must be appropriate for the selected
+    ///                                algorithm and key:
+    ///                                - A sufficient output size is
+    ///                                  #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c key_type,
+    ///                                  \c alg, \p input_length) where
+    ///                                  \c key_type is the type of key and \c alg is
+    ///                                  the algorithm that were used to set up the
+    ///                                  operation.
+    ///                                - #PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(\p
+    ///                                  input_length) evaluates to the maximum
+    ///                                  output size of any supported AEAD
+    ///                                  algorithm.
+    /// \param[out] output_length    On success, the number of bytes
+    ///                              that make up the returned output.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p output buffer is too small.
+    ///         #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c key_type, \c alg, \p input_length) or
+    ///         #PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(\p input_length) can be used to
+    ///         determine the required buffer size.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The total length of input to psa_aead_update_ad() so far is
+    ///         less than the additional data length that was previously
+    ///         specified with psa_aead_set_lengths(), or
+    ///         the total input length overflows the plaintext length that
+    ///         was previously specified with psa_aead_set_lengths().
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active, have a nonce
+    ///         set, and have lengths set if required by the algorithm), or the
+    ///         library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_update(
+        operation: *mut psa_aead_operation_t,
+        input: *const u8,
+        input_length: usize,
+        output: *mut u8,
+        output_size: usize,
+        output_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Finish encrypting a message in an AEAD operation.
+    ///
+    /// The operation must have been set up with psa_aead_encrypt_setup().
+    ///
+    /// This function finishes the authentication of the additional data
+    /// formed by concatenating the inputs passed to preceding calls to
+    /// psa_aead_update_ad() with the plaintext formed by concatenating the
+    /// inputs passed to preceding calls to psa_aead_update().
+    ///
+    /// This function has two output buffers:
+    /// - \p ciphertext contains trailing ciphertext that was buffered from
+    ///   preceding calls to psa_aead_update().
+    /// - \p tag contains the authentication tag.
+    ///
+    /// When this function returns successfully, the operation becomes inactive.
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_aead_abort().
+    ///
+    /// \param[in,out] operation     Active AEAD operation.
+    /// \param[out] ciphertext       Buffer where the last part of the ciphertext
+    ///                              is to be written.
+    /// \param ciphertext_size       Size of the \p ciphertext buffer in bytes.
+    ///                              This must be appropriate for the selected
+    ///                              algorithm and key:
+    ///                              - A sufficient output size is
+    ///                                #PSA_AEAD_FINISH_OUTPUT_SIZE(\c key_type,
+    ///                                \c alg) where \c key_type is the type of key
+    ///                                and \c alg is the algorithm that were used to
+    ///                                set up the operation.
+    ///                              - #PSA_AEAD_FINISH_OUTPUT_MAX_SIZE evaluates to
+    ///                                the maximum output size of any supported AEAD
+    ///                                algorithm.
+    /// \param[out] ciphertext_length On success, the number of bytes of
+    ///                              returned ciphertext.
+    /// \param[out] tag              Buffer where the authentication tag is
+    ///                              to be written.
+    /// \param tag_size              Size of the \p tag buffer in bytes.
+    ///                              This must be appropriate for the selected
+    ///                              algorithm and key:
+    ///                              - The exact tag size is #PSA_AEAD_TAG_LENGTH(\c
+    ///                                key_type, \c key_bits, \c alg) where
+    ///                                \c key_type and \c key_bits are the type and
+    ///                                bit-size of the key, and \c alg is the
+    ///                                algorithm that were used in the call to
+    ///                                psa_aead_encrypt_setup().
+    ///                              - #PSA_AEAD_TAG_MAX_SIZE evaluates to the
+    ///                                maximum tag size of any supported AEAD
+    ///                                algorithm.
+    /// \param[out] tag_length       On success, the number of bytes
+    ///                              that make up the returned tag.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p ciphertext or \p tag buffer is too small.
+    ///         #PSA_AEAD_FINISH_OUTPUT_SIZE(\c key_type, \c alg) or
+    ///         #PSA_AEAD_FINISH_OUTPUT_MAX_SIZE can be used to determine the
+    ///         required \p ciphertext buffer size. #PSA_AEAD_TAG_LENGTH(\c key_type,
+    ///         \c key_bits, \c alg) or #PSA_AEAD_TAG_MAX_SIZE can be used to
+    ///         determine the required \p tag buffer size.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The total length of input to psa_aead_update_ad() so far is
+    ///         less than the additional data length that was previously
+    ///         specified with psa_aead_set_lengths(), or
+    ///         the total length of input to psa_aead_update() so far is
+    ///         less than the plaintext length that was previously
+    ///         specified with psa_aead_set_lengths().
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be an active encryption
+    ///         operation with a nonce set), or the library has not been previously
+    ///         initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_finish(
+        operation: *mut psa_aead_operation_t,
+        ciphertext: *mut u8,
+        ciphertext_size: usize,
+        ciphertext_length: *mut usize,
+        tag: *mut u8,
+        tag_size: usize,
+        tag_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Finish authenticating and decrypting a message in an AEAD operation.
+    ///
+    /// The operation must have been set up with psa_aead_decrypt_setup().
+    ///
+    /// This function finishes the authenticated decryption of the message
+    /// components:
+    ///
+    /// -  The additional data consisting of the concatenation of the inputs
+    ///    passed to preceding calls to psa_aead_update_ad().
+    /// -  The ciphertext consisting of the concatenation of the inputs passed to
+    ///    preceding calls to psa_aead_update().
+    /// -  The tag passed to this function call.
+    ///
+    /// If the authentication tag is correct, this function outputs any remaining
+    /// plaintext and reports success. If the authentication tag is not correct,
+    /// this function returns #PSA_ERROR_INVALID_SIGNATURE.
+    ///
+    /// When this function returns successfully, the operation becomes inactive.
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_aead_abort().
+    ///
+    /// \note Implementations shall make the best effort to ensure that the
+    /// comparison between the actual tag and the expected tag is performed
+    /// in constant time.
+    ///
+    /// \param[in,out] operation     Active AEAD operation.
+    /// \param[out] plaintext        Buffer where the last part of the plaintext
+    ///                              is to be written. This is the remaining data
+    ///                              from previous calls to psa_aead_update()
+    ///                              that could not be processed until the end
+    ///                              of the input.
+    /// \param plaintext_size        Size of the \p plaintext buffer in bytes.
+    ///                              This must be appropriate for the selected algorithm and key:
+    ///                              - A sufficient output size is
+    ///                                #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c key_type,
+    ///                                \c alg) where \c key_type is the type of key
+    ///                                and \c alg is the algorithm that were used to
+    ///                                set up the operation.
+    ///                              - #PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE evaluates to
+    ///                                the maximum output size of any supported AEAD
+    ///                                algorithm.
+    /// \param[out] plaintext_length On success, the number of bytes of
+    ///                              returned plaintext.
+    /// \param[in] tag               Buffer containing the authentication tag.
+    /// \param tag_length            Size of the \p tag buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The calculations were successful, but the authentication tag is
+    ///         not correct.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p plaintext buffer is too small.
+    ///         #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c key_type, \c alg) or
+    ///         #PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE can be used to determine the
+    ///         required buffer size.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The total length of input to psa_aead_update_ad() so far is
+    ///         less than the additional data length that was previously
+    ///         specified with psa_aead_set_lengths(), or
+    ///         the total length of input to psa_aead_update() so far is
+    ///         less than the plaintext length that was previously
+    ///         specified with psa_aead_set_lengths().
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be an active decryption
+    ///         operation with a nonce set), or the library has not been previously
+    ///         initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_verify(
+        operation: *mut psa_aead_operation_t,
+        plaintext: *mut u8,
+        plaintext_size: usize,
+        plaintext_length: *mut usize,
+        tag: *const u8,
+        tag_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Abort an AEAD operation.
+    ///
+    /// Aborting an operation frees all associated resources except for the
+    /// \p operation structure itself. Once aborted, the operation object
+    /// can be reused for another operation by calling
+    /// psa_aead_encrypt_setup() or psa_aead_decrypt_setup() again.
+    ///
+    /// You may call this function any time after the operation object has
+    /// been initialized as described in #psa_aead_operation_t.
+    ///
+    /// In particular, calling psa_aead_abort() after the operation has been
+    /// terminated by a call to psa_aead_abort(), psa_aead_finish() or
+    /// psa_aead_verify() is safe and has no effect.
+    ///
+    /// \param[in,out] operation     Initialized AEAD operation.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_abort(operation: *mut psa_aead_operation_t) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Sign a message with a private key. For hash-and-sign algorithms,
+    ///        this includes the hashing step.
+    ///
+    /// \note To perform a multi-part hash-and-sign signature algorithm, first use
+    ///       a multi-part hash operation and then pass the resulting hash to
+    ///       psa_sign_hash(). PSA_ALG_GET_HASH(\p alg) can be used to determine the
+    ///       hash algorithm to use.
+    ///
+    /// \param[in]  key              Identifier of the key to use for the operation.
+    ///                              It must be an asymmetric key pair. The key must
+    ///                              allow the usage #PSA_KEY_USAGE_SIGN_MESSAGE.
+    /// \param[in]  alg              An asymmetric signature algorithm (PSA_ALG_XXX
+    ///                              value such that #PSA_ALG_IS_SIGN_MESSAGE(\p alg)
+    ///                              is true), that is compatible with the type of
+    ///                              \p key.
+    /// \param[in]  input            The input message to sign.
+    /// \param[in]  input_length     Size of the \p input buffer in bytes.
+    /// \param[out] signature        Buffer where the signature is to be written.
+    /// \param[in]  signature_size   Size of the \p signature buffer in bytes. This
+    ///                              must be appropriate for the selected
+    ///                              algorithm and key:
+    ///                              - The required signature size is
+    ///                                #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
+    ///                                where \c key_type and \c key_bits are the type and
+    ///                                bit-size respectively of key.
+    ///                              - #PSA_SIGNATURE_MAX_SIZE evaluates to the
+    ///                                maximum signature size of any supported
+    ///                                signature algorithm.
+    /// \param[out] signature_length On success, the number of bytes that make up
+    ///                              the returned signature value.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The key does not have the #PSA_KEY_USAGE_SIGN_MESSAGE flag,
+    ///         or it does not permit the requested algorithm.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p signature buffer is too small. You can
+    ///         determine a sufficient buffer size by calling
+    ///         #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
+    ///         where \c key_type and \c key_bits are the type and bit-size
+    ///         respectively of \p key.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_sign_message(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        input: *const u8,
+        input_length: usize,
+        signature: *mut u8,
+        signature_size: usize,
+        signature_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Verify the signature of a message with a public key, using
+    ///         a hash-and-sign verification algorithm.
+    ///
+    /// \note To perform a multi-part hash-and-sign signature verification
+    ///       algorithm, first use a multi-part hash operation to hash the message
+    ///       and then pass the resulting hash to psa_verify_hash().
+    ///       PSA_ALG_GET_HASH(\p alg) can be used to determine the hash algorithm
+    ///       to use.
+    ///
+    /// \param[in]  key              Identifier of the key to use for the operation.
+    ///                              It must be a public key or an asymmetric key
+    ///                              pair. The key must allow the usage
+    ///                              #PSA_KEY_USAGE_VERIFY_MESSAGE.
+    /// \param[in]  alg              An asymmetric signature algorithm (PSA_ALG_XXX
+    ///                              value such that #PSA_ALG_IS_SIGN_MESSAGE(\p alg)
+    ///                              is true), that is compatible with the type of
+    ///                              \p key.
+    /// \param[in]  input            The message whose signature is to be verified.
+    /// \param[in]  input_length     Size of the \p input buffer in bytes.
+    /// \param[out] signature        Buffer containing the signature to verify.
+    /// \param[in]  signature_length Size of the \p signature buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The key does not have the #PSA_KEY_USAGE_SIGN_MESSAGE flag,
+    ///         or it does not permit the requested algorithm.
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The calculation was performed successfully, but the passed signature
+    ///         is not a valid signature.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_verify_message(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        input: *const u8,
+        input_length: usize,
+        signature: *const u8,
+        signature_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Sign a hash or short message with a private key.
+    ///
+    /// Note that to perform a hash-and-sign signature algorithm, you must
+    /// first calculate the hash by calling psa_hash_setup(), psa_hash_update()
+    /// and psa_hash_finish(), or alternatively by calling psa_hash_compute().
+    /// Then pass the resulting hash as the \p hash
+    /// parameter to this function. You can use #PSA_ALG_SIGN_GET_HASH(\p alg)
+    /// to determine the hash algorithm to use.
+    ///
+    /// \param key                   Identifier of the key to use for the operation.
+    ///                              It must be an asymmetric key pair. The key must
+    ///                              allow the usage #PSA_KEY_USAGE_SIGN_HASH.
+    /// \param alg                   A signature algorithm (PSA_ALG_XXX
+    ///                              value such that #PSA_ALG_IS_SIGN_HASH(\p alg)
+    ///                              is true), that is compatible with
+    ///                              the type of \p key.
+    /// \param[in] hash              The hash or message to sign.
+    /// \param hash_length           Size of the \p hash buffer in bytes.
+    /// \param[out] signature        Buffer where the signature is to be written.
+    /// \param signature_size        Size of the \p signature buffer in bytes.
+    /// \param[out] signature_length On success, the number of bytes
+    ///                              that make up the returned signature value.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p signature buffer is too small. You can
+    ///         determine a sufficient buffer size by calling
+    ///         #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
+    ///         where \c key_type and \c key_bits are the type and bit-size
+    ///         respectively of \p key.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_sign_hash(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        hash: *const u8,
+        hash_length: usize,
+        signature: *mut u8,
+        signature_size: usize,
+        signature_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Verify the signature of a hash or short message using a public key.
+    ///
+    /// Note that to perform a hash-and-sign signature algorithm, you must
+    /// first calculate the hash by calling psa_hash_setup(), psa_hash_update()
+    /// and psa_hash_finish(), or alternatively by calling psa_hash_compute().
+    /// Then pass the resulting hash as the \p hash
+    /// parameter to this function. You can use #PSA_ALG_SIGN_GET_HASH(\p alg)
+    /// to determine the hash algorithm to use.
+    ///
+    /// \param key               Identifier of the key to use for the operation. It
+    ///                          must be a public key or an asymmetric key pair. The
+    ///                          key must allow the usage
+    ///                          #PSA_KEY_USAGE_VERIFY_HASH.
+    /// \param alg               A signature algorithm (PSA_ALG_XXX
+    ///                          value such that #PSA_ALG_IS_SIGN_HASH(\p alg)
+    ///                          is true), that is compatible with
+    ///                          the type of \p key.
+    /// \param[in] hash          The hash or message whose signature is to be
+    ///                          verified.
+    /// \param hash_length       Size of the \p hash buffer in bytes.
+    /// \param[in] signature     Buffer containing the signature to verify.
+    /// \param signature_length  Size of the \p signature buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         The signature is valid.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The calculation was performed successfully, but the passed
+    ///         signature is not a valid signature.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_verify_hash(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        hash: *const u8,
+        hash_length: usize,
+        signature: *const u8,
+        signature_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Encrypt a short message with a public key.
+    ///
+    /// \param key                   Identifier of the key to use for the operation.
+    ///                              It must be a public key or an asymmetric key
+    ///                              pair. It must allow the usage
+    ///                              #PSA_KEY_USAGE_ENCRYPT.
+    /// \param alg                   An asymmetric encryption algorithm that is
+    ///                              compatible with the type of \p key.
+    /// \param[in] input             The message to encrypt.
+    /// \param input_length          Size of the \p input buffer in bytes.
+    /// \param[in] salt              A salt or label, if supported by the
+    ///                              encryption algorithm.
+    ///                              If the algorithm does not support a
+    ///                              salt, pass \c NULL.
+    ///                              If the algorithm supports an optional
+    ///                              salt and you do not want to pass a salt,
+    ///                              pass \c NULL.
+    ///
+    ///                              - For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is
+    ///                                supported.
+    /// \param salt_length           Size of the \p salt buffer in bytes.
+    ///                              If \p salt is \c NULL, pass 0.
+    /// \param[out] output           Buffer where the encrypted message is to
+    ///                              be written.
+    /// \param output_size           Size of the \p output buffer in bytes.
+    /// \param[out] output_length    On success, the number of bytes
+    ///                              that make up the returned output.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p output buffer is too small. You can
+    ///         determine a sufficient buffer size by calling
+    ///         #PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
+    ///         where \c key_type and \c key_bits are the type and bit-size
+    ///         respectively of \p key.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_asymmetric_encrypt(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        input: *const u8,
+        input_length: usize,
+        salt: *const u8,
+        salt_length: usize,
+        output: *mut u8,
+        output_size: usize,
+        output_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Decrypt a short message with a private key.
+    ///
+    /// \param key                   Identifier of the key to use for the operation.
+    ///                              It must be an asymmetric key pair. It must
+    ///                              allow the usage #PSA_KEY_USAGE_DECRYPT.
+    /// \param alg                   An asymmetric encryption algorithm that is
+    ///                              compatible with the type of \p key.
+    /// \param[in] input             The message to decrypt.
+    /// \param input_length          Size of the \p input buffer in bytes.
+    /// \param[in] salt              A salt or label, if supported by the
+    ///                              encryption algorithm.
+    ///                              If the algorithm does not support a
+    ///                              salt, pass \c NULL.
+    ///                              If the algorithm supports an optional
+    ///                              salt and you do not want to pass a salt,
+    ///                              pass \c NULL.
+    ///
+    ///                              - For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is
+    ///                                supported.
+    /// \param salt_length           Size of the \p salt buffer in bytes.
+    ///                              If \p salt is \c NULL, pass 0.
+    /// \param[out] output           Buffer where the decrypted message is to
+    ///                              be written.
+    /// \param output_size           Size of the \c output buffer in bytes.
+    /// \param[out] output_length    On success, the number of bytes
+    ///                              that make up the returned output.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p output buffer is too small. You can
+    ///         determine a sufficient buffer size by calling
+    ///         #PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
+    ///         where \c key_type and \c key_bits are the type and bit-size
+    ///         respectively of \p key.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+    /// \retval #PSA_ERROR_INVALID_PADDING \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_asymmetric_decrypt(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        input: *const u8,
+        input_length: usize,
+        salt: *const u8,
+        salt_length: usize,
+        output: *mut u8,
+        output_size: usize,
+        output_length: *mut usize,
+    ) -> psa_status_t;
+}
+/// The type of the state data structure for key derivation operations.
+///
+/// Before calling any function on a key derivation operation object, the
+/// application must initialize it by any of the following means:
+/// - Set the structure to all-bits-zero, for example:
+///   \code
+///   psa_key_derivation_operation_t operation;
+///   memset(&operation, 0, sizeof(operation));
+///   \endcode
+/// - Initialize the structure to logical zero values, for example:
+///   \code
+///   psa_key_derivation_operation_t operation = {0};
+///   \endcode
+/// - Initialize the structure to the initializer #PSA_KEY_DERIVATION_OPERATION_INIT,
+///   for example:
+///   \code
+///   psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+///   \endcode
+/// - Assign the result of the function psa_key_derivation_operation_init()
+///   to the structure, for example:
+///   \code
+///   psa_key_derivation_operation_t operation;
+///   operation = psa_key_derivation_operation_init();
+///   \endcode
+///
+/// This is an implementation-defined \c struct. Applications should not
+/// make any assumptions about the content of this structure.
+/// Implementation details can change in future versions without notice.
+pub type psa_key_derivation_operation_t = psa_key_derivation_s;
+extern "C" {
+    /// Set up a key derivation operation.
+    ///
+    /// A key derivation algorithm takes some inputs and uses them to generate
+    /// a byte stream in a deterministic way.
+    /// This byte stream can be used to produce keys and other
+    /// cryptographic material.
+    ///
+    /// To derive a key:
+    /// -# Start with an initialized object of type #psa_key_derivation_operation_t.
+    /// -# Call psa_key_derivation_setup() to select the algorithm.
+    /// -# Provide the inputs for the key derivation by calling
+    ///    psa_key_derivation_input_bytes() or psa_key_derivation_input_key()
+    ///    as appropriate. Which inputs are needed, in what order, and whether
+    ///    they may be keys and if so of what type depends on the algorithm.
+    /// -# Optionally set the operation's maximum capacity with
+    ///    psa_key_derivation_set_capacity(). You may do this before, in the middle
+    ///    of or after providing inputs. For some algorithms, this step is mandatory
+    ///    because the output depends on the maximum capacity.
+    /// -# To derive a key, call psa_key_derivation_output_key().
+    ///    To derive a byte string for a different purpose, call
+    ///    psa_key_derivation_output_bytes().
+    ///    Successive calls to these functions use successive output bytes
+    ///    calculated by the key derivation algorithm.
+    /// -# Clean up the key derivation operation object with
+    ///    psa_key_derivation_abort().
+    ///
+    /// If this function returns an error, the key derivation operation object is
+    /// not changed.
+    ///
+    /// If an error occurs at any step after a call to psa_key_derivation_setup(),
+    /// the operation will need to be reset by a call to psa_key_derivation_abort().
+    ///
+    /// Implementations must reject an attempt to derive a key of size 0.
+    ///
+    /// \param[in,out] operation       The key derivation operation object
+    ///                                to set up. It must
+    ///                                have been initialized but not set up yet.
+    /// \param alg                     The key derivation algorithm to compute
+    ///                                (\c PSA_ALG_XXX value such that
+    ///                                #PSA_ALG_IS_KEY_DERIVATION(\p alg) is true).
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \c alg is not a key derivation algorithm.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \c alg is not supported or is not a key derivation algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be inactive), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_setup(
+        operation: *mut psa_key_derivation_operation_t,
+        alg: psa_algorithm_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Retrieve the current capacity of a key derivation operation.
+    ///
+    /// The capacity of a key derivation is the maximum number of bytes that it can
+    /// return. When you get *N* bytes of output from a key derivation operation,
+    /// this reduces its capacity by *N*.
+    ///
+    /// \param[in] operation     The operation to query.
+    /// \param[out] capacity     On success, the capacity of the operation.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_get_capacity(
+        operation: *const psa_key_derivation_operation_t,
+        capacity: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Set the maximum capacity of a key derivation operation.
+    ///
+    /// The capacity of a key derivation operation is the maximum number of bytes
+    /// that the key derivation operation can return from this point onwards.
+    ///
+    /// \param[in,out] operation The key derivation operation object to modify.
+    /// \param capacity          The new capacity of the operation.
+    ///                          It must be less or equal to the operation's
+    ///                          current capacity.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p capacity is larger than the operation's current capacity.
+    ///         In this case, the operation object remains valid and its capacity
+    ///         remains unchanged.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active), or the
+    ///         library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_set_capacity(
+        operation: *mut psa_key_derivation_operation_t,
+        capacity: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Provide an input for key derivation or key agreement.
+    ///
+    /// Which inputs are required and in what order depends on the algorithm.
+    /// Refer to the documentation of each key derivation or key agreement
+    /// algorithm for information.
+    ///
+    /// This function passes direct inputs, which is usually correct for
+    /// non-secret inputs. To pass a secret input, which should be in a key
+    /// object, call psa_key_derivation_input_key() instead of this function.
+    /// Refer to the documentation of individual step types
+    /// (`PSA_KEY_DERIVATION_INPUT_xxx` values of type ::psa_key_derivation_step_t)
+    /// for more information.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_key_derivation_abort().
+    ///
+    /// \param[in,out] operation       The key derivation operation object to use.
+    ///                                It must have been set up with
+    ///                                psa_key_derivation_setup() and must not
+    ///                                have produced any output yet.
+    /// \param step                    Which step the input data is for.
+    /// \param[in] data                Input data to use.
+    /// \param data_length             Size of the \p data buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \c step is not compatible with the operation's algorithm, or
+    ///         \c step does not allow direct inputs.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid for this input \p step, or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_input_bytes(
+        operation: *mut psa_key_derivation_operation_t,
+        step: psa_key_derivation_step_t,
+        data: *const u8,
+        data_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Provide a numeric input for key derivation or key agreement.
+    ///
+    /// Which inputs are required and in what order depends on the algorithm.
+    /// However, when an algorithm requires a particular order, numeric inputs
+    /// usually come first as they tend to be configuration parameters.
+    /// Refer to the documentation of each key derivation or key agreement
+    /// algorithm for information.
+    ///
+    /// This function is used for inputs which are fixed-size non-negative
+    /// integers.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_key_derivation_abort().
+    ///
+    /// \param[in,out] operation       The key derivation operation object to use.
+    ///                                It must have been set up with
+    ///                                psa_key_derivation_setup() and must not
+    ///                                have produced any output yet.
+    /// \param step                    Which step the input data is for.
+    /// \param[in] value               The value of the numeric input.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \c step is not compatible with the operation's algorithm, or
+    ///         \c step does not allow numeric inputs.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid for this input \p step, or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_input_integer(
+        operation: *mut psa_key_derivation_operation_t,
+        step: psa_key_derivation_step_t,
+        value: u64,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Provide an input for key derivation in the form of a key.
+    ///
+    /// Which inputs are required and in what order depends on the algorithm.
+    /// Refer to the documentation of each key derivation or key agreement
+    /// algorithm for information.
+    ///
+    /// This function obtains input from a key object, which is usually correct for
+    /// secret inputs or for non-secret personalization strings kept in the key
+    /// store. To pass a non-secret parameter which is not in the key store,
+    /// call psa_key_derivation_input_bytes() instead of this function.
+    /// Refer to the documentation of individual step types
+    /// (`PSA_KEY_DERIVATION_INPUT_xxx` values of type ::psa_key_derivation_step_t)
+    /// for more information.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_key_derivation_abort().
+    ///
+    /// \param[in,out] operation       The key derivation operation object to use.
+    ///                                It must have been set up with
+    ///                                psa_key_derivation_setup() and must not
+    ///                                have produced any output yet.
+    /// \param step                    Which step the input data is for.
+    /// \param key                     Identifier of the key. It must have an
+    ///                                appropriate type for step and must allow the
+    ///                                usage #PSA_KEY_USAGE_DERIVE or
+    ///                                #PSA_KEY_USAGE_VERIFY_DERIVATION (see note)
+    ///                                and the algorithm used by the operation.
+    ///
+    /// \note Once all inputs steps are completed, the operations will allow:
+    /// - psa_key_derivation_output_bytes() if each input was either a direct input
+    ///   or  a key with #PSA_KEY_USAGE_DERIVE set;
+    /// - psa_key_derivation_output_key() if the input for step
+    ///   #PSA_KEY_DERIVATION_INPUT_SECRET or #PSA_KEY_DERIVATION_INPUT_PASSWORD
+    ///   was from a key slot with #PSA_KEY_USAGE_DERIVE and each other input was
+    ///   either a direct input or a key with #PSA_KEY_USAGE_DERIVE set;
+    /// - psa_key_derivation_verify_bytes() if each input was either a direct input
+    ///   or  a key with #PSA_KEY_USAGE_VERIFY_DERIVATION set;
+    /// - psa_key_derivation_verify_key() under the same conditions as
+    ///   psa_key_derivation_verify_bytes().
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The key allows neither #PSA_KEY_USAGE_DERIVE nor
+    ///         #PSA_KEY_USAGE_VERIFY_DERIVATION, or it doesn't allow this
+    ///         algorithm.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \c step is not compatible with the operation's algorithm, or
+    ///         \c step does not allow key inputs of the given type
+    ///         or does not allow key inputs at all.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid for this input \p step, or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_input_key(
+        operation: *mut psa_key_derivation_operation_t,
+        step: psa_key_derivation_step_t,
+        key: mbedtls_svc_key_id_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Perform a key agreement and use the shared secret as input to a key
+    /// derivation.
+    ///
+    /// A key agreement algorithm takes two inputs: a private key \p private_key
+    /// a public key \p peer_key.
+    /// The result of this function is passed as input to a key derivation.
+    /// The output of this key derivation can be extracted by reading from the
+    /// resulting operation to produce keys and other cryptographic material.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_key_derivation_abort().
+    ///
+    /// \param[in,out] operation       The key derivation operation object to use.
+    ///                                It must have been set up with
+    ///                                psa_key_derivation_setup() with a
+    ///                                key agreement and derivation algorithm
+    ///                                \c alg (\c PSA_ALG_XXX value such that
+    ///                                #PSA_ALG_IS_KEY_AGREEMENT(\c alg) is true
+    ///                                and #PSA_ALG_IS_RAW_KEY_AGREEMENT(\c alg)
+    ///                                is false).
+    ///                                The operation must be ready for an
+    ///                                input of the type given by \p step.
+    /// \param step                    Which step the input data is for.
+    /// \param private_key             Identifier of the private key to use. It must
+    ///                                allow the usage #PSA_KEY_USAGE_DERIVE.
+    /// \param[in] peer_key      Public key of the peer. The peer key must be in the
+    ///                          same format that psa_import_key() accepts for the
+    ///                          public key type corresponding to the type of
+    ///                          private_key. That is, this function performs the
+    ///                          equivalent of
+    ///                          #psa_import_key(...,
+    ///                          `peer_key`, `peer_key_length`) where
+    ///                          with key attributes indicating the public key
+    ///                          type corresponding to the type of `private_key`.
+    ///                          For example, for EC keys, this means that peer_key
+    ///                          is interpreted as a point on the curve that the
+    ///                          private key is on. The standard formats for public
+    ///                          keys are documented in the documentation of
+    ///                          psa_export_public_key().
+    /// \param peer_key_length         Size of \p peer_key in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \c private_key is not compatible with \c alg,
+    ///         or \p peer_key is not valid for \c alg or not compatible with
+    ///         \c private_key, or \c step does not allow an input resulting
+    ///         from a key agreement.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \c alg is not supported or is not a key derivation algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid for this key agreement \p step,
+    ///         or the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_key_agreement(
+        operation: *mut psa_key_derivation_operation_t,
+        step: psa_key_derivation_step_t,
+        private_key: mbedtls_svc_key_id_t,
+        peer_key: *const u8,
+        peer_key_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Read some data from a key derivation operation.
+    ///
+    /// This function calculates output bytes from a key derivation algorithm and
+    /// return those bytes.
+    /// If you view the key derivation's output as a stream of bytes, this
+    /// function destructively reads the requested number of bytes from the
+    /// stream.
+    /// The operation's capacity decreases by the number of bytes read.
+    ///
+    /// If this function returns an error status other than
+    /// #PSA_ERROR_INSUFFICIENT_DATA, the operation enters an error
+    /// state and must be aborted by calling psa_key_derivation_abort().
+    ///
+    /// \param[in,out] operation The key derivation operation object to read from.
+    /// \param[out] output       Buffer where the output will be written.
+    /// \param output_length     Number of bytes to output.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         One of the inputs was a key whose policy didn't allow
+    ///         #PSA_KEY_USAGE_DERIVE.
+    /// \retval #PSA_ERROR_INSUFFICIENT_DATA
+    ///                          The operation's capacity was less than
+    ///                          \p output_length bytes. Note that in this case,
+    ///                          no output is written to the output buffer.
+    ///                          The operation's capacity is set to 0, thus
+    ///                          subsequent calls to this function will not
+    ///                          succeed, even with a smaller output buffer.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active and completed
+    ///         all required input steps), or the library has not been previously
+    ///         initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_output_bytes(
+        operation: *mut psa_key_derivation_operation_t,
+        output: *mut u8,
+        output_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Derive a key from an ongoing key derivation operation.
+    ///
+    /// This function calculates output bytes from a key derivation algorithm
+    /// and uses those bytes to generate a key deterministically.
+    /// The key's location, usage policy, type and size are taken from
+    /// \p attributes.
+    ///
+    /// If you view the key derivation's output as a stream of bytes, this
+    /// function destructively reads as many bytes as required from the
+    /// stream.
+    /// The operation's capacity decreases by the number of bytes read.
+    ///
+    /// If this function returns an error status other than
+    /// #PSA_ERROR_INSUFFICIENT_DATA, the operation enters an error
+    /// state and must be aborted by calling psa_key_derivation_abort().
+    ///
+    /// How much output is produced and consumed from the operation, and how
+    /// the key is derived, depends on the key type and on the key size
+    /// (denoted \c bits below):
+    ///
+    /// - For key types for which the key is an arbitrary sequence of bytes
+    ///   of a given size, this function is functionally equivalent to
+    ///   calling #psa_key_derivation_output_bytes
+    ///   and passing the resulting output to #psa_import_key.
+    ///   However, this function has a security benefit:
+    ///   if the implementation provides an isolation boundary then
+    ///   the key material is not exposed outside the isolation boundary.
+    ///   As a consequence, for these key types, this function always consumes
+    ///   exactly (\c bits / 8) bytes from the operation.
+    ///   The following key types defined in this specification follow this scheme:
+    ///
+    ///     - #PSA_KEY_TYPE_AES;
+    ///     - #PSA_KEY_TYPE_ARIA;
+    ///     - #PSA_KEY_TYPE_CAMELLIA;
+    ///     - #PSA_KEY_TYPE_DERIVE;
+    ///     - #PSA_KEY_TYPE_HMAC;
+    ///     - #PSA_KEY_TYPE_PASSWORD_HASH.
+    ///
+    /// - For ECC keys on a Montgomery elliptic curve
+    ///   (#PSA_KEY_TYPE_ECC_KEY_PAIR(\c curve) where \c curve designates a
+    ///   Montgomery curve), this function always draws a byte string whose
+    ///   length is determined by the curve, and sets the mandatory bits
+    ///   accordingly. That is:
+    ///
+    ///     - Curve25519 (#PSA_ECC_FAMILY_MONTGOMERY, 255 bits): draw a 32-byte
+    ///       string and process it as specified in RFC 7748 &sect;5.
+    ///     - Curve448 (#PSA_ECC_FAMILY_MONTGOMERY, 448 bits): draw a 56-byte
+    ///       string and process it as specified in RFC 7748 &sect;5.
+    ///
+    /// - For key types for which the key is represented by a single sequence of
+    ///   \c bits bits with constraints as to which bit sequences are acceptable,
+    ///   this function draws a byte string of length (\c bits / 8) bytes rounded
+    ///   up to the nearest whole number of bytes. If the resulting byte string
+    ///   is acceptable, it becomes the key, otherwise the drawn bytes are discarded.
+    ///   This process is repeated until an acceptable byte string is drawn.
+    ///   The byte string drawn from the operation is interpreted as specified
+    ///   for the output produced by psa_export_key().
+    ///   The following key types defined in this specification follow this scheme:
+    ///
+    ///     - #PSA_KEY_TYPE_DES.
+    ///       Force-set the parity bits, but discard forbidden weak keys.
+    ///       For 2-key and 3-key triple-DES, the three keys are generated
+    ///       successively (for example, for 3-key triple-DES,
+    ///       if the first 8 bytes specify a weak key and the next 8 bytes do not,
+    ///       discard the first 8 bytes, use the next 8 bytes as the first key,
+    ///       and continue reading output from the operation to derive the other
+    ///       two keys).
+    ///     - Finite-field Diffie-Hellman keys (#PSA_KEY_TYPE_DH_KEY_PAIR(\c group)
+    ///       where \c group designates any Diffie-Hellman group) and
+    ///       ECC keys on a Weierstrass elliptic curve
+    ///       (#PSA_KEY_TYPE_ECC_KEY_PAIR(\c curve) where \c curve designates a
+    ///       Weierstrass curve).
+    ///       For these key types, interpret the byte string as integer
+    ///       in big-endian order. Discard it if it is not in the range
+    ///       [0, *N* - 2] where *N* is the boundary of the private key domain
+    ///       (the prime *p* for Diffie-Hellman, the subprime *q* for DSA,
+    ///       or the order of the curve's base point for ECC).
+    ///       Add 1 to the resulting integer and use this as the private key *x*.
+    ///       This method allows compliance to NIST standards, specifically
+    ///       the methods titled "key-pair generation by testing candidates"
+    ///       in NIST SP 800-56A &sect;5.6.1.1.4 for Diffie-Hellman,
+    ///       in FIPS 186-4 &sect;B.1.2 for DSA, and
+    ///       in NIST SP 800-56A &sect;5.6.1.2.2 or
+    ///       FIPS 186-4 &sect;B.4.2 for elliptic curve keys.
+    ///
+    /// - For other key types, including #PSA_KEY_TYPE_RSA_KEY_PAIR,
+    ///   the way in which the operation output is consumed is
+    ///   implementation-defined.
+    ///
+    /// In all cases, the data that is read is discarded from the operation.
+    /// The operation's capacity is decreased by the number of bytes read.
+    ///
+    /// For algorithms that take an input step #PSA_KEY_DERIVATION_INPUT_SECRET,
+    /// the input to that step must be provided with psa_key_derivation_input_key().
+    /// Future versions of this specification may include additional restrictions
+    /// on the derived key based on the attributes and strength of the secret key.
+    ///
+    /// \param[in] attributes    The attributes for the new key.
+    ///                          If the key type to be created is
+    ///                          #PSA_KEY_TYPE_PASSWORD_HASH then the algorithm in
+    ///                          the policy must be the same as in the current
+    ///                          operation.
+    /// \param[in,out] operation The key derivation operation object to read from.
+    /// \param[out] key          On success, an identifier for the newly created
+    ///                          key. For persistent keys, this is the key
+    ///                          identifier defined in \p attributes.
+    ///                          \c 0 on failure.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    ///         If the key is persistent, the key material and the key's metadata
+    ///         have been saved to persistent storage.
+    /// \retval #PSA_ERROR_ALREADY_EXISTS
+    ///         This is an attempt to create a persistent key, and there is
+    ///         already a persistent key with the given identifier.
+    /// \retval #PSA_ERROR_INSUFFICIENT_DATA
+    ///         There was not enough data to create the desired key.
+    ///         Note that in this case, no output is written to the output buffer.
+    ///         The operation's capacity is set to 0, thus subsequent calls to
+    ///         this function will not succeed, even with a smaller output buffer.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         The key type or key size is not supported, either by the
+    ///         implementation in general or in this particular location.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The provided key attributes are not valid for the operation.
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The #PSA_KEY_DERIVATION_INPUT_SECRET or
+    ///         #PSA_KEY_DERIVATION_INPUT_PASSWORD input was not provided through a
+    ///         key; or one of the inputs was a key whose policy didn't allow
+    ///         #PSA_KEY_USAGE_DERIVE.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active and completed
+    ///         all required input steps), or the library has not been previously
+    ///         initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_output_key(
+        attributes: *const psa_key_attributes_t,
+        operation: *mut psa_key_derivation_operation_t,
+        key: *mut mbedtls_svc_key_id_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Compare output data from a key derivation operation to an expected value.
+    ///
+    /// This function calculates output bytes from a key derivation algorithm and
+    /// compares those bytes to an expected value in constant time.
+    /// If you view the key derivation's output as a stream of bytes, this
+    /// function destructively reads the expected number of bytes from the
+    /// stream before comparing them.
+    /// The operation's capacity decreases by the number of bytes read.
+    ///
+    /// This is functionally equivalent to the following code:
+    /// \code
+    /// psa_key_derivation_output_bytes(operation, tmp, output_length);
+    /// if (memcmp(output, tmp, output_length) != 0)
+    ///     return PSA_ERROR_INVALID_SIGNATURE;
+    /// \endcode
+    /// except (1) it works even if the key's policy does not allow outputting the
+    /// bytes, and (2) the comparison will be done in constant time.
+    ///
+    /// If this function returns an error status other than
+    /// #PSA_ERROR_INSUFFICIENT_DATA or #PSA_ERROR_INVALID_SIGNATURE,
+    /// the operation enters an error state and must be aborted by calling
+    /// psa_key_derivation_abort().
+    ///
+    /// \param[in,out] operation The key derivation operation object to read from.
+    /// \param[in] expected_output Buffer containing the expected derivation output.
+    /// \param output_length     Length of the expected output; this is also the
+    ///                          number of bytes that will be read.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The output was read successfully, but it differs from the expected
+    ///         output.
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         One of the inputs was a key whose policy didn't allow
+    ///         #PSA_KEY_USAGE_VERIFY_DERIVATION.
+    /// \retval #PSA_ERROR_INSUFFICIENT_DATA
+    ///                          The operation's capacity was less than
+    ///                          \p output_length bytes. Note that in this case,
+    ///                          the operation's capacity is set to 0, thus
+    ///                          subsequent calls to this function will not
+    ///                          succeed, even with a smaller expected output.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active and completed
+    ///         all required input steps), or the library has not been previously
+    ///         initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_verify_bytes(
+        operation: *mut psa_key_derivation_operation_t,
+        expected_output: *const u8,
+        output_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Compare output data from a key derivation operation to an expected value
+    /// stored in a key object.
+    ///
+    /// This function calculates output bytes from a key derivation algorithm and
+    /// compares those bytes to an expected value, provided as key of type
+    /// #PSA_KEY_TYPE_PASSWORD_HASH.
+    /// If you view the key derivation's output as a stream of bytes, this
+    /// function destructively reads the number of bytes corresponding to the
+    /// length of the expected value from the stream before comparing them.
+    /// The operation's capacity decreases by the number of bytes read.
+    ///
+    /// This is functionally equivalent to exporting the key and calling
+    /// psa_key_derivation_verify_bytes() on the result, except that it
+    /// works even if the key cannot be exported.
+    ///
+    /// If this function returns an error status other than
+    /// #PSA_ERROR_INSUFFICIENT_DATA or #PSA_ERROR_INVALID_SIGNATURE,
+    /// the operation enters an error state and must be aborted by calling
+    /// psa_key_derivation_abort().
+    ///
+    /// \param[in,out] operation The key derivation operation object to read from.
+    /// \param[in] expected      A key of type #PSA_KEY_TYPE_PASSWORD_HASH
+    ///                          containing the expected output. Its policy must
+    ///                          include the #PSA_KEY_USAGE_VERIFY_DERIVATION flag
+    ///                          and the permitted algorithm must match the
+    ///                          operation. The value of this key was likely
+    ///                          computed by a previous call to
+    ///                          psa_key_derivation_output_key().
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The output was read successfully, but if differs from the expected
+    ///         output.
+    /// \retval #PSA_ERROR_INVALID_HANDLE
+    ///         The key passed as the expected value does not exist.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The key passed as the expected value has an invalid type.
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The key passed as the expected value does not allow this usage or
+    ///         this algorithm; or one of the inputs was a key whose policy didn't
+    ///         allow #PSA_KEY_USAGE_VERIFY_DERIVATION.
+    /// \retval #PSA_ERROR_INSUFFICIENT_DATA
+    ///                          The operation's capacity was less than
+    ///                          the length of the expected value. In this case,
+    ///                          the operation's capacity is set to 0, thus
+    ///                          subsequent calls to this function will not
+    ///                          succeed, even with a smaller expected output.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active and completed
+    ///         all required input steps), or the library has not been previously
+    ///         initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_verify_key(
+        operation: *mut psa_key_derivation_operation_t,
+        expected: psa_key_id_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Abort a key derivation operation.
+    ///
+    /// Aborting an operation frees all associated resources except for the \c
+    /// operation structure itself. Once aborted, the operation object can be reused
+    /// for another operation by calling psa_key_derivation_setup() again.
+    ///
+    /// This function may be called at any time after the operation
+    /// object has been initialized as described in #psa_key_derivation_operation_t.
+    ///
+    /// In particular, it is valid to call psa_key_derivation_abort() twice, or to
+    /// call psa_key_derivation_abort() on an operation that has not been set up.
+    ///
+    /// \param[in,out] operation    The operation to abort.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_abort(operation: *mut psa_key_derivation_operation_t)
+        -> psa_status_t;
+}
+extern "C" {
+    /// Perform a key agreement and return the raw shared secret.
+    ///
+    /// \warning The raw result of a key agreement algorithm such as finite-field
+    /// Diffie-Hellman or elliptic curve Diffie-Hellman has biases and should
+    /// not be used directly as key material. It should instead be passed as
+    /// input to a key derivation algorithm. To chain a key agreement with
+    /// a key derivation, use psa_key_derivation_key_agreement() and other
+    /// functions from the key derivation interface.
+    ///
+    /// \param alg                     The key agreement algorithm to compute
+    ///                                (\c PSA_ALG_XXX value such that
+    ///                                #PSA_ALG_IS_RAW_KEY_AGREEMENT(\p alg)
+    ///                                is true).
+    /// \param private_key             Identifier of the private key to use. It must
+    ///                                allow the usage #PSA_KEY_USAGE_DERIVE.
+    /// \param[in] peer_key            Public key of the peer. It must be
+    ///                                in the same format that psa_import_key()
+    ///                                accepts. The standard formats for public
+    ///                                keys are documented in the documentation
+    ///                                of psa_export_public_key().
+    /// \param peer_key_length         Size of \p peer_key in bytes.
+    /// \param[out] output             Buffer where the decrypted message is to
+    ///                                be written.
+    /// \param output_size             Size of the \c output buffer in bytes.
+    /// \param[out] output_length      On success, the number of bytes
+    ///                                that make up the returned output.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p alg is not a key agreement algorithm, or
+    ///         \p private_key is not compatible with \p alg,
+    ///         or \p peer_key is not valid for \p alg or not compatible with
+    ///         \p private_key.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         \p output_size is too small
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not a supported key agreement algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_raw_key_agreement(
+        alg: psa_algorithm_t,
+        private_key: mbedtls_svc_key_id_t,
+        peer_key: *const u8,
+        peer_key_length: usize,
+        output: *mut u8,
+        output_size: usize,
+        output_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Generate random bytes.
+    ///
+    /// \warning This function **can** fail! Callers MUST check the return status
+    ///          and MUST NOT use the content of the output buffer if the return
+    ///          status is not #PSA_SUCCESS.
+    ///
+    /// \note    To generate a key, use psa_generate_key() instead.
+    ///
+    /// \param[out] output       Output buffer for the generated data.
+    /// \param output_size       Number of bytes to generate and output.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_generate_random(output: *mut u8, output_size: usize) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Generate a key or key pair.
+    ///
+    /// The key is generated randomly.
+    /// Its location, usage policy, type and size are taken from \p attributes.
+    ///
+    /// Implementations must reject an attempt to generate a key of size 0.
+    ///
+    /// The following type-specific considerations apply:
+    /// - For RSA keys (#PSA_KEY_TYPE_RSA_KEY_PAIR),
+    ///   the public exponent is 65537.
+    ///   The modulus is a product of two probabilistic primes
+    ///   between 2^{n-1} and 2^n where n is the bit size specified in the
+    ///   attributes.
+    ///
+    /// \param[in] attributes    The attributes for the new key.
+    /// \param[out] key          On success, an identifier for the newly created
+    ///                          key. For persistent keys, this is the key
+    ///                          identifier defined in \p attributes.
+    ///                          \c 0 on failure.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    ///         If the key is persistent, the key material and the key's metadata
+    ///         have been saved to persistent storage.
+    /// \retval #PSA_ERROR_ALREADY_EXISTS
+    ///         This is an attempt to create a persistent key, and there is
+    ///         already a persistent key with the given identifier.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_generate_key(
+        attributes: *const psa_key_attributes_t,
+        key: *mut mbedtls_svc_key_id_t,
+    ) -> psa_status_t;
+}
+/// The type of the state data structure for interruptible hash
+///  signing operations.
+///
+/// Before calling any function on a sign hash operation object, the
+/// application must initialize it by any of the following means:
+/// - Set the structure to all-bits-zero, for example:
+///   \code
+///   psa_sign_hash_interruptible_operation_t operation;
+///   memset(&operation, 0, sizeof(operation));
+///   \endcode
+/// - Initialize the structure to logical zero values, for example:
+///   \code
+///   psa_sign_hash_interruptible_operation_t operation = {0};
+///   \endcode
+/// - Initialize the structure to the initializer
+///   #PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT, for example:
+///   \code
+///   psa_sign_hash_interruptible_operation_t operation =
+///   PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT;
+///   \endcode
+/// - Assign the result of the function
+///   psa_sign_hash_interruptible_operation_init() to the structure, for
+///   example:
+///   \code
+///   psa_sign_hash_interruptible_operation_t operation;
+///   operation = psa_sign_hash_interruptible_operation_init();
+///   \endcode
+///
+/// This is an implementation-defined \c struct. Applications should not
+/// make any assumptions about the content of this structure.
+/// Implementation details can change in future versions without notice.
+pub type psa_sign_hash_interruptible_operation_t = psa_sign_hash_interruptible_operation_s;
+/// The type of the state data structure for interruptible hash
+///  verification operations.
+///
+/// Before calling any function on a sign hash operation object, the
+/// application must initialize it by any of the following means:
+/// - Set the structure to all-bits-zero, for example:
+///   \code
+///   psa_verify_hash_interruptible_operation_t operation;
+///   memset(&operation, 0, sizeof(operation));
+///   \endcode
+/// - Initialize the structure to logical zero values, for example:
+///   \code
+///   psa_verify_hash_interruptible_operation_t operation = {0};
+///   \endcode
+/// - Initialize the structure to the initializer
+///   #PSA_VERIFY_HASH_INTERRUPTIBLE_OPERATION_INIT, for example:
+///   \code
+///   psa_verify_hash_interruptible_operation_t operation =
+///   PSA_VERIFY_HASH_INTERRUPTIBLE_OPERATION_INIT;
+///   \endcode
+/// - Assign the result of the function
+///   psa_verify_hash_interruptible_operation_init() to the structure, for
+///   example:
+///   \code
+///   psa_verify_hash_interruptible_operation_t operation;
+///   operation = psa_verify_hash_interruptible_operation_init();
+///   \endcode
+///
+/// This is an implementation-defined \c struct. Applications should not
+/// make any assumptions about the content of this structure.
+/// Implementation details can change in future versions without notice.
+pub type psa_verify_hash_interruptible_operation_t = psa_verify_hash_interruptible_operation_s;
+extern "C" {
+    /// \brief                       Set the maximum number of ops allowed to be
+    ///                              executed by an interruptible function in a
+    ///                              single call.
+    ///
+    /// \warning                     This is a beta API, and thus subject to change
+    ///                              at any point. It is not bound by the usual
+    ///                              interface stability promises.
+    ///
+    /// \note                        The time taken to execute a single op is
+    ///                              implementation specific and depends on
+    ///                              software, hardware, the algorithm, key type and
+    ///                              curve chosen. Even within a single operation,
+    ///                              successive ops can take differing amounts of
+    ///                              time. The only guarantee is that lower values
+    ///                              for \p max_ops means functions will block for a
+    ///                              lesser maximum amount of time. The functions
+    ///                              \c psa_sign_interruptible_get_num_ops() and
+    ///                              \c psa_verify_interruptible_get_num_ops() are
+    ///                              provided to help with tuning this value.
+    ///
+    /// \note                        This value defaults to
+    ///                              #PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED, which
+    ///                              means the whole operation will be done in one
+    ///                              go, regardless of the number of ops required.
+    ///
+    /// \note                        If more ops are needed to complete a
+    ///                              computation, #PSA_OPERATION_INCOMPLETE will be
+    ///                              returned by the function performing the
+    ///                              computation. It is then the caller's
+    ///                              responsibility to either call again with the
+    ///                              same operation context until it returns 0 or an
+    ///                              error code; or to call the relevant abort
+    ///                              function if the answer is no longer required.
+    ///
+    /// \note                        The interpretation of \p max_ops is also
+    ///                              implementation defined. On a hard real time
+    ///                              system, this can indicate a hard deadline, as a
+    ///                              real-time system needs a guarantee of not
+    ///                              spending more than X time, however care must be
+    ///                              taken in such an implementation to avoid the
+    ///                              situation whereby calls just return, not being
+    ///                              able to do any actual work within the allotted
+    ///                              time.  On a non-real-time system, the
+    ///                              implementation can be more relaxed, but again
+    ///                              whether this number should be interpreted as as
+    ///                              hard or soft limit or even whether a less than
+    ///                              or equals as regards to ops executed in a
+    ///                              single call is implementation defined.
+    ///
+    /// \note                        For keys in local storage when no accelerator
+    ///                              driver applies, please see also the
+    ///                              documentation for \c mbedtls_ecp_set_max_ops(),
+    ///                              which is the internal implementation in these
+    ///                              cases.
+    ///
+    /// \warning                     With implementations that interpret this number
+    ///                              as a hard limit, setting this number too small
+    ///                              may result in an infinite loop, whereby each
+    ///                              call results in immediate return with no ops
+    ///                              done (as there is not enough time to execute
+    ///                              any), and thus no result will ever be achieved.
+    ///
+    /// \note                        This only applies to functions whose
+    ///                              documentation mentions they may return
+    ///                              #PSA_OPERATION_INCOMPLETE.
+    ///
+    /// \param max_ops               The maximum number of ops to be executed in a
+    ///                              single call. This can be a number from 0 to
+    ///                              #PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED, where 0
+    ///                              is the least amount of work done per call.
+    pub fn psa_interruptible_set_max_ops(max_ops: u32);
+}
+extern "C" {
+    /// \brief                       Get the maximum number of ops allowed to be
+    ///                              executed by an interruptible function in a
+    ///                              single call. This will return the last
+    ///                              value set by
+    ///                              \c psa_interruptible_set_max_ops() or
+    ///                              #PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED if
+    ///                              that function has never been called.
+    ///
+    /// \warning                     This is a beta API, and thus subject to change
+    ///                              at any point. It is not bound by the usual
+    ///                              interface stability promises.
+    ///
+    /// \return                      Maximum number of ops allowed to be
+    ///                              executed by an interruptible function in a
+    ///                              single call.
+    pub fn psa_interruptible_get_max_ops() -> u32;
+}
+extern "C" {
+    /// \brief                       Get the number of ops that a hash signing
+    ///                              operation has taken so far. If the operation
+    ///                              has completed, then this will represent the
+    ///                              number of ops required for the entire
+    ///                              operation. After initialization or calling
+    ///                              \c psa_sign_hash_interruptible_abort() on
+    ///                              the operation, a value of 0 will be returned.
+    ///
+    /// \note                        This interface is guaranteed re-entrant and
+    ///                              thus may be called from driver code.
+    ///
+    /// \warning                     This is a beta API, and thus subject to change
+    ///                              at any point. It is not bound by the usual
+    ///                              interface stability promises.
+    ///
+    ///                              This is a helper provided to help you tune the
+    ///                              value passed to \c
+    ///                              psa_interruptible_set_max_ops().
+    ///
+    /// \param operation             The \c psa_sign_hash_interruptible_operation_t
+    ///                              to use. This must be initialized first.
+    ///
+    /// \return                      Number of ops that the operation has taken so
+    ///                              far.
+    pub fn psa_sign_hash_get_num_ops(
+        operation: *const psa_sign_hash_interruptible_operation_t,
+    ) -> u32;
+}
+extern "C" {
+    /// \brief                       Get the number of ops that a hash verification
+    ///                              operation has taken so far. If the operation
+    ///                              has completed, then this will represent the
+    ///                              number of ops required for the entire
+    ///                              operation. After initialization or calling \c
+    ///                              psa_verify_hash_interruptible_abort() on the
+    ///                              operation, a value of 0 will be returned.
+    ///
+    /// \warning                     This is a beta API, and thus subject to change
+    ///                              at any point. It is not bound by the usual
+    ///                              interface stability promises.
+    ///
+    ///                              This is a helper provided to help you tune the
+    ///                              value passed to \c
+    ///                              psa_interruptible_set_max_ops().
+    ///
+    /// \param operation             The \c
+    ///                              psa_verify_hash_interruptible_operation_t to
+    ///                              use. This must be initialized first.
+    ///
+    /// \return                      Number of ops that the operation has taken so
+    ///                              far.
+    pub fn psa_verify_hash_get_num_ops(
+        operation: *const psa_verify_hash_interruptible_operation_t,
+    ) -> u32;
+}
+extern "C" {
+    /// \brief                       Start signing a hash or short message with a
+    ///                              private key, in an interruptible manner.
+    ///
+    /// \see                         \c psa_sign_hash_complete()
+    ///
+    /// \warning                     This is a beta API, and thus subject to change
+    ///                              at any point. It is not bound by the usual
+    ///                              interface stability promises.
+    ///
+    /// \note                        This function combined with \c
+    ///                              psa_sign_hash_complete() is equivalent to
+    ///                              \c psa_sign_hash() but
+    ///                              \c psa_sign_hash_complete() can return early and
+    ///                              resume according to the limit set with \c
+    ///                              psa_interruptible_set_max_ops() to reduce the
+    ///                              maximum time spent in a function call.
+    ///
+    /// \note                        Users should call \c psa_sign_hash_complete()
+    ///                              repeatedly on the same context after a
+    ///                              successful call to this function until \c
+    ///                              psa_sign_hash_complete() either returns 0 or an
+    ///                              error. \c psa_sign_hash_complete() will return
+    ///                              #PSA_OPERATION_INCOMPLETE if there is more work
+    ///                              to do. Alternatively users can call
+    ///                              \c psa_sign_hash_abort() at any point if they no
+    ///                              longer want the result.
+    ///
+    /// \note                        If this function returns an error status, the
+    ///                              operation enters an error state and must be
+    ///                              aborted by calling \c psa_sign_hash_abort().
+    ///
+    /// \param[in, out] operation    The \c psa_sign_hash_interruptible_operation_t
+    ///                              to use. This must be initialized first.
+    ///
+    /// \param key                   Identifier of the key to use for the operation.
+    ///                              It must be an asymmetric key pair. The key must
+    ///                              allow the usage #PSA_KEY_USAGE_SIGN_HASH.
+    /// \param alg                   A signature algorithm (\c PSA_ALG_XXX
+    ///                              value such that #PSA_ALG_IS_SIGN_HASH(\p alg)
+    ///                              is true), that is compatible with
+    ///                              the type of \p key.
+    /// \param[in] hash              The hash or message to sign.
+    /// \param hash_length           Size of the \p hash buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         The operation started successfully - call \c psa_sign_hash_complete()
+    ///         with the same context to complete the operation
+    ///
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The key does not have the #PSA_KEY_USAGE_SIGN_HASH flag, or it does
+    ///         not permit the requested algorithm.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         An operation has previously been started on this context, and is
+    ///         still in progress.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_sign_hash_start(
+        operation: *mut psa_sign_hash_interruptible_operation_t,
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        hash: *const u8,
+        hash_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief                       Continue and eventually complete the action of
+    ///                              signing a hash or short message with a private
+    ///                              key, in an interruptible manner.
+    ///
+    /// \see                         \c psa_sign_hash_start()
+    ///
+    /// \warning                     This is a beta API, and thus subject to change
+    ///                              at any point. It is not bound by the usual
+    ///                              interface stability promises.
+    ///
+    /// \note                        This function combined with \c
+    ///                              psa_sign_hash_start() is equivalent to
+    ///                              \c psa_sign_hash() but this function can return
+    ///                              early and resume according to the limit set with
+    ///                              \c psa_interruptible_set_max_ops() to reduce the
+    ///                              maximum time spent in a function call.
+    ///
+    /// \note                        Users should call this function on the same
+    ///                              operation object repeatedly until it either
+    ///                              returns 0 or an error. This function will return
+    ///                              #PSA_OPERATION_INCOMPLETE if there is more work
+    ///                              to do. Alternatively users can call
+    ///                              \c psa_sign_hash_abort() at any point if they no
+    ///                              longer want the result.
+    ///
+    /// \note                        When this function returns successfully, the
+    ///                              operation becomes inactive. If this function
+    ///                              returns an error status, the operation enters an
+    ///                              error state and must be aborted by calling
+    ///                              \c psa_sign_hash_abort().
+    ///
+    /// \param[in, out] operation    The \c psa_sign_hash_interruptible_operation_t
+    ///                              to use. This must be initialized first, and have
+    ///                              had \c psa_sign_hash_start() called with it
+    ///                              first.
+    ///
+    /// \param[out] signature        Buffer where the signature is to be written.
+    /// \param signature_size        Size of the \p signature buffer in bytes. This
+    ///                              must be appropriate for the selected
+    ///                              algorithm and key:
+    ///                              - The required signature size is
+    ///                                #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c
+    ///                                key_bits, \c alg) where \c key_type and \c
+    ///                                key_bits are the type and bit-size
+    ///                                respectively of key.
+    ///                              - #PSA_SIGNATURE_MAX_SIZE evaluates to the
+    ///                                maximum signature size of any supported
+    ///                                signature algorithm.
+    /// \param[out] signature_length On success, the number of bytes that make up
+    ///                              the returned signature value.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Operation completed successfully
+    ///
+    /// \retval #PSA_OPERATION_INCOMPLETE
+    ///         Operation was interrupted due to the setting of \c
+    ///         psa_interruptible_set_max_ops(). There is still work to be done.
+    ///         Call this function again with the same operation object.
+    ///
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p signature buffer is too small. You can
+    ///         determine a sufficient buffer size by calling
+    ///         #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
+    ///         where \c key_type and \c key_bits are the type and bit-size
+    ///         respectively of \p key.
+    ///
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         An operation was not previously started on this context via
+    ///         \c psa_sign_hash_start().
+    ///
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has either not been previously initialized by
+    ///         psa_crypto_init() or you did not previously call
+    ///         psa_sign_hash_start() with this operation object. It is
+    ///         implementation-dependent whether a failure to initialize results in
+    ///         this error code.
+    pub fn psa_sign_hash_complete(
+        operation: *mut psa_sign_hash_interruptible_operation_t,
+        signature: *mut u8,
+        signature_size: usize,
+        signature_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief                       Abort a sign hash operation.
+    ///
+    /// \warning                     This is a beta API, and thus subject to change
+    ///                              at any point. It is not bound by the usual
+    ///                              interface stability promises.
+    ///
+    /// \note                        This function is the only function that clears
+    ///                              the number of ops completed as part of the
+    ///                              operation. Please ensure you copy this value via
+    ///                              \c psa_sign_hash_get_num_ops() if required
+    ///                              before calling.
+    ///
+    /// \note                        Aborting an operation frees all associated
+    ///                              resources except for the \p operation structure
+    ///                              itself. Once aborted, the operation object can
+    ///                              be reused for another operation by calling \c
+    ///                              psa_sign_hash_start() again.
+    ///
+    /// \note                        You may call this function any time after the
+    ///                              operation object has been initialized. In
+    ///                              particular, calling \c psa_sign_hash_abort()
+    ///                              after the operation has already been terminated
+    ///                              by a call to \c psa_sign_hash_abort() or
+    ///                              psa_sign_hash_complete() is safe.
+    ///
+    /// \param[in,out] operation     Initialized sign hash operation.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         The operation was aborted successfully.
+    ///
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_sign_hash_abort(
+        operation: *mut psa_sign_hash_interruptible_operation_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief                       Start reading and verifying a hash or short
+    ///                              message, in an interruptible manner.
+    ///
+    /// \see                         \c psa_verify_hash_complete()
+    ///
+    /// \warning                     This is a beta API, and thus subject to change
+    ///                              at any point. It is not bound by the usual
+    ///                              interface stability promises.
+    ///
+    /// \note                        This function combined with \c
+    ///                              psa_verify_hash_complete() is equivalent to
+    ///                              \c psa_verify_hash() but \c
+    ///                              psa_verify_hash_complete() can return early and
+    ///                              resume according to the limit set with \c
+    ///                              psa_interruptible_set_max_ops() to reduce the
+    ///                              maximum time spent in a function.
+    ///
+    /// \note                        Users should call \c psa_verify_hash_complete()
+    ///                              repeatedly on the same operation object after a
+    ///                              successful call to this function until \c
+    ///                              psa_verify_hash_complete() either returns 0 or
+    ///                              an error. \c psa_verify_hash_complete() will
+    ///                              return #PSA_OPERATION_INCOMPLETE if there is
+    ///                              more work to do. Alternatively users can call
+    ///                              \c psa_verify_hash_abort() at any point if they
+    ///                              no longer want the result.
+    ///
+    /// \note                        If this function returns an error status, the
+    ///                              operation enters an error state and must be
+    ///                              aborted by calling \c psa_verify_hash_abort().
+    ///
+    /// \param[in, out] operation    The \c psa_verify_hash_interruptible_operation_t
+    ///                              to use. This must be initialized first.
+    ///
+    /// \param key                   Identifier of the key to use for the operation.
+    ///                              The key must allow the usage
+    ///                              #PSA_KEY_USAGE_VERIFY_HASH.
+    /// \param alg                   A signature algorithm (\c PSA_ALG_XXX
+    ///                              value such that #PSA_ALG_IS_SIGN_HASH(\p alg)
+    ///                              is true), that is compatible with
+    ///                              the type of \p key.
+    /// \param[in] hash              The hash whose signature is to be verified.
+    /// \param hash_length           Size of the \p hash buffer in bytes.
+    /// \param[in] signature         Buffer containing the signature to verify.
+    /// \param signature_length      Size of the \p signature buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         The operation started successfully - please call \c
+    ///         psa_verify_hash_complete() with the same context to complete the
+    ///         operation.
+    ///
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         Another operation has already been started on this context, and is
+    ///         still in progress.
+    ///
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The key does not have the #PSA_KEY_USAGE_VERIFY_HASH flag, or it does
+    ///         not permit the requested algorithm.
+    ///
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_verify_hash_start(
+        operation: *mut psa_verify_hash_interruptible_operation_t,
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        hash: *const u8,
+        hash_length: usize,
+        signature: *const u8,
+        signature_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief                       Continue and eventually complete the action of
+    ///                              reading and verifying a hash or short message
+    ///                              signed with a private key, in an interruptible
+    ///                              manner.
+    ///
+    /// \see                         \c psa_verify_hash_start()
+    ///
+    /// \warning                     This is a beta API, and thus subject to change
+    ///                              at any point. It is not bound by the usual
+    ///                              interface stability promises.
+    ///
+    /// \note                        This function combined with \c
+    ///                              psa_verify_hash_start() is equivalent to
+    ///                              \c psa_verify_hash() but this function can
+    ///                              return early and resume according to the limit
+    ///                              set with \c psa_interruptible_set_max_ops() to
+    ///                              reduce the maximum time spent in a function
+    ///                              call.
+    ///
+    /// \note                        Users should call this function on the same
+    ///                              operation object repeatedly until it either
+    ///                              returns 0 or an error. This function will return
+    ///                              #PSA_OPERATION_INCOMPLETE if there is more work
+    ///                              to do. Alternatively users can call
+    ///                              \c psa_verify_hash_abort() at any point if they
+    ///                              no longer want the result.
+    ///
+    /// \note                        When this function returns successfully, the
+    ///                              operation becomes inactive. If this function
+    ///                              returns an error status, the operation enters an
+    ///                              error state and must be aborted by calling
+    ///                              \c psa_verify_hash_abort().
+    ///
+    /// \param[in, out] operation    The \c psa_verify_hash_interruptible_operation_t
+    ///                              to use. This must be initialized first, and have
+    ///                              had \c psa_verify_hash_start() called with it
+    ///                              first.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Operation completed successfully, and the passed signature is valid.
+    ///
+    /// \retval #PSA_OPERATION_INCOMPLETE
+    ///         Operation was interrupted due to the setting of \c
+    ///         psa_interruptible_set_max_ops(). There is still work to be done.
+    ///         Call this function again with the same operation object.
+    ///
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The calculation was performed successfully, but the passed
+    ///         signature is not a valid signature.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         An operation was not previously started on this context via
+    ///         \c psa_verify_hash_start().
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has either not been previously initialized by
+    ///         psa_crypto_init() or you did not previously call
+    ///         psa_verify_hash_start() on this object. It is
+    ///         implementation-dependent whether a failure to initialize results in
+    ///         this error code.
+    pub fn psa_verify_hash_complete(
+        operation: *mut psa_verify_hash_interruptible_operation_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief                     Abort a verify hash operation.
+    ///
+    /// \warning                   This is a beta API, and thus subject to change at
+    ///                            any point. It is not bound by the usual interface
+    ///                            stability promises.
+    ///
+    /// \note                      This function is the only function that clears the
+    ///                            number of ops completed as part of the operation.
+    ///                            Please ensure you copy this value via
+    ///                            \c psa_verify_hash_get_num_ops() if required
+    ///                            before calling.
+    ///
+    /// \note                      Aborting an operation frees all associated
+    ///                            resources except for the operation structure
+    ///                            itself. Once aborted, the operation object can be
+    ///                            reused for another operation by calling \c
+    ///                            psa_verify_hash_start() again.
+    ///
+    /// \note                      You may call this function any time after the
+    ///                            operation object has been initialized.
+    ///                            In particular, calling \c psa_verify_hash_abort()
+    ///                            after the operation has already been terminated by
+    ///                            a call to \c psa_verify_hash_abort() or
+    ///                            psa_verify_hash_complete() is safe.
+    ///
+    /// \param[in,out] operation   Initialized verify hash operation.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         The operation was aborted successfully.
+    ///
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_verify_hash_abort(
+        operation: *mut psa_verify_hash_interruptible_operation_t,
+    ) -> psa_status_t;
+}
+/// The CMAC context structure.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_cmac_context_t {
+    pub private_state: [crate::c_types::c_uchar; 16usize],
+    pub private_unprocessed_block: [crate::c_types::c_uchar; 16usize],
+    pub private_unprocessed_len: usize,
+}
+extern "C" {
+    /// \brief               This function starts a new CMAC computation
+    ///                      by setting the CMAC key, and preparing to authenticate
+    ///                      the input data.
+    ///                      It must be called with an initialized cipher context.
+    ///
+    ///                      Once this function has completed, data can be supplied
+    ///                      to the CMAC computation by calling
+    ///                      mbedtls_cipher_cmac_update().
+    ///
+    ///                      To start a CMAC computation using the same key as a previous
+    ///                      CMAC computation, use mbedtls_cipher_cmac_finish().
+    ///
+    /// \note                When the CMAC implementation is supplied by an alternate
+    ///                      implementation (through #MBEDTLS_CMAC_ALT), some ciphers
+    ///                      may not be supported by that implementation, and thus
+    ///                      return an error. Alternate implementations must support
+    ///                      AES-128 and AES-256, and may support AES-192 and 3DES.
+    ///
+    /// \param ctx           The cipher context used for the CMAC operation, initialized
+    ///                      as one of the following types: MBEDTLS_CIPHER_AES_128_ECB,
+    ///                      MBEDTLS_CIPHER_AES_192_ECB, MBEDTLS_CIPHER_AES_256_ECB,
+    ///                      or MBEDTLS_CIPHER_DES_EDE3_ECB.
+    /// \param key           The CMAC key.
+    /// \param keybits       The length of the CMAC key in bits.
+    ///                      Must be supported by the cipher.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              A cipher-specific error code on failure.
+    pub fn mbedtls_cipher_cmac_starts(
+        ctx: *mut mbedtls_cipher_context_t,
+        key: *const crate::c_types::c_uchar,
+        keybits: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function feeds an input buffer into an ongoing CMAC
+    ///                      computation.
+    ///
+    ///                      The CMAC computation must have previously been started
+    ///                      by calling mbedtls_cipher_cmac_starts() or
+    ///                      mbedtls_cipher_cmac_reset().
+    ///
+    ///                      Call this function as many times as needed to input the
+    ///                      data to be authenticated.
+    ///                      Once all of the required data has been input,
+    ///                      call mbedtls_cipher_cmac_finish() to obtain the result
+    ///                      of the CMAC operation.
+    ///
+    /// \param ctx           The cipher context used for the CMAC operation.
+    /// \param input         The buffer holding the input data.
+    /// \param ilen          The length of the input data.
+    ///
+    /// \return             \c 0 on success.
+    /// \return             #MBEDTLS_ERR_MD_BAD_INPUT_DATA
+    ///                     if parameter verification fails.
+    pub fn mbedtls_cipher_cmac_update(
+        ctx: *mut mbedtls_cipher_context_t,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function finishes an ongoing CMAC operation, and
+    ///                      writes the result to the output buffer.
+    ///
+    ///                      It should be followed either by
+    ///                      mbedtls_cipher_cmac_reset(), which starts another CMAC
+    ///                      operation with the same key, or mbedtls_cipher_free(),
+    ///                      which clears the cipher context.
+    ///
+    /// \param ctx           The cipher context used for the CMAC operation.
+    /// \param output        The output buffer for the CMAC checksum result.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_MD_BAD_INPUT_DATA
+    ///                      if parameter verification fails.
+    pub fn mbedtls_cipher_cmac_finish(
+        ctx: *mut mbedtls_cipher_context_t,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function starts a new CMAC operation with the same
+    ///                      key as the previous one.
+    ///
+    ///                      It should be called after finishing the previous CMAC
+    ///                      operation with mbedtls_cipher_cmac_finish().
+    ///                      After calling this function,
+    ///                      call mbedtls_cipher_cmac_update() to supply the new
+    ///                      CMAC operation with data.
+    ///
+    /// \param ctx           The cipher context used for the CMAC operation.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_MD_BAD_INPUT_DATA
+    ///                      if parameter verification fails.
+    pub fn mbedtls_cipher_cmac_reset(ctx: *mut mbedtls_cipher_context_t) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function calculates the full generic CMAC
+    ///                      on the input buffer with the provided key.
+    ///
+    ///                      The function allocates the context, performs the
+    ///                      calculation, and frees the context.
+    ///
+    ///                      The CMAC result is calculated as
+    ///                      output = generic CMAC(cmac key, input buffer).
+    ///
+    /// \note                When the CMAC implementation is supplied by an alternate
+    ///                      implementation (through #MBEDTLS_CMAC_ALT), some ciphers
+    ///                      may not be supported by that implementation, and thus
+    ///                      return an error. Alternate implementations must support
+    ///                      AES-128 and AES-256, and may support AES-192 and 3DES.
+    ///
+    /// \param cipher_info   The cipher information.
+    /// \param key           The CMAC key.
+    /// \param keylen        The length of the CMAC key in bits.
+    /// \param input         The buffer holding the input data.
+    /// \param ilen          The length of the input data.
+    /// \param output        The buffer for the generic CMAC result.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_MD_BAD_INPUT_DATA
+    ///                      if parameter verification fails.
+    pub fn mbedtls_cipher_cmac(
+        cipher_info: *const mbedtls_cipher_info_t,
+        key: *const crate::c_types::c_uchar,
+        keylen: usize,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function implements the AES-CMAC-PRF-128 pseudorandom
+    ///                  function, as defined in
+    ///                  <em>RFC-4615: The Advanced Encryption Standard-Cipher-based
+    ///                  Message Authentication Code-Pseudo-Random Function-128
+    ///                  (AES-CMAC-PRF-128) Algorithm for the Internet Key
+    ///                  Exchange Protocol (IKE).</em>
+    ///
+    /// \param key       The key to use.
+    /// \param key_len   The key length in Bytes.
+    /// \param input     The buffer holding the input data.
+    /// \param in_len    The length of the input data in Bytes.
+    /// \param output    The buffer holding the generated 16 Bytes of
+    ///                  pseudorandom output.
+    ///
+    /// \return          \c 0 on success.
+    pub fn mbedtls_aes_cmac_prf_128(
+        key: *const crate::c_types::c_uchar,
+        key_len: usize,
+        input: *const crate::c_types::c_uchar,
+        in_len: usize,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          The CMAC checkup routine.
+    ///
+    /// \note           In case the CMAC routines are provided by an alternative
+    ///                 implementation (i.e. #MBEDTLS_CMAC_ALT is defined), the
+    ///                 checkup routine will succeed even if the implementation does
+    ///                 not support the less widely used AES-192 or 3DES primitives.
+    ///                 The self-test requires at least AES-128 and AES-256 to be
+    ///                 supported by the underlying implementation.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_cmac_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+/// \brief          The GCM context structure.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_gcm_context {
+    pub private_cipher_ctx: mbedtls_cipher_context_t,
+    pub private_HL: [u64; 16usize],
+    pub private_HH: [u64; 16usize],
+    pub private_len: u64,
+    pub private_add_len: u64,
+    pub private_base_ectr: [crate::c_types::c_uchar; 16usize],
+    pub private_y: [crate::c_types::c_uchar; 16usize],
+    pub private_buf: [crate::c_types::c_uchar; 16usize],
+    pub private_mode: crate::c_types::c_int,
+}
+extern "C" {
+    /// \brief           This function initializes the specified GCM context,
+    ///                  to make references valid, and prepares the context
+    ///                  for mbedtls_gcm_setkey() or mbedtls_gcm_free().
+    ///
+    ///                  The function does not bind the GCM context to a particular
+    ///                  cipher, nor set the key. For this purpose, use
+    ///                  mbedtls_gcm_setkey().
+    ///
+    /// \param ctx       The GCM context to initialize. This must not be \c NULL.
+    pub fn mbedtls_gcm_init(ctx: *mut mbedtls_gcm_context);
+}
+extern "C" {
+    /// \brief           This function associates a GCM context with a
+    ///                  cipher algorithm and a key.
+    ///
+    /// \param ctx       The GCM context. This must be initialized.
+    /// \param cipher    The 128-bit block cipher to use.
+    /// \param key       The encryption key. This must be a readable buffer of at
+    ///                  least \p keybits bits.
+    /// \param keybits   The key size in bits. Valid options are:
+    ///                  <ul><li>128 bits</li>
+    ///                  <li>192 bits</li>
+    ///                  <li>256 bits</li></ul>
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A cipher-specific error code on failure.
+    pub fn mbedtls_gcm_setkey(
+        ctx: *mut mbedtls_gcm_context,
+        cipher: mbedtls_cipher_id_t,
+        key: *const crate::c_types::c_uchar,
+        keybits: crate::c_types::c_uint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function performs GCM encryption or decryption of a buffer.
+    ///
+    /// \note            For encryption, the output buffer can be the same as the
+    ///                  input buffer. For decryption, the output buffer cannot be
+    ///                  the same as input buffer. If the buffers overlap, the output
+    ///                  buffer must trail at least 8 Bytes behind the input buffer.
+    ///
+    /// \warning         When this function performs a decryption, it outputs the
+    ///                  authentication tag and does not verify that the data is
+    ///                  authentic. You should use this function to perform encryption
+    ///                  only. For decryption, use mbedtls_gcm_auth_decrypt() instead.
+    ///
+    /// \param ctx       The GCM context to use for encryption or decryption. This
+    ///                  must be initialized.
+    /// \param mode      The operation to perform:
+    ///                  - #MBEDTLS_GCM_ENCRYPT to perform authenticated encryption.
+    ///                    The ciphertext is written to \p output and the
+    ///                    authentication tag is written to \p tag.
+    ///                  - #MBEDTLS_GCM_DECRYPT to perform decryption.
+    ///                    The plaintext is written to \p output and the
+    ///                    authentication tag is written to \p tag.
+    ///                    Note that this mode is not recommended, because it does
+    ///                    not verify the authenticity of the data. For this reason,
+    ///                    you should use mbedtls_gcm_auth_decrypt() instead of
+    ///                    calling this function in decryption mode.
+    /// \param length    The length of the input data, which is equal to the length
+    ///                  of the output data.
+    /// \param iv        The initialization vector. This must be a readable buffer of
+    ///                  at least \p iv_len Bytes.
+    /// \param iv_len    The length of the IV.
+    /// \param add       The buffer holding the additional data. This must be of at
+    ///                  least that size in Bytes.
+    /// \param add_len   The length of the additional data.
+    /// \param input     The buffer holding the input data. If \p length is greater
+    ///                  than zero, this must be a readable buffer of at least that
+    ///                  size in Bytes.
+    /// \param output    The buffer for holding the output data. If \p length is greater
+    ///                  than zero, this must be a writable buffer of at least that
+    ///                  size in Bytes.
+    /// \param tag_len   The length of the tag to generate.
+    /// \param tag       The buffer for holding the tag. This must be a writable
+    ///                  buffer of at least \p tag_len Bytes.
+    ///
+    /// \return          \c 0 if the encryption or decryption was performed
+    ///                  successfully. Note that in #MBEDTLS_GCM_DECRYPT mode,
+    ///                  this does not indicate that the data is authentic.
+    /// \return          #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths or pointers are
+    ///                  not valid or a cipher-specific error code if the encryption
+    ///                  or decryption failed.
+    pub fn mbedtls_gcm_crypt_and_tag(
+        ctx: *mut mbedtls_gcm_context,
+        mode: crate::c_types::c_int,
+        length: usize,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+        add: *const crate::c_types::c_uchar,
+        add_len: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+        tag_len: usize,
+        tag: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function performs a GCM authenticated decryption of a
+    ///                  buffer.
+    ///
+    /// \note            For decryption, the output buffer cannot be the same as
+    ///                  input buffer. If the buffers overlap, the output buffer
+    ///                  must trail at least 8 Bytes behind the input buffer.
+    ///
+    /// \param ctx       The GCM context. This must be initialized.
+    /// \param length    The length of the ciphertext to decrypt, which is also
+    ///                  the length of the decrypted plaintext.
+    /// \param iv        The initialization vector. This must be a readable buffer
+    ///                  of at least \p iv_len Bytes.
+    /// \param iv_len    The length of the IV.
+    /// \param add       The buffer holding the additional data. This must be of at
+    ///                  least that size in Bytes.
+    /// \param add_len   The length of the additional data.
+    /// \param tag       The buffer holding the tag to verify. This must be a
+    ///                  readable buffer of at least \p tag_len Bytes.
+    /// \param tag_len   The length of the tag to verify.
+    /// \param input     The buffer holding the ciphertext. If \p length is greater
+    ///                  than zero, this must be a readable buffer of at least that
+    ///                  size.
+    /// \param output    The buffer for holding the decrypted plaintext. If \p length
+    ///                  is greater than zero, this must be a writable buffer of at
+    ///                  least that size.
+    ///
+    /// \return          \c 0 if successful and authenticated.
+    /// \return          #MBEDTLS_ERR_GCM_AUTH_FAILED if the tag does not match.
+    /// \return          #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths or pointers are
+    ///                  not valid or a cipher-specific error code if the decryption
+    ///                  failed.
+    pub fn mbedtls_gcm_auth_decrypt(
+        ctx: *mut mbedtls_gcm_context,
+        length: usize,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+        add: *const crate::c_types::c_uchar,
+        add_len: usize,
+        tag: *const crate::c_types::c_uchar,
+        tag_len: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function starts a GCM encryption or decryption
+    ///                  operation.
+    ///
+    /// \param ctx       The GCM context. This must be initialized.
+    /// \param mode      The operation to perform: #MBEDTLS_GCM_ENCRYPT or
+    ///                  #MBEDTLS_GCM_DECRYPT.
+    /// \param iv        The initialization vector. This must be a readable buffer of
+    ///                  at least \p iv_len Bytes.
+    /// \param iv_len    The length of the IV.
+    ///
+    /// \return          \c 0 on success.
+    pub fn mbedtls_gcm_starts(
+        ctx: *mut mbedtls_gcm_context,
+        mode: crate::c_types::c_int,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function feeds an input buffer as associated data
+    ///                  (authenticated but not encrypted data) in a GCM
+    ///                  encryption or decryption operation.
+    ///
+    ///                  Call this function after mbedtls_gcm_starts() to pass
+    ///                  the associated data. If the associated data is empty,
+    ///                  you do not need to call this function. You may not
+    ///                  call this function after calling mbedtls_cipher_update().
+    ///
+    /// \param ctx       The GCM context. This must have been started with
+    ///                  mbedtls_gcm_starts() and must not have yet received
+    ///                  any input with mbedtls_gcm_update().
+    /// \param add       The buffer holding the additional data, or \c NULL
+    ///                  if \p add_len is \c 0.
+    /// \param add_len   The length of the additional data. If \c 0,
+    ///                  \p add may be \c NULL.
+    ///
+    /// \return          \c 0 on success.
+    pub fn mbedtls_gcm_update_ad(
+        ctx: *mut mbedtls_gcm_context,
+        add: *const crate::c_types::c_uchar,
+        add_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function feeds an input buffer into an ongoing GCM
+    ///                  encryption or decryption operation.
+    ///
+    ///                  You may call this function zero, one or more times
+    ///                  to pass successive parts of the input: the plaintext to
+    ///                  encrypt, or the ciphertext (not including the tag) to
+    ///                  decrypt. After the last part of the input, call
+    ///                  mbedtls_gcm_finish().
+    ///
+    ///                  This function may produce output in one of the following
+    ///                  ways:
+    ///                  - Immediate output: the output length is always equal
+    ///                    to the input length.
+    ///                  - Buffered output: the output consists of a whole number
+    ///                    of 16-byte blocks. If the total input length so far
+    ///                    (not including associated data) is 16 \* *B* + *A*
+    ///                    with *A* < 16 then the total output length is 16 \* *B*.
+    ///
+    ///                  In particular:
+    ///                  - It is always correct to call this function with
+    ///                    \p output_size >= \p input_length + 15.
+    ///                  - If \p input_length is a multiple of 16 for all the calls
+    ///                    to this function during an operation, then it is
+    ///                    correct to use \p output_size = \p input_length.
+    ///
+    /// \note            For decryption, the output buffer cannot be the same as
+    ///                  input buffer. If the buffers overlap, the output buffer
+    ///                  must trail at least 8 Bytes behind the input buffer.
+    ///
+    /// \param ctx           The GCM context. This must be initialized.
+    /// \param input         The buffer holding the input data. If \p input_length
+    ///                      is greater than zero, this must be a readable buffer
+    ///                      of at least \p input_length bytes.
+    /// \param input_length  The length of the input data in bytes.
+    /// \param output        The buffer for the output data. If \p output_size
+    ///                      is greater than zero, this must be a writable buffer of
+    ///                      of at least \p output_size bytes.
+    /// \param output_size   The size of the output buffer in bytes.
+    ///                      See the function description regarding the output size.
+    /// \param output_length On success, \p *output_length contains the actual
+    ///                      length of the output written in \p output.
+    ///                      On failure, the content of \p *output_length is
+    ///                      unspecified.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_GCM_BAD_INPUT on failure:
+    ///                 total input length too long,
+    ///                 unsupported input/output buffer overlap detected,
+    ///                 or \p output_size too small.
+    pub fn mbedtls_gcm_update(
+        ctx: *mut mbedtls_gcm_context,
+        input: *const crate::c_types::c_uchar,
+        input_length: usize,
+        output: *mut crate::c_types::c_uchar,
+        output_size: usize,
+        output_length: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function finishes the GCM operation and generates
+    ///                  the authentication tag.
+    ///
+    ///                  It wraps up the GCM stream, and generates the
+    ///                  tag. The tag can have a maximum length of 16 Bytes.
+    ///
+    /// \param ctx       The GCM context. This must be initialized.
+    /// \param tag       The buffer for holding the tag. This must be a writable
+    ///                  buffer of at least \p tag_len Bytes.
+    /// \param tag_len   The length of the tag to generate. This must be at least
+    ///                  four.
+    /// \param output    The buffer for the final output.
+    ///                  If \p output_size is nonzero, this must be a writable
+    ///                  buffer of at least \p output_size bytes.
+    /// \param output_size  The size of the \p output buffer in bytes.
+    ///                  This must be large enough for the output that
+    ///                  mbedtls_gcm_update() has not produced. In particular:
+    ///                  - If mbedtls_gcm_update() produces immediate output,
+    ///                    or if the total input size is a multiple of \c 16,
+    ///                    then mbedtls_gcm_finish() never produces any output,
+    ///                    so \p output_size can be \c 0.
+    ///                  - \p output_size never needs to be more than \c 15.
+    /// \param output_length On success, \p *output_length contains the actual
+    ///                      length of the output written in \p output.
+    ///                      On failure, the content of \p *output_length is
+    ///                      unspecified.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_GCM_BAD_INPUT on failure:
+    ///                  invalid value of \p tag_len,
+    ///                  or \p output_size too small.
+    pub fn mbedtls_gcm_finish(
+        ctx: *mut mbedtls_gcm_context,
+        output: *mut crate::c_types::c_uchar,
+        output_size: usize,
+        output_length: *mut usize,
+        tag: *mut crate::c_types::c_uchar,
+        tag_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function clears a GCM context and the underlying
+    ///                  cipher sub-context.
+    ///
+    /// \param ctx       The GCM context to clear. If this is \c NULL, the call has
+    ///                  no effect. Otherwise, this must be initialized.
+    pub fn mbedtls_gcm_free(ctx: *mut mbedtls_gcm_context);
+}
+extern "C" {
+    /// \brief          The GCM checkup routine.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_gcm_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+/// \brief    The CCM context-type definition. The CCM context is passed
+///           to the APIs called.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ccm_context {
+    pub private_y: [crate::c_types::c_uchar; 16usize],
+    pub private_ctr: [crate::c_types::c_uchar; 16usize],
+    pub private_cipher_ctx: mbedtls_cipher_context_t,
+    pub private_plaintext_len: usize,
+    pub private_add_len: usize,
+    pub private_tag_len: usize,
+    pub private_processed: usize,
+    pub private_q: crate::c_types::c_uchar,
+    pub private_mode: crate::c_types::c_uchar,
+    pub private_state: crate::c_types::c_int,
+}
+extern "C" {
+    /// \brief           This function initializes the specified CCM context,
+    ///                  to make references valid, and prepare the context
+    ///                  for mbedtls_ccm_setkey() or mbedtls_ccm_free().
+    ///
+    /// \param ctx       The CCM context to initialize. This must not be \c NULL.
+    pub fn mbedtls_ccm_init(ctx: *mut mbedtls_ccm_context);
+}
+extern "C" {
+    /// \brief           This function initializes the CCM context set in the
+    ///                  \p ctx parameter and sets the encryption key.
+    ///
+    /// \param ctx       The CCM context to initialize. This must be an initialized
+    ///                  context.
+    /// \param cipher    The 128-bit block cipher to use.
+    /// \param key       The encryption key. This must not be \c NULL.
+    /// \param keybits   The key size in bits. This must be acceptable by the cipher.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A CCM or cipher-specific error code on failure.
+    pub fn mbedtls_ccm_setkey(
+        ctx: *mut mbedtls_ccm_context,
+        cipher: mbedtls_cipher_id_t,
+        key: *const crate::c_types::c_uchar,
+        keybits: crate::c_types::c_uint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief   This function releases and clears the specified CCM context
+    ///          and underlying cipher sub-context.
+    ///
+    /// \param ctx       The CCM context to clear. If this is \c NULL, the function
+    ///                  has no effect. Otherwise, this must be initialized.
+    pub fn mbedtls_ccm_free(ctx: *mut mbedtls_ccm_context);
+}
+extern "C" {
+    /// \brief           This function encrypts a buffer using CCM.
+    ///
+    /// \note            The tag is written to a separate buffer. To concatenate
+    ///                  the \p tag with the \p output, as done in <em>RFC-3610:
+    ///                  Counter with CBC-MAC (CCM)</em>, use
+    ///                  \p tag = \p output + \p length, and make sure that the
+    ///                  output buffer is at least \p length + \p tag_len wide.
+    ///
+    /// \param ctx       The CCM context to use for encryption. This must be
+    ///                  initialized and bound to a key.
+    /// \param length    The length of the input data in Bytes.
+    /// \param iv        The initialization vector (nonce). This must be a readable
+    ///                  buffer of at least \p iv_len Bytes.
+    /// \param iv_len    The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
+    ///                  or 13. The length L of the message length field is
+    ///                  15 - \p iv_len.
+    /// \param ad        The additional data field. If \p ad_len is greater than
+    ///                  zero, \p ad must be a readable buffer of at least that
+    ///                  length.
+    /// \param ad_len    The length of additional data in Bytes.
+    ///                  This must be less than `2^16 - 2^8`.
+    /// \param input     The buffer holding the input data. If \p length is greater
+    ///                  than zero, \p input must be a readable buffer of at least
+    ///                  that length.
+    /// \param output    The buffer holding the output data. If \p length is greater
+    ///                  than zero, \p output must be a writable buffer of at least
+    ///                  that length.
+    /// \param tag       The buffer holding the authentication field. This must be a
+    ///                  writable buffer of at least \p tag_len Bytes.
+    /// \param tag_len   The length of the authentication field to generate in Bytes:
+    ///                  4, 6, 8, 10, 12, 14 or 16.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A CCM or cipher-specific error code on failure.
+    pub fn mbedtls_ccm_encrypt_and_tag(
+        ctx: *mut mbedtls_ccm_context,
+        length: usize,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+        ad: *const crate::c_types::c_uchar,
+        ad_len: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+        tag: *mut crate::c_types::c_uchar,
+        tag_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function encrypts a buffer using CCM*.
+    ///
+    /// \note            The tag is written to a separate buffer. To concatenate
+    ///                  the \p tag with the \p output, as done in <em>RFC-3610:
+    ///                  Counter with CBC-MAC (CCM)</em>, use
+    ///                  \p tag = \p output + \p length, and make sure that the
+    ///                  output buffer is at least \p length + \p tag_len wide.
+    ///
+    /// \note            When using this function in a variable tag length context,
+    ///                  the tag length has to be encoded into the \p iv passed to
+    ///                  this function.
+    ///
+    /// \param ctx       The CCM context to use for encryption. This must be
+    ///                  initialized and bound to a key.
+    /// \param length    The length of the input data in Bytes.
+    ///                  For tag length = 0, input length is ignored.
+    /// \param iv        The initialization vector (nonce). This must be a readable
+    ///                  buffer of at least \p iv_len Bytes.
+    /// \param iv_len    The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
+    ///                  or 13. The length L of the message length field is
+    ///                  15 - \p iv_len.
+    /// \param ad        The additional data field. This must be a readable buffer of
+    ///                  at least \p ad_len Bytes.
+    /// \param ad_len    The length of additional data in Bytes.
+    ///                  This must be less than 2^16 - 2^8.
+    /// \param input     The buffer holding the input data. If \p length is greater
+    ///                  than zero, \p input must be a readable buffer of at least
+    ///                  that length.
+    /// \param output    The buffer holding the output data. If \p length is greater
+    ///                  than zero, \p output must be a writable buffer of at least
+    ///                  that length.
+    /// \param tag       The buffer holding the authentication field. This must be a
+    ///                  writable buffer of at least \p tag_len Bytes.
+    /// \param tag_len   The length of the authentication field to generate in Bytes:
+    ///                  0, 4, 6, 8, 10, 12, 14 or 16.
+    ///
+    /// \warning         Passing \c 0 as \p tag_len means that the message is no
+    ///                  longer authenticated.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A CCM or cipher-specific error code on failure.
+    pub fn mbedtls_ccm_star_encrypt_and_tag(
+        ctx: *mut mbedtls_ccm_context,
+        length: usize,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+        ad: *const crate::c_types::c_uchar,
+        ad_len: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+        tag: *mut crate::c_types::c_uchar,
+        tag_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function performs a CCM authenticated decryption of a
+    ///                  buffer.
+    ///
+    /// \param ctx       The CCM context to use for decryption. This must be
+    ///                  initialized and bound to a key.
+    /// \param length    The length of the input data in Bytes.
+    /// \param iv        The initialization vector (nonce). This must be a readable
+    ///                  buffer of at least \p iv_len Bytes.
+    /// \param iv_len    The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
+    ///                  or 13. The length L of the message length field is
+    ///                  15 - \p iv_len.
+    /// \param ad        The additional data field. This must be a readable buffer
+    ///                  of at least that \p ad_len Bytes..
+    /// \param ad_len    The length of additional data in Bytes.
+    ///                  This must be less than 2^16 - 2^8.
+    /// \param input     The buffer holding the input data. If \p length is greater
+    ///                  than zero, \p input must be a readable buffer of at least
+    ///                  that length.
+    /// \param output    The buffer holding the output data. If \p length is greater
+    ///                  than zero, \p output must be a writable buffer of at least
+    ///                  that length.
+    /// \param tag       The buffer holding the authentication field. This must be a
+    ///                  readable buffer of at least \p tag_len Bytes.
+    /// \param tag_len   The length of the authentication field to generate in Bytes:
+    ///                  4, 6, 8, 10, 12, 14 or 16.
+    ///
+    /// \return          \c 0 on success. This indicates that the message is authentic.
+    /// \return          #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match.
+    /// \return          A cipher-specific error code on calculation failure.
+    pub fn mbedtls_ccm_auth_decrypt(
+        ctx: *mut mbedtls_ccm_context,
+        length: usize,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+        ad: *const crate::c_types::c_uchar,
+        ad_len: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+        tag: *const crate::c_types::c_uchar,
+        tag_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function performs a CCM* authenticated decryption of a
+    ///                  buffer.
+    ///
+    /// \note            When using this function in a variable tag length context,
+    ///                  the tag length has to be decoded from \p iv and passed to
+    ///                  this function as \p tag_len. (\p tag needs to be adjusted
+    ///                  accordingly.)
+    ///
+    /// \param ctx       The CCM context to use for decryption. This must be
+    ///                  initialized and bound to a key.
+    /// \param length    The length of the input data in Bytes.
+    ///                  For tag length = 0, input length is ignored.
+    /// \param iv        The initialization vector (nonce). This must be a readable
+    ///                  buffer of at least \p iv_len Bytes.
+    /// \param iv_len    The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
+    ///                  or 13. The length L of the message length field is
+    ///                  15 - \p iv_len.
+    /// \param ad        The additional data field. This must be a readable buffer of
+    ///                  at least that \p ad_len Bytes.
+    /// \param ad_len    The length of additional data in Bytes.
+    ///                  This must be less than 2^16 - 2^8.
+    /// \param input     The buffer holding the input data. If \p length is greater
+    ///                  than zero, \p input must be a readable buffer of at least
+    ///                  that length.
+    /// \param output    The buffer holding the output data. If \p length is greater
+    ///                  than zero, \p output must be a writable buffer of at least
+    ///                  that length.
+    /// \param tag       The buffer holding the authentication field. This must be a
+    ///                  readable buffer of at least \p tag_len Bytes.
+    /// \param tag_len   The length of the authentication field in Bytes.
+    ///                  0, 4, 6, 8, 10, 12, 14 or 16.
+    ///
+    /// \warning         Passing \c 0 as \p tag_len means that the message is nos
+    ///                  longer authenticated.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match.
+    /// \return          A cipher-specific error code on calculation failure.
+    pub fn mbedtls_ccm_star_auth_decrypt(
+        ctx: *mut mbedtls_ccm_context,
+        length: usize,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+        ad: *const crate::c_types::c_uchar,
+        ad_len: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+        tag: *const crate::c_types::c_uchar,
+        tag_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function starts a CCM encryption or decryption
+    ///                  operation.
+    ///
+    ///                  This function and mbedtls_ccm_set_lengths() must be called
+    ///                  before calling mbedtls_ccm_update_ad() or
+    ///                  mbedtls_ccm_update(). This function can be called before
+    ///                  or after mbedtls_ccm_set_lengths().
+    ///
+    /// \note            This function is not implemented in Mbed TLS yet.
+    ///
+    /// \param ctx       The CCM context. This must be initialized.
+    /// \param mode      The operation to perform: #MBEDTLS_CCM_ENCRYPT or
+    ///                  #MBEDTLS_CCM_DECRYPT or #MBEDTLS_CCM_STAR_ENCRYPT or
+    ///                  #MBEDTLS_CCM_STAR_DECRYPT.
+    /// \param iv        The initialization vector. This must be a readable buffer
+    ///                  of at least \p iv_len Bytes.
+    /// \param iv_len    The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
+    ///                  or 13. The length L of the message length field is
+    ///                  15 - \p iv_len.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_CCM_BAD_INPUT on failure:
+    ///                  \p ctx is in an invalid state,
+    ///                  \p mode is invalid,
+    ///                  \p iv_len is invalid (lower than \c 7 or greater than
+    ///                  \c 13).
+    pub fn mbedtls_ccm_starts(
+        ctx: *mut mbedtls_ccm_context,
+        mode: crate::c_types::c_int,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function declares the lengths of the message
+    ///                  and additional data for a CCM encryption or decryption
+    ///                  operation.
+    ///
+    ///                  This function and mbedtls_ccm_starts() must be called
+    ///                  before calling mbedtls_ccm_update_ad() or
+    ///                  mbedtls_ccm_update(). This function can be called before
+    ///                  or after mbedtls_ccm_starts().
+    ///
+    /// \note            This function is not implemented in Mbed TLS yet.
+    ///
+    /// \param ctx       The CCM context. This must be initialized.
+    /// \param total_ad_len   The total length of additional data in bytes.
+    ///                       This must be less than `2^16 - 2^8`.
+    /// \param plaintext_len  The length in bytes of the plaintext to encrypt or
+    ///                       result of the decryption (thus not encompassing the
+    ///                       additional data that are not encrypted).
+    /// \param tag_len   The length of the tag to generate in Bytes:
+    ///                  4, 6, 8, 10, 12, 14 or 16.
+    ///                  For CCM*, zero is also valid.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_CCM_BAD_INPUT on failure:
+    ///                  \p ctx is in an invalid state,
+    ///                  \p total_ad_len is greater than \c 0xFF00.
+    pub fn mbedtls_ccm_set_lengths(
+        ctx: *mut mbedtls_ccm_context,
+        total_ad_len: usize,
+        plaintext_len: usize,
+        tag_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function feeds an input buffer as associated data
+    ///                  (authenticated but not encrypted data) in a CCM
+    ///                  encryption or decryption operation.
+    ///
+    ///                  You may call this function zero, one or more times
+    ///                  to pass successive parts of the additional data. The
+    ///                  lengths \p ad_len of the data parts should eventually add
+    ///                  up exactly to the total length of additional data
+    ///                  \c total_ad_len passed to mbedtls_ccm_set_lengths(). You
+    ///                  may not call this function after calling
+    ///                  mbedtls_ccm_update().
+    ///
+    /// \note            This function is not implemented in Mbed TLS yet.
+    ///
+    /// \param ctx       The CCM context. This must have been started with
+    ///                  mbedtls_ccm_starts(), the lengths of the message and
+    ///                  additional data must have been declared with
+    ///                  mbedtls_ccm_set_lengths() and this must not have yet
+    ///                  received any input with mbedtls_ccm_update().
+    /// \param ad        The buffer holding the additional data, or \c NULL
+    ///                  if \p ad_len is \c 0.
+    /// \param ad_len    The length of the additional data. If \c 0,
+    ///                  \p ad may be \c NULL.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_CCM_BAD_INPUT on failure:
+    ///                  \p ctx is in an invalid state,
+    ///                  total input length too long.
+    pub fn mbedtls_ccm_update_ad(
+        ctx: *mut mbedtls_ccm_context,
+        ad: *const crate::c_types::c_uchar,
+        ad_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function feeds an input buffer into an ongoing CCM
+    ///                  encryption or decryption operation.
+    ///
+    ///                  You may call this function zero, one or more times
+    ///                  to pass successive parts of the input: the plaintext to
+    ///                  encrypt, or the ciphertext (not including the tag) to
+    ///                  decrypt. After the last part of the input, call
+    ///                  mbedtls_ccm_finish(). The lengths \p input_len of the
+    ///                  data parts should eventually add up exactly to the
+    ///                  plaintext length \c plaintext_len passed to
+    ///                  mbedtls_ccm_set_lengths().
+    ///
+    ///                  This function may produce output in one of the following
+    ///                  ways:
+    ///                  - Immediate output: the output length is always equal
+    ///                    to the input length.
+    ///                  - Buffered output: except for the last part of input data,
+    ///                    the output consists of a whole number of 16-byte blocks.
+    ///                    If the total input length so far (not including
+    ///                    associated data) is 16 \* *B* + *A* with *A* < 16 then
+    ///                    the total output length is 16 \* *B*.
+    ///                    For the last part of input data, the output length is
+    ///                    equal to the input length plus the number of bytes (*A*)
+    ///                    buffered in the previous call to the function (if any).
+    ///                    The function uses the plaintext length
+    ///                    \c plaintext_len passed to mbedtls_ccm_set_lengths()
+    ///                    to detect the last part of input data.
+    ///
+    ///                  In particular:
+    ///                  - It is always correct to call this function with
+    ///                    \p output_size >= \p input_len + 15.
+    ///                  - If \p input_len is a multiple of 16 for all the calls
+    ///                    to this function during an operation (not necessary for
+    ///                    the last one) then it is correct to use \p output_size
+    ///                    =\p input_len.
+    ///
+    /// \note            This function is not implemented in Mbed TLS yet.
+    ///
+    /// \param ctx           The CCM context. This must have been started with
+    ///                      mbedtls_ccm_starts() and the lengths of the message and
+    ///                      additional data must have been declared with
+    ///                      mbedtls_ccm_set_lengths().
+    /// \param input         The buffer holding the input data. If \p input_len
+    ///                      is greater than zero, this must be a readable buffer
+    ///                      of at least \p input_len bytes.
+    /// \param input_len     The length of the input data in bytes.
+    /// \param output        The buffer for the output data. If \p output_size
+    ///                      is greater than zero, this must be a writable buffer of
+    ///                      at least \p output_size bytes.
+    /// \param output_size   The size of the output buffer in bytes.
+    ///                      See the function description regarding the output size.
+    /// \param output_len    On success, \p *output_len contains the actual
+    ///                      length of the output written in \p output.
+    ///                      On failure, the content of \p *output_len is
+    ///                      unspecified.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_CCM_BAD_INPUT on failure:
+    ///                 \p ctx is in an invalid state,
+    ///                 total input length too long,
+    ///                 or \p output_size too small.
+    pub fn mbedtls_ccm_update(
+        ctx: *mut mbedtls_ccm_context,
+        input: *const crate::c_types::c_uchar,
+        input_len: usize,
+        output: *mut crate::c_types::c_uchar,
+        output_size: usize,
+        output_len: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function finishes the CCM operation and generates
+    ///                  the authentication tag.
+    ///
+    ///                  It wraps up the CCM stream, and generates the
+    ///                  tag. The tag can have a maximum length of 16 Bytes.
+    ///
+    /// \note            This function is not implemented in Mbed TLS yet.
+    ///
+    /// \param ctx       The CCM context. This must have been started with
+    ///                  mbedtls_ccm_starts() and the lengths of the message and
+    ///                  additional data must have been declared with
+    ///                  mbedtls_ccm_set_lengths().
+    /// \param tag       The buffer for holding the tag. If \p tag_len is greater
+    ///                  than zero, this must be a writable buffer of at least \p
+    ///                  tag_len Bytes.
+    /// \param tag_len   The length of the tag. Must match the tag length passed to
+    ///                  mbedtls_ccm_set_lengths() function.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_CCM_BAD_INPUT on failure:
+    ///                  \p ctx is in an invalid state,
+    ///                  invalid value of \p tag_len,
+    ///                  the total amount of additional data passed to
+    ///                  mbedtls_ccm_update_ad() was lower than the total length of
+    ///                  additional data \c total_ad_len passed to
+    ///                  mbedtls_ccm_set_lengths(),
+    ///                  the total amount of input data passed to
+    ///                  mbedtls_ccm_update() was lower than the plaintext length
+    ///                  \c plaintext_len passed to mbedtls_ccm_set_lengths().
+    pub fn mbedtls_ccm_finish(
+        ctx: *mut mbedtls_ccm_context,
+        tag: *mut crate::c_types::c_uchar,
+        tag_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          The CCM checkup routine.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_ccm_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_poly1305_context {
+    pub private_r: [u32; 4usize],
+    pub private_s: [u32; 4usize],
+    pub private_acc: [u32; 5usize],
+    pub private_queue: [u8; 16usize],
+    pub private_queue_len: usize,
+}
+extern "C" {
+    /// \brief           This function initializes the specified Poly1305 context.
+    ///
+    ///                  It must be the first API called before using
+    ///                  the context.
+    ///
+    ///                  It is usually followed by a call to
+    ///                  \c mbedtls_poly1305_starts(), then one or more calls to
+    ///                  \c mbedtls_poly1305_update(), then one call to
+    ///                  \c mbedtls_poly1305_finish(), then finally
+    ///                  \c mbedtls_poly1305_free().
+    ///
+    /// \param ctx       The Poly1305 context to initialize. This must
+    ///                  not be \c NULL.
+    pub fn mbedtls_poly1305_init(ctx: *mut mbedtls_poly1305_context);
+}
+extern "C" {
+    /// \brief           This function releases and clears the specified
+    ///                  Poly1305 context.
+    ///
+    /// \param ctx       The Poly1305 context to clear. This may be \c NULL, in which
+    ///                  case this function is a no-op. If it is not \c NULL, it must
+    ///                  point to an initialized Poly1305 context.
+    pub fn mbedtls_poly1305_free(ctx: *mut mbedtls_poly1305_context);
+}
+extern "C" {
+    /// \brief           This function sets the one-time authentication key.
+    ///
+    /// \warning         The key must be unique and unpredictable for each
+    ///                  invocation of Poly1305.
+    ///
+    /// \param ctx       The Poly1305 context to which the key should be bound.
+    ///                  This must be initialized.
+    /// \param key       The buffer containing the \c 32 Byte (\c 256 Bit) key.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_poly1305_starts(
+        ctx: *mut mbedtls_poly1305_context,
+        key: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This functions feeds an input buffer into an ongoing
+    ///                  Poly1305 computation.
+    ///
+    ///                  It is called between \c mbedtls_cipher_poly1305_starts() and
+    ///                  \c mbedtls_cipher_poly1305_finish().
+    ///                  It can be called repeatedly to process a stream of data.
+    ///
+    /// \param ctx       The Poly1305 context to use for the Poly1305 operation.
+    ///                  This must be initialized and bound to a key.
+    /// \param ilen      The length of the input data in Bytes.
+    ///                  Any value is accepted.
+    /// \param input     The buffer holding the input data.
+    ///                  This pointer can be \c NULL if `ilen == 0`.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_poly1305_update(
+        ctx: *mut mbedtls_poly1305_context,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function generates the Poly1305 Message
+    ///                  Authentication Code (MAC).
+    ///
+    /// \param ctx       The Poly1305 context to use for the Poly1305 operation.
+    ///                  This must be initialized and bound to a key.
+    /// \param mac       The buffer to where the MAC is written. This must
+    ///                  be a writable buffer of length \c 16 Bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_poly1305_finish(
+        ctx: *mut mbedtls_poly1305_context,
+        mac: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function calculates the Poly1305 MAC of the input
+    ///                  buffer with the provided key.
+    ///
+    /// \warning         The key must be unique and unpredictable for each
+    ///                  invocation of Poly1305.
+    ///
+    /// \param key       The buffer containing the \c 32 Byte (\c 256 Bit) key.
+    /// \param ilen      The length of the input data in Bytes.
+    ///                  Any value is accepted.
+    /// \param input     The buffer holding the input data.
+    ///                  This pointer can be \c NULL if `ilen == 0`.
+    /// \param mac       The buffer to where the MAC is written. This must be
+    ///                  a writable buffer of length \c 16 Bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_poly1305_mac(
+        key: *const crate::c_types::c_uchar,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        mac: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           The Poly1305 checkup routine.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          \c 1 on failure.
+    pub fn mbedtls_poly1305_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+///< The mode value for performing encryption.
+pub const mbedtls_chachapoly_mode_t_MBEDTLS_CHACHAPOLY_ENCRYPT: mbedtls_chachapoly_mode_t = 0;
+///< The mode value for performing decryption.
+pub const mbedtls_chachapoly_mode_t_MBEDTLS_CHACHAPOLY_DECRYPT: mbedtls_chachapoly_mode_t = 1;
+pub type mbedtls_chachapoly_mode_t = crate::c_types::c_uint;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_chacha20_context {
+    pub private_state: [u32; 16usize],
+    pub private_keystream8: [u8; 64usize],
+    pub private_keystream_bytes_used: usize,
+}
+extern "C" {
+    /// \brief           This function initializes the specified ChaCha20 context.
+    ///
+    ///                  It must be the first API called before using
+    ///                  the context.
+    ///
+    ///                  It is usually followed by calls to
+    ///                  \c mbedtls_chacha20_setkey() and
+    ///                  \c mbedtls_chacha20_starts(), then one or more calls to
+    ///                  to \c mbedtls_chacha20_update(), and finally to
+    ///                  \c mbedtls_chacha20_free().
+    ///
+    /// \param ctx       The ChaCha20 context to initialize.
+    ///                  This must not be \c NULL.
+    pub fn mbedtls_chacha20_init(ctx: *mut mbedtls_chacha20_context);
+}
+extern "C" {
+    /// \brief           This function releases and clears the specified
+    ///                  ChaCha20 context.
+    ///
+    /// \param ctx       The ChaCha20 context to clear. This may be \c NULL,
+    ///                  in which case this function is a no-op. If it is not
+    ///                  \c NULL, it must point to an initialized context.
+    pub fn mbedtls_chacha20_free(ctx: *mut mbedtls_chacha20_context);
+}
+extern "C" {
+    /// \brief           This function sets the encryption/decryption key.
+    ///
+    /// \note            After using this function, you must also call
+    ///                  \c mbedtls_chacha20_starts() to set a nonce before you
+    ///                  start encrypting/decrypting data with
+    ///                  \c mbedtls_chacha_update().
+    ///
+    /// \param ctx       The ChaCha20 context to which the key should be bound.
+    ///                  It must be initialized.
+    /// \param key       The encryption/decryption key. This must be \c 32 Bytes
+    ///                  in length.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or key is NULL.
+    pub fn mbedtls_chacha20_setkey(
+        ctx: *mut mbedtls_chacha20_context,
+        key: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function sets the nonce and initial counter value.
+    ///
+    /// \note            A ChaCha20 context can be re-used with the same key by
+    ///                  calling this function to change the nonce.
+    ///
+    /// \warning         You must never use the same nonce twice with the same key.
+    ///                  This would void any confidentiality guarantees for the
+    ///                  messages encrypted with the same nonce and key.
+    ///
+    /// \param ctx       The ChaCha20 context to which the nonce should be bound.
+    ///                  It must be initialized and bound to a key.
+    /// \param nonce     The nonce. This must be \c 12 Bytes in size.
+    /// \param counter   The initial counter value. This is usually \c 0.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or nonce is
+    ///                  NULL.
+    pub fn mbedtls_chacha20_starts(
+        ctx: *mut mbedtls_chacha20_context,
+        nonce: *const crate::c_types::c_uchar,
+        counter: u32,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function encrypts or decrypts data.
+    ///
+    ///                  Since ChaCha20 is a stream cipher, the same operation is
+    ///                  used for encrypting and decrypting data.
+    ///
+    /// \note            The \p input and \p output pointers must either be equal or
+    ///                  point to non-overlapping buffers.
+    ///
+    /// \note            \c mbedtls_chacha20_setkey() and
+    ///                  \c mbedtls_chacha20_starts() must be called at least once
+    ///                  to setup the context before this function can be called.
+    ///
+    /// \note            This function can be called multiple times in a row in
+    ///                  order to encrypt of decrypt data piecewise with the same
+    ///                  key and nonce.
+    ///
+    /// \param ctx       The ChaCha20 context to use for encryption or decryption.
+    ///                  It must be initialized and bound to a key and nonce.
+    /// \param size      The length of the input data in Bytes.
+    /// \param input     The buffer holding the input data.
+    ///                  This pointer can be \c NULL if `size == 0`.
+    /// \param output    The buffer holding the output data.
+    ///                  This must be able to hold \p size Bytes.
+    ///                  This pointer can be \c NULL if `size == 0`.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_chacha20_update(
+        ctx: *mut mbedtls_chacha20_context,
+        size: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function encrypts or decrypts data with ChaCha20 and
+    ///                  the given key and nonce.
+    ///
+    ///                  Since ChaCha20 is a stream cipher, the same operation is
+    ///                  used for encrypting and decrypting data.
+    ///
+    /// \warning         You must never use the same (key, nonce) pair more than
+    ///                  once. This would void any confidentiality guarantees for
+    ///                  the messages encrypted with the same nonce and key.
+    ///
+    /// \note            The \p input and \p output pointers must either be equal or
+    ///                  point to non-overlapping buffers.
+    ///
+    /// \param key       The encryption/decryption key.
+    ///                  This must be \c 32 Bytes in length.
+    /// \param nonce     The nonce. This must be \c 12 Bytes in size.
+    /// \param counter   The initial counter value. This is usually \c 0.
+    /// \param size      The length of the input data in Bytes.
+    /// \param input     The buffer holding the input data.
+    ///                  This pointer can be \c NULL if `size == 0`.
+    /// \param output    The buffer holding the output data.
+    ///                  This must be able to hold \p size Bytes.
+    ///                  This pointer can be \c NULL if `size == 0`.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_chacha20_crypt(
+        key: *const crate::c_types::c_uchar,
+        nonce: *const crate::c_types::c_uchar,
+        counter: u32,
+        size: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           The ChaCha20 checkup routine.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          \c 1 on failure.
+    pub fn mbedtls_chacha20_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_chachapoly_context {
+    pub private_chacha20_ctx: mbedtls_chacha20_context,
+    pub private_poly1305_ctx: mbedtls_poly1305_context,
+    pub private_aad_len: u64,
+    pub private_ciphertext_len: u64,
+    pub private_state: crate::c_types::c_int,
+    pub private_mode: mbedtls_chachapoly_mode_t,
+}
+extern "C" {
+    /// \brief           This function initializes the specified ChaCha20-Poly1305 context.
+    ///
+    ///                  It must be the first API called before using
+    ///                  the context. It must be followed by a call to
+    ///                  \c mbedtls_chachapoly_setkey() before any operation can be
+    ///                  done, and to \c mbedtls_chachapoly_free() once all
+    ///                  operations with that context have been finished.
+    ///
+    ///                  In order to encrypt or decrypt full messages at once, for
+    ///                  each message you should make a single call to
+    ///                  \c mbedtls_chachapoly_crypt_and_tag() or
+    ///                  \c mbedtls_chachapoly_auth_decrypt().
+    ///
+    ///                  In order to encrypt messages piecewise, for each
+    ///                  message you should make a call to
+    ///                  \c mbedtls_chachapoly_starts(), then 0 or more calls to
+    ///                  \c mbedtls_chachapoly_update_aad(), then 0 or more calls to
+    ///                  \c mbedtls_chachapoly_update(), then one call to
+    ///                  \c mbedtls_chachapoly_finish().
+    ///
+    /// \warning         Decryption with the piecewise API is discouraged! Always
+    ///                  use \c mbedtls_chachapoly_auth_decrypt() when possible!
+    ///
+    ///                  If however this is not possible because the data is too
+    ///                  large to fit in memory, you need to:
+    ///
+    ///                  - call \c mbedtls_chachapoly_starts() and (if needed)
+    ///                  \c mbedtls_chachapoly_update_aad() as above,
+    ///                  - call \c mbedtls_chachapoly_update() multiple times and
+    ///                  ensure its output (the plaintext) is NOT used in any other
+    ///                  way than placing it in temporary storage at this point,
+    ///                  - call \c mbedtls_chachapoly_finish() to compute the
+    ///                  authentication tag and compared it in constant time to the
+    ///                  tag received with the ciphertext.
+    ///
+    ///                  If the tags are not equal, you must immediately discard
+    ///                  all previous outputs of \c mbedtls_chachapoly_update(),
+    ///                  otherwise you can now safely use the plaintext.
+    ///
+    /// \param ctx       The ChachaPoly context to initialize. Must not be \c NULL.
+    pub fn mbedtls_chachapoly_init(ctx: *mut mbedtls_chachapoly_context);
+}
+extern "C" {
+    /// \brief           This function releases and clears the specified
+    ///                  ChaCha20-Poly1305 context.
+    ///
+    /// \param ctx       The ChachaPoly context to clear. This may be \c NULL, in which
+    ///                  case this function is a no-op.
+    pub fn mbedtls_chachapoly_free(ctx: *mut mbedtls_chachapoly_context);
+}
+extern "C" {
+    /// \brief           This function sets the ChaCha20-Poly1305
+    ///                  symmetric encryption key.
+    ///
+    /// \param ctx       The ChaCha20-Poly1305 context to which the key should be
+    ///                  bound. This must be initialized.
+    /// \param key       The \c 256 Bit (\c 32 Bytes) key.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_chachapoly_setkey(
+        ctx: *mut mbedtls_chachapoly_context,
+        key: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function starts a ChaCha20-Poly1305 encryption or
+    ///                  decryption operation.
+    ///
+    /// \warning         You must never use the same nonce twice with the same key.
+    ///                  This would void any confidentiality and authenticity
+    ///                  guarantees for the messages encrypted with the same nonce
+    ///                  and key.
+    ///
+    /// \note            If the context is being used for AAD only (no data to
+    ///                  encrypt or decrypt) then \p mode can be set to any value.
+    ///
+    /// \warning         Decryption with the piecewise API is discouraged, see the
+    ///                  warning on \c mbedtls_chachapoly_init().
+    ///
+    /// \param ctx       The ChaCha20-Poly1305 context. This must be initialized
+    ///                  and bound to a key.
+    /// \param nonce     The nonce/IV to use for the message.
+    ///                  This must be a readable buffer of length \c 12 Bytes.
+    /// \param mode      The operation to perform: #MBEDTLS_CHACHAPOLY_ENCRYPT or
+    ///                  #MBEDTLS_CHACHAPOLY_DECRYPT (discouraged, see warning).
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_chachapoly_starts(
+        ctx: *mut mbedtls_chachapoly_context,
+        nonce: *const crate::c_types::c_uchar,
+        mode: mbedtls_chachapoly_mode_t,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function feeds additional data to be authenticated
+    ///                  into an ongoing ChaCha20-Poly1305 operation.
+    ///
+    ///                  The Additional Authenticated Data (AAD), also called
+    ///                  Associated Data (AD) is only authenticated but not
+    ///                  encrypted nor included in the encrypted output. It is
+    ///                  usually transmitted separately from the ciphertext or
+    ///                  computed locally by each party.
+    ///
+    /// \note            This function is called before data is encrypted/decrypted.
+    ///                  I.e. call this function to process the AAD before calling
+    ///                  \c mbedtls_chachapoly_update().
+    ///
+    ///                  You may call this function multiple times to process
+    ///                  an arbitrary amount of AAD. It is permitted to call
+    ///                  this function 0 times, if no AAD is used.
+    ///
+    ///                  This function cannot be called any more if data has
+    ///                  been processed by \c mbedtls_chachapoly_update(),
+    ///                  or if the context has been finished.
+    ///
+    /// \warning         Decryption with the piecewise API is discouraged, see the
+    ///                  warning on \c mbedtls_chachapoly_init().
+    ///
+    /// \param ctx       The ChaCha20-Poly1305 context. This must be initialized
+    ///                  and bound to a key.
+    /// \param aad_len   The length in Bytes of the AAD. The length has no
+    ///                  restrictions.
+    /// \param aad       Buffer containing the AAD.
+    ///                  This pointer can be \c NULL if `aad_len == 0`.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
+    ///                  if \p ctx or \p aad are NULL.
+    /// \return          #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE
+    ///                  if the operations has not been started or has been
+    ///                  finished, or if the AAD has been finished.
+    pub fn mbedtls_chachapoly_update_aad(
+        ctx: *mut mbedtls_chachapoly_context,
+        aad: *const crate::c_types::c_uchar,
+        aad_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Thus function feeds data to be encrypted or decrypted
+    ///                  into an on-going ChaCha20-Poly1305
+    ///                  operation.
+    ///
+    ///                  The direction (encryption or decryption) depends on the
+    ///                  mode that was given when calling
+    ///                  \c mbedtls_chachapoly_starts().
+    ///
+    ///                  You may call this function multiple times to process
+    ///                  an arbitrary amount of data. It is permitted to call
+    ///                  this function 0 times, if no data is to be encrypted
+    ///                  or decrypted.
+    ///
+    /// \warning         Decryption with the piecewise API is discouraged, see the
+    ///                  warning on \c mbedtls_chachapoly_init().
+    ///
+    /// \param ctx       The ChaCha20-Poly1305 context to use. This must be initialized.
+    /// \param len       The length (in bytes) of the data to encrypt or decrypt.
+    /// \param input     The buffer containing the data to encrypt or decrypt.
+    ///                  This pointer can be \c NULL if `len == 0`.
+    /// \param output    The buffer to where the encrypted or decrypted data is
+    ///                  written. This must be able to hold \p len bytes.
+    ///                  This pointer can be \c NULL if `len == 0`.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE
+    ///                  if the operation has not been started or has been
+    ///                  finished.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_chachapoly_update(
+        ctx: *mut mbedtls_chachapoly_context,
+        len: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function finished the ChaCha20-Poly1305 operation and
+    ///                  generates the MAC (authentication tag).
+    ///
+    /// \param ctx       The ChaCha20-Poly1305 context to use. This must be initialized.
+    /// \param mac       The buffer to where the 128-bit (16 bytes) MAC is written.
+    ///
+    /// \warning         Decryption with the piecewise API is discouraged, see the
+    ///                  warning on \c mbedtls_chachapoly_init().
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE
+    ///                  if the operation has not been started or has been
+    ///                  finished.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_chachapoly_finish(
+        ctx: *mut mbedtls_chachapoly_context,
+        mac: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function performs a complete ChaCha20-Poly1305
+    ///                  authenticated encryption with the previously-set key.
+    ///
+    /// \note            Before using this function, you must set the key with
+    ///                  \c mbedtls_chachapoly_setkey().
+    ///
+    /// \warning         You must never use the same nonce twice with the same key.
+    ///                  This would void any confidentiality and authenticity
+    ///                  guarantees for the messages encrypted with the same nonce
+    ///                  and key.
+    ///
+    /// \param ctx       The ChaCha20-Poly1305 context to use (holds the key).
+    ///                  This must be initialized.
+    /// \param length    The length (in bytes) of the data to encrypt or decrypt.
+    /// \param nonce     The 96-bit (12 bytes) nonce/IV to use.
+    /// \param aad       The buffer containing the additional authenticated
+    ///                  data (AAD). This pointer can be \c NULL if `aad_len == 0`.
+    /// \param aad_len   The length (in bytes) of the AAD data to process.
+    /// \param input     The buffer containing the data to encrypt or decrypt.
+    ///                  This pointer can be \c NULL if `ilen == 0`.
+    /// \param output    The buffer to where the encrypted or decrypted data
+    ///                  is written. This pointer can be \c NULL if `ilen == 0`.
+    /// \param tag       The buffer to where the computed 128-bit (16 bytes) MAC
+    ///                  is written. This must not be \c NULL.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_chachapoly_encrypt_and_tag(
+        ctx: *mut mbedtls_chachapoly_context,
+        length: usize,
+        nonce: *const crate::c_types::c_uchar,
+        aad: *const crate::c_types::c_uchar,
+        aad_len: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+        tag: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function performs a complete ChaCha20-Poly1305
+    ///                  authenticated decryption with the previously-set key.
+    ///
+    /// \note            Before using this function, you must set the key with
+    ///                  \c mbedtls_chachapoly_setkey().
+    ///
+    /// \param ctx       The ChaCha20-Poly1305 context to use (holds the key).
+    /// \param length    The length (in Bytes) of the data to decrypt.
+    /// \param nonce     The \c 96 Bit (\c 12 bytes) nonce/IV to use.
+    /// \param aad       The buffer containing the additional authenticated data (AAD).
+    ///                  This pointer can be \c NULL if `aad_len == 0`.
+    /// \param aad_len   The length (in bytes) of the AAD data to process.
+    /// \param tag       The buffer holding the authentication tag.
+    ///                  This must be a readable buffer of length \c 16 Bytes.
+    /// \param input     The buffer containing the data to decrypt.
+    ///                  This pointer can be \c NULL if `ilen == 0`.
+    /// \param output    The buffer to where the decrypted data is written.
+    ///                  This pointer can be \c NULL if `ilen == 0`.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED
+    ///                  if the data was not authentic.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_chachapoly_auth_decrypt(
+        ctx: *mut mbedtls_chachapoly_context,
+        length: usize,
+        nonce: *const crate::c_types::c_uchar,
+        aad: *const crate::c_types::c_uchar,
+        aad_len: usize,
+        tag: *const crate::c_types::c_uchar,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           The ChaCha20-Poly1305 checkup routine.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          \c 1 on failure.
+    pub fn mbedtls_chachapoly_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+pub const psa_encrypt_or_decrypt_t_PSA_CRYPTO_DRIVER_DECRYPT: psa_encrypt_or_decrypt_t = 0;
+pub const psa_encrypt_or_decrypt_t_PSA_CRYPTO_DRIVER_ENCRYPT: psa_encrypt_or_decrypt_t = 1;
+/// For encrypt-decrypt functions, whether the operation is an encryption
+/// or a decryption.
+pub type psa_encrypt_or_decrypt_t = crate::c_types::c_uint;
+/// \brief          MD5 context structure
+///
+/// \warning        MD5 is considered a weak message digest and its use
+///                 constitutes a security risk. We recommend considering
+///                 stronger message digests instead.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_md5_context {
+    pub private_total: [u32; 2usize],
+    pub private_state: [u32; 4usize],
+    pub private_buffer: [crate::c_types::c_uchar; 64usize],
+}
+extern "C" {
+    /// \brief          Initialize MD5 context
+    ///
+    /// \param ctx      MD5 context to be initialized
+    ///
+    /// \warning        MD5 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    pub fn mbedtls_md5_init(ctx: *mut mbedtls_md5_context);
+}
+extern "C" {
+    /// \brief          Clear MD5 context
+    ///
+    /// \param ctx      MD5 context to be cleared
+    ///
+    /// \warning        MD5 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    pub fn mbedtls_md5_free(ctx: *mut mbedtls_md5_context);
+}
+extern "C" {
+    /// \brief          Clone (the state of) an MD5 context
+    ///
+    /// \param dst      The destination context
+    /// \param src      The context to be cloned
+    ///
+    /// \warning        MD5 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    pub fn mbedtls_md5_clone(dst: *mut mbedtls_md5_context, src: *const mbedtls_md5_context);
+}
+extern "C" {
+    /// \brief          MD5 context setup
+    ///
+    /// \param ctx      context to be initialized
+    ///
+    /// \return         0 if successful
+    ///
+    /// \warning        MD5 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    pub fn mbedtls_md5_starts(ctx: *mut mbedtls_md5_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          MD5 process buffer
+    ///
+    /// \param ctx      MD5 context
+    /// \param input    buffer holding the data
+    /// \param ilen     length of the input data
+    ///
+    /// \return         0 if successful
+    ///
+    /// \warning        MD5 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    pub fn mbedtls_md5_update(
+        ctx: *mut mbedtls_md5_context,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          MD5 final digest
+    ///
+    /// \param ctx      MD5 context
+    /// \param output   MD5 checksum result
+    ///
+    /// \return         0 if successful
+    ///
+    /// \warning        MD5 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    pub fn mbedtls_md5_finish(
+        ctx: *mut mbedtls_md5_context,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          MD5 process data block (internal use only)
+    ///
+    /// \param ctx      MD5 context
+    /// \param data     buffer holding one block of data
+    ///
+    /// \return         0 if successful
+    ///
+    /// \warning        MD5 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    pub fn mbedtls_internal_md5_process(
+        ctx: *mut mbedtls_md5_context,
+        data: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Output = MD5( input buffer )
+    ///
+    /// \param input    buffer holding the data
+    /// \param ilen     length of the input data
+    /// \param output   MD5 checksum result
+    ///
+    /// \return         0 if successful
+    ///
+    /// \warning        MD5 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    pub fn mbedtls_md5(
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Checkup routine
+    ///
+    /// \return         0 if successful, or 1 if the test failed
+    ///
+    /// \warning        MD5 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    pub fn mbedtls_md5_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+/// \brief          RIPEMD-160 context structure
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ripemd160_context {
+    pub private_total: [u32; 2usize],
+    pub private_state: [u32; 5usize],
+    pub private_buffer: [crate::c_types::c_uchar; 64usize],
+}
+extern "C" {
+    /// \brief          Initialize RIPEMD-160 context
+    ///
+    /// \param ctx      RIPEMD-160 context to be initialized
+    pub fn mbedtls_ripemd160_init(ctx: *mut mbedtls_ripemd160_context);
+}
+extern "C" {
+    /// \brief          Clear RIPEMD-160 context
+    ///
+    /// \param ctx      RIPEMD-160 context to be cleared
+    pub fn mbedtls_ripemd160_free(ctx: *mut mbedtls_ripemd160_context);
+}
+extern "C" {
+    /// \brief          Clone (the state of) a RIPEMD-160 context
+    ///
+    /// \param dst      The destination context
+    /// \param src      The context to be cloned
+    pub fn mbedtls_ripemd160_clone(
+        dst: *mut mbedtls_ripemd160_context,
+        src: *const mbedtls_ripemd160_context,
+    );
+}
+extern "C" {
+    /// \brief          RIPEMD-160 context setup
+    ///
+    /// \param ctx      context to be initialized
+    ///
+    /// \return         0 if successful
+    pub fn mbedtls_ripemd160_starts(ctx: *mut mbedtls_ripemd160_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          RIPEMD-160 process buffer
+    ///
+    /// \param ctx      RIPEMD-160 context
+    /// \param input    buffer holding the data
+    /// \param ilen     length of the input data
+    ///
+    /// \return         0 if successful
+    pub fn mbedtls_ripemd160_update(
+        ctx: *mut mbedtls_ripemd160_context,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          RIPEMD-160 final digest
+    ///
+    /// \param ctx      RIPEMD-160 context
+    /// \param output   RIPEMD-160 checksum result
+    ///
+    /// \return         0 if successful
+    pub fn mbedtls_ripemd160_finish(
+        ctx: *mut mbedtls_ripemd160_context,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          RIPEMD-160 process data block (internal use only)
+    ///
+    /// \param ctx      RIPEMD-160 context
+    /// \param data     buffer holding one block of data
+    ///
+    /// \return         0 if successful
+    pub fn mbedtls_internal_ripemd160_process(
+        ctx: *mut mbedtls_ripemd160_context,
+        data: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Output = RIPEMD-160( input buffer )
+    ///
+    /// \param input    buffer holding the data
+    /// \param ilen     length of the input data
+    /// \param output   RIPEMD-160 checksum result
+    ///
+    /// \return         0 if successful
+    pub fn mbedtls_ripemd160(
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Checkup routine
+    ///
+    /// \return         0 if successful, or 1 if the test failed
+    pub fn mbedtls_ripemd160_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+/// \brief          The SHA-1 context structure.
+///
+/// \warning        SHA-1 is considered a weak message digest and its use
+///                 constitutes a security risk. We recommend considering
+///                 stronger message digests instead.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_sha1_context {
+    pub private_total: [u32; 2usize],
+    pub private_state: [u32; 5usize],
+    pub private_buffer: [crate::c_types::c_uchar; 64usize],
+}
+extern "C" {
+    /// \brief          This function initializes a SHA-1 context.
+    ///
+    /// \warning        SHA-1 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    ///
+    /// \param ctx      The SHA-1 context to initialize.
+    ///                 This must not be \c NULL.
+    pub fn mbedtls_sha1_init(ctx: *mut mbedtls_sha1_context);
+}
+extern "C" {
+    /// \brief          This function clears a SHA-1 context.
+    ///
+    /// \warning        SHA-1 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    ///
+    /// \param ctx      The SHA-1 context to clear. This may be \c NULL,
+    ///                 in which case this function does nothing. If it is
+    ///                 not \c NULL, it must point to an initialized
+    ///                 SHA-1 context.
+    pub fn mbedtls_sha1_free(ctx: *mut mbedtls_sha1_context);
+}
+extern "C" {
+    /// \brief          This function clones the state of a SHA-1 context.
+    ///
+    /// \warning        SHA-1 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    ///
+    /// \param dst      The SHA-1 context to clone to. This must be initialized.
+    /// \param src      The SHA-1 context to clone from. This must be initialized.
+    pub fn mbedtls_sha1_clone(dst: *mut mbedtls_sha1_context, src: *const mbedtls_sha1_context);
+}
+extern "C" {
+    /// \brief          This function starts a SHA-1 checksum calculation.
+    ///
+    /// \warning        SHA-1 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    ///
+    /// \param ctx      The SHA-1 context to initialize. This must be initialized.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha1_starts(ctx: *mut mbedtls_sha1_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function feeds an input buffer into an ongoing SHA-1
+    ///                 checksum calculation.
+    ///
+    /// \warning        SHA-1 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    ///
+    /// \param ctx      The SHA-1 context. This must be initialized
+    ///                 and have a hash operation started.
+    /// \param input    The buffer holding the input data.
+    ///                 This must be a readable buffer of length \p ilen Bytes.
+    /// \param ilen     The length of the input data \p input in Bytes.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha1_update(
+        ctx: *mut mbedtls_sha1_context,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function finishes the SHA-1 operation, and writes
+    ///                 the result to the output buffer.
+    ///
+    /// \warning        SHA-1 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    ///
+    /// \param ctx      The SHA-1 context to use. This must be initialized and
+    ///                 have a hash operation started.
+    /// \param output   The SHA-1 checksum result. This must be a writable
+    ///                 buffer of length \c 20 Bytes.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha1_finish(
+        ctx: *mut mbedtls_sha1_context,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          SHA-1 process data block (internal use only).
+    ///
+    /// \warning        SHA-1 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    ///
+    /// \param ctx      The SHA-1 context to use. This must be initialized.
+    /// \param data     The data block being processed. This must be a
+    ///                 readable buffer of length \c 64 Bytes.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_internal_sha1_process(
+        ctx: *mut mbedtls_sha1_context,
+        data: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function calculates the SHA-1 checksum of a buffer.
+    ///
+    ///                 The function allocates the context, performs the
+    ///                 calculation, and frees the context.
+    ///
+    ///                 The SHA-1 result is calculated as
+    ///                 output = SHA-1(input buffer).
+    ///
+    /// \warning        SHA-1 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    ///
+    /// \param input    The buffer holding the input data.
+    ///                 This must be a readable buffer of length \p ilen Bytes.
+    /// \param ilen     The length of the input data \p input in Bytes.
+    /// \param output   The SHA-1 checksum result.
+    ///                 This must be a writable buffer of length \c 20 Bytes.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha1(
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          The SHA-1 checkup routine.
+    ///
+    /// \warning        SHA-1 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_sha1_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+/// \brief          The SHA-256 context structure.
+///
+///                 The structure is used both for SHA-256 and for SHA-224
+///                 checksum calculations. The choice between these two is
+///                 made in the call to mbedtls_sha256_starts().
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_sha256_context {
+    pub private_total: [u32; 2usize],
+    pub private_state: [u32; 8usize],
+    pub private_buffer: [crate::c_types::c_uchar; 64usize],
+    pub private_is224: crate::c_types::c_int,
+}
+extern "C" {
+    /// \brief          This function initializes a SHA-256 context.
+    ///
+    /// \param ctx      The SHA-256 context to initialize. This must not be \c NULL.
+    pub fn mbedtls_sha256_init(ctx: *mut mbedtls_sha256_context);
+}
+extern "C" {
+    /// \brief          This function clears a SHA-256 context.
+    ///
+    /// \param ctx      The SHA-256 context to clear. This may be \c NULL, in which
+    ///                 case this function returns immediately. If it is not \c NULL,
+    ///                 it must point to an initialized SHA-256 context.
+    pub fn mbedtls_sha256_free(ctx: *mut mbedtls_sha256_context);
+}
+extern "C" {
+    /// \brief          This function clones the state of a SHA-256 context.
+    ///
+    /// \param dst      The destination context. This must be initialized.
+    /// \param src      The context to clone. This must be initialized.
+    pub fn mbedtls_sha256_clone(
+        dst: *mut mbedtls_sha256_context,
+        src: *const mbedtls_sha256_context,
+    );
+}
+extern "C" {
+    /// \brief          This function starts a SHA-224 or SHA-256 checksum
+    ///                 calculation.
+    ///
+    /// \param ctx      The context to use. This must be initialized.
+    /// \param is224    This determines which function to use. This must be
+    ///                 either \c 0 for SHA-256, or \c 1 for SHA-224.
+    ///
+    /// \note           is224 must be defined accordingly to the enabled
+    ///                 MBEDTLS_SHA224_C/MBEDTLS_SHA256_C symbols otherwise the
+    ///                 function will return #MBEDTLS_ERR_SHA512_BAD_INPUT_DATA.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha256_starts(
+        ctx: *mut mbedtls_sha256_context,
+        is224: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function feeds an input buffer into an ongoing
+    ///                 SHA-256 checksum calculation.
+    ///
+    /// \param ctx      The SHA-256 context. This must be initialized
+    ///                 and have a hash operation started.
+    /// \param input    The buffer holding the data. This must be a readable
+    ///                 buffer of length \p ilen Bytes.
+    /// \param ilen     The length of the input data in Bytes.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha256_update(
+        ctx: *mut mbedtls_sha256_context,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function finishes the SHA-256 operation, and writes
+    ///                 the result to the output buffer.
+    ///
+    /// \param ctx      The SHA-256 context. This must be initialized
+    ///                 and have a hash operation started.
+    /// \param output   The SHA-224 or SHA-256 checksum result.
+    ///                 This must be a writable buffer of length \c 32 bytes
+    ///                 for SHA-256, \c 28 bytes for SHA-224.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha256_finish(
+        ctx: *mut mbedtls_sha256_context,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function processes a single data block within
+    ///                 the ongoing SHA-256 computation. This function is for
+    ///                 internal use only.
+    ///
+    /// \param ctx      The SHA-256 context. This must be initialized.
+    /// \param data     The buffer holding one block of data. This must
+    ///                 be a readable buffer of length \c 64 Bytes.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_internal_sha256_process(
+        ctx: *mut mbedtls_sha256_context,
+        data: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function calculates the SHA-224 or SHA-256
+    ///                 checksum of a buffer.
+    ///
+    ///                 The function allocates the context, performs the
+    ///                 calculation, and frees the context.
+    ///
+    ///                 The SHA-256 result is calculated as
+    ///                 output = SHA-256(input buffer).
+    ///
+    /// \param input    The buffer holding the data. This must be a readable
+    ///                 buffer of length \p ilen Bytes.
+    /// \param ilen     The length of the input data in Bytes.
+    /// \param output   The SHA-224 or SHA-256 checksum result.
+    ///                 This must be a writable buffer of length \c 32 bytes
+    ///                 for SHA-256, \c 28 bytes for SHA-224.
+    /// \param is224    Determines which function to use. This must be
+    ///                 either \c 0 for SHA-256, or \c 1 for SHA-224.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha256(
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+        is224: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          The SHA-224 checkup routine.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_sha224_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          The SHA-256 checkup routine.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_sha256_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+/// \brief          The SHA-512 context structure.
+///
+///                 The structure is used both for SHA-384 and for SHA-512
+///                 checksum calculations. The choice between these two is
+///                 made in the call to mbedtls_sha512_starts().
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_sha512_context {
+    pub private_total: [u64; 2usize],
+    pub private_state: [u64; 8usize],
+    pub private_buffer: [crate::c_types::c_uchar; 128usize],
+    pub private_is384: crate::c_types::c_int,
+}
+extern "C" {
+    /// \brief          This function initializes a SHA-512 context.
+    ///
+    /// \param ctx      The SHA-512 context to initialize. This must
+    ///                 not be \c NULL.
+    pub fn mbedtls_sha512_init(ctx: *mut mbedtls_sha512_context);
+}
+extern "C" {
+    /// \brief          This function clears a SHA-512 context.
+    ///
+    /// \param ctx      The SHA-512 context to clear. This may be \c NULL,
+    ///                 in which case this function does nothing. If it
+    ///                 is not \c NULL, it must point to an initialized
+    ///                 SHA-512 context.
+    pub fn mbedtls_sha512_free(ctx: *mut mbedtls_sha512_context);
+}
+extern "C" {
+    /// \brief          This function clones the state of a SHA-512 context.
+    ///
+    /// \param dst      The destination context. This must be initialized.
+    /// \param src      The context to clone. This must be initialized.
+    pub fn mbedtls_sha512_clone(
+        dst: *mut mbedtls_sha512_context,
+        src: *const mbedtls_sha512_context,
+    );
+}
+extern "C" {
+    /// \brief          This function starts a SHA-384 or SHA-512 checksum
+    ///                 calculation.
+    ///
+    /// \param ctx      The SHA-512 context to use. This must be initialized.
+    /// \param is384    Determines which function to use. This must be
+    ///                 either \c 0 for SHA-512, or \c 1 for SHA-384.
+    ///
+    /// \note           is384 must be defined accordingly to the enabled
+    ///                 MBEDTLS_SHA384_C/MBEDTLS_SHA512_C symbols otherwise the
+    ///                 function will return #MBEDTLS_ERR_SHA512_BAD_INPUT_DATA.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha512_starts(
+        ctx: *mut mbedtls_sha512_context,
+        is384: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function feeds an input buffer into an ongoing
+    ///                 SHA-512 checksum calculation.
+    ///
+    /// \param ctx      The SHA-512 context. This must be initialized
+    ///                 and have a hash operation started.
+    /// \param input    The buffer holding the input data. This must
+    ///                 be a readable buffer of length \p ilen Bytes.
+    /// \param ilen     The length of the input data in Bytes.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha512_update(
+        ctx: *mut mbedtls_sha512_context,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function finishes the SHA-512 operation, and writes
+    ///                 the result to the output buffer.
+    ///
+    /// \param ctx      The SHA-512 context. This must be initialized
+    ///                 and have a hash operation started.
+    /// \param output   The SHA-384 or SHA-512 checksum result.
+    ///                 This must be a writable buffer of length \c 64 bytes
+    ///                 for SHA-512, \c 48 bytes for SHA-384.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha512_finish(
+        ctx: *mut mbedtls_sha512_context,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function processes a single data block within
+    ///                 the ongoing SHA-512 computation.
+    ///                 This function is for internal use only.
+    ///
+    /// \param ctx      The SHA-512 context. This must be initialized.
+    /// \param data     The buffer holding one block of data. This
+    ///                 must be a readable buffer of length \c 128 Bytes.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_internal_sha512_process(
+        ctx: *mut mbedtls_sha512_context,
+        data: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function calculates the SHA-512 or SHA-384
+    ///                 checksum of a buffer.
+    ///
+    ///                 The function allocates the context, performs the
+    ///                 calculation, and frees the context.
+    ///
+    ///                 The SHA-512 result is calculated as
+    ///                 output = SHA-512(input buffer).
+    ///
+    /// \param input    The buffer holding the input data. This must be
+    ///                 a readable buffer of length \p ilen Bytes.
+    /// \param ilen     The length of the input data in Bytes.
+    /// \param output   The SHA-384 or SHA-512 checksum result.
+    ///                 This must be a writable buffer of length \c 64 bytes
+    ///                 for SHA-512, \c 48 bytes for SHA-384.
+    /// \param is384    Determines which function to use. This must be either
+    ///                 \c 0 for SHA-512, or \c 1 for SHA-384.
+    ///
+    /// \note           is384 must be defined accordingly with the supported
+    ///                 symbols in the config file. If:
+    ///                 - is384 is 0, but \c MBEDTLS_SHA384_C is not defined, or
+    ///                 - is384 is 1, but \c MBEDTLS_SHA512_C is not defined
+    ///                 then the function will return
+    ///                 #MBEDTLS_ERR_SHA512_BAD_INPUT_DATA.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha512(
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+        is384: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          The SHA-384 checkup routine.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_sha384_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          The SHA-512 checkup routine.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_sha512_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_psa_hash_operation_t {
+    pub private_alg: psa_algorithm_t,
+    pub private_ctx: mbedtls_psa_hash_operation_t__bindgen_ty_1,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union mbedtls_psa_hash_operation_t__bindgen_ty_1 {
+    pub dummy: crate::c_types::c_uint,
+    pub md5: mbedtls_md5_context,
+    pub ripemd160: mbedtls_ripemd160_context,
+    pub sha1: mbedtls_sha1_context,
+    pub sha256: mbedtls_sha256_context,
+    pub sha512: mbedtls_sha512_context,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_psa_cipher_operation_t {
+    pub private_alg: psa_algorithm_t,
+    pub private_iv_length: u8,
+    pub private_block_length: u8,
+    pub private_ctx: mbedtls_psa_cipher_operation_t__bindgen_ty_1,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union mbedtls_psa_cipher_operation_t__bindgen_ty_1 {
+    pub private_dummy: crate::c_types::c_uint,
+    pub private_cipher: mbedtls_cipher_context_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union psa_driver_hash_context_t {
+    pub dummy: crate::c_types::c_uint,
+    pub mbedtls_ctx: mbedtls_psa_hash_operation_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union psa_driver_cipher_context_t {
+    pub dummy: crate::c_types::c_uint,
+    pub mbedtls_ctx: mbedtls_psa_cipher_operation_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_hash_operation_s {
+    pub private_id: crate::c_types::c_uint,
+    pub private_ctx: psa_driver_hash_context_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_cipher_operation_s {
+    pub private_id: crate::c_types::c_uint,
+    pub _bitfield_align_1: [u8; 0],
+    pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>,
+    pub private_default_iv_length: u8,
+    pub private_ctx: psa_driver_cipher_context_t,
+}
+impl psa_cipher_operation_s {
+    #[inline]
+    pub fn private_iv_required(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_iv_required(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(0usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn private_iv_set(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_iv_set(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(1usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn new_bitfield_1(
+        private_iv_required: crate::c_types::c_uint,
+        private_iv_set: crate::c_types::c_uint,
+    ) -> __BindgenBitfieldUnit<[u8; 1usize]> {
+        let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default();
+        __bindgen_bitfield_unit.set(0usize, 1u8, {
+            let private_iv_required: u32 = unsafe { ::core::mem::transmute(private_iv_required) };
+            private_iv_required as u64
+        });
+        __bindgen_bitfield_unit.set(1usize, 1u8, {
+            let private_iv_set: u32 = unsafe { ::core::mem::transmute(private_iv_set) };
+            private_iv_set as u64
+        });
+        __bindgen_bitfield_unit
+    }
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_psa_hmac_operation_t {
+    pub private_alg: psa_algorithm_t,
+    /// The hash context.
+    pub hash_ctx: psa_hash_operation_s,
+    pub private_opad: [u8; 128usize],
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_psa_mac_operation_t {
+    pub private_alg: psa_algorithm_t,
+    pub private_ctx: mbedtls_psa_mac_operation_t__bindgen_ty_1,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union mbedtls_psa_mac_operation_t__bindgen_ty_1 {
+    pub private_dummy: crate::c_types::c_uint,
+    pub private_hmac: mbedtls_psa_hmac_operation_t,
+    pub private_cmac: mbedtls_cipher_context_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_psa_aead_operation_t {
+    pub private_alg: psa_algorithm_t,
+    pub private_key_type: psa_key_type_t,
+    pub _bitfield_align_1: [u8; 0],
+    pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>,
+    pub private_tag_length: u8,
+    pub ctx: mbedtls_psa_aead_operation_t__bindgen_ty_1,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union mbedtls_psa_aead_operation_t__bindgen_ty_1 {
+    pub dummy: crate::c_types::c_uint,
+    pub private_ccm: mbedtls_ccm_context,
+    pub private_gcm: mbedtls_gcm_context,
+    pub private_chachapoly: mbedtls_chachapoly_context,
+}
+impl mbedtls_psa_aead_operation_t {
+    #[inline]
+    pub fn private_is_encrypt(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_is_encrypt(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(0usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn new_bitfield_1(
+        private_is_encrypt: crate::c_types::c_uint,
+    ) -> __BindgenBitfieldUnit<[u8; 1usize]> {
+        let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default();
+        __bindgen_bitfield_unit.set(0usize, 1u8, {
+            let private_is_encrypt: u32 = unsafe { ::core::mem::transmute(private_is_encrypt) };
+            private_is_encrypt as u64
+        });
+        __bindgen_bitfield_unit
+    }
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_psa_sign_hash_interruptible_operation_t {
+    pub private_dummy: crate::c_types::c_uint,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_psa_verify_hash_interruptible_operation_t {
+    pub private_dummy: crate::c_types::c_uint,
+}
+///< Client
+pub const mbedtls_ecjpake_role_MBEDTLS_ECJPAKE_CLIENT: mbedtls_ecjpake_role = 0;
+///< Server
+pub const mbedtls_ecjpake_role_MBEDTLS_ECJPAKE_SERVER: mbedtls_ecjpake_role = 1;
+/// Roles in the EC J-PAKE exchange
+pub type mbedtls_ecjpake_role = crate::c_types::c_uint;
+/// EC J-PAKE context structure.
+///
+/// J-PAKE is a symmetric protocol, except for the identifiers used in
+/// Zero-Knowledge Proofs, and the serialization of the second message
+/// (KeyExchange) as defined by the Thread spec.
+///
+/// In order to benefit from this symmetry, we choose a different naming
+/// convention from the Thread v1.0 spec. Correspondence is indicated in the
+/// description as a pair C: client name, S: server name
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ecjpake_context {
+    pub private_md_type: mbedtls_md_type_t,
+    pub private_grp: mbedtls_ecp_group,
+    pub private_role: mbedtls_ecjpake_role,
+    pub private_point_format: crate::c_types::c_int,
+    pub private_Xm1: mbedtls_ecp_point,
+    pub private_Xm2: mbedtls_ecp_point,
+    pub private_Xp1: mbedtls_ecp_point,
+    pub private_Xp2: mbedtls_ecp_point,
+    pub private_Xp: mbedtls_ecp_point,
+    pub private_xm1: mbedtls_mpi,
+    pub private_xm2: mbedtls_mpi,
+    pub private_s: mbedtls_mpi,
+}
+extern "C" {
+    /// \brief           Initialize an ECJPAKE context.
+    ///
+    /// \param ctx       The ECJPAKE context to initialize.
+    ///                  This must not be \c NULL.
+    pub fn mbedtls_ecjpake_init(ctx: *mut mbedtls_ecjpake_context);
+}
+extern "C" {
+    /// \brief           Set up an ECJPAKE context for use.
+    ///
+    /// \note            Currently the only values for hash/curve allowed by the
+    ///                  standard are #MBEDTLS_MD_SHA256/#MBEDTLS_ECP_DP_SECP256R1.
+    ///
+    /// \param ctx       The ECJPAKE context to set up. This must be initialized.
+    /// \param role      The role of the caller. This must be either
+    ///                  #MBEDTLS_ECJPAKE_CLIENT or #MBEDTLS_ECJPAKE_SERVER.
+    /// \param hash      The identifier of the hash function to use,
+    ///                  for example #MBEDTLS_MD_SHA256.
+    /// \param curve     The identifier of the elliptic curve to use,
+    ///                  for example #MBEDTLS_ECP_DP_SECP256R1.
+    /// \param secret    The pre-shared secret (passphrase). This must be
+    ///                  a readable not empty buffer of length \p len Bytes. It need
+    ///                  only be valid for the duration of this call.
+    /// \param len       The length of the pre-shared secret \p secret.
+    ///
+    /// \return          \c 0 if successful.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_ecjpake_setup(
+        ctx: *mut mbedtls_ecjpake_context,
+        role: mbedtls_ecjpake_role,
+        hash: mbedtls_md_type_t,
+        curve: mbedtls_ecp_group_id,
+        secret: *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               Set the point format for future reads and writes.
+    ///
+    /// \param ctx           The ECJPAKE context to configure.
+    /// \param point_format  The point format to use:
+    ///                      #MBEDTLS_ECP_PF_UNCOMPRESSED (default)
+    ///                      or #MBEDTLS_ECP_PF_COMPRESSED.
+    ///
+    /// \return              \c 0 if successful.
+    /// \return              #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if \p point_format
+    ///                      is invalid.
+    pub fn mbedtls_ecjpake_set_point_format(
+        ctx: *mut mbedtls_ecjpake_context,
+        point_format: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Check if an ECJPAKE context is ready for use.
+    ///
+    /// \param ctx       The ECJPAKE context to check. This must be
+    ///                  initialized.
+    ///
+    /// \return          \c 0 if the context is ready for use.
+    /// \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA otherwise.
+    pub fn mbedtls_ecjpake_check(ctx: *const mbedtls_ecjpake_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Generate and write the first round message
+    ///                  (TLS: contents of the Client/ServerHello extension,
+    ///                  excluding extension type and length bytes).
+    ///
+    /// \param ctx       The ECJPAKE context to use. This must be
+    ///                  initialized and set up.
+    /// \param buf       The buffer to write the contents to. This must be a
+    ///                  writable buffer of length \p len Bytes.
+    /// \param len       The length of \p buf in Bytes.
+    /// \param olen      The address at which to store the total number
+    ///                  of Bytes written to \p buf. This must not be \c NULL.
+    /// \param f_rng     The RNG function to use. This must not be \c NULL.
+    /// \param p_rng     The RNG parameter to be passed to \p f_rng. This
+    ///                  may be \c NULL if \p f_rng doesn't use a context.
+    ///
+    /// \return          \c 0 if successful.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_ecjpake_write_round_one(
+        ctx: *mut mbedtls_ecjpake_context,
+        buf: *mut crate::c_types::c_uchar,
+        len: usize,
+        olen: *mut usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Read and process the first round message
+    ///                  (TLS: contents of the Client/ServerHello extension,
+    ///                  excluding extension type and length bytes).
+    ///
+    /// \param ctx       The ECJPAKE context to use. This must be initialized
+    ///                  and set up.
+    /// \param buf       The buffer holding the first round message. This must
+    ///                  be a readable buffer of length \p len Bytes.
+    /// \param len       The length in Bytes of \p buf.
+    ///
+    /// \return          \c 0 if successful.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_ecjpake_read_round_one(
+        ctx: *mut mbedtls_ecjpake_context,
+        buf: *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Generate and write the second round message
+    ///                  (TLS: contents of the Client/ServerKeyExchange).
+    ///
+    /// \param ctx       The ECJPAKE context to use. This must be initialized,
+    ///                  set up, and already have performed round one.
+    /// \param buf       The buffer to write the round two contents to.
+    ///                  This must be a writable buffer of length \p len Bytes.
+    /// \param len       The size of \p buf in Bytes.
+    /// \param olen      The address at which to store the total number of Bytes
+    ///                  written to \p buf. This must not be \c NULL.
+    /// \param f_rng     The RNG function to use. This must not be \c NULL.
+    /// \param p_rng     The RNG parameter to be passed to \p f_rng. This
+    ///                  may be \c NULL if \p f_rng doesn't use a context.
+    ///
+    /// \return          \c 0 if successful.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_ecjpake_write_round_two(
+        ctx: *mut mbedtls_ecjpake_context,
+        buf: *mut crate::c_types::c_uchar,
+        len: usize,
+        olen: *mut usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Read and process the second round message
+    ///                  (TLS: contents of the Client/ServerKeyExchange).
+    ///
+    /// \param ctx       The ECJPAKE context to use. This must be initialized
+    ///                  and set up and already have performed round one.
+    /// \param buf       The buffer holding the second round message. This must
+    ///                  be a readable buffer of length \p len Bytes.
+    /// \param len       The length in Bytes of \p buf.
+    ///
+    /// \return          \c 0 if successful.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_ecjpake_read_round_two(
+        ctx: *mut mbedtls_ecjpake_context,
+        buf: *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Derive the shared secret
+    ///                  (TLS: Pre-Master Secret).
+    ///
+    /// \param ctx       The ECJPAKE context to use. This must be initialized,
+    ///                  set up and have performed both round one and two.
+    /// \param buf       The buffer to write the derived secret to. This must
+    ///                  be a writable buffer of length \p len Bytes.
+    /// \param len       The length of \p buf in Bytes.
+    /// \param olen      The address at which to store the total number of Bytes
+    ///                  written to \p buf. This must not be \c NULL.
+    /// \param f_rng     The RNG function to use. This must not be \c NULL.
+    /// \param p_rng     The RNG parameter to be passed to \p f_rng. This
+    ///                  may be \c NULL if \p f_rng doesn't use a context.
+    ///
+    /// \return          \c 0 if successful.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_ecjpake_derive_secret(
+        ctx: *mut mbedtls_ecjpake_context,
+        buf: *mut crate::c_types::c_uchar,
+        len: usize,
+        olen: *mut usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Write the shared key material to be passed to a Key
+    ///                  Derivation Function as described in RFC8236.
+    ///
+    /// \param ctx       The ECJPAKE context to use. This must be initialized,
+    ///                  set up and have performed both round one and two.
+    /// \param buf       The buffer to write the derived secret to. This must
+    ///                  be a writable buffer of length \p len Bytes.
+    /// \param len       The length of \p buf in Bytes.
+    /// \param olen      The address at which to store the total number of bytes
+    ///                  written to \p buf. This must not be \c NULL.
+    /// \param f_rng     The RNG function to use. This must not be \c NULL.
+    /// \param p_rng     The RNG parameter to be passed to \p f_rng. This
+    ///                  may be \c NULL if \p f_rng doesn't use a context.
+    ///
+    /// \return          \c 0 if successful.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_ecjpake_write_shared_key(
+        ctx: *mut mbedtls_ecjpake_context,
+        buf: *mut crate::c_types::c_uchar,
+        len: usize,
+        olen: *mut usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This clears an ECJPAKE context and frees any
+    ///                  embedded data structure.
+    ///
+    /// \param ctx       The ECJPAKE context to free. This may be \c NULL,
+    ///                  in which case this function does nothing. If it is not
+    ///                  \c NULL, it must point to an initialized ECJPAKE context.
+    pub fn mbedtls_ecjpake_free(ctx: *mut mbedtls_ecjpake_context);
+}
+extern "C" {
+    /// \brief          Checkup routine
+    ///
+    /// \return         0 if successful, or 1 if a test failed
+    pub fn mbedtls_ecjpake_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_psa_pake_operation_t {
+    pub private_alg: psa_algorithm_t,
+    pub private_password: *mut u8,
+    pub private_password_len: usize,
+    pub private_role: u8,
+    pub private_buffer: [u8; 336usize],
+    pub private_buffer_length: usize,
+    pub private_buffer_offset: usize,
+    pub private_ctx: mbedtls_psa_pake_operation_t__bindgen_ty_1,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union mbedtls_psa_pake_operation_t__bindgen_ty_1 {
+    pub private_dummy: crate::c_types::c_uint,
+    pub private_jpake: mbedtls_ecjpake_context,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union psa_driver_mac_context_t {
+    pub dummy: crate::c_types::c_uint,
+    pub mbedtls_ctx: mbedtls_psa_mac_operation_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union psa_driver_aead_context_t {
+    pub dummy: crate::c_types::c_uint,
+    pub mbedtls_ctx: mbedtls_psa_aead_operation_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union psa_driver_sign_hash_interruptible_context_t {
+    pub dummy: crate::c_types::c_uint,
+    pub mbedtls_ctx: mbedtls_psa_sign_hash_interruptible_operation_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union psa_driver_verify_hash_interruptible_context_t {
+    pub dummy: crate::c_types::c_uint,
+    pub mbedtls_ctx: mbedtls_psa_verify_hash_interruptible_operation_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union psa_driver_pake_context_t {
+    pub dummy: crate::c_types::c_uint,
+    pub mbedtls_ctx: mbedtls_psa_pake_operation_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_mac_operation_s {
+    pub private_id: crate::c_types::c_uint,
+    pub private_mac_size: u8,
+    pub _bitfield_align_1: [u8; 0],
+    pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>,
+    pub private_ctx: psa_driver_mac_context_t,
+}
+impl psa_mac_operation_s {
+    #[inline]
+    pub fn private_is_sign(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_is_sign(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(0usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn new_bitfield_1(
+        private_is_sign: crate::c_types::c_uint,
+    ) -> __BindgenBitfieldUnit<[u8; 1usize]> {
+        let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default();
+        __bindgen_bitfield_unit.set(0usize, 1u8, {
+            let private_is_sign: u32 = unsafe { ::core::mem::transmute(private_is_sign) };
+            private_is_sign as u64
+        });
+        __bindgen_bitfield_unit
+    }
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_aead_operation_s {
+    pub private_id: crate::c_types::c_uint,
+    pub private_alg: psa_algorithm_t,
+    pub private_key_type: psa_key_type_t,
+    pub private_ad_remaining: usize,
+    pub private_body_remaining: usize,
+    pub _bitfield_align_1: [u8; 0],
+    pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>,
+    pub private_ctx: psa_driver_aead_context_t,
+}
+impl psa_aead_operation_s {
+    #[inline]
+    pub fn private_nonce_set(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_nonce_set(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(0usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn private_lengths_set(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_lengths_set(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(1usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn private_ad_started(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_ad_started(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(2usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn private_body_started(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_body_started(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(3usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn private_is_encrypt(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_is_encrypt(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(4usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn new_bitfield_1(
+        private_nonce_set: crate::c_types::c_uint,
+        private_lengths_set: crate::c_types::c_uint,
+        private_ad_started: crate::c_types::c_uint,
+        private_body_started: crate::c_types::c_uint,
+        private_is_encrypt: crate::c_types::c_uint,
+    ) -> __BindgenBitfieldUnit<[u8; 1usize]> {
+        let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default();
+        __bindgen_bitfield_unit.set(0usize, 1u8, {
+            let private_nonce_set: u32 = unsafe { ::core::mem::transmute(private_nonce_set) };
+            private_nonce_set as u64
+        });
+        __bindgen_bitfield_unit.set(1usize, 1u8, {
+            let private_lengths_set: u32 = unsafe { ::core::mem::transmute(private_lengths_set) };
+            private_lengths_set as u64
+        });
+        __bindgen_bitfield_unit.set(2usize, 1u8, {
+            let private_ad_started: u32 = unsafe { ::core::mem::transmute(private_ad_started) };
+            private_ad_started as u64
+        });
+        __bindgen_bitfield_unit.set(3usize, 1u8, {
+            let private_body_started: u32 = unsafe { ::core::mem::transmute(private_body_started) };
+            private_body_started as u64
+        });
+        __bindgen_bitfield_unit.set(4usize, 1u8, {
+            let private_is_encrypt: u32 = unsafe { ::core::mem::transmute(private_is_encrypt) };
+            private_is_encrypt as u64
+        });
+        __bindgen_bitfield_unit
+    }
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_hkdf_key_derivation_t {
+    pub private_info: *mut u8,
+    pub private_info_length: usize,
+    pub private_offset_in_block: u8,
+    pub private_block_number: u8,
+    pub _bitfield_align_1: [u8; 0],
+    pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>,
+    pub private_output_block: [u8; 64usize],
+    pub private_prk: [u8; 64usize],
+    pub private_hmac: psa_mac_operation_s,
+}
+impl psa_hkdf_key_derivation_t {
+    #[inline]
+    pub fn private_state(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 2u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_state(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(0usize, 2u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn private_info_set(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_info_set(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(2usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn new_bitfield_1(
+        private_state: crate::c_types::c_uint,
+        private_info_set: crate::c_types::c_uint,
+    ) -> __BindgenBitfieldUnit<[u8; 1usize]> {
+        let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default();
+        __bindgen_bitfield_unit.set(0usize, 2u8, {
+            let private_state: u32 = unsafe { ::core::mem::transmute(private_state) };
+            private_state as u64
+        });
+        __bindgen_bitfield_unit.set(2usize, 1u8, {
+            let private_info_set: u32 = unsafe { ::core::mem::transmute(private_info_set) };
+            private_info_set as u64
+        });
+        __bindgen_bitfield_unit
+    }
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_tls12_ecjpake_to_pms_t {
+    pub private_data: [u8; 32usize],
+}
+pub const psa_tls12_prf_key_derivation_state_t_PSA_TLS12_PRF_STATE_INIT:
+    psa_tls12_prf_key_derivation_state_t = 0;
+pub const psa_tls12_prf_key_derivation_state_t_PSA_TLS12_PRF_STATE_SEED_SET:
+    psa_tls12_prf_key_derivation_state_t = 1;
+pub const psa_tls12_prf_key_derivation_state_t_PSA_TLS12_PRF_STATE_OTHER_KEY_SET:
+    psa_tls12_prf_key_derivation_state_t = 2;
+pub const psa_tls12_prf_key_derivation_state_t_PSA_TLS12_PRF_STATE_KEY_SET:
+    psa_tls12_prf_key_derivation_state_t = 3;
+pub const psa_tls12_prf_key_derivation_state_t_PSA_TLS12_PRF_STATE_LABEL_SET:
+    psa_tls12_prf_key_derivation_state_t = 4;
+pub const psa_tls12_prf_key_derivation_state_t_PSA_TLS12_PRF_STATE_OUTPUT:
+    psa_tls12_prf_key_derivation_state_t = 5;
+pub type psa_tls12_prf_key_derivation_state_t = crate::c_types::c_uint;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_tls12_prf_key_derivation_s {
+    pub private_left_in_block: u8,
+    pub private_block_number: u8,
+    pub private_state: psa_tls12_prf_key_derivation_state_t,
+    pub private_secret: *mut u8,
+    pub private_secret_length: usize,
+    pub private_seed: *mut u8,
+    pub private_seed_length: usize,
+    pub private_label: *mut u8,
+    pub private_label_length: usize,
+    pub private_other_secret: *mut u8,
+    pub private_other_secret_length: usize,
+    pub private_Ai: [u8; 64usize],
+    pub private_output_block: [u8; 64usize],
+}
+pub type psa_tls12_prf_key_derivation_t = psa_tls12_prf_key_derivation_s;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_key_derivation_s {
+    pub private_alg: psa_algorithm_t,
+    pub _bitfield_align_1: [u8; 0],
+    pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>,
+    pub private_capacity: usize,
+    pub private_ctx: psa_key_derivation_s__bindgen_ty_1,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union psa_key_derivation_s__bindgen_ty_1 {
+    pub private_dummy: u8,
+    pub private_hkdf: psa_hkdf_key_derivation_t,
+    pub private_tls12_prf: psa_tls12_prf_key_derivation_t,
+    pub private_tls12_ecjpake_to_pms: psa_tls12_ecjpake_to_pms_t,
+}
+impl psa_key_derivation_s {
+    #[inline]
+    pub fn private_can_output_key(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_can_output_key(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(0usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn new_bitfield_1(
+        private_can_output_key: crate::c_types::c_uint,
+    ) -> __BindgenBitfieldUnit<[u8; 1usize]> {
+        let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default();
+        __bindgen_bitfield_unit.set(0usize, 1u8, {
+            let private_can_output_key: u32 =
+                unsafe { ::core::mem::transmute(private_can_output_key) };
+            private_can_output_key as u64
+        });
+        __bindgen_bitfield_unit
+    }
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_key_policy_s {
+    pub private_usage: psa_key_usage_t,
+    pub private_alg: psa_algorithm_t,
+    pub private_alg2: psa_algorithm_t,
+}
+pub type psa_key_policy_t = psa_key_policy_s;
+pub type psa_key_bits_t = u16;
+/// A mask of flags that can be stored in key attributes.
+///
+/// This type is also used internally to store flags in slots. Internal
+/// flags are defined in library/psa_crypto_core.h. Internal flags may have
+/// the same value as external flags if they are properly handled during
+/// key creation and in psa_get_key_attributes.
+pub type psa_key_attributes_flag_t = u16;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_core_key_attributes_t {
+    pub private_type: psa_key_type_t,
+    pub private_bits: psa_key_bits_t,
+    pub private_lifetime: psa_key_lifetime_t,
+    pub private_id: mbedtls_svc_key_id_t,
+    pub private_policy: psa_key_policy_t,
+    pub private_flags: psa_key_attributes_flag_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_key_attributes_s {
+    pub private_core: psa_core_key_attributes_t,
+    pub private_domain_parameters: *mut crate::c_types::c_void,
+    pub private_domain_parameters_size: usize,
+}
+extern "C" {
+    /// \brief Set domain parameters for a key.
+    ///
+    /// Some key types require additional domain parameters in addition to
+    /// the key type identifier and the key size. Use this function instead
+    /// of psa_set_key_type() when you need to specify domain parameters.
+    ///
+    /// The format for the required domain parameters varies based on the key type.
+    ///
+    /// - For RSA keys (#PSA_KEY_TYPE_RSA_PUBLIC_KEY or #PSA_KEY_TYPE_RSA_KEY_PAIR),
+    ///   the domain parameter data consists of the public exponent,
+    ///   represented as a big-endian integer with no leading zeros.
+    ///   This information is used when generating an RSA key pair.
+    ///   When importing a key, the public exponent is read from the imported
+    ///   key data and the exponent recorded in the attribute structure is ignored.
+    ///   As an exception, the public exponent 65537 is represented by an empty
+    ///   byte string.
+    /// - For DSA keys (#PSA_KEY_TYPE_DSA_PUBLIC_KEY or #PSA_KEY_TYPE_DSA_KEY_PAIR),
+    ///   the `Dss-Params` format as defined by RFC 3279 &sect;2.3.2.
+    ///   ```
+    ///   Dss-Params ::= SEQUENCE  {
+    ///      p       INTEGER,
+    ///      q       INTEGER,
+    ///      g       INTEGER
+    ///   }
+    ///   ```
+    /// - For Diffie-Hellman key exchange keys
+    ///   (#PSA_KEY_TYPE_DH_PUBLIC_KEY(#PSA_DH_FAMILY_CUSTOM) or
+    ///   #PSA_KEY_TYPE_DH_KEY_PAIR(#PSA_DH_FAMILY_CUSTOM)), the
+    ///   `DomainParameters` format as defined by RFC 3279 &sect;2.3.3.
+    ///   ```
+    ///   DomainParameters ::= SEQUENCE {
+    ///      p               INTEGER,                    -- odd prime, p=jq +1
+    ///      g               INTEGER,                    -- generator, g
+    ///      q               INTEGER,                    -- factor of p-1
+    ///      j               INTEGER OPTIONAL,           -- subgroup factor
+    ///      validationParams ValidationParams OPTIONAL
+    ///   }
+    ///   ValidationParams ::= SEQUENCE {
+    ///      seed            BIT STRING,
+    ///      pgenCounter     INTEGER
+    ///   }
+    ///   ```
+    ///
+    /// \note This function may allocate memory or other resources.
+    ///       Once you have called this function on an attribute structure,
+    ///       you must call psa_reset_key_attributes() to free these resources.
+    ///
+    /// \note This is an experimental extension to the interface. It may change
+    ///       in future versions of the library.
+    ///
+    /// \param[in,out] attributes    Attribute structure where the specified domain
+    ///                              parameters will be stored.
+    ///                              If this function fails, the content of
+    ///                              \p attributes is not modified.
+    /// \param type                  Key type (a \c PSA_KEY_TYPE_XXX value).
+    /// \param[in] data              Buffer containing the key domain parameters.
+    ///                              The content of this buffer is interpreted
+    ///                              according to \p type as described above.
+    /// \param data_length           Size of the \p data buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    pub fn psa_set_key_domain_parameters(
+        attributes: *mut psa_key_attributes_t,
+        type_: psa_key_type_t,
+        data: *const u8,
+        data_length: usize,
+    ) -> psa_status_t;
+}
+/// \brief The context for PSA interruptible hash signing.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_sign_hash_interruptible_operation_s {
+    pub private_id: crate::c_types::c_uint,
+    pub private_ctx: psa_driver_sign_hash_interruptible_context_t,
+    pub _bitfield_align_1: [u8; 0],
+    pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>,
+    pub private_num_ops: u32,
+}
+impl psa_sign_hash_interruptible_operation_s {
+    #[inline]
+    pub fn private_error_occurred(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_error_occurred(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(0usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn new_bitfield_1(
+        private_error_occurred: crate::c_types::c_uint,
+    ) -> __BindgenBitfieldUnit<[u8; 1usize]> {
+        let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default();
+        __bindgen_bitfield_unit.set(0usize, 1u8, {
+            let private_error_occurred: u32 =
+                unsafe { ::core::mem::transmute(private_error_occurred) };
+            private_error_occurred as u64
+        });
+        __bindgen_bitfield_unit
+    }
+}
+/// \brief The context for PSA interruptible hash verification.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_verify_hash_interruptible_operation_s {
+    pub private_id: crate::c_types::c_uint,
+    pub private_ctx: psa_driver_verify_hash_interruptible_context_t,
+    pub _bitfield_align_1: [u8; 0],
+    pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>,
+    pub private_num_ops: u32,
+}
+impl psa_verify_hash_interruptible_operation_s {
+    #[inline]
+    pub fn private_error_occurred(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_error_occurred(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(0usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn new_bitfield_1(
+        private_error_occurred: crate::c_types::c_uint,
+    ) -> __BindgenBitfieldUnit<[u8; 1usize]> {
+        let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default();
+        __bindgen_bitfield_unit.set(0usize, 1u8, {
+            let private_error_occurred: u32 =
+                unsafe { ::core::mem::transmute(private_error_occurred) };
+            private_error_occurred as u64
+        });
+        __bindgen_bitfield_unit
+    }
+}
+pub type psa_key_handle_t = mbedtls_svc_key_id_t;
+extern "C" {
+    /// Open a handle to an existing persistent key.
+    ///
+    /// Open a handle to a persistent key. A key is persistent if it was created
+    /// with a lifetime other than #PSA_KEY_LIFETIME_VOLATILE. A persistent key
+    /// always has a nonzero key identifier, set with psa_set_key_id() when
+    /// creating the key. Implementations may provide additional pre-provisioned
+    /// keys that can be opened with psa_open_key(). Such keys have an application
+    /// key identifier in the vendor range, as documented in the description of
+    /// #psa_key_id_t.
+    ///
+    /// The application must eventually close the handle with psa_close_key() or
+    /// psa_destroy_key() to release associated resources. If the application dies
+    /// without calling one of these functions, the implementation should perform
+    /// the equivalent of a call to psa_close_key().
+    ///
+    /// Some implementations permit an application to open the same key multiple
+    /// times. If this is successful, each call to psa_open_key() will return a
+    /// different key handle.
+    ///
+    /// \note This API is not part of the PSA Cryptography API Release 1.0.0
+    /// specification. It was defined in the 1.0 Beta 3 version of the
+    /// specification but was removed in the 1.0.0 released version. This API is
+    /// kept for the time being to not break applications relying on it. It is not
+    /// deprecated yet but will be in the near future.
+    ///
+    /// \note Applications that rely on opening a key multiple times will not be
+    /// portable to implementations that only permit a single key handle to be
+    /// opened. See also :ref:\`key-handles\`.
+    ///
+    ///
+    /// \param key           The persistent identifier of the key.
+    /// \param[out] handle   On success, a handle to the key.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success. The application can now use the value of `*handle`
+    ///         to access the key.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+    ///         The implementation does not have sufficient resources to open the
+    ///         key. This can be due to reaching an implementation limit on the
+    ///         number of open keys, the number of open key handles, or available
+    ///         memory.
+    /// \retval #PSA_ERROR_DOES_NOT_EXIST
+    ///         There is no persistent key with key identifier \p key.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not a valid persistent key identifier.
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The specified key exists, but the application does not have the
+    ///         permission to access it. Note that this specification does not
+    ///         define any way to create such a key, but it may be possible
+    ///         through implementation-specific means.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_open_key(key: mbedtls_svc_key_id_t, handle: *mut psa_key_handle_t) -> psa_status_t;
+}
+extern "C" {
+    /// Close a key handle.
+    ///
+    /// If the handle designates a volatile key, this will destroy the key material
+    /// and free all associated resources, just like psa_destroy_key().
+    ///
+    /// If this is the last open handle to a persistent key, then closing the handle
+    /// will free all resources associated with the key in volatile memory. The key
+    /// data in persistent storage is not affected and can be opened again later
+    /// with a call to psa_open_key().
+    ///
+    /// Closing the key handle makes the handle invalid, and the key handle
+    /// must not be used again by the application.
+    ///
+    /// \note This API is not part of the PSA Cryptography API Release 1.0.0
+    /// specification. It was defined in the 1.0 Beta 3 version of the
+    /// specification but was removed in the 1.0.0 released version. This API is
+    /// kept for the time being to not break applications relying on it. It is not
+    /// deprecated yet but will be in the near future.
+    ///
+    /// \note If the key handle was used to set up an active
+    /// :ref:\`multipart operation <multipart-operations>\`, then closing the
+    /// key handle can cause the multipart operation to fail. Applications should
+    /// maintain the key handle until after the multipart operation has finished.
+    ///
+    /// \param handle        The key handle to close.
+    ///                      If this is \c 0, do nothing and return \c PSA_SUCCESS.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         \p handle was a valid handle or \c 0. It is now closed.
+    /// \retval #PSA_ERROR_INVALID_HANDLE
+    ///         \p handle is not a valid handle nor \c 0.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_close_key(handle: psa_key_handle_t) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Library deinitialization.
+    ///
+    /// This function clears all data associated with the PSA layer,
+    /// including the whole key store.
+    ///
+    /// This is an Mbed TLS extension.
+    pub fn mbedtls_psa_crypto_free();
+}
+/// \brief Statistics about
+/// resource consumption related to the PSA keystore.
+///
+/// \note The content of this structure is not part of the stable API and ABI
+///       of Mbed Crypto and may change arbitrarily from version to version.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_psa_stats_s {
+    pub private_volatile_slots: usize,
+    pub private_persistent_slots: usize,
+    pub private_external_slots: usize,
+    pub private_half_filled_slots: usize,
+    pub private_cache_slots: usize,
+    pub private_empty_slots: usize,
+    pub private_locked_slots: usize,
+    pub private_max_open_internal_key_id: psa_key_id_t,
+    pub private_max_open_external_key_id: psa_key_id_t,
+}
+/// \brief Statistics about
+/// resource consumption related to the PSA keystore.
+///
+/// \note The content of this structure is not part of the stable API and ABI
+///       of Mbed Crypto and may change arbitrarily from version to version.
+pub type mbedtls_psa_stats_t = mbedtls_psa_stats_s;
+extern "C" {
+    /// \brief Get statistics about
+    /// resource consumption related to the PSA keystore.
+    ///
+    /// \note When Mbed Crypto is built as part of a service, with isolation
+    ///       between the application and the keystore, the service may or
+    ///       may not expose this function.
+    pub fn mbedtls_psa_get_stats(stats: *mut mbedtls_psa_stats_t);
+}
+extern "C" {
+    /// \brief Inject an initial entropy seed for the random generator into
+    ///        secure storage.
+    ///
+    /// This function injects data to be used as a seed for the random generator
+    /// used by the PSA Crypto implementation. On devices that lack a trusted
+    /// entropy source (preferably a hardware random number generator),
+    /// the Mbed PSA Crypto implementation uses this value to seed its
+    /// random generator.
+    ///
+    /// On devices without a trusted entropy source, this function must be
+    /// called exactly once in the lifetime of the device. On devices with
+    /// a trusted entropy source, calling this function is optional.
+    /// In all cases, this function may only be called before calling any
+    /// other function in the PSA Crypto API, including psa_crypto_init().
+    ///
+    /// When this function returns successfully, it populates a file in
+    /// persistent storage. Once the file has been created, this function
+    /// can no longer succeed.
+    ///
+    /// If any error occurs, this function does not change the system state.
+    /// You can call this function again after correcting the reason for the
+    /// error if possible.
+    ///
+    /// \warning This function **can** fail! Callers MUST check the return status.
+    ///
+    /// \warning If you use this function, you should use it as part of a
+    ///          factory provisioning process. The value of the injected seed
+    ///          is critical to the security of the device. It must be
+    ///          *secret*, *unpredictable* and (statistically) *unique per device*.
+    ///          You should be generate it randomly using a cryptographically
+    ///          secure random generator seeded from trusted entropy sources.
+    ///          You should transmit it securely to the device and ensure
+    ///          that its value is not leaked or stored anywhere beyond the
+    ///          needs of transmitting it from the point of generation to
+    ///          the call of this function, and erase all copies of the value
+    ///          once this function returns.
+    ///
+    /// This is an Mbed TLS extension.
+    ///
+    /// \note This function is only available on the following platforms:
+    /// * If the compile-time option MBEDTLS_PSA_INJECT_ENTROPY is enabled.
+    ///   Note that you must provide compatible implementations of
+    ///   mbedtls_nv_seed_read and mbedtls_nv_seed_write.
+    /// * In a client-server integration of PSA Cryptography, on the client side,
+    ///   if the server supports this feature.
+    /// \param[in] seed          Buffer containing the seed value to inject.
+    /// \param[in] seed_size     Size of the \p seed buffer.
+    ///                          The size of the seed in bytes must be greater
+    ///                          or equal to both #MBEDTLS_ENTROPY_BLOCK_SIZE
+    ///                          and the value of \c MBEDTLS_ENTROPY_MIN_PLATFORM
+    ///                          in `library/entropy_poll.h` in the Mbed TLS source
+    ///                          code.
+    ///                          It must be less or equal to
+    ///                          #MBEDTLS_ENTROPY_MAX_SEED_SIZE.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         The seed value was injected successfully. The random generator
+    ///         of the PSA Crypto implementation is now ready for use.
+    ///         You may now call psa_crypto_init() and use the PSA Crypto
+    ///         implementation.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p seed_size is out of range.
+    /// \retval #PSA_ERROR_STORAGE_FAILURE
+    ///         There was a failure reading or writing from storage.
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The library has already been initialized. It is no longer
+    ///         possible to call this function.
+    pub fn mbedtls_psa_inject_entropy(seed: *const u8, seed_size: usize) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Get domain parameters for a key.
+    ///
+    /// Get the domain parameters for a key with this function, if any. The format
+    /// of the domain parameters written to \p data is specified in the
+    /// documentation for psa_set_key_domain_parameters().
+    ///
+    /// \note This is an experimental extension to the interface. It may change
+    ///       in future versions of the library.
+    ///
+    /// \param[in] attributes        The key attribute structure to query.
+    /// \param[out] data             On success, the key domain parameters.
+    /// \param data_size             Size of the \p data buffer in bytes.
+    ///                              The buffer is guaranteed to be large
+    ///                              enough if its size in bytes is at least
+    ///                              the value given by
+    ///                              PSA_KEY_DOMAIN_PARAMETERS_SIZE().
+    /// \param[out] data_length      On success, the number of bytes
+    ///                              that make up the key domain parameters data.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL \emptydescription
+    pub fn psa_get_key_domain_parameters(
+        attributes: *const psa_key_attributes_t,
+        data: *mut u8,
+        data_size: usize,
+        data_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Convert an ECC curve identifier from the PSA encoding to Mbed TLS.
+    ///
+    /// \note This function is provided solely for the convenience of
+    ///       Mbed TLS and may be removed at any time without notice.
+    ///
+    /// \param curve         A PSA elliptic curve identifier
+    ///                      (`PSA_ECC_FAMILY_xxx`).
+    /// \param bits          The bit-length of a private key on \p curve.
+    /// \param bits_is_sloppy If true, \p bits may be the bit-length rounded up
+    ///                      to the nearest multiple of 8. This allows the caller
+    ///                      to infer the exact curve from the length of a key
+    ///                      which is supplied as a byte string.
+    ///
+    /// \return              The corresponding Mbed TLS elliptic curve identifier
+    ///                      (`MBEDTLS_ECP_DP_xxx`).
+    /// \return              #MBEDTLS_ECP_DP_NONE if \c curve is not recognized.
+    /// \return              #MBEDTLS_ECP_DP_NONE if \p bits is not
+    ///                      correct for \p curve.
+    pub fn mbedtls_ecc_group_of_psa(
+        curve: psa_ecc_family_t,
+        bits: usize,
+        bits_is_sloppy: crate::c_types::c_int,
+    ) -> mbedtls_ecp_group_id;
+}
+extern "C" {
+    /// External random generator function, implemented by the platform.
+    ///
+    /// When the compile-time option #MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled,
+    /// this function replaces Mbed TLS's entropy and DRBG modules for all
+    /// random generation triggered via PSA crypto interfaces.
+    ///
+    /// \note This random generator must deliver random numbers with cryptographic
+    ///       quality and high performance. It must supply unpredictable numbers
+    ///       with a uniform distribution. The implementation of this function
+    ///       is responsible for ensuring that the random generator is seeded
+    ///       with sufficient entropy. If you have a hardware TRNG which is slow
+    ///       or delivers non-uniform output, declare it as an entropy source
+    ///       with mbedtls_entropy_add_source() instead of enabling this option.
+    ///
+    /// \param[in,out] context       Pointer to the random generator context.
+    ///                              This is all-bits-zero on the first call
+    ///                              and preserved between successive calls.
+    /// \param[out] output           Output buffer. On success, this buffer
+    ///                              contains random data with a uniform
+    ///                              distribution.
+    /// \param output_size           The size of the \p output buffer in bytes.
+    /// \param[out] output_length    On success, set this value to \p output_size.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success. The output buffer contains \p output_size bytes of
+    ///         cryptographic-quality random data, and \c *output_length is
+    ///         set to \p output_size.
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
+    ///         The random generator requires extra entropy and there is no
+    ///         way to obtain entropy under current environment conditions.
+    ///         This error should not happen under normal circumstances since
+    ///         this function is responsible for obtaining as much entropy as
+    ///         it needs. However implementations of this function may return
+    ///         #PSA_ERROR_INSUFFICIENT_ENTROPY if there is no way to obtain
+    ///         entropy without blocking indefinitely.
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE
+    ///         A failure of the random generator hardware that isn't covered
+    ///         by #PSA_ERROR_INSUFFICIENT_ENTROPY.
+    pub fn mbedtls_psa_external_get_random(
+        context: *mut mbedtls_psa_external_random_context_t,
+        output: *mut u8,
+        output_size: usize,
+        output_length: *mut usize,
+    ) -> psa_status_t;
+}
+/// A slot number identifying a key in a driver.
+///
+/// Values of this type are used to identify built-in keys.
+pub type psa_drv_slot_number_t = u64;
+/// \brief Encoding of the application role of PAKE
+///
+/// Encodes the application's role in the algorithm is being executed. For more
+/// information see the documentation of individual \c PSA_PAKE_ROLE_XXX
+/// constants.
+pub type psa_pake_role_t = u8;
+/// Encoding of input and output indicators for PAKE.
+///
+/// Some PAKE algorithms need to exchange more data than just a single key share.
+/// This type is for encoding additional input and output data for such
+/// algorithms.
+pub type psa_pake_step_t = u8;
+/// Encoding of the type of the PAKE's primitive.
+///
+/// Values defined by this standard will never be in the range 0x80-0xff.
+/// Vendors who define additional types must use an encoding in this range.
+///
+/// For more information see the documentation of individual
+/// \c PSA_PAKE_PRIMITIVE_TYPE_XXX constants.
+pub type psa_pake_primitive_type_t = u8;
+/// \brief Encoding of the family of the primitive associated with the PAKE.
+///
+/// For more information see the documentation of individual
+/// \c PSA_PAKE_PRIMITIVE_TYPE_XXX constants.
+pub type psa_pake_family_t = u8;
+/// \brief Encoding of the primitive associated with the PAKE.
+///
+/// For more information see the documentation of the #PSA_PAKE_PRIMITIVE macro.
+pub type psa_pake_primitive_t = u32;
+/// The type of the data structure for PAKE cipher suites.
+///
+/// This is an implementation-defined \c struct. Applications should not
+/// make any assumptions about the content of this structure.
+/// Implementation details can change in future versions without notice.
+pub type psa_pake_cipher_suite_t = psa_pake_cipher_suite_s;
+/// The type of the state data structure for PAKE operations.
+///
+/// Before calling any function on a PAKE operation object, the application
+/// must initialize it by any of the following means:
+/// - Set the structure to all-bits-zero, for example:
+///   \code
+///   psa_pake_operation_t operation;
+///   memset(&operation, 0, sizeof(operation));
+///   \endcode
+/// - Initialize the structure to logical zero values, for example:
+///   \code
+///   psa_pake_operation_t operation = {0};
+///   \endcode
+/// - Initialize the structure to the initializer #PSA_PAKE_OPERATION_INIT,
+///   for example:
+///   \code
+///   psa_pake_operation_t operation = PSA_PAKE_OPERATION_INIT;
+///   \endcode
+/// - Assign the result of the function psa_pake_operation_init()
+///   to the structure, for example:
+///   \code
+///   psa_pake_operation_t operation;
+///   operation = psa_pake_operation_init();
+///   \endcode
+///
+/// This is an implementation-defined \c struct. Applications should not
+/// make any assumptions about the content of this structure.
+/// Implementation details can change in future versions without notice.
+pub type psa_pake_operation_t = psa_pake_operation_s;
+/// The type of input values for PAKE operations.
+pub type psa_crypto_driver_pake_inputs_t = psa_crypto_driver_pake_inputs_s;
+/// The type of computation stage for J-PAKE operations.
+pub type psa_jpake_computation_stage_t = psa_jpake_computation_stage_s;
+extern "C" {
+    /// Get the length of the password in bytes from given inputs.
+    ///
+    /// \param[in]  inputs           Operation inputs.
+    /// \param[out] password_len     Password length.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         Password hasn't been set yet.
+    pub fn psa_crypto_driver_pake_get_password_len(
+        inputs: *const psa_crypto_driver_pake_inputs_t,
+        password_len: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Get the password from given inputs.
+    ///
+    /// \param[in]  inputs           Operation inputs.
+    /// \param[out] buffer           Return buffer for password.
+    /// \param      buffer_size      Size of the return buffer in bytes.
+    /// \param[out] buffer_length    Actual size of the password in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         Password hasn't been set yet.
+    pub fn psa_crypto_driver_pake_get_password(
+        inputs: *const psa_crypto_driver_pake_inputs_t,
+        buffer: *mut u8,
+        buffer_size: usize,
+        buffer_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Get the role from given inputs.
+    ///
+    /// \param[in]  inputs           Operation inputs.
+    /// \param[out] role             Return buffer for role.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         Role hasn't been set yet.
+    pub fn psa_crypto_driver_pake_get_role(
+        inputs: *const psa_crypto_driver_pake_inputs_t,
+        role: *mut psa_pake_role_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Get the length of the user id in bytes from given inputs.
+    ///
+    /// \param[in]  inputs           Operation inputs.
+    /// \param[out] user_len         User id length.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         User id hasn't been set yet.
+    pub fn psa_crypto_driver_pake_get_user_len(
+        inputs: *const psa_crypto_driver_pake_inputs_t,
+        user_len: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Get the length of the peer id in bytes from given inputs.
+    ///
+    /// \param[in]  inputs           Operation inputs.
+    /// \param[out] peer_len         Peer id length.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         Peer id hasn't been set yet.
+    pub fn psa_crypto_driver_pake_get_peer_len(
+        inputs: *const psa_crypto_driver_pake_inputs_t,
+        peer_len: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Get the user id from given inputs.
+    ///
+    /// \param[in]  inputs           Operation inputs.
+    /// \param[out] user_id          User id.
+    /// \param      user_id_size     Size of \p user_id in bytes.
+    /// \param[out] user_id_len      Size of the user id in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         User id hasn't been set yet.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p user_id is too small.
+    pub fn psa_crypto_driver_pake_get_user(
+        inputs: *const psa_crypto_driver_pake_inputs_t,
+        user_id: *mut u8,
+        user_id_size: usize,
+        user_id_len: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Get the peer id from given inputs.
+    ///
+    /// \param[in]  inputs           Operation inputs.
+    /// \param[out] peer_id          Peer id.
+    /// \param      peer_id_size     Size of \p peer_id in bytes.
+    /// \param[out] peer_id_length   Size of the peer id in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         Peer id hasn't been set yet.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p peer_id is too small.
+    pub fn psa_crypto_driver_pake_get_peer(
+        inputs: *const psa_crypto_driver_pake_inputs_t,
+        peer_id: *mut u8,
+        peer_id_size: usize,
+        peer_id_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Get the cipher suite from given inputs.
+    ///
+    /// \param[in]  inputs           Operation inputs.
+    /// \param[out] cipher_suite     Return buffer for role.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         Cipher_suite hasn't been set yet.
+    pub fn psa_crypto_driver_pake_get_cipher_suite(
+        inputs: *const psa_crypto_driver_pake_inputs_t,
+        cipher_suite: *mut psa_pake_cipher_suite_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Set the session information for a password-authenticated key exchange.
+    ///
+    /// The sequence of operations to set up a password-authenticated key exchange
+    /// is as follows:
+    /// -# Allocate an operation object which will be passed to all the functions
+    ///    listed here.
+    /// -# Initialize the operation object with one of the methods described in the
+    ///    documentation for #psa_pake_operation_t, e.g.
+    ///    #PSA_PAKE_OPERATION_INIT.
+    /// -# Call psa_pake_setup() to specify the cipher suite.
+    /// -# Call \c psa_pake_set_xxx() functions on the operation to complete the
+    ///    setup. The exact sequence of \c psa_pake_set_xxx() functions that needs
+    ///    to be called depends on the algorithm in use.
+    ///
+    /// Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX`
+    /// values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true)
+    /// for more information.
+    ///
+    /// A typical sequence of calls to perform a password-authenticated key
+    /// exchange:
+    /// -# Call psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...) to get the
+    ///    key share that needs to be sent to the peer.
+    /// -# Call psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...) to provide
+    ///    the key share that was received from the peer.
+    /// -# Depending on the algorithm additional calls to psa_pake_output() and
+    ///    psa_pake_input() might be necessary.
+    /// -# Call psa_pake_get_implicit_key() for accessing the shared secret.
+    ///
+    /// Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX`
+    /// values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true)
+    /// for more information.
+    ///
+    /// If an error occurs at any step after a call to psa_pake_setup(),
+    /// the operation will need to be reset by a call to psa_pake_abort(). The
+    /// application may call psa_pake_abort() at any time after the operation
+    /// has been initialized.
+    ///
+    /// After a successful call to psa_pake_setup(), the application must
+    /// eventually terminate the operation. The following events terminate an
+    /// operation:
+    /// - A call to psa_pake_abort().
+    /// - A successful call to psa_pake_get_implicit_key().
+    ///
+    /// \param[in,out] operation     The operation object to set up. It must have
+    ///                              been initialized but not set up yet.
+    /// \param[in] cipher_suite      The cipher suite to use. (A cipher suite fully
+    ///                              characterizes a PAKE algorithm and determines
+    ///                              the algorithm as well.)
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The algorithm in \p cipher_suite is not a PAKE algorithm, or the
+    ///         PAKE primitive in \p cipher_suite is not compatible with the
+    ///         PAKE algorithm, or the hash algorithm in \p cipher_suite is invalid
+    ///         or not compatible with the PAKE algorithm and primitive.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         The algorithm in \p cipher_suite is not a supported PAKE algorithm,
+    ///         or the PAKE primitive in \p cipher_suite is not supported or not
+    ///         compatible with the PAKE algorithm, or the hash algorithm in
+    ///         \p cipher_suite is not supported or not compatible with the PAKE
+    ///         algorithm and primitive.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid, or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_pake_setup(
+        operation: *mut psa_pake_operation_t,
+        cipher_suite: *const psa_pake_cipher_suite_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Set the password for a password-authenticated key exchange from key ID.
+    ///
+    /// Call this function when the password, or a value derived from the password,
+    /// is already present in the key store.
+    ///
+    /// \param[in,out] operation     The operation object to set the password for. It
+    ///                              must have been set up by psa_pake_setup() and
+    ///                              not yet in use (neither psa_pake_output() nor
+    ///                              psa_pake_input() has been called yet). It must
+    ///                              be on operation for which the password hasn't
+    ///                              been set yet (psa_pake_set_password_key()
+    ///                              hasn't been called yet).
+    /// \param password              Identifier of the key holding the password or a
+    ///                              value derived from the password (eg. by a
+    ///                              memory-hard function).  It must remain valid
+    ///                              until the operation terminates. It must be of
+    ///                              type #PSA_KEY_TYPE_PASSWORD or
+    ///                              #PSA_KEY_TYPE_PASSWORD_HASH. It has to allow
+    ///                              the usage #PSA_KEY_USAGE_DERIVE.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE
+    ///         \p password is not a valid key identifier.
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The key does not have the #PSA_KEY_USAGE_DERIVE flag, or it does not
+    ///         permit the \p operation's algorithm.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The key type for \p password is not #PSA_KEY_TYPE_PASSWORD or
+    ///         #PSA_KEY_TYPE_PASSWORD_HASH, or \p password is not compatible with
+    ///         the \p operation's cipher suite.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         The key type or key size of \p password is not supported with the
+    ///         \p operation's cipher suite.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must have been set up.), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_pake_set_password_key(
+        operation: *mut psa_pake_operation_t,
+        password: mbedtls_svc_key_id_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Set the user ID for a password-authenticated key exchange.
+    ///
+    /// Call this function to set the user ID. For PAKE algorithms that associate a
+    /// user identifier with each side of the session you need to call
+    /// psa_pake_set_peer() as well. For PAKE algorithms that associate a single
+    /// user identifier with the session, call psa_pake_set_user() only.
+    ///
+    /// Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX`
+    /// values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true)
+    /// for more information.
+    ///
+    /// \param[in,out] operation     The operation object to set the user ID for. It
+    ///                              must have been set up by psa_pake_setup() and
+    ///                              not yet in use (neither psa_pake_output() nor
+    ///                              psa_pake_input() has been called yet). It must
+    ///                              be on operation for which the user ID hasn't
+    ///                              been set (psa_pake_set_user() hasn't been
+    ///                              called yet).
+    /// \param[in] user_id           The user ID to authenticate with.
+    ///                              (temporary limitation: "client" or "server" only)
+    /// \param user_id_len           Size of the \p user_id buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p user_id is not valid for the \p operation's algorithm and cipher
+    ///         suite.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         The value of \p user_id is not supported by the implementation.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid, or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_pake_set_user(
+        operation: *mut psa_pake_operation_t,
+        user_id: *const u8,
+        user_id_len: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Set the peer ID for a password-authenticated key exchange.
+    ///
+    /// Call this function in addition to psa_pake_set_user() for PAKE algorithms
+    /// that associate a user identifier with each side of the session. For PAKE
+    /// algorithms that associate a single user identifier with the session, call
+    /// psa_pake_set_user() only.
+    ///
+    /// Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX`
+    /// values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true)
+    /// for more information.
+    ///
+    /// \param[in,out] operation     The operation object to set the peer ID for. It
+    ///                              must have been set up by psa_pake_setup() and
+    ///                              not yet in use (neither psa_pake_output() nor
+    ///                              psa_pake_input() has been called yet). It must
+    ///                              be on operation for which the peer ID hasn't
+    ///                              been set (psa_pake_set_peer() hasn't been
+    ///                              called yet).
+    /// \param[in] peer_id           The peer's ID to authenticate.
+    ///                              (temporary limitation: "client" or "server" only)
+    /// \param peer_id_len           Size of the \p peer_id buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p user_id is not valid for the \p operation's algorithm and cipher
+    ///         suite.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         The algorithm doesn't associate a second identity with the session.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         Calling psa_pake_set_peer() is invalid with the \p operation's
+    ///         algorithm, the operation state is not valid, or the library has not
+    ///         been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_pake_set_peer(
+        operation: *mut psa_pake_operation_t,
+        peer_id: *const u8,
+        peer_id_len: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Set the application role for a password-authenticated key exchange.
+    ///
+    /// Not all PAKE algorithms need to differentiate the communicating entities.
+    /// It is optional to call this function for PAKEs that don't require a role
+    /// to be specified. For such PAKEs the application role parameter is ignored,
+    /// or #PSA_PAKE_ROLE_NONE can be passed as \c role.
+    ///
+    /// Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX`
+    /// values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true)
+    /// for more information.
+    ///
+    /// \param[in,out] operation     The operation object to specify the
+    ///                              application's role for. It must have been set up
+    ///                              by psa_pake_setup() and not yet in use (neither
+    ///                              psa_pake_output() nor psa_pake_input() has been
+    ///                              called yet). It must be on operation for which
+    ///                              the application's role hasn't been specified
+    ///                              (psa_pake_set_role() hasn't been called yet).
+    /// \param role                  A value of type ::psa_pake_role_t indicating the
+    ///                              application's role in the PAKE the algorithm
+    ///                              that is being set up. For more information see
+    ///                              the documentation of \c PSA_PAKE_ROLE_XXX
+    ///                              constants.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The \p role is not a valid PAKE role in the \p operation’s algorithm.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         The \p role for this algorithm is not supported or is not valid.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid, or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_pake_set_role(
+        operation: *mut psa_pake_operation_t,
+        role: psa_pake_role_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Get output for a step of a password-authenticated key exchange.
+    ///
+    /// Depending on the algorithm being executed, you might need to call this
+    /// function several times or you might not need to call this at all.
+    ///
+    /// The exact sequence of calls to perform a password-authenticated key
+    /// exchange depends on the algorithm in use.  Refer to the documentation of
+    /// individual PAKE algorithm types (`PSA_ALG_XXX` values of type
+    /// ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more
+    /// information.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_pake_abort().
+    ///
+    /// \param[in,out] operation    Active PAKE operation.
+    /// \param step                 The step of the algorithm for which the output is
+    ///                             requested.
+    /// \param[out] output          Buffer where the output is to be written in the
+    ///                             format appropriate for this \p step. Refer to
+    ///                             the documentation of the individual
+    ///                             \c PSA_PAKE_STEP_XXX constants for more
+    ///                             information.
+    /// \param output_size          Size of the \p output buffer in bytes. This must
+    ///                             be at least #PSA_PAKE_OUTPUT_SIZE(\p alg, \p
+    ///                             primitive, \p step) where \p alg and
+    ///                             \p primitive are the PAKE algorithm and primitive
+    ///                             in the operation's cipher suite, and \p step is
+    ///                             the output step.
+    ///
+    /// \param[out] output_length   On success, the number of bytes of the returned
+    ///                             output.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p output buffer is too small.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p step is not compatible with the operation's algorithm.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p step is not supported with the operation's algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active, and fully set
+    ///         up, and this call must conform to the algorithm's requirements
+    ///         for ordering of input and output steps), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_pake_output(
+        operation: *mut psa_pake_operation_t,
+        step: psa_pake_step_t,
+        output: *mut u8,
+        output_size: usize,
+        output_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Provide input for a step of a password-authenticated key exchange.
+    ///
+    /// Depending on the algorithm being executed, you might need to call this
+    /// function several times or you might not need to call this at all.
+    ///
+    /// The exact sequence of calls to perform a password-authenticated key
+    /// exchange depends on the algorithm in use.  Refer to the documentation of
+    /// individual PAKE algorithm types (`PSA_ALG_XXX` values of type
+    /// ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more
+    /// information.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_pake_abort().
+    ///
+    /// \param[in,out] operation    Active PAKE operation.
+    /// \param step                 The step for which the input is provided.
+    /// \param[in] input            Buffer containing the input in the format
+    ///                             appropriate for this \p step. Refer to the
+    ///                             documentation of the individual
+    ///                             \c PSA_PAKE_STEP_XXX constants for more
+    ///                             information.
+    /// \param input_length         Size of the \p input buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The verification fails for a #PSA_PAKE_STEP_ZK_PROOF input step.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p is not compatible with the \p operation’s algorithm, or the
+    ///         \p input is not valid for the \p operation's algorithm, cipher suite
+    ///         or \p step.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p step p is not supported with the \p operation's algorithm, or the
+    ///         \p input is not supported for the \p operation's algorithm, cipher
+    ///         suite or \p step.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active, and fully set
+    ///         up, and this call must conform to the algorithm's requirements
+    ///         for ordering of input and output steps), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_pake_input(
+        operation: *mut psa_pake_operation_t,
+        step: psa_pake_step_t,
+        input: *const u8,
+        input_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Get implicitly confirmed shared secret from a PAKE.
+    ///
+    /// At this point there is a cryptographic guarantee that only the authenticated
+    /// party who used the same password is able to compute the key. But there is no
+    /// guarantee that the peer is the party it claims to be and was able to do so.
+    ///
+    /// That is, the authentication is only implicit. Since the peer is not
+    /// authenticated yet, no action should be taken yet that assumes that the peer
+    /// is who it claims to be. For example, do not access restricted files on the
+    /// peer's behalf until an explicit authentication has succeeded.
+    ///
+    /// This function can be called after the key exchange phase of the operation
+    /// has completed. It imports the shared secret output of the PAKE into the
+    /// provided derivation operation. The input step
+    /// #PSA_KEY_DERIVATION_INPUT_SECRET is used when placing the shared key
+    /// material in the key derivation operation.
+    ///
+    /// The exact sequence of calls to perform a password-authenticated key
+    /// exchange depends on the algorithm in use.  Refer to the documentation of
+    /// individual PAKE algorithm types (`PSA_ALG_XXX` values of type
+    /// ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more
+    /// information.
+    ///
+    /// When this function returns successfully, \p operation becomes inactive.
+    /// If this function returns an error status, both \p operation
+    /// and \p key_derivation operations enter an error state and must be aborted by
+    /// calling psa_pake_abort() and psa_key_derivation_abort() respectively.
+    ///
+    /// \param[in,out] operation    Active PAKE operation.
+    /// \param[out] output          A key derivation operation that is ready
+    ///                             for an input step of type
+    ///                             #PSA_KEY_DERIVATION_INPUT_SECRET.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         #PSA_KEY_DERIVATION_INPUT_SECRET is not compatible with the
+    ///         algorithm in the \p output key derivation operation.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         Input from a PAKE is not supported by the algorithm in the \p output
+    ///         key derivation operation.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The PAKE operation state is not valid (it must be active, but beyond
+    ///         that validity is specific to the algorithm), or
+    ///         the library has not been previously initialized by psa_crypto_init(),
+    ///         or the state of \p output is not valid for
+    ///         the #PSA_KEY_DERIVATION_INPUT_SECRET step. This can happen if the
+    ///         step is out of order or the application has done this step already
+    ///         and it may not be repeated.
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_pake_get_implicit_key(
+        operation: *mut psa_pake_operation_t,
+        output: *mut psa_key_derivation_operation_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Abort a PAKE operation.
+    ///
+    /// Aborting an operation frees all associated resources except for the \c
+    /// operation structure itself. Once aborted, the operation object can be reused
+    /// for another operation by calling psa_pake_setup() again.
+    ///
+    /// This function may be called at any time after the operation
+    /// object has been initialized as described in #psa_pake_operation_t.
+    ///
+    /// In particular, calling psa_pake_abort() after the operation has been
+    /// terminated by a call to psa_pake_abort() or psa_pake_get_implicit_key()
+    /// is safe and has no effect.
+    ///
+    /// \param[in,out] operation    The operation to abort.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_pake_abort(operation: *mut psa_pake_operation_t) -> psa_status_t;
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_pake_cipher_suite_s {
+    pub algorithm: psa_algorithm_t,
+    pub type_: psa_pake_primitive_type_t,
+    pub family: psa_pake_family_t,
+    pub bits: u16,
+    pub hash: psa_algorithm_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_crypto_driver_pake_inputs_s {
+    pub private_password: *mut u8,
+    pub private_password_len: usize,
+    pub private_role: psa_pake_role_t,
+    pub private_user: *mut u8,
+    pub private_user_len: usize,
+    pub private_peer: *mut u8,
+    pub private_peer_len: usize,
+    pub private_attributes: psa_key_attributes_t,
+    pub private_cipher_suite: psa_pake_cipher_suite_t,
+}
+pub const psa_jpake_step_PSA_PAKE_STEP_INVALID: psa_jpake_step = 0;
+pub const psa_jpake_step_PSA_PAKE_STEP_X1_X2: psa_jpake_step = 1;
+pub const psa_jpake_step_PSA_PAKE_STEP_X2S: psa_jpake_step = 2;
+pub const psa_jpake_step_PSA_PAKE_STEP_DERIVE: psa_jpake_step = 3;
+pub type psa_jpake_step = crate::c_types::c_uint;
+pub use self::psa_jpake_step as psa_jpake_step_t;
+pub const psa_jpake_state_PSA_PAKE_STATE_INVALID: psa_jpake_state = 0;
+pub const psa_jpake_state_PSA_PAKE_STATE_SETUP: psa_jpake_state = 1;
+pub const psa_jpake_state_PSA_PAKE_STATE_READY: psa_jpake_state = 2;
+pub const psa_jpake_state_PSA_PAKE_OUTPUT_X1_X2: psa_jpake_state = 3;
+pub const psa_jpake_state_PSA_PAKE_OUTPUT_X2S: psa_jpake_state = 4;
+pub const psa_jpake_state_PSA_PAKE_INPUT_X1_X2: psa_jpake_state = 5;
+pub const psa_jpake_state_PSA_PAKE_INPUT_X4S: psa_jpake_state = 6;
+pub type psa_jpake_state = crate::c_types::c_uint;
+pub use self::psa_jpake_state as psa_jpake_state_t;
+pub const psa_jpake_sequence_PSA_PAKE_SEQ_INVALID: psa_jpake_sequence = 0;
+pub const psa_jpake_sequence_PSA_PAKE_X1_STEP_KEY_SHARE: psa_jpake_sequence = 1;
+pub const psa_jpake_sequence_PSA_PAKE_X1_STEP_ZK_PUBLIC: psa_jpake_sequence = 2;
+pub const psa_jpake_sequence_PSA_PAKE_X1_STEP_ZK_PROOF: psa_jpake_sequence = 3;
+pub const psa_jpake_sequence_PSA_PAKE_X2_STEP_KEY_SHARE: psa_jpake_sequence = 4;
+pub const psa_jpake_sequence_PSA_PAKE_X2_STEP_ZK_PUBLIC: psa_jpake_sequence = 5;
+pub const psa_jpake_sequence_PSA_PAKE_X2_STEP_ZK_PROOF: psa_jpake_sequence = 6;
+pub const psa_jpake_sequence_PSA_PAKE_SEQ_END: psa_jpake_sequence = 7;
+pub type psa_jpake_sequence = crate::c_types::c_uint;
+pub use self::psa_jpake_sequence as psa_jpake_sequence_t;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_STEP_INVALID: psa_crypto_driver_pake_step = 0;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X1_STEP_KEY_SHARE: psa_crypto_driver_pake_step = 1;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X1_STEP_ZK_PUBLIC: psa_crypto_driver_pake_step = 2;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X1_STEP_ZK_PROOF: psa_crypto_driver_pake_step = 3;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X2_STEP_KEY_SHARE: psa_crypto_driver_pake_step = 4;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X2_STEP_ZK_PUBLIC: psa_crypto_driver_pake_step = 5;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X2_STEP_ZK_PROOF: psa_crypto_driver_pake_step = 6;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X2S_STEP_KEY_SHARE: psa_crypto_driver_pake_step = 7;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X2S_STEP_ZK_PUBLIC: psa_crypto_driver_pake_step = 8;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X2S_STEP_ZK_PROOF: psa_crypto_driver_pake_step = 9;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X4S_STEP_KEY_SHARE: psa_crypto_driver_pake_step =
+    10;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X4S_STEP_ZK_PUBLIC: psa_crypto_driver_pake_step =
+    11;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X4S_STEP_ZK_PROOF: psa_crypto_driver_pake_step = 12;
+pub type psa_crypto_driver_pake_step = crate::c_types::c_uint;
+pub use self::psa_crypto_driver_pake_step as psa_crypto_driver_pake_step_t;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_jpake_computation_stage_s {
+    pub private_state: psa_jpake_state_t,
+    pub private_sequence: psa_jpake_sequence_t,
+    pub private_input_step: psa_jpake_step_t,
+    pub private_output_step: psa_jpake_step_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_pake_operation_s {
+    pub private_id: crate::c_types::c_uint,
+    pub private_alg: psa_algorithm_t,
+    pub private_stage: u8,
+    pub private_computation_stage: psa_pake_operation_s__bindgen_ty_1,
+    pub private_data: psa_pake_operation_s__bindgen_ty_2,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union psa_pake_operation_s__bindgen_ty_1 {
+    pub private_dummy: u8,
+    pub private_jpake: psa_jpake_computation_stage_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union psa_pake_operation_s__bindgen_ty_2 {
+    pub private_ctx: psa_driver_pake_context_t,
+    pub private_inputs: psa_crypto_driver_pake_inputs_t,
+}
+/// Type-length-value structure that allows for ASN1 using DER.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_asn1_buf {
+    ///< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING.
+    pub tag: crate::c_types::c_int,
+    ///< ASN1 length, in octets.
+    pub len: usize,
+    ///< ASN1 data, e.g. in ASCII.
+    pub p: *mut crate::c_types::c_uchar,
+}
+/// Container for ASN1 bit strings.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_asn1_bitstring {
+    ///< ASN1 length, in octets.
+    pub len: usize,
+    ///< Number of unused bits at the end of the string
+    pub unused_bits: crate::c_types::c_uchar,
+    ///< Raw ASN1 data for the bit string
+    pub p: *mut crate::c_types::c_uchar,
+}
+/// Container for a sequence of ASN.1 items
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_asn1_sequence {
+    ///< Buffer containing the given ASN.1 item.
+    pub buf: mbedtls_asn1_buf,
+    /// The next entry in the sequence.
+    ///
+    /// The details of memory management for sequences are not documented and
+    /// may change in future versions. Set this field to \p NULL when
+    /// initializing a structure, and do not modify it except via Mbed TLS
+    /// library functions.
+    pub next: *mut mbedtls_asn1_sequence,
+}
+/// Container for a sequence or list of 'named' ASN.1 data items
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_asn1_named_data {
+    ///< The object identifier.
+    pub oid: mbedtls_asn1_buf,
+    ///< The named value.
+    pub val: mbedtls_asn1_buf,
+    /// The next entry in the sequence.
+    ///
+    /// The details of memory management for named data sequences are not
+    /// documented and may change in future versions. Set this field to \p NULL
+    /// when initializing a structure, and do not modify it except via Mbed TLS
+    /// library functions.
+    pub next: *mut mbedtls_asn1_named_data,
+    pub private_next_merged: crate::c_types::c_uchar,
+}
+extern "C" {
+    /// \brief       Get the length of an ASN.1 element.
+    ///              Updates the pointer to immediately behind the length.
+    ///
+    /// \param p     On entry, \c *p points to the first byte of the length,
+    ///              i.e. immediately after the tag.
+    ///              On successful completion, \c *p points to the first byte
+    ///              after the length, i.e. the first byte of the content.
+    ///              On error, the value of \c *p is undefined.
+    /// \param end   End of data.
+    /// \param len   On successful completion, \c *len contains the length
+    ///              read from the ASN.1 input.
+    ///
+    /// \return      0 if successful.
+    /// \return      #MBEDTLS_ERR_ASN1_OUT_OF_DATA if the ASN.1 element
+    ///              would end beyond \p end.
+    /// \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparsable.
+    pub fn mbedtls_asn1_get_len(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        len: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       Get the tag and length of the element.
+    ///              Check for the requested tag.
+    ///              Updates the pointer to immediately behind the tag and length.
+    ///
+    /// \param p     On entry, \c *p points to the start of the ASN.1 element.
+    ///              On successful completion, \c *p points to the first byte
+    ///              after the length, i.e. the first byte of the content.
+    ///              On error, the value of \c *p is undefined.
+    /// \param end   End of data.
+    /// \param len   On successful completion, \c *len contains the length
+    ///              read from the ASN.1 input.
+    /// \param tag   The expected tag.
+    ///
+    /// \return      0 if successful.
+    /// \return      #MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if the data does not start
+    ///              with the requested tag.
+    /// \return      #MBEDTLS_ERR_ASN1_OUT_OF_DATA if the ASN.1 element
+    ///              would end beyond \p end.
+    /// \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparsable.
+    pub fn mbedtls_asn1_get_tag(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        len: *mut usize,
+        tag: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       Retrieve a boolean ASN.1 tag and its value.
+    ///              Updates the pointer to immediately behind the full tag.
+    ///
+    /// \param p     On entry, \c *p points to the start of the ASN.1 element.
+    ///              On successful completion, \c *p points to the first byte
+    ///              beyond the ASN.1 element.
+    ///              On error, the value of \c *p is undefined.
+    /// \param end   End of data.
+    /// \param val   On success, the parsed value (\c 0 or \c 1).
+    ///
+    /// \return      0 if successful.
+    /// \return      An ASN.1 error code if the input does not start with
+    ///              a valid ASN.1 BOOLEAN.
+    pub fn mbedtls_asn1_get_bool(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        val: *mut crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       Retrieve an integer ASN.1 tag and its value.
+    ///              Updates the pointer to immediately behind the full tag.
+    ///
+    /// \param p     On entry, \c *p points to the start of the ASN.1 element.
+    ///              On successful completion, \c *p points to the first byte
+    ///              beyond the ASN.1 element.
+    ///              On error, the value of \c *p is undefined.
+    /// \param end   End of data.
+    /// \param val   On success, the parsed value.
+    ///
+    /// \return      0 if successful.
+    /// \return      An ASN.1 error code if the input does not start with
+    ///              a valid ASN.1 INTEGER.
+    /// \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does
+    ///              not fit in an \c int.
+    pub fn mbedtls_asn1_get_int(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        val: *mut crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       Retrieve an enumerated ASN.1 tag and its value.
+    ///              Updates the pointer to immediately behind the full tag.
+    ///
+    /// \param p     On entry, \c *p points to the start of the ASN.1 element.
+    ///              On successful completion, \c *p points to the first byte
+    ///              beyond the ASN.1 element.
+    ///              On error, the value of \c *p is undefined.
+    /// \param end   End of data.
+    /// \param val   On success, the parsed value.
+    ///
+    /// \return      0 if successful.
+    /// \return      An ASN.1 error code if the input does not start with
+    ///              a valid ASN.1 ENUMERATED.
+    /// \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does
+    ///              not fit in an \c int.
+    pub fn mbedtls_asn1_get_enum(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        val: *mut crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       Retrieve a bitstring ASN.1 tag and its value.
+    ///              Updates the pointer to immediately behind the full tag.
+    ///
+    /// \param p     On entry, \c *p points to the start of the ASN.1 element.
+    ///              On successful completion, \c *p is equal to \p end.
+    ///              On error, the value of \c *p is undefined.
+    /// \param end   End of data.
+    /// \param bs    On success, ::mbedtls_asn1_bitstring information about
+    ///              the parsed value.
+    ///
+    /// \return      0 if successful.
+    /// \return      #MBEDTLS_ERR_ASN1_LENGTH_MISMATCH if the input contains
+    ///              extra data after a valid BIT STRING.
+    /// \return      An ASN.1 error code if the input does not start with
+    ///              a valid ASN.1 BIT STRING.
+    pub fn mbedtls_asn1_get_bitstring(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        bs: *mut mbedtls_asn1_bitstring,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       Retrieve a bitstring ASN.1 tag without unused bits and its
+    ///              value.
+    ///              Updates the pointer to the beginning of the bit/octet string.
+    ///
+    /// \param p     On entry, \c *p points to the start of the ASN.1 element.
+    ///              On successful completion, \c *p points to the first byte
+    ///              of the content of the BIT STRING.
+    ///              On error, the value of \c *p is undefined.
+    /// \param end   End of data.
+    /// \param len   On success, \c *len is the length of the content in bytes.
+    ///
+    /// \return      0 if successful.
+    /// \return      #MBEDTLS_ERR_ASN1_INVALID_DATA if the input starts with
+    ///              a valid BIT STRING with a nonzero number of unused bits.
+    /// \return      An ASN.1 error code if the input does not start with
+    ///              a valid ASN.1 BIT STRING.
+    pub fn mbedtls_asn1_get_bitstring_null(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        len: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       Parses and splits an ASN.1 "SEQUENCE OF <tag>".
+    ///              Updates the pointer to immediately behind the full sequence tag.
+    ///
+    /// This function allocates memory for the sequence elements. You can free
+    /// the allocated memory with mbedtls_asn1_sequence_free().
+    ///
+    /// \note        On error, this function may return a partial list in \p cur.
+    ///              You must set `cur->next = NULL` before calling this function!
+    ///              Otherwise it is impossible to distinguish a previously non-null
+    ///              pointer from a pointer to an object allocated by this function.
+    ///
+    /// \note        If the sequence is empty, this function does not modify
+    ///              \c *cur. If the sequence is valid and non-empty, this
+    ///              function sets `cur->buf.tag` to \p tag. This allows
+    ///              callers to distinguish between an empty sequence and
+    ///              a one-element sequence.
+    ///
+    /// \param p     On entry, \c *p points to the start of the ASN.1 element.
+    ///              On successful completion, \c *p is equal to \p end.
+    ///              On error, the value of \c *p is undefined.
+    /// \param end   End of data.
+    /// \param cur   A ::mbedtls_asn1_sequence which this function fills.
+    ///              When this function returns, \c *cur is the head of a linked
+    ///              list. Each node in this list is allocated with
+    ///              mbedtls_calloc() apart from \p cur itself, and should
+    ///              therefore be freed with mbedtls_free().
+    ///              The list describes the content of the sequence.
+    ///              The head of the list (i.e. \c *cur itself) describes the
+    ///              first element, `*cur->next` describes the second element, etc.
+    ///              For each element, `buf.tag == tag`, `buf.len` is the length
+    ///              of the content of the content of the element, and `buf.p`
+    ///              points to the first byte of the content (i.e. immediately
+    ///              past the length of the element).
+    ///              Note that list elements may be allocated even on error.
+    /// \param tag   Each element of the sequence must have this tag.
+    ///
+    /// \return      0 if successful.
+    /// \return      #MBEDTLS_ERR_ASN1_LENGTH_MISMATCH if the input contains
+    ///              extra data after a valid SEQUENCE OF \p tag.
+    /// \return      #MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if the input starts with
+    ///              an ASN.1 SEQUENCE in which an element has a tag that
+    ///              is different from \p tag.
+    /// \return      #MBEDTLS_ERR_ASN1_ALLOC_FAILED if a memory allocation failed.
+    /// \return      An ASN.1 error code if the input does not start with
+    ///              a valid ASN.1 SEQUENCE.
+    pub fn mbedtls_asn1_get_sequence_of(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        cur: *mut mbedtls_asn1_sequence,
+        tag: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Free a heap-allocated linked list presentation of
+    ///                 an ASN.1 sequence, including the first element.
+    ///
+    /// There are two common ways to manage the memory used for the representation
+    /// of a parsed ASN.1 sequence:
+    /// - Allocate a head node `mbedtls_asn1_sequence *head` with mbedtls_calloc().
+    ///   Pass this node as the `cur` argument to mbedtls_asn1_get_sequence_of().
+    ///   When you have finished processing the sequence,
+    ///   call mbedtls_asn1_sequence_free() on `head`.
+    /// - Allocate a head node `mbedtls_asn1_sequence *head` in any manner,
+    ///   for example on the stack. Make sure that `head->next == NULL`.
+    ///   Pass `head` as the `cur` argument to mbedtls_asn1_get_sequence_of().
+    ///   When you have finished processing the sequence,
+    ///   call mbedtls_asn1_sequence_free() on `head->cur`,
+    ///   then free `head` itself in the appropriate manner.
+    ///
+    /// \param seq      The address of the first sequence component. This may
+    ///                 be \c NULL, in which case this functions returns
+    ///                 immediately.
+    pub fn mbedtls_asn1_sequence_free(seq: *mut mbedtls_asn1_sequence);
+}
+extern "C" {
+    /// \brief                Traverse an ASN.1 SEQUENCE container and
+    ///                       call a callback for each entry.
+    ///
+    /// This function checks that the input is a SEQUENCE of elements that
+    /// each have a "must" tag, and calls a callback function on the elements
+    /// that have a "may" tag.
+    ///
+    /// For example, to validate that the input is a SEQUENCE of `tag1` and call
+    /// `cb` on each element, use
+    /// ```
+    /// mbedtls_asn1_traverse_sequence_of(&p, end, 0xff, tag1, 0, 0, cb, ctx);
+    /// ```
+    ///
+    /// To validate that the input is a SEQUENCE of ANY and call `cb` on
+    /// each element, use
+    /// ```
+    /// mbedtls_asn1_traverse_sequence_of(&p, end, 0, 0, 0, 0, cb, ctx);
+    /// ```
+    ///
+    /// To validate that the input is a SEQUENCE of CHOICE {NULL, OCTET STRING}
+    /// and call `cb` on each element that is an OCTET STRING, use
+    /// ```
+    /// mbedtls_asn1_traverse_sequence_of(&p, end, 0xfe, 0x04, 0xff, 0x04, cb, ctx);
+    /// ```
+    ///
+    /// The callback is called on the elements with a "may" tag from left to
+    /// right. If the input is not a valid SEQUENCE of elements with a "must" tag,
+    /// the callback is called on the elements up to the leftmost point where
+    /// the input is invalid.
+    ///
+    /// \warning              This function is still experimental and may change
+    ///                       at any time.
+    ///
+    /// \param p              The address of the pointer to the beginning of
+    ///                       the ASN.1 SEQUENCE header. This is updated to
+    ///                       point to the end of the ASN.1 SEQUENCE container
+    ///                       on a successful invocation.
+    /// \param end            The end of the ASN.1 SEQUENCE container.
+    /// \param tag_must_mask  A mask to be applied to the ASN.1 tags found within
+    ///                       the SEQUENCE before comparing to \p tag_must_value.
+    /// \param tag_must_val   The required value of each ASN.1 tag found in the
+    ///                       SEQUENCE, after masking with \p tag_must_mask.
+    ///                       Mismatching tags lead to an error.
+    ///                       For example, a value of \c 0 for both \p tag_must_mask
+    ///                       and \p tag_must_val means that every tag is allowed,
+    ///                       while a value of \c 0xFF for \p tag_must_mask means
+    ///                       that \p tag_must_val is the only allowed tag.
+    /// \param tag_may_mask   A mask to be applied to the ASN.1 tags found within
+    ///                       the SEQUENCE before comparing to \p tag_may_value.
+    /// \param tag_may_val    The desired value of each ASN.1 tag found in the
+    ///                       SEQUENCE, after masking with \p tag_may_mask.
+    ///                       Mismatching tags will be silently ignored.
+    ///                       For example, a value of \c 0 for \p tag_may_mask and
+    ///                       \p tag_may_val means that any tag will be considered,
+    ///                       while a value of \c 0xFF for \p tag_may_mask means
+    ///                       that all tags with value different from \p tag_may_val
+    ///                       will be ignored.
+    /// \param cb             The callback to trigger for each component
+    ///                       in the ASN.1 SEQUENCE that matches \p tag_may_val.
+    ///                       The callback function is called with the following
+    ///                       parameters:
+    ///                       - \p ctx.
+    ///                       - The tag of the current element.
+    ///                       - A pointer to the start of the current element's
+    ///                         content inside the input.
+    ///                       - The length of the content of the current element.
+    ///                       If the callback returns a non-zero value,
+    ///                       the function stops immediately,
+    ///                       forwarding the callback's return value.
+    /// \param ctx            The context to be passed to the callback \p cb.
+    ///
+    /// \return               \c 0 if successful the entire ASN.1 SEQUENCE
+    ///                       was traversed without parsing or callback errors.
+    /// \return               #MBEDTLS_ERR_ASN1_LENGTH_MISMATCH if the input
+    ///                       contains extra data after a valid SEQUENCE
+    ///                       of elements with an accepted tag.
+    /// \return               #MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if the input starts
+    ///                       with an ASN.1 SEQUENCE in which an element has a tag
+    ///                       that is not accepted.
+    /// \return               An ASN.1 error code if the input does not start with
+    ///                       a valid ASN.1 SEQUENCE.
+    /// \return               A non-zero error code forwarded from the callback
+    ///                       \p cb in case the latter returns a non-zero value.
+    pub fn mbedtls_asn1_traverse_sequence_of(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        tag_must_mask: crate::c_types::c_uchar,
+        tag_must_val: crate::c_types::c_uchar,
+        tag_may_mask: crate::c_types::c_uchar,
+        tag_may_val: crate::c_types::c_uchar,
+        cb: ::core::option::Option<
+            unsafe extern "C" fn(
+                ctx: *mut crate::c_types::c_void,
+                tag: crate::c_types::c_int,
+                start: *mut crate::c_types::c_uchar,
+                len: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        ctx: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       Retrieve an integer ASN.1 tag and its value.
+    ///              Updates the pointer to immediately behind the full tag.
+    ///
+    /// \param p     On entry, \c *p points to the start of the ASN.1 element.
+    ///              On successful completion, \c *p points to the first byte
+    ///              beyond the ASN.1 element.
+    ///              On error, the value of \c *p is undefined.
+    /// \param end   End of data.
+    /// \param X     On success, the parsed value.
+    ///
+    /// \return      0 if successful.
+    /// \return      An ASN.1 error code if the input does not start with
+    ///              a valid ASN.1 INTEGER.
+    /// \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does
+    ///              not fit in an \c int.
+    /// \return      An MPI error code if the parsed value is too large.
+    pub fn mbedtls_asn1_get_mpi(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        X: *mut mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       Retrieve an AlgorithmIdentifier ASN.1 sequence.
+    ///              Updates the pointer to immediately behind the full
+    ///              AlgorithmIdentifier.
+    ///
+    /// \param p     On entry, \c *p points to the start of the ASN.1 element.
+    ///              On successful completion, \c *p points to the first byte
+    ///              beyond the AlgorithmIdentifier element.
+    ///              On error, the value of \c *p is undefined.
+    /// \param end   End of data.
+    /// \param alg   The buffer to receive the OID.
+    /// \param params The buffer to receive the parameters.
+    ///              This is zeroized if there are no parameters.
+    ///
+    /// \return      0 if successful or a specific ASN.1 or MPI error code.
+    pub fn mbedtls_asn1_get_alg(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        alg: *mut mbedtls_asn1_buf,
+        params: *mut mbedtls_asn1_buf,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       Retrieve an AlgorithmIdentifier ASN.1 sequence with NULL or no
+    ///              params.
+    ///              Updates the pointer to immediately behind the full
+    ///              AlgorithmIdentifier.
+    ///
+    /// \param p     On entry, \c *p points to the start of the ASN.1 element.
+    ///              On successful completion, \c *p points to the first byte
+    ///              beyond the AlgorithmIdentifier element.
+    ///              On error, the value of \c *p is undefined.
+    /// \param end   End of data.
+    /// \param alg   The buffer to receive the OID.
+    ///
+    /// \return      0 if successful or a specific ASN.1 or MPI error code.
+    pub fn mbedtls_asn1_get_alg_null(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        alg: *mut mbedtls_asn1_buf,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       Find a specific named_data entry in a sequence or list based on
+    ///              the OID.
+    ///
+    /// \param list  The list to seek through
+    /// \param oid   The OID to look for
+    /// \param len   Size of the OID
+    ///
+    /// \return      NULL if not found, or a pointer to the existing entry.
+    pub fn mbedtls_asn1_find_named_data(
+        list: *const mbedtls_asn1_named_data,
+        oid: *const crate::c_types::c_char,
+        len: usize,
+    ) -> *const mbedtls_asn1_named_data;
+}
+extern "C" {
+    /// \brief       Free a mbedtls_asn1_named_data entry
+    ///
+    /// \deprecated  This function is deprecated and will be removed in a
+    ///              future version of the library.
+    ///              Please use mbedtls_asn1_free_named_data_list()
+    ///              or mbedtls_asn1_free_named_data_list_shallow().
+    ///
+    /// \param entry The named data entry to free.
+    ///              This function calls mbedtls_free() on
+    ///              `entry->oid.p` and `entry->val.p`.
+    pub fn mbedtls_asn1_free_named_data(entry: *mut mbedtls_asn1_named_data);
+}
+extern "C" {
+    /// \brief       Free all entries in a mbedtls_asn1_named_data list.
+    ///
+    /// \param head  Pointer to the head of the list of named data entries to free.
+    ///              This function calls mbedtls_free() on
+    ///              `entry->oid.p` and `entry->val.p` and then on `entry`
+    ///              for each list entry, and sets \c *head to \c NULL.
+    pub fn mbedtls_asn1_free_named_data_list(head: *mut *mut mbedtls_asn1_named_data);
+}
+extern "C" {
+    /// \brief       Free all shallow entries in a mbedtls_asn1_named_data list,
+    ///              but do not free internal pointer targets.
+    ///
+    /// \param name  Head of the list of named data entries to free.
+    ///              This function calls mbedtls_free() on each list element.
+    pub fn mbedtls_asn1_free_named_data_list_shallow(name: *mut mbedtls_asn1_named_data);
+}
+/// Type-length-value structure that allows for ASN1 using DER.
+pub type mbedtls_x509_buf = mbedtls_asn1_buf;
+/// Container for ASN1 bit strings.
+pub type mbedtls_x509_bitstring = mbedtls_asn1_bitstring;
+/// Container for ASN1 named information objects.
+/// It allows for Relative Distinguished Names (e.g. cn=localhost,ou=code,etc.).
+pub type mbedtls_x509_name = mbedtls_asn1_named_data;
+/// Container for a sequence of ASN.1 items
+pub type mbedtls_x509_sequence = mbedtls_asn1_sequence;
+/// Container for date and time (precision in seconds).
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_x509_time {
+    ///< Date.
+    pub year: crate::c_types::c_int,
+    ///< Date.
+    pub mon: crate::c_types::c_int,
+    ///< Date.
+    pub day: crate::c_types::c_int,
+    ///< Time.
+    pub hour: crate::c_types::c_int,
+    ///< Time.
+    pub min: crate::c_types::c_int,
+    ///< Time.
+    pub sec: crate::c_types::c_int,
+}
+/// From RFC 5280 section 4.2.1.6:
+/// OtherName ::= SEQUENCE {
+///      type-id    OBJECT IDENTIFIER,
+///      value      [0] EXPLICIT ANY DEFINED BY type-id }
+///
+/// Future versions of the library may add new fields to this structure or
+/// to its embedded union and structure.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_x509_san_other_name {
+    ///< The type id.
+    pub type_id: mbedtls_x509_buf,
+    pub value: mbedtls_x509_san_other_name__bindgen_ty_1,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union mbedtls_x509_san_other_name__bindgen_ty_1 {
+    pub hardware_module_name: mbedtls_x509_san_other_name__bindgen_ty_1__bindgen_ty_1,
+}
+/// From RFC 4108 section 5:
+/// HardwareModuleName ::= SEQUENCE {
+///                         hwType OBJECT IDENTIFIER,
+///                         hwSerialNum OCTET STRING }
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_x509_san_other_name__bindgen_ty_1__bindgen_ty_1 {
+    ///< The object identifier.
+    pub oid: mbedtls_x509_buf,
+    ///< The named value.
+    pub val: mbedtls_x509_buf,
+}
+/// A structure for holding the parsed Subject Alternative Name,
+/// according to type.
+///
+/// Future versions of the library may add new fields to this structure or
+/// to its embedded union and structure.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_x509_subject_alternative_name {
+    ///< The SAN type, value of MBEDTLS_X509_SAN_XXX.
+    pub type_: crate::c_types::c_int,
+    ///< A union of the supported SAN types
+    pub san: mbedtls_x509_subject_alternative_name__bindgen_ty_1,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union mbedtls_x509_subject_alternative_name__bindgen_ty_1 {
+    ///< The otherName supported type.
+    pub other_name: mbedtls_x509_san_other_name,
+    ///< The buffer for the unconstructed types. Only rfc822Name, dnsName and uniformResourceIdentifier are currently supported
+    pub unstructured_name: mbedtls_x509_buf,
+}
+extern "C" {
+    /// \brief          Store the certificate DN in printable form into buf;
+    ///                 no more than size characters will be written.
+    ///
+    /// \param buf      Buffer to write to
+    /// \param size     Maximum size of buffer
+    /// \param dn       The X509 name to represent
+    ///
+    /// \return         The length of the string written (not including the
+    ///                 terminated nul byte), or a negative error code.
+    pub fn mbedtls_x509_dn_gets(
+        buf: *mut crate::c_types::c_char,
+        size: usize,
+        dn: *const mbedtls_x509_name,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Store the certificate serial in printable form into buf;
+    ///                 no more than size characters will be written.
+    ///
+    /// \param buf      Buffer to write to
+    /// \param size     Maximum size of buffer
+    /// \param serial   The X509 serial to represent
+    ///
+    /// \return         The length of the string written (not including the
+    ///                 terminated nul byte), or a negative error code.
+    pub fn mbedtls_x509_serial_gets(
+        buf: *mut crate::c_types::c_char,
+        size: usize,
+        serial: *const mbedtls_x509_buf,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Check a given mbedtls_x509_time against the system time
+    ///                 and tell if it's in the past.
+    ///
+    /// \note           Intended usage is "if( is_past( valid_to ) ) ERROR".
+    ///                 Hence the return value of 1 if on internal errors.
+    ///
+    /// \param to       mbedtls_x509_time to check
+    ///
+    /// \return         1 if the given time is in the past or an error occurred,
+    ///                 0 otherwise.
+    pub fn mbedtls_x509_time_is_past(to: *const mbedtls_x509_time) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Check a given mbedtls_x509_time against the system time
+    ///                 and tell if it's in the future.
+    ///
+    /// \note           Intended usage is "if( is_future( valid_from ) ) ERROR".
+    ///                 Hence the return value of 1 if on internal errors.
+    ///
+    /// \param from     mbedtls_x509_time to check
+    ///
+    /// \return         1 if the given time is in the future or an error occurred,
+    ///                 0 otherwise.
+    pub fn mbedtls_x509_time_is_future(from: *const mbedtls_x509_time) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function parses an item in the SubjectAlternativeNames
+    ///                 extension.
+    ///
+    /// \param san_buf  The buffer holding the raw data item of the subject
+    ///                 alternative name.
+    /// \param san      The target structure to populate with the parsed presentation
+    ///                 of the subject alternative name encoded in \p san_raw.
+    ///
+    /// \note           Supported GeneralName types, as defined in RFC 5280:
+    ///                 "rfc822Name", "dnsName", "uniformResourceIdentifier" and "hardware_module_name"
+    ///                 of type "otherName", as defined in RFC 4108.
+    ///
+    /// \note           This function should be called on a single raw data of
+    ///                 subject alternative name. For example, after successful
+    ///                 certificate parsing, one must iterate on every item in the
+    ///                 \p crt->subject_alt_names sequence, and pass it to
+    ///                 this function.
+    ///
+    /// \warning        The target structure contains pointers to the raw data of the
+    ///                 parsed certificate, and its lifetime is restricted by the
+    ///                 lifetime of the certificate.
+    ///
+    /// \return         \c 0 on success
+    /// \return         #MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE for an unsupported
+    ///                 SAN type.
+    /// \return         Another negative value for any other failure.
+    pub fn mbedtls_x509_parse_subject_alt_name(
+        san_buf: *const mbedtls_x509_buf,
+        san: *mut mbedtls_x509_subject_alternative_name,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \} addtogroup x509_module
+    pub fn mbedtls_x509_get_name(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        cur: *mut mbedtls_x509_name,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_get_alg_null(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        alg: *mut mbedtls_x509_buf,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_get_alg(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        alg: *mut mbedtls_x509_buf,
+        params: *mut mbedtls_x509_buf,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_get_rsassa_pss_params(
+        params: *const mbedtls_x509_buf,
+        md_alg: *mut mbedtls_md_type_t,
+        mgf_md: *mut mbedtls_md_type_t,
+        salt_len: *mut crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_get_sig(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        sig: *mut mbedtls_x509_buf,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_get_sig_alg(
+        sig_oid: *const mbedtls_x509_buf,
+        sig_params: *const mbedtls_x509_buf,
+        md_alg: *mut mbedtls_md_type_t,
+        pk_alg: *mut mbedtls_pk_type_t,
+        sig_opts: *mut *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_get_time(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        t: *mut mbedtls_x509_time,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_get_serial(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        serial: *mut mbedtls_x509_buf,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_get_ext(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        ext: *mut mbedtls_x509_buf,
+        tag: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_sig_alg_gets(
+        buf: *mut crate::c_types::c_char,
+        size: usize,
+        sig_oid: *const mbedtls_x509_buf,
+        pk_alg: mbedtls_pk_type_t,
+        md_alg: mbedtls_md_type_t,
+        sig_opts: *const crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_key_size_helper(
+        buf: *mut crate::c_types::c_char,
+        buf_size: usize,
+        name: *const crate::c_types::c_char,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_string_to_names(
+        head: *mut *mut mbedtls_asn1_named_data,
+        name: *const crate::c_types::c_char,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_set_extension(
+        head: *mut *mut mbedtls_asn1_named_data,
+        oid: *const crate::c_types::c_char,
+        oid_len: usize,
+        critical: crate::c_types::c_int,
+        val: *const crate::c_types::c_uchar,
+        val_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_write_extensions(
+        p: *mut *mut crate::c_types::c_uchar,
+        start: *mut crate::c_types::c_uchar,
+        first: *mut mbedtls_asn1_named_data,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_write_names(
+        p: *mut *mut crate::c_types::c_uchar,
+        start: *mut crate::c_types::c_uchar,
+        first: *mut mbedtls_asn1_named_data,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_write_sig(
+        p: *mut *mut crate::c_types::c_uchar,
+        start: *mut crate::c_types::c_uchar,
+        oid: *const crate::c_types::c_char,
+        oid_len: usize,
+        sig: *mut crate::c_types::c_uchar,
+        size: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_get_ns_cert_type(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        ns_cert_type: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_get_key_usage(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        key_usage: *mut crate::c_types::c_uint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_get_subject_alt_name(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        subject_alt_name: *mut mbedtls_x509_sequence,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_info_subject_alt_name(
+        buf: *mut *mut crate::c_types::c_char,
+        size: *mut usize,
+        subject_alt_name: *const mbedtls_x509_sequence,
+        prefix: *const crate::c_types::c_char,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_info_cert_type(
+        buf: *mut *mut crate::c_types::c_char,
+        size: *mut usize,
+        ns_cert_type: crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_info_key_usage(
+        buf: *mut *mut crate::c_types::c_char,
+        size: *mut usize,
+        key_usage: crate::c_types::c_uint,
+    ) -> crate::c_types::c_int;
+}
+/// Certificate revocation list entry.
+/// Contains the CA-specific serial numbers and revocation dates.
+///
+/// Some fields of this structure are publicly readable. Do not modify
+/// them except via Mbed TLS library functions: the effect of modifying
+/// those fields or the data that those fields points to is unspecified.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_x509_crl_entry {
+    /// Direct access to the whole entry inside the containing buffer.
+    pub raw: mbedtls_x509_buf,
+    /// The serial number of the revoked certificate.
+    pub serial: mbedtls_x509_buf,
+    /// The revocation date of this entry.
+    pub revocation_date: mbedtls_x509_time,
+    /// Direct access to the list of CRL entry extensions
+    /// (an ASN.1 constructed sequence).
+    ///
+    /// If there are no extensions, `entry_ext.len == 0` and
+    /// `entry_ext.p == NULL`.
+    pub entry_ext: mbedtls_x509_buf,
+    /// Next element in the linked list of entries.
+    /// \p NULL indicates the end of the list.
+    /// Do not modify this field directly.
+    pub next: *mut mbedtls_x509_crl_entry,
+}
+/// Certificate revocation list structure.
+/// Every CRL may have multiple entries.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_x509_crl {
+    ///< The raw certificate data (DER).
+    pub raw: mbedtls_x509_buf,
+    ///< The raw certificate body (DER). The part that is To Be Signed.
+    pub tbs: mbedtls_x509_buf,
+    ///< CRL version (1=v1, 2=v2)
+    pub version: crate::c_types::c_int,
+    ///< CRL signature type identifier
+    pub sig_oid: mbedtls_x509_buf,
+    ///< The raw issuer data (DER).
+    pub issuer_raw: mbedtls_x509_buf,
+    ///< The parsed issuer data (named information object).
+    pub issuer: mbedtls_x509_name,
+    pub this_update: mbedtls_x509_time,
+    pub next_update: mbedtls_x509_time,
+    ///< The CRL entries containing the certificate revocation times for this CA.
+    pub entry: mbedtls_x509_crl_entry,
+    pub crl_ext: mbedtls_x509_buf,
+    pub private_sig_oid2: mbedtls_x509_buf,
+    pub private_sig: mbedtls_x509_buf,
+    pub private_sig_md: mbedtls_md_type_t,
+    pub private_sig_pk: mbedtls_pk_type_t,
+    pub private_sig_opts: *mut crate::c_types::c_void,
+    /// Next element in the linked list of CRL.
+    /// \p NULL indicates the end of the list.
+    /// Do not modify this field directly.
+    pub next: *mut mbedtls_x509_crl,
+}
+extern "C" {
+    /// \brief          Parse a DER-encoded CRL and append it to the chained list
+    ///
+    /// \note           If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+    ///                 subsystem must have been initialized by calling
+    ///                 psa_crypto_init() before calling this function.
+    ///
+    /// \param chain    points to the start of the chain
+    /// \param buf      buffer holding the CRL data in DER format
+    /// \param buflen   size of the buffer
+    ///                 (including the terminating null byte for PEM data)
+    ///
+    /// \return         0 if successful, or a specific X509 or PEM error code
+    pub fn mbedtls_x509_crl_parse_der(
+        chain: *mut mbedtls_x509_crl,
+        buf: *const crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Parse one or more CRLs and append them to the chained list
+    ///
+    /// \note           Multiple CRLs are accepted only if using PEM format
+    ///
+    /// \note           If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+    ///                 subsystem must have been initialized by calling
+    ///                 psa_crypto_init() before calling this function.
+    ///
+    /// \param chain    points to the start of the chain
+    /// \param buf      buffer holding the CRL data in PEM or DER format
+    /// \param buflen   size of the buffer
+    ///                 (including the terminating null byte for PEM data)
+    ///
+    /// \return         0 if successful, or a specific X509 or PEM error code
+    pub fn mbedtls_x509_crl_parse(
+        chain: *mut mbedtls_x509_crl,
+        buf: *const crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Returns an informational string about the CRL.
+    ///
+    /// \param buf      Buffer to write to
+    /// \param size     Maximum size of buffer
+    /// \param prefix   A line prefix
+    /// \param crl      The X509 CRL to represent
+    ///
+    /// \return         The length of the string written (not including the
+    ///                 terminated nul byte), or a negative error code.
+    pub fn mbedtls_x509_crl_info(
+        buf: *mut crate::c_types::c_char,
+        size: usize,
+        prefix: *const crate::c_types::c_char,
+        crl: *const mbedtls_x509_crl,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Initialize a CRL (chain)
+    ///
+    /// \param crl      CRL chain to initialize
+    pub fn mbedtls_x509_crl_init(crl: *mut mbedtls_x509_crl);
+}
+extern "C" {
+    /// \brief          Unallocate all CRL data
+    ///
+    /// \param crl      CRL chain to free
+    pub fn mbedtls_x509_crl_free(crl: *mut mbedtls_x509_crl);
+}
+/// Container for an X.509 certificate. The certificate may be chained.
+///
+/// Some fields of this structure are publicly readable. Do not modify
+/// them except via Mbed TLS library functions: the effect of modifying
+/// those fields or the data that those fields points to is unspecified.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_x509_crt {
+    pub private_own_buffer: crate::c_types::c_int,
+    ///< The raw certificate data (DER).
+    pub raw: mbedtls_x509_buf,
+    ///< The raw certificate body (DER). The part that is To Be Signed.
+    pub tbs: mbedtls_x509_buf,
+    ///< The X.509 version. (1=v1, 2=v2, 3=v3)
+    pub version: crate::c_types::c_int,
+    ///< Unique id for certificate issued by a specific CA.
+    pub serial: mbedtls_x509_buf,
+    ///< Signature algorithm, e.g. sha1RSA
+    pub sig_oid: mbedtls_x509_buf,
+    ///< The raw issuer data (DER). Used for quick comparison.
+    pub issuer_raw: mbedtls_x509_buf,
+    ///< The raw subject data (DER). Used for quick comparison.
+    pub subject_raw: mbedtls_x509_buf,
+    ///< The parsed issuer data (named information object).
+    pub issuer: mbedtls_x509_name,
+    ///< The parsed subject data (named information object).
+    pub subject: mbedtls_x509_name,
+    ///< Start time of certificate validity.
+    pub valid_from: mbedtls_x509_time,
+    ///< End time of certificate validity.
+    pub valid_to: mbedtls_x509_time,
+    pub pk_raw: mbedtls_x509_buf,
+    ///< Container for the public key context.
+    pub pk: mbedtls_pk_context,
+    ///< Optional X.509 v2/v3 issuer unique identifier.
+    pub issuer_id: mbedtls_x509_buf,
+    ///< Optional X.509 v2/v3 subject unique identifier.
+    pub subject_id: mbedtls_x509_buf,
+    ///< Optional X.509 v3 extensions.
+    pub v3_ext: mbedtls_x509_buf,
+    ///< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName, uniformResourceIdentifier and OtherName are listed).
+    pub subject_alt_names: mbedtls_x509_sequence,
+    ///< Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed).
+    pub certificate_policies: mbedtls_x509_sequence,
+    pub private_ext_types: crate::c_types::c_int,
+    pub private_ca_istrue: crate::c_types::c_int,
+    pub private_max_pathlen: crate::c_types::c_int,
+    pub private_key_usage: crate::c_types::c_uint,
+    ///< Optional list of extended key usage OIDs.
+    pub ext_key_usage: mbedtls_x509_sequence,
+    pub private_ns_cert_type: crate::c_types::c_uchar,
+    pub private_sig: mbedtls_x509_buf,
+    pub private_sig_md: mbedtls_md_type_t,
+    pub private_sig_pk: mbedtls_pk_type_t,
+    pub private_sig_opts: *mut crate::c_types::c_void,
+    /// Next certificate in the linked list that constitutes the CA chain.
+    /// \p NULL indicates the end of the list.
+    /// Do not modify this field directly.
+    pub next: *mut mbedtls_x509_crt,
+}
+/// Security profile for certificate verification.
+///
+/// All lists are bitfields, built by ORing flags from MBEDTLS_X509_ID_FLAG().
+///
+/// The fields of this structure are part of the public API and can be
+/// manipulated directly by applications. Future versions of the library may
+/// add extra fields or reorder existing fields.
+///
+/// You can create custom profiles by starting from a copy of
+/// an existing profile, such as mbedtls_x509_crt_profile_default or
+/// mbedtls_x509_ctr_profile_none and then tune it to your needs.
+///
+/// For example to allow SHA-224 in addition to the default:
+///
+///  mbedtls_x509_crt_profile my_profile = mbedtls_x509_crt_profile_default;
+///  my_profile.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 );
+///
+/// Or to allow only RSA-3072+ with SHA-256:
+///
+///  mbedtls_x509_crt_profile my_profile = mbedtls_x509_crt_profile_none;
+///  my_profile.allowed_mds = MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 );
+///  my_profile.allowed_pks = MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_RSA );
+///  my_profile.rsa_min_bitlen = 3072;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_x509_crt_profile {
+    ///< MDs for signatures
+    pub allowed_mds: u32,
+    ///< PK algs for public keys;
+    ///   this applies to all certificates
+    ///   in the provided chain.
+    pub allowed_pks: u32,
+    ///< Elliptic curves for ECDSA
+    pub allowed_curves: u32,
+    ///< Minimum size for RSA keys
+    pub rsa_min_bitlen: u32,
+}
+/// Container for writing a certificate (CRT)
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_x509write_cert {
+    pub private_version: crate::c_types::c_int,
+    pub private_serial: [crate::c_types::c_uchar; 20usize],
+    pub private_serial_len: usize,
+    pub private_subject_key: *mut mbedtls_pk_context,
+    pub private_issuer_key: *mut mbedtls_pk_context,
+    pub private_subject: *mut mbedtls_asn1_named_data,
+    pub private_issuer: *mut mbedtls_asn1_named_data,
+    pub private_md_alg: mbedtls_md_type_t,
+    pub private_not_before: [crate::c_types::c_char; 16usize],
+    pub private_not_after: [crate::c_types::c_char; 16usize],
+    pub private_extensions: *mut mbedtls_asn1_named_data,
+}
+/// Item in a verification chain: cert and flags for it
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_x509_crt_verify_chain_item {
+    pub private_crt: *mut mbedtls_x509_crt,
+    pub private_flags: u32,
+}
+/// Verification chain as built by \c mbedtls_crt_verify_chain()
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_x509_crt_verify_chain {
+    pub private_items: [mbedtls_x509_crt_verify_chain_item; 10usize],
+    pub private_len: crate::c_types::c_uint,
+}
+pub type mbedtls_x509_crt_restart_ctx = crate::c_types::c_void;
+extern "C" {
+    /// Default security profile. Should provide a good balance between security
+    /// and compatibility with current deployments.
+    ///
+    /// This profile permits:
+    /// - SHA2 hashes with at least 256 bits: SHA-256, SHA-384, SHA-512.
+    /// - Elliptic curves with 255 bits and above except secp256k1.
+    /// - RSA with 2048 bits and above.
+    ///
+    /// New minor versions of Mbed TLS may extend this profile, for example if
+    /// new algorithms are added to the library. New minor versions of Mbed TLS will
+    /// not reduce this profile unless serious security concerns require it.
+    pub static mbedtls_x509_crt_profile_default: mbedtls_x509_crt_profile;
+}
+extern "C" {
+    /// Expected next default profile. Recommended for new deployments.
+    /// Currently targets a 128-bit security level, except for allowing RSA-2048.
+    /// This profile may change at any time.
+    pub static mbedtls_x509_crt_profile_next: mbedtls_x509_crt_profile;
+}
+extern "C" {
+    /// NSA Suite B profile.
+    pub static mbedtls_x509_crt_profile_suiteb: mbedtls_x509_crt_profile;
+}
+extern "C" {
+    /// Empty profile that allows nothing. Useful as a basis for constructing
+    /// custom profiles.
+    pub static mbedtls_x509_crt_profile_none: mbedtls_x509_crt_profile;
+}
+extern "C" {
+    /// \brief          Parse a single DER formatted certificate and add it
+    ///                 to the end of the provided chained list.
+    ///
+    /// \note           If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+    ///                 subsystem must have been initialized by calling
+    ///                 psa_crypto_init() before calling this function.
+    ///
+    /// \param chain    The pointer to the start of the CRT chain to attach to.
+    ///                 When parsing the first CRT in a chain, this should point
+    ///                 to an instance of ::mbedtls_x509_crt initialized through
+    ///                 mbedtls_x509_crt_init().
+    /// \param buf      The buffer holding the DER encoded certificate.
+    /// \param buflen   The size in Bytes of \p buf.
+    ///
+    /// \note           This function makes an internal copy of the CRT buffer
+    ///                 \p buf. In particular, \p buf may be destroyed or reused
+    ///                 after this call returns. To avoid duplicating the CRT
+    ///                 buffer (at the cost of stricter lifetime constraints),
+    ///                 use mbedtls_x509_crt_parse_der_nocopy() instead.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_x509_crt_parse_der(
+        chain: *mut mbedtls_x509_crt,
+        buf: *const crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+/// \brief          The type of certificate extension callbacks.
+///
+///                 Callbacks of this type are passed to and used by the
+///                 mbedtls_x509_crt_parse_der_with_ext_cb() routine when
+///                 it encounters either an unsupported extension or a
+///                 "certificate policies" extension containing any
+///                 unsupported certificate policies.
+///                 Future versions of the library may invoke the callback
+///                 in other cases, if and when the need arises.
+///
+/// \param p_ctx    An opaque context passed to the callback.
+/// \param crt      The certificate being parsed.
+/// \param oid      The OID of the extension.
+/// \param critical Whether the extension is critical.
+/// \param p        Pointer to the start of the extension value
+///                 (the content of the OCTET STRING).
+/// \param end      End of extension value.
+///
+/// \note           The callback must fail and return a negative error code
+///                 if it can not parse or does not support the extension.
+///                 When the callback fails to parse a critical extension
+///                 mbedtls_x509_crt_parse_der_with_ext_cb() also fails.
+///                 When the callback fails to parse a non critical extension
+///                 mbedtls_x509_crt_parse_der_with_ext_cb() simply skips
+///                 the extension and continues parsing.
+///
+/// \return         \c 0 on success.
+/// \return         A negative error code on failure.
+pub type mbedtls_x509_crt_ext_cb_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        p_ctx: *mut crate::c_types::c_void,
+        crt: *const mbedtls_x509_crt,
+        oid: *const mbedtls_x509_buf,
+        critical: crate::c_types::c_int,
+        p: *const crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int,
+>;
+extern "C" {
+    /// \brief            Parse a single DER formatted certificate and add it
+    ///                   to the end of the provided chained list.
+    ///
+    /// \note             If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+    ///                   subsystem must have been initialized by calling
+    ///                   psa_crypto_init() before calling this function.
+    ///
+    /// \param chain      The pointer to the start of the CRT chain to attach to.
+    ///                   When parsing the first CRT in a chain, this should point
+    ///                   to an instance of ::mbedtls_x509_crt initialized through
+    ///                   mbedtls_x509_crt_init().
+    /// \param buf        The buffer holding the DER encoded certificate.
+    /// \param buflen     The size in Bytes of \p buf.
+    /// \param make_copy  When not zero this function makes an internal copy of the
+    ///                   CRT buffer \p buf. In particular, \p buf may be destroyed
+    ///                   or reused after this call returns.
+    ///                   When zero this function avoids duplicating the CRT buffer
+    ///                   by taking temporary ownership thereof until the CRT
+    ///                   is destroyed (like mbedtls_x509_crt_parse_der_nocopy())
+    /// \param cb         A callback invoked for every unsupported certificate
+    ///                   extension.
+    /// \param p_ctx      An opaque context passed to the callback.
+    ///
+    /// \note             This call is functionally equivalent to
+    ///                   mbedtls_x509_crt_parse_der(), and/or
+    ///                   mbedtls_x509_crt_parse_der_nocopy()
+    ///                   but it calls the callback with every unsupported
+    ///                   certificate extension and additionally the
+    ///                   "certificate policies" extension if it contains any
+    ///                   unsupported certificate policies.
+    ///                   The callback must return a negative error code if it
+    ///                   does not know how to handle such an extension.
+    ///                   When the callback fails to parse a critical extension
+    ///                   mbedtls_x509_crt_parse_der_with_ext_cb() also fails.
+    ///                   When the callback fails to parse a non critical extension
+    ///                   mbedtls_x509_crt_parse_der_with_ext_cb() simply skips
+    ///                   the extension and continues parsing.
+    ///                   Future versions of the library may invoke the callback
+    ///                   in other cases, if and when the need arises.
+    ///
+    /// \return           \c 0 if successful.
+    /// \return           A negative error code on failure.
+    pub fn mbedtls_x509_crt_parse_der_with_ext_cb(
+        chain: *mut mbedtls_x509_crt,
+        buf: *const crate::c_types::c_uchar,
+        buflen: usize,
+        make_copy: crate::c_types::c_int,
+        cb: mbedtls_x509_crt_ext_cb_t,
+        p_ctx: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Parse a single DER formatted certificate and add it
+    ///                 to the end of the provided chained list. This is a
+    ///                 variant of mbedtls_x509_crt_parse_der() which takes
+    ///                 temporary ownership of the CRT buffer until the CRT
+    ///                 is destroyed.
+    ///
+    /// \note           If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+    ///                 subsystem must have been initialized by calling
+    ///                 psa_crypto_init() before calling this function.
+    ///
+    /// \param chain    The pointer to the start of the CRT chain to attach to.
+    ///                 When parsing the first CRT in a chain, this should point
+    ///                 to an instance of ::mbedtls_x509_crt initialized through
+    ///                 mbedtls_x509_crt_init().
+    /// \param buf      The address of the readable buffer holding the DER encoded
+    ///                 certificate to use. On success, this buffer must be
+    ///                 retained and not be changed for the lifetime of the
+    ///                 CRT chain \p chain, that is, until \p chain is destroyed
+    ///                 through a call to mbedtls_x509_crt_free().
+    /// \param buflen   The size in Bytes of \p buf.
+    ///
+    /// \note           This call is functionally equivalent to
+    ///                 mbedtls_x509_crt_parse_der(), but it avoids creating a
+    ///                 copy of the input buffer at the cost of stronger lifetime
+    ///                 constraints. This is useful in constrained environments
+    ///                 where duplication of the CRT cannot be tolerated.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_x509_crt_parse_der_nocopy(
+        chain: *mut mbedtls_x509_crt,
+        buf: *const crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Parse one DER-encoded or one or more concatenated PEM-encoded
+    ///                 certificates and add them to the chained list.
+    ///
+    ///                 For CRTs in PEM encoding, the function parses permissively:
+    ///                 if at least one certificate can be parsed, the function
+    ///                 returns the number of certificates for which parsing failed
+    ///                 (hence \c 0 if all certificates were parsed successfully).
+    ///                 If no certificate could be parsed, the function returns
+    ///                 the first (negative) error encountered during parsing.
+    ///
+    ///                 PEM encoded certificates may be interleaved by other data
+    ///                 such as human readable descriptions of their content, as
+    ///                 long as the certificates are enclosed in the PEM specific
+    ///                 '-----{BEGIN/END} CERTIFICATE-----' delimiters.
+    ///
+    /// \note           If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+    ///                 subsystem must have been initialized by calling
+    ///                 psa_crypto_init() before calling this function.
+    ///
+    /// \param chain    The chain to which to add the parsed certificates.
+    /// \param buf      The buffer holding the certificate data in PEM or DER format.
+    ///                 For certificates in PEM encoding, this may be a concatenation
+    ///                 of multiple certificates; for DER encoding, the buffer must
+    ///                 comprise exactly one certificate.
+    /// \param buflen   The size of \p buf, including the terminating \c NULL byte
+    ///                 in case of PEM encoded data.
+    ///
+    /// \return         \c 0 if all certificates were parsed successfully.
+    /// \return         The (positive) number of certificates that couldn't
+    ///                 be parsed if parsing was partly successful (see above).
+    /// \return         A negative X509 or PEM error code otherwise.
+    pub fn mbedtls_x509_crt_parse(
+        chain: *mut mbedtls_x509_crt,
+        buf: *const crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Returns an informational string about the
+    ///                 certificate.
+    ///
+    /// \param buf      Buffer to write to
+    /// \param size     Maximum size of buffer
+    /// \param prefix   A line prefix
+    /// \param crt      The X509 certificate to represent
+    ///
+    /// \return         The length of the string written (not including the
+    ///                 terminated nul byte), or a negative error code.
+    pub fn mbedtls_x509_crt_info(
+        buf: *mut crate::c_types::c_char,
+        size: usize,
+        prefix: *const crate::c_types::c_char,
+        crt: *const mbedtls_x509_crt,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Returns an informational string about the
+    ///                 verification status of a certificate.
+    ///
+    /// \param buf      Buffer to write to
+    /// \param size     Maximum size of buffer
+    /// \param prefix   A line prefix
+    /// \param flags    Verification flags created by mbedtls_x509_crt_verify()
+    ///
+    /// \return         The length of the string written (not including the
+    ///                 terminated nul byte), or a negative error code.
+    pub fn mbedtls_x509_crt_verify_info(
+        buf: *mut crate::c_types::c_char,
+        size: usize,
+        prefix: *const crate::c_types::c_char,
+        flags: u32,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Verify a chain of certificates.
+    ///
+    ///                 The verify callback is a user-supplied callback that
+    ///                 can clear / modify / add flags for a certificate. If set,
+    ///                 the verification callback is called for each
+    ///                 certificate in the chain (from the trust-ca down to the
+    ///                 presented crt). The parameters for the callback are:
+    ///                 (void *parameter, mbedtls_x509_crt *crt, int certificate_depth,
+    ///                 int *flags). With the flags representing current flags for
+    ///                 that specific certificate and the certificate depth from
+    ///                 the bottom (Peer cert depth = 0).
+    ///
+    ///                 All flags left after returning from the callback
+    ///                 are also returned to the application. The function should
+    ///                 return 0 for anything (including invalid certificates)
+    ///                 other than fatal error, as a non-zero return code
+    ///                 immediately aborts the verification process. For fatal
+    ///                 errors, a specific error code should be used (different
+    ///                 from MBEDTLS_ERR_X509_CERT_VERIFY_FAILED which should not
+    ///                 be returned at this point), or MBEDTLS_ERR_X509_FATAL_ERROR
+    ///                 can be used if no better code is available.
+    ///
+    /// \note           In case verification failed, the results can be displayed
+    ///                 using \c mbedtls_x509_crt_verify_info()
+    ///
+    /// \note           Same as \c mbedtls_x509_crt_verify_with_profile() with the
+    ///                 default security profile.
+    ///
+    /// \note           It is your responsibility to provide up-to-date CRLs for
+    ///                 all trusted CAs. If no CRL is provided for the CA that was
+    ///                 used to sign the certificate, CRL verification is skipped
+    ///                 silently, that is *without* setting any flag.
+    ///
+    /// \note           The \c trust_ca list can contain two types of certificates:
+    ///                 (1) those of trusted root CAs, so that certificates
+    ///                 chaining up to those CAs will be trusted, and (2)
+    ///                 self-signed end-entity certificates to be trusted (for
+    ///                 specific peers you know) - in that case, the self-signed
+    ///                 certificate doesn't need to have the CA bit set.
+    ///
+    /// \param crt      The certificate chain to be verified.
+    /// \param trust_ca The list of trusted CAs.
+    /// \param ca_crl   The list of CRLs for trusted CAs.
+    /// \param cn       The expected Common Name. This will be checked to be
+    ///                 present in the certificate's subjectAltNames extension or,
+    ///                 if this extension is absent, as a CN component in its
+    ///                 Subject name. Currently only DNS names are supported. This
+    ///                 may be \c NULL if the CN need not be verified.
+    /// \param flags    The address at which to store the result of the verification.
+    ///                 If the verification couldn't be completed, the flag value is
+    ///                 set to (uint32_t) -1.
+    /// \param f_vrfy   The verification callback to use. See the documentation
+    ///                 of mbedtls_x509_crt_verify() for more information.
+    /// \param p_vrfy   The context to be passed to \p f_vrfy.
+    ///
+    /// \return         \c 0 if the chain is valid with respect to the
+    ///                 passed CN, CAs, CRLs and security profile.
+    /// \return         #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the
+    ///                 certificate chain verification failed. In this case,
+    ///                 \c *flags will have one or more
+    ///                 \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX
+    ///                 flags set.
+    /// \return         Another negative error code in case of a fatal error
+    ///                 encountered during the verification process.
+    pub fn mbedtls_x509_crt_verify(
+        crt: *mut mbedtls_x509_crt,
+        trust_ca: *mut mbedtls_x509_crt,
+        ca_crl: *mut mbedtls_x509_crl,
+        cn: *const crate::c_types::c_char,
+        flags: *mut u32,
+        f_vrfy: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut mbedtls_x509_crt,
+                arg3: crate::c_types::c_int,
+                arg4: *mut u32,
+            ) -> crate::c_types::c_int,
+        >,
+        p_vrfy: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Verify a chain of certificates with respect to
+    ///                 a configurable security profile.
+    ///
+    /// \note           Same as \c mbedtls_x509_crt_verify(), but with explicit
+    ///                 security profile.
+    ///
+    /// \note           The restrictions on keys (RSA minimum size, allowed curves
+    ///                 for ECDSA) apply to all certificates: trusted root,
+    ///                 intermediate CAs if any, and end entity certificate.
+    ///
+    /// \param crt      The certificate chain to be verified.
+    /// \param trust_ca The list of trusted CAs.
+    /// \param ca_crl   The list of CRLs for trusted CAs.
+    /// \param profile  The security profile to use for the verification.
+    /// \param cn       The expected Common Name. This may be \c NULL if the
+    ///                 CN need not be verified.
+    /// \param flags    The address at which to store the result of the verification.
+    ///                 If the verification couldn't be completed, the flag value is
+    ///                 set to (uint32_t) -1.
+    /// \param f_vrfy   The verification callback to use. See the documentation
+    ///                 of mbedtls_x509_crt_verify() for more information.
+    /// \param p_vrfy   The context to be passed to \p f_vrfy.
+    ///
+    /// \return         \c 0 if the chain is valid with respect to the
+    ///                 passed CN, CAs, CRLs and security profile.
+    /// \return         #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the
+    ///                 certificate chain verification failed. In this case,
+    ///                 \c *flags will have one or more
+    ///                 \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX
+    ///                 flags set.
+    /// \return         Another negative error code in case of a fatal error
+    ///                 encountered during the verification process.
+    pub fn mbedtls_x509_crt_verify_with_profile(
+        crt: *mut mbedtls_x509_crt,
+        trust_ca: *mut mbedtls_x509_crt,
+        ca_crl: *mut mbedtls_x509_crl,
+        profile: *const mbedtls_x509_crt_profile,
+        cn: *const crate::c_types::c_char,
+        flags: *mut u32,
+        f_vrfy: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut mbedtls_x509_crt,
+                arg3: crate::c_types::c_int,
+                arg4: *mut u32,
+            ) -> crate::c_types::c_int,
+        >,
+        p_vrfy: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Restartable version of \c mbedtls_crt_verify_with_profile()
+    ///
+    /// \note           Performs the same job as \c mbedtls_crt_verify_with_profile()
+    ///                 but can return early and restart according to the limit
+    ///                 set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
+    ///
+    /// \param crt      The certificate chain to be verified.
+    /// \param trust_ca The list of trusted CAs.
+    /// \param ca_crl   The list of CRLs for trusted CAs.
+    /// \param profile  The security profile to use for the verification.
+    /// \param cn       The expected Common Name. This may be \c NULL if the
+    ///                 CN need not be verified.
+    /// \param flags    The address at which to store the result of the verification.
+    ///                 If the verification couldn't be completed, the flag value is
+    ///                 set to (uint32_t) -1.
+    /// \param f_vrfy   The verification callback to use. See the documentation
+    ///                 of mbedtls_x509_crt_verify() for more information.
+    /// \param p_vrfy   The context to be passed to \p f_vrfy.
+    /// \param rs_ctx   The restart context to use. This may be set to \c NULL
+    ///                 to disable restartable ECC.
+    ///
+    /// \return         See \c mbedtls_crt_verify_with_profile(), or
+    /// \return         #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                 operations was reached: see \c mbedtls_ecp_set_max_ops().
+    pub fn mbedtls_x509_crt_verify_restartable(
+        crt: *mut mbedtls_x509_crt,
+        trust_ca: *mut mbedtls_x509_crt,
+        ca_crl: *mut mbedtls_x509_crl,
+        profile: *const mbedtls_x509_crt_profile,
+        cn: *const crate::c_types::c_char,
+        flags: *mut u32,
+        f_vrfy: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut mbedtls_x509_crt,
+                arg3: crate::c_types::c_int,
+                arg4: *mut u32,
+            ) -> crate::c_types::c_int,
+        >,
+        p_vrfy: *mut crate::c_types::c_void,
+        rs_ctx: *mut mbedtls_x509_crt_restart_ctx,
+    ) -> crate::c_types::c_int;
+}
+/// \brief               The type of trusted certificate callbacks.
+///
+///                      Callbacks of this type are passed to and used by the CRT
+///                      verification routine mbedtls_x509_crt_verify_with_ca_cb()
+///                      when looking for trusted signers of a given certificate.
+///
+///                      On success, the callback returns a list of trusted
+///                      certificates to be considered as potential signers
+///                      for the input certificate.
+///
+/// \param p_ctx         An opaque context passed to the callback.
+/// \param child         The certificate for which to search a potential signer.
+///                      This will point to a readable certificate.
+/// \param candidate_cas The address at which to store the address of the first
+///                      entry in the generated linked list of candidate signers.
+///                      This will not be \c NULL.
+///
+/// \note                The callback must only return a non-zero value on a
+///                      fatal error. If, in contrast, the search for a potential
+///                      signer completes without a single candidate, the
+///                      callback must return \c 0 and set \c *candidate_cas
+///                      to \c NULL.
+///
+/// \return              \c 0 on success. In this case, \c *candidate_cas points
+///                      to a heap-allocated linked list of instances of
+///                      ::mbedtls_x509_crt, and ownership of this list is passed
+///                      to the caller.
+/// \return              A negative error code on failure.
+pub type mbedtls_x509_crt_ca_cb_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        p_ctx: *mut crate::c_types::c_void,
+        child: *const mbedtls_x509_crt,
+        candidate_cas: *mut *mut mbedtls_x509_crt,
+    ) -> crate::c_types::c_int,
+>;
+extern "C" {
+    /// \brief          Check usage of certificate against keyUsage extension.
+    ///
+    /// \param crt      Leaf certificate used.
+    /// \param usage    Intended usage(s) (eg MBEDTLS_X509_KU_KEY_ENCIPHERMENT
+    ///                 before using the certificate to perform an RSA key
+    ///                 exchange).
+    ///
+    /// \note           Except for decipherOnly and encipherOnly, a bit set in the
+    ///                 usage argument means this bit MUST be set in the
+    ///                 certificate. For decipherOnly and encipherOnly, it means
+    ///                 that bit MAY be set.
+    ///
+    /// \return         0 is these uses of the certificate are allowed,
+    ///                 MBEDTLS_ERR_X509_BAD_INPUT_DATA if the keyUsage extension
+    ///                 is present but does not match the usage argument.
+    ///
+    /// \note           You should only call this function on leaf certificates, on
+    ///                 (intermediate) CAs the keyUsage extension is automatically
+    ///                 checked by \c mbedtls_x509_crt_verify().
+    pub fn mbedtls_x509_crt_check_key_usage(
+        crt: *const mbedtls_x509_crt,
+        usage: crate::c_types::c_uint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Check usage of certificate against extendedKeyUsage.
+    ///
+    /// \param crt       Leaf certificate used.
+    /// \param usage_oid Intended usage (eg MBEDTLS_OID_SERVER_AUTH or
+    ///                  MBEDTLS_OID_CLIENT_AUTH).
+    /// \param usage_len Length of usage_oid (eg given by MBEDTLS_OID_SIZE()).
+    ///
+    /// \return          0 if this use of the certificate is allowed,
+    ///                  MBEDTLS_ERR_X509_BAD_INPUT_DATA if not.
+    ///
+    /// \note            Usually only makes sense on leaf certificates.
+    pub fn mbedtls_x509_crt_check_extended_key_usage(
+        crt: *const mbedtls_x509_crt,
+        usage_oid: *const crate::c_types::c_char,
+        usage_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Verify the certificate revocation status
+    ///
+    /// \param crt      a certificate to be verified
+    /// \param crl      the CRL to verify against
+    ///
+    /// \return         1 if the certificate is revoked, 0 otherwise
+    pub fn mbedtls_x509_crt_is_revoked(
+        crt: *const mbedtls_x509_crt,
+        crl: *const mbedtls_x509_crl,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Initialize a certificate (chain)
+    ///
+    /// \param crt      Certificate chain to initialize
+    pub fn mbedtls_x509_crt_init(crt: *mut mbedtls_x509_crt);
+}
+extern "C" {
+    /// \brief          Unallocate all certificate data
+    ///
+    /// \param crt      Certificate chain to free
+    pub fn mbedtls_x509_crt_free(crt: *mut mbedtls_x509_crt);
+}
+extern "C" {
+    /// \brief           Initialize a CRT writing context
+    ///
+    /// \param ctx       CRT context to initialize
+    pub fn mbedtls_x509write_crt_init(ctx: *mut mbedtls_x509write_cert);
+}
+extern "C" {
+    /// \brief           Set the version for a Certificate
+    ///                  Default: MBEDTLS_X509_CRT_VERSION_3
+    ///
+    /// \param ctx       CRT context to use
+    /// \param version   version to set (MBEDTLS_X509_CRT_VERSION_1, MBEDTLS_X509_CRT_VERSION_2 or
+    ///                                  MBEDTLS_X509_CRT_VERSION_3)
+    pub fn mbedtls_x509write_crt_set_version(
+        ctx: *mut mbedtls_x509write_cert,
+        version: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief           Set the serial number for a Certificate.
+    ///
+    /// \deprecated      This function is deprecated and will be removed in a
+    ///                  future version of the library. Please use
+    ///                  mbedtls_x509write_crt_set_serial_raw() instead.
+    ///
+    /// \note            Even though the MBEDTLS_BIGNUM_C guard looks redundant since
+    ///                  X509 depends on PK and PK depends on BIGNUM, this emphasizes
+    ///                  a direct dependency between X509 and BIGNUM which is going
+    ///                  to be deprecated in the future.
+    ///
+    /// \param ctx       CRT context to use
+    /// \param serial    serial number to set
+    ///
+    /// \return          0 if successful
+    pub fn mbedtls_x509write_crt_set_serial(
+        ctx: *mut mbedtls_x509write_cert,
+        serial: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Set the serial number for a Certificate.
+    ///
+    /// \param ctx          CRT context to use
+    /// \param serial       A raw array of bytes containing the serial number in big
+    ///                     endian format
+    /// \param serial_len   Length of valid bytes (expressed in bytes) in \p serial
+    ///                     input buffer
+    ///
+    /// \return          0 if successful, or
+    ///                  MBEDTLS_ERR_X509_BAD_INPUT_DATA if the provided input buffer
+    ///                  is too big (longer than MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN)
+    pub fn mbedtls_x509write_crt_set_serial_raw(
+        ctx: *mut mbedtls_x509write_cert,
+        serial: *mut crate::c_types::c_uchar,
+        serial_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Set the validity period for a Certificate
+    ///                  Timestamps should be in string format for UTC timezone
+    ///                  i.e. "YYYYMMDDhhmmss"
+    ///                  e.g. "20131231235959" for December 31st 2013
+    ///                       at 23:59:59
+    ///
+    /// \param ctx       CRT context to use
+    /// \param not_before    not_before timestamp
+    /// \param not_after     not_after timestamp
+    ///
+    /// \return          0 if timestamp was parsed successfully, or
+    ///                  a specific error code
+    pub fn mbedtls_x509write_crt_set_validity(
+        ctx: *mut mbedtls_x509write_cert,
+        not_before: *const crate::c_types::c_char,
+        not_after: *const crate::c_types::c_char,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Set the issuer name for a Certificate
+    ///                  Issuer names should contain a comma-separated list
+    ///                  of OID types and values:
+    ///                  e.g. "C=UK,O=ARM,CN=mbed TLS CA"
+    ///
+    /// \param ctx           CRT context to use
+    /// \param issuer_name   issuer name to set
+    ///
+    /// \return          0 if issuer name was parsed successfully, or
+    ///                  a specific error code
+    pub fn mbedtls_x509write_crt_set_issuer_name(
+        ctx: *mut mbedtls_x509write_cert,
+        issuer_name: *const crate::c_types::c_char,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Set the subject name for a Certificate
+    ///                  Subject names should contain a comma-separated list
+    ///                  of OID types and values:
+    ///                  e.g. "C=UK,O=ARM,CN=mbed TLS Server 1"
+    ///
+    /// \param ctx           CRT context to use
+    /// \param subject_name  subject name to set
+    ///
+    /// \return          0 if subject name was parsed successfully, or
+    ///                  a specific error code
+    pub fn mbedtls_x509write_crt_set_subject_name(
+        ctx: *mut mbedtls_x509write_cert,
+        subject_name: *const crate::c_types::c_char,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Set the subject public key for the certificate
+    ///
+    /// \param ctx       CRT context to use
+    /// \param key       public key to include
+    pub fn mbedtls_x509write_crt_set_subject_key(
+        ctx: *mut mbedtls_x509write_cert,
+        key: *mut mbedtls_pk_context,
+    );
+}
+extern "C" {
+    /// \brief           Set the issuer key used for signing the certificate
+    ///
+    /// \param ctx       CRT context to use
+    /// \param key       private key to sign with
+    pub fn mbedtls_x509write_crt_set_issuer_key(
+        ctx: *mut mbedtls_x509write_cert,
+        key: *mut mbedtls_pk_context,
+    );
+}
+extern "C" {
+    /// \brief           Set the MD algorithm to use for the signature
+    ///                  (e.g. MBEDTLS_MD_SHA1)
+    ///
+    /// \param ctx       CRT context to use
+    /// \param md_alg    MD algorithm to use
+    pub fn mbedtls_x509write_crt_set_md_alg(
+        ctx: *mut mbedtls_x509write_cert,
+        md_alg: mbedtls_md_type_t,
+    );
+}
+extern "C" {
+    /// \brief           Generic function to add to or replace an extension in the
+    ///                  CRT
+    ///
+    /// \param ctx       CRT context to use
+    /// \param oid       OID of the extension
+    /// \param oid_len   length of the OID
+    /// \param critical  if the extension is critical (per the RFC's definition)
+    /// \param val       value of the extension OCTET STRING
+    /// \param val_len   length of the value data
+    ///
+    /// \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
+    pub fn mbedtls_x509write_crt_set_extension(
+        ctx: *mut mbedtls_x509write_cert,
+        oid: *const crate::c_types::c_char,
+        oid_len: usize,
+        critical: crate::c_types::c_int,
+        val: *const crate::c_types::c_uchar,
+        val_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Set the basicConstraints extension for a CRT
+    ///
+    /// \param ctx       CRT context to use
+    /// \param is_ca     is this a CA certificate
+    /// \param max_pathlen   maximum length of certificate chains below this
+    ///                      certificate (only for CA certificates, -1 is
+    ///                      unlimited)
+    ///
+    /// \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
+    pub fn mbedtls_x509write_crt_set_basic_constraints(
+        ctx: *mut mbedtls_x509write_cert,
+        is_ca: crate::c_types::c_int,
+        max_pathlen: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Set the subjectKeyIdentifier extension for a CRT
+    ///                  Requires that mbedtls_x509write_crt_set_subject_key() has been
+    ///                  called before
+    ///
+    /// \param ctx       CRT context to use
+    ///
+    /// \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
+    pub fn mbedtls_x509write_crt_set_subject_key_identifier(
+        ctx: *mut mbedtls_x509write_cert,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Set the authorityKeyIdentifier extension for a CRT
+    ///                  Requires that mbedtls_x509write_crt_set_issuer_key() has been
+    ///                  called before
+    ///
+    /// \param ctx       CRT context to use
+    ///
+    /// \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
+    pub fn mbedtls_x509write_crt_set_authority_key_identifier(
+        ctx: *mut mbedtls_x509write_cert,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Set the Key Usage Extension flags
+    ///                  (e.g. MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_SIGN)
+    ///
+    /// \param ctx       CRT context to use
+    /// \param key_usage key usage flags to set
+    ///
+    /// \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
+    pub fn mbedtls_x509write_crt_set_key_usage(
+        ctx: *mut mbedtls_x509write_cert,
+        key_usage: crate::c_types::c_uint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Set the Extended Key Usage Extension
+    ///                  (e.g. MBEDTLS_OID_SERVER_AUTH)
+    ///
+    /// \param ctx       CRT context to use
+    /// \param exts      extended key usage extensions to set, a sequence of
+    ///                  MBEDTLS_ASN1_OID objects
+    ///
+    /// \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
+    pub fn mbedtls_x509write_crt_set_ext_key_usage(
+        ctx: *mut mbedtls_x509write_cert,
+        exts: *const mbedtls_asn1_sequence,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Set the Netscape Cert Type flags
+    ///                  (e.g. MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT | MBEDTLS_X509_NS_CERT_TYPE_EMAIL)
+    ///
+    /// \param ctx           CRT context to use
+    /// \param ns_cert_type  Netscape Cert Type flags to set
+    ///
+    /// \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
+    pub fn mbedtls_x509write_crt_set_ns_cert_type(
+        ctx: *mut mbedtls_x509write_cert,
+        ns_cert_type: crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Free the contents of a CRT write context
+    ///
+    /// \param ctx       CRT context to free
+    pub fn mbedtls_x509write_crt_free(ctx: *mut mbedtls_x509write_cert);
+}
+extern "C" {
+    /// \brief           Write a built up certificate to a X509 DER structure
+    ///                  Note: data is written at the end of the buffer! Use the
+    ///                        return value to determine where you should start
+    ///                        using the buffer
+    ///
+    /// \param ctx       certificate to write away
+    /// \param buf       buffer to write to
+    /// \param size      size of the buffer
+    /// \param f_rng     RNG function. This must not be \c NULL.
+    /// \param p_rng     RNG parameter
+    ///
+    /// \return          length of data written if successful, or a specific
+    ///                  error code
+    ///
+    /// \note            \p f_rng is used for the signature operation.
+    pub fn mbedtls_x509write_crt_der(
+        ctx: *mut mbedtls_x509write_cert,
+        buf: *mut crate::c_types::c_uchar,
+        size: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Write a built up certificate to a X509 PEM string
+    ///
+    /// \param ctx       certificate to write away
+    /// \param buf       buffer to write to
+    /// \param size      size of the buffer
+    /// \param f_rng     RNG function. This must not be \c NULL.
+    /// \param p_rng     RNG parameter
+    ///
+    /// \return          0 if successful, or a specific error code
+    ///
+    /// \note            \p f_rng is used for the signature operation.
+    pub fn mbedtls_x509write_crt_pem(
+        ctx: *mut mbedtls_x509write_cert,
+        buf: *mut crate::c_types::c_uchar,
+        size: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+///<  The prime modulus.
+pub const mbedtls_dhm_parameter_MBEDTLS_DHM_PARAM_P: mbedtls_dhm_parameter = 0;
+///<  The generator.
+pub const mbedtls_dhm_parameter_MBEDTLS_DHM_PARAM_G: mbedtls_dhm_parameter = 1;
+///<  Our secret value.
+pub const mbedtls_dhm_parameter_MBEDTLS_DHM_PARAM_X: mbedtls_dhm_parameter = 2;
+///<  Our public key = \c G^X mod \c P.
+pub const mbedtls_dhm_parameter_MBEDTLS_DHM_PARAM_GX: mbedtls_dhm_parameter = 3;
+///<  The public key of the peer = \c G^Y mod \c P.
+pub const mbedtls_dhm_parameter_MBEDTLS_DHM_PARAM_GY: mbedtls_dhm_parameter = 4;
+///<  The shared secret = \c G^(XY) mod \c P.
+pub const mbedtls_dhm_parameter_MBEDTLS_DHM_PARAM_K: mbedtls_dhm_parameter = 5;
+/// Which parameter to access in mbedtls_dhm_get_value().
+pub type mbedtls_dhm_parameter = crate::c_types::c_uint;
+/// \brief          The DHM context structure.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_dhm_context {
+    pub private_P: mbedtls_mpi,
+    pub private_G: mbedtls_mpi,
+    pub private_X: mbedtls_mpi,
+    pub private_GX: mbedtls_mpi,
+    pub private_GY: mbedtls_mpi,
+    pub private_K: mbedtls_mpi,
+    pub private_RP: mbedtls_mpi,
+    pub private_Vi: mbedtls_mpi,
+    pub private_Vf: mbedtls_mpi,
+    pub private_pX: mbedtls_mpi,
+}
+extern "C" {
+    /// \brief          This function initializes the DHM context.
+    ///
+    /// \param ctx      The DHM context to initialize.
+    pub fn mbedtls_dhm_init(ctx: *mut mbedtls_dhm_context);
+}
+extern "C" {
+    /// \brief          This function parses the DHM parameters in a
+    ///                 TLS ServerKeyExchange handshake message
+    ///                 (DHM modulus, generator, and public key).
+    ///
+    /// \note           In a TLS handshake, this is the how the client
+    ///                 sets up its DHM context from the server's public
+    ///                 DHM key material.
+    ///
+    /// \param ctx      The DHM context to use. This must be initialized.
+    /// \param p        On input, *p must be the start of the input buffer.
+    ///                 On output, *p is updated to point to the end of the data
+    ///                 that has been read. On success, this is the first byte
+    ///                 past the end of the ServerKeyExchange parameters.
+    ///                 On error, this is the point at which an error has been
+    ///                 detected, which is usually not useful except to debug
+    ///                 failures.
+    /// \param end      The end of the input buffer.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_DHM_XXX error code on failure.
+    pub fn mbedtls_dhm_read_params(
+        ctx: *mut mbedtls_dhm_context,
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function generates a DHM key pair and exports its
+    ///                 public part together with the DHM parameters in the format
+    ///                 used in a TLS ServerKeyExchange handshake message.
+    ///
+    /// \note           This function assumes that the DHM parameters \c ctx->P
+    ///                 and \c ctx->G have already been properly set. For that, use
+    ///                 mbedtls_dhm_set_group() below in conjunction with
+    ///                 mbedtls_mpi_read_binary() and mbedtls_mpi_read_string().
+    ///
+    /// \note           In a TLS handshake, this is the how the server generates
+    ///                 and exports its DHM key material.
+    ///
+    /// \param ctx      The DHM context to use. This must be initialized
+    ///                 and have the DHM parameters set. It may or may not
+    ///                 already have imported the peer's public key.
+    /// \param x_size   The private key size in Bytes.
+    /// \param olen     The address at which to store the number of Bytes
+    ///                 written on success. This must not be \c NULL.
+    /// \param output   The destination buffer. This must be a writable buffer of
+    ///                 sufficient size to hold the reduced binary presentation of
+    ///                 the modulus, the generator and the public key, each wrapped
+    ///                 with a 2-byte length field. It is the responsibility of the
+    ///                 caller to ensure that enough space is available. Refer to
+    ///                 mbedtls_mpi_size() to computing the byte-size of an MPI.
+    /// \param f_rng    The RNG function. Must not be \c NULL.
+    /// \param p_rng    The RNG context to be passed to \p f_rng. This may be
+    ///                 \c NULL if \p f_rng doesn't need a context parameter.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_DHM_XXX error code on failure.
+    pub fn mbedtls_dhm_make_params(
+        ctx: *mut mbedtls_dhm_context,
+        x_size: crate::c_types::c_int,
+        output: *mut crate::c_types::c_uchar,
+        olen: *mut usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function sets the prime modulus and generator.
+    ///
+    /// \note           This function can be used to set \c ctx->P, \c ctx->G
+    ///                 in preparation for mbedtls_dhm_make_params().
+    ///
+    /// \param ctx      The DHM context to configure. This must be initialized.
+    /// \param P        The MPI holding the DHM prime modulus. This must be
+    ///                 an initialized MPI.
+    /// \param G        The MPI holding the DHM generator. This must be an
+    ///                 initialized MPI.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         An \c MBEDTLS_ERR_DHM_XXX error code on failure.
+    pub fn mbedtls_dhm_set_group(
+        ctx: *mut mbedtls_dhm_context,
+        P: *const mbedtls_mpi,
+        G: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function imports the raw public value of the peer.
+    ///
+    /// \note           In a TLS handshake, this is the how the server imports
+    ///                 the Client's public DHM key.
+    ///
+    /// \param ctx      The DHM context to use. This must be initialized and have
+    ///                 its DHM parameters set, e.g. via mbedtls_dhm_set_group().
+    ///                 It may or may not already have generated its own private key.
+    /// \param input    The input buffer containing the \c G^Y value of the peer.
+    ///                 This must be a readable buffer of size \p ilen Bytes.
+    /// \param ilen     The size of the input buffer \p input in Bytes.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_DHM_XXX error code on failure.
+    pub fn mbedtls_dhm_read_public(
+        ctx: *mut mbedtls_dhm_context,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function creates a DHM key pair and exports
+    ///                 the raw public key in big-endian format.
+    ///
+    /// \note           The destination buffer is always fully written
+    ///                 so as to contain a big-endian representation of G^X mod P.
+    ///                 If it is larger than \c ctx->len, it is padded accordingly
+    ///                 with zero-bytes at the beginning.
+    ///
+    /// \param ctx      The DHM context to use. This must be initialized and
+    ///                 have the DHM parameters set. It may or may not already
+    ///                 have imported the peer's public key.
+    /// \param x_size   The private key size in Bytes.
+    /// \param output   The destination buffer. This must be a writable buffer of
+    ///                 size \p olen Bytes.
+    /// \param olen     The length of the destination buffer. This must be at least
+    ///                 equal to `ctx->len` (the size of \c P).
+    /// \param f_rng    The RNG function. This must not be \c NULL.
+    /// \param p_rng    The RNG context to be passed to \p f_rng. This may be \c NULL
+    ///                 if \p f_rng doesn't need a context argument.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_DHM_XXX error code on failure.
+    pub fn mbedtls_dhm_make_public(
+        ctx: *mut mbedtls_dhm_context,
+        x_size: crate::c_types::c_int,
+        output: *mut crate::c_types::c_uchar,
+        olen: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function derives and exports the shared secret
+    ///                 \c (G^Y)^X mod \c P.
+    ///
+    /// \note           If \p f_rng is not \c NULL, it is used to blind the input as
+    ///                 a countermeasure against timing attacks. Blinding is used
+    ///                 only if our private key \c X is re-used, and not used
+    ///                 otherwise. We recommend always passing a non-NULL
+    ///                 \p f_rng argument.
+    ///
+    /// \param ctx           The DHM context to use. This must be initialized
+    ///                      and have its own private key generated and the peer's
+    ///                      public key imported.
+    /// \param output        The buffer to write the generated shared key to. This
+    ///                      must be a writable buffer of size \p output_size Bytes.
+    /// \param output_size   The size of the destination buffer. This must be at
+    ///                      least the size of \c ctx->len (the size of \c P).
+    /// \param olen          On exit, holds the actual number of Bytes written.
+    /// \param f_rng         The RNG function. Must not be \c NULL. Used for
+    ///                      blinding.
+    /// \param p_rng         The RNG context to be passed to \p f_rng. This may be
+    ///                      \c NULL if \p f_rng doesn't need a context parameter.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              An \c MBEDTLS_ERR_DHM_XXX error code on failure.
+    pub fn mbedtls_dhm_calc_secret(
+        ctx: *mut mbedtls_dhm_context,
+        output: *mut crate::c_types::c_uchar,
+        output_size: usize,
+        olen: *mut usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function returns the size of the prime modulus in bits.
+    ///
+    /// \param ctx      The DHM context to query.
+    ///
+    /// \return         The size of the prime modulus in bits,
+    ///                 i.e. the number n such that 2^(n-1) <= P < 2^n.
+    pub fn mbedtls_dhm_get_bitlen(ctx: *const mbedtls_dhm_context) -> usize;
+}
+extern "C" {
+    /// \brief          This function returns the size of the prime modulus in bytes.
+    ///
+    /// \param ctx      The DHM context to query.
+    ///
+    /// \return         The size of the prime modulus in bytes,
+    ///                 i.e. the number n such that 2^(8*(n-1)) <= P < 2^(8*n).
+    pub fn mbedtls_dhm_get_len(ctx: *const mbedtls_dhm_context) -> usize;
+}
+extern "C" {
+    /// \brief          This function copies a parameter of a DHM key.
+    ///
+    /// \param ctx      The DHM context to query.
+    /// \param param    The parameter to copy.
+    /// \param dest     The MPI object to copy the value into. It must be
+    ///                 initialized.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_DHM_BAD_INPUT_DATA if \p field is invalid.
+    /// \return         An \c MBEDTLS_ERR_MPI_XXX error code if the copy fails.
+    pub fn mbedtls_dhm_get_value(
+        ctx: *const mbedtls_dhm_context,
+        param: mbedtls_dhm_parameter,
+        dest: *mut mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function frees and clears the components
+    ///                 of a DHM context.
+    ///
+    /// \param ctx      The DHM context to free and clear. This may be \c NULL,
+    ///                 in which case this function is a no-op. If it is not \c NULL,
+    ///                 it must point to an initialized DHM context.
+    pub fn mbedtls_dhm_free(ctx: *mut mbedtls_dhm_context);
+}
+extern "C" {
+    /// \brief             This function parses DHM parameters in PEM or DER format.
+    ///
+    /// \param dhm         The DHM context to import the DHM parameters into.
+    ///                    This must be initialized.
+    /// \param dhmin       The input buffer. This must be a readable buffer of
+    ///                    length \p dhminlen Bytes.
+    /// \param dhminlen    The size of the input buffer \p dhmin, including the
+    ///                    terminating \c NULL Byte for PEM data.
+    ///
+    /// \return            \c 0 on success.
+    /// \return            An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX error
+    ///                    code on failure.
+    pub fn mbedtls_dhm_parse_dhm(
+        dhm: *mut mbedtls_dhm_context,
+        dhmin: *const crate::c_types::c_uchar,
+        dhminlen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          The DMH checkup routine.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_dhm_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+///< Our key.
+pub const mbedtls_ecdh_side_MBEDTLS_ECDH_OURS: mbedtls_ecdh_side = 0;
+///< The key of the peer.
+pub const mbedtls_ecdh_side_MBEDTLS_ECDH_THEIRS: mbedtls_ecdh_side = 1;
+/// Defines the source of the imported EC key.
+pub type mbedtls_ecdh_side = crate::c_types::c_uint;
+///< Implementation not defined.
+pub const mbedtls_ecdh_variant_MBEDTLS_ECDH_VARIANT_NONE: mbedtls_ecdh_variant = 0;
+///< The default Mbed TLS implementation
+pub const mbedtls_ecdh_variant_MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: mbedtls_ecdh_variant = 1;
+/// Defines the ECDH implementation used.
+///
+/// Later versions of the library may add new variants, therefore users should
+/// not make any assumptions about them.
+pub type mbedtls_ecdh_variant = crate::c_types::c_uint;
+/// The context used by the default ECDH implementation.
+///
+/// Later versions might change the structure of this context, therefore users
+/// should not make any assumptions about the structure of
+/// mbedtls_ecdh_context_mbed.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ecdh_context_mbed {
+    pub private_grp: mbedtls_ecp_group,
+    pub private_d: mbedtls_mpi,
+    pub private_Q: mbedtls_ecp_point,
+    pub private_Qp: mbedtls_ecp_point,
+    pub private_z: mbedtls_mpi,
+}
+/// \warning         Performing multiple operations concurrently on the same
+///                  ECDSA context is not supported; objects of this type
+///                  should not be shared between multiple threads.
+/// \brief           The ECDH context structure.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ecdh_context {
+    pub private_point_format: u8,
+    pub private_grp_id: mbedtls_ecp_group_id,
+    pub private_var: mbedtls_ecdh_variant,
+    pub private_ctx: mbedtls_ecdh_context__bindgen_ty_1,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union mbedtls_ecdh_context__bindgen_ty_1 {
+    pub private_mbed_ecdh: mbedtls_ecdh_context_mbed,
+}
+extern "C" {
+    /// \brief          Check whether a given group can be used for ECDH.
+    ///
+    /// \param gid      The ECP group ID to check.
+    ///
+    /// \return         \c 1 if the group can be used, \c 0 otherwise
+    pub fn mbedtls_ecdh_can_do(gid: mbedtls_ecp_group_id) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function generates an ECDH keypair on an elliptic
+    ///                  curve.
+    ///
+    ///                  This function performs the first of two core computations
+    ///                  implemented during the ECDH key exchange. The second core
+    ///                  computation is performed by mbedtls_ecdh_compute_shared().
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param grp       The ECP group to use. This must be initialized and have
+    ///                  domain parameters loaded, for example through
+    ///                  mbedtls_ecp_load() or mbedtls_ecp_tls_read_group().
+    /// \param d         The destination MPI (private key).
+    ///                  This must be initialized.
+    /// \param Q         The destination point (public key).
+    ///                  This must be initialized.
+    /// \param f_rng     The RNG function to use. This must not be \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may be
+    ///                  \c NULL in case \p f_rng doesn't need a context argument.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          Another \c MBEDTLS_ERR_ECP_XXX or
+    ///                  \c MBEDTLS_MPI_XXX error code on failure.
+    pub fn mbedtls_ecdh_gen_public(
+        grp: *mut mbedtls_ecp_group,
+        d: *mut mbedtls_mpi,
+        Q: *mut mbedtls_ecp_point,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function computes the shared secret.
+    ///
+    ///                  This function performs the second of two core computations
+    ///                  implemented during the ECDH key exchange. The first core
+    ///                  computation is performed by mbedtls_ecdh_gen_public().
+    ///
+    /// \see             ecp.h
+    ///
+    /// \note            If \p f_rng is not NULL, it is used to implement
+    ///                  countermeasures against side-channel attacks.
+    ///                  For more information, see mbedtls_ecp_mul().
+    ///
+    /// \param grp       The ECP group to use. This must be initialized and have
+    ///                  domain parameters loaded, for example through
+    ///                  mbedtls_ecp_load() or mbedtls_ecp_tls_read_group().
+    /// \param z         The destination MPI (shared secret).
+    ///                  This must be initialized.
+    /// \param Q         The public key from another party.
+    ///                  This must be initialized.
+    /// \param d         Our secret exponent (private key).
+    ///                  This must be initialized.
+    /// \param f_rng     The RNG function to use. This must not be \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may be
+    ///                  \c NULL if \p f_rng is \c NULL or doesn't need a
+    ///                  context argument.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          Another \c MBEDTLS_ERR_ECP_XXX or
+    ///                  \c MBEDTLS_MPI_XXX error code on failure.
+    pub fn mbedtls_ecdh_compute_shared(
+        grp: *mut mbedtls_ecp_group,
+        z: *mut mbedtls_mpi,
+        Q: *const mbedtls_ecp_point,
+        d: *const mbedtls_mpi,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function initializes an ECDH context.
+    ///
+    /// \param ctx       The ECDH context to initialize. This must not be \c NULL.
+    pub fn mbedtls_ecdh_init(ctx: *mut mbedtls_ecdh_context);
+}
+extern "C" {
+    /// \brief           This function sets up the ECDH context with the information
+    ///                  given.
+    ///
+    ///                  This function should be called after mbedtls_ecdh_init() but
+    ///                  before mbedtls_ecdh_make_params(). There is no need to call
+    ///                  this function before mbedtls_ecdh_read_params().
+    ///
+    ///                  This is the first function used by a TLS server for ECDHE
+    ///                  ciphersuites.
+    ///
+    /// \param ctx       The ECDH context to set up. This must be initialized.
+    /// \param grp_id    The group id of the group to set up the context for.
+    ///
+    /// \return          \c 0 on success.
+    pub fn mbedtls_ecdh_setup(
+        ctx: *mut mbedtls_ecdh_context,
+        grp_id: mbedtls_ecp_group_id,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function frees a context.
+    ///
+    /// \param ctx       The context to free. This may be \c NULL, in which
+    ///                  case this function does nothing. If it is not \c NULL,
+    ///                  it must point to an initialized ECDH context.
+    pub fn mbedtls_ecdh_free(ctx: *mut mbedtls_ecdh_context);
+}
+extern "C" {
+    /// \brief           This function generates an EC key pair and exports its
+    ///                  in the format used in a TLS ServerKeyExchange handshake
+    ///                  message.
+    ///
+    ///                  This is the second function used by a TLS server for ECDHE
+    ///                  ciphersuites. (It is called after mbedtls_ecdh_setup().)
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param ctx       The ECDH context to use. This must be initialized
+    ///                  and bound to a group, for example via mbedtls_ecdh_setup().
+    /// \param olen      The address at which to store the number of Bytes written.
+    /// \param buf       The destination buffer. This must be a writable buffer of
+    ///                  length \p blen Bytes.
+    /// \param blen      The length of the destination buffer \p buf in Bytes.
+    /// \param f_rng     The RNG function to use. This must not be \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may be
+    ///                  \c NULL in case \p f_rng doesn't need a context argument.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                  operations was reached: see \c mbedtls_ecp_set_max_ops().
+    /// \return          Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
+    pub fn mbedtls_ecdh_make_params(
+        ctx: *mut mbedtls_ecdh_context,
+        olen: *mut usize,
+        buf: *mut crate::c_types::c_uchar,
+        blen: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function parses the ECDHE parameters in a
+    ///                  TLS ServerKeyExchange handshake message.
+    ///
+    /// \note            In a TLS handshake, this is the how the client
+    ///                  sets up its ECDHE context from the server's public
+    ///                  ECDHE key material.
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param ctx       The ECDHE context to use. This must be initialized.
+    /// \param buf       On input, \c *buf must be the start of the input buffer.
+    ///                  On output, \c *buf is updated to point to the end of the
+    ///                  data that has been read. On success, this is the first byte
+    ///                  past the end of the ServerKeyExchange parameters.
+    ///                  On error, this is the point at which an error has been
+    ///                  detected, which is usually not useful except to debug
+    ///                  failures.
+    /// \param end       The end of the input buffer.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX error code on failure.
+    pub fn mbedtls_ecdh_read_params(
+        ctx: *mut mbedtls_ecdh_context,
+        buf: *mut *const crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function sets up an ECDH context from an EC key.
+    ///
+    ///                  It is used by clients and servers in place of the
+    ///                  ServerKeyEchange for static ECDH, and imports ECDH
+    ///                  parameters from the EC key information of a certificate.
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param ctx       The ECDH context to set up. This must be initialized.
+    /// \param key       The EC key to use. This must be initialized.
+    /// \param side      Defines the source of the key. Possible values are:
+    ///                  - #MBEDTLS_ECDH_OURS: The key is ours.
+    ///                  - #MBEDTLS_ECDH_THEIRS: The key is that of the peer.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
+    pub fn mbedtls_ecdh_get_params(
+        ctx: *mut mbedtls_ecdh_context,
+        key: *const mbedtls_ecp_keypair,
+        side: mbedtls_ecdh_side,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function generates a public key and exports it
+    ///                  as a TLS ClientKeyExchange payload.
+    ///
+    ///                  This is the second function used by a TLS client for ECDH(E)
+    ///                  ciphersuites.
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param ctx       The ECDH context to use. This must be initialized
+    ///                  and bound to a group, the latter usually by
+    ///                  mbedtls_ecdh_read_params().
+    /// \param olen      The address at which to store the number of Bytes written.
+    ///                  This must not be \c NULL.
+    /// \param buf       The destination buffer. This must be a writable buffer
+    ///                  of length \p blen Bytes.
+    /// \param blen      The size of the destination buffer \p buf in Bytes.
+    /// \param f_rng     The RNG function to use. This must not be \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may be
+    ///                  \c NULL in case \p f_rng doesn't need a context argument.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                  operations was reached: see \c mbedtls_ecp_set_max_ops().
+    /// \return          Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
+    pub fn mbedtls_ecdh_make_public(
+        ctx: *mut mbedtls_ecdh_context,
+        olen: *mut usize,
+        buf: *mut crate::c_types::c_uchar,
+        blen: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       This function parses and processes the ECDHE payload of a
+    ///              TLS ClientKeyExchange message.
+    ///
+    ///              This is the third function used by a TLS server for ECDH(E)
+    ///              ciphersuites. (It is called after mbedtls_ecdh_setup() and
+    ///              mbedtls_ecdh_make_params().)
+    ///
+    /// \see         ecp.h
+    ///
+    /// \param ctx   The ECDH context to use. This must be initialized
+    ///              and bound to a group, for example via mbedtls_ecdh_setup().
+    /// \param buf   The pointer to the ClientKeyExchange payload. This must
+    ///              be a readable buffer of length \p blen Bytes.
+    /// \param blen  The length of the input buffer \p buf in Bytes.
+    ///
+    /// \return      \c 0 on success.
+    /// \return      An \c MBEDTLS_ERR_ECP_XXX error code on failure.
+    pub fn mbedtls_ecdh_read_public(
+        ctx: *mut mbedtls_ecdh_context,
+        buf: *const crate::c_types::c_uchar,
+        blen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function derives and exports the shared secret.
+    ///
+    ///                  This is the last function used by both TLS client
+    ///                  and servers.
+    ///
+    /// \note            If \p f_rng is not NULL, it is used to implement
+    ///                  countermeasures against side-channel attacks.
+    ///                  For more information, see mbedtls_ecp_mul().
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param ctx       The ECDH context to use. This must be initialized
+    ///                  and have its own private key generated and the peer's
+    ///                  public key imported.
+    /// \param olen      The address at which to store the total number of
+    ///                  Bytes written on success. This must not be \c NULL.
+    /// \param buf       The buffer to write the generated shared key to. This
+    ///                  must be a writable buffer of size \p blen Bytes.
+    /// \param blen      The length of the destination buffer \p buf in Bytes.
+    /// \param f_rng     The RNG function to use. This must not be \c NULL.
+    /// \param p_rng     The RNG context. This may be \c NULL if \p f_rng
+    ///                  doesn't need a context argument.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                  operations was reached: see \c mbedtls_ecp_set_max_ops().
+    /// \return          Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
+    pub fn mbedtls_ecdh_calc_secret(
+        ctx: *mut mbedtls_ecdh_context,
+        olen: *mut usize,
+        buf: *mut crate::c_types::c_uchar,
+        blen: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union mbedtls_ssl_premaster_secret {
+    pub _pms_rsa: [crate::c_types::c_uchar; 48usize],
+    pub _pms_dhm: [crate::c_types::c_uchar; 1024usize],
+    pub _pms_ecdh: [crate::c_types::c_uchar; 66usize],
+    pub _pms_psk: [crate::c_types::c_uchar; 100usize],
+    pub _pms_dhe_psk: [crate::c_types::c_uchar; 1076usize],
+    pub _pms_rsa_psk: [crate::c_types::c_uchar; 100usize],
+    pub _pms_ecdhe_psk: [crate::c_types::c_uchar; 118usize],
+}
+pub const mbedtls_ssl_states_MBEDTLS_SSL_HELLO_REQUEST: mbedtls_ssl_states = 0;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_CLIENT_HELLO: mbedtls_ssl_states = 1;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_SERVER_HELLO: mbedtls_ssl_states = 2;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_SERVER_CERTIFICATE: mbedtls_ssl_states = 3;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_SERVER_KEY_EXCHANGE: mbedtls_ssl_states = 4;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_CERTIFICATE_REQUEST: mbedtls_ssl_states = 5;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_SERVER_HELLO_DONE: mbedtls_ssl_states = 6;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_CLIENT_CERTIFICATE: mbedtls_ssl_states = 7;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_CLIENT_KEY_EXCHANGE: mbedtls_ssl_states = 8;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_CERTIFICATE_VERIFY: mbedtls_ssl_states = 9;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC: mbedtls_ssl_states = 10;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_CLIENT_FINISHED: mbedtls_ssl_states = 11;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC: mbedtls_ssl_states = 12;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_SERVER_FINISHED: mbedtls_ssl_states = 13;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_FLUSH_BUFFERS: mbedtls_ssl_states = 14;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_HANDSHAKE_WRAPUP: mbedtls_ssl_states = 15;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_NEW_SESSION_TICKET: mbedtls_ssl_states = 16;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT: mbedtls_ssl_states = 17;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_HELLO_RETRY_REQUEST: mbedtls_ssl_states = 18;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_ENCRYPTED_EXTENSIONS: mbedtls_ssl_states = 19;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_END_OF_EARLY_DATA: mbedtls_ssl_states = 20;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY: mbedtls_ssl_states = 21;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED: mbedtls_ssl_states = 22;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO: mbedtls_ssl_states =
+    23;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO: mbedtls_ssl_states = 24;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO: mbedtls_ssl_states = 25;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST: mbedtls_ssl_states =
+    26;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_HANDSHAKE_OVER: mbedtls_ssl_states = 27;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET: mbedtls_ssl_states = 28;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH: mbedtls_ssl_states = 29;
+pub type mbedtls_ssl_states = crate::c_types::c_uint;
+/// \brief          Callback type: send data on the network.
+///
+/// \note           That callback may be either blocking or non-blocking.
+///
+/// \param ctx      Context for the send callback (typically a file descriptor)
+/// \param buf      Buffer holding the data to send
+/// \param len      Length of the data to send
+///
+/// \return         The callback must return the number of bytes sent if any,
+///                 or a non-zero error code.
+///                 If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_WRITE
+///                 must be returned when the operation would block.
+///
+/// \note           The callback is allowed to send fewer bytes than requested.
+///                 It must always return the number of bytes actually sent.
+pub type mbedtls_ssl_send_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        ctx: *mut crate::c_types::c_void,
+        buf: *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int,
+>;
+/// \brief          Callback type: receive data from the network.
+///
+/// \note           That callback may be either blocking or non-blocking.
+///
+/// \param ctx      Context for the receive callback (typically a file
+///                 descriptor)
+/// \param buf      Buffer to write the received data to
+/// \param len      Length of the receive buffer
+///
+/// \returns        If data has been received, the positive number of bytes received.
+/// \returns        \c 0 if the connection has been closed.
+/// \returns        If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_READ
+///                 must be returned when the operation would block.
+/// \returns        Another negative error code on other kinds of failures.
+///
+/// \note           The callback may receive fewer bytes than the length of the
+///                 buffer. It must always return the number of bytes actually
+///                 received and written to the buffer.
+pub type mbedtls_ssl_recv_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        ctx: *mut crate::c_types::c_void,
+        buf: *mut crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int,
+>;
+/// \brief          Callback type: receive data from the network, with timeout
+///
+/// \note           That callback must block until data is received, or the
+///                 timeout delay expires, or the operation is interrupted by a
+///                 signal.
+///
+/// \param ctx      Context for the receive callback (typically a file descriptor)
+/// \param buf      Buffer to write the received data to
+/// \param len      Length of the receive buffer
+/// \param timeout  Maximum number of milliseconds to wait for data
+///                 0 means no timeout (potentially waiting forever)
+///
+/// \return         The callback must return the number of bytes received,
+///                 or a non-zero error code:
+///                 \c MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out,
+///                 \c MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal.
+///
+/// \note           The callback may receive fewer bytes than the length of the
+///                 buffer. It must always return the number of bytes actually
+///                 received and written to the buffer.
+pub type mbedtls_ssl_recv_timeout_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        ctx: *mut crate::c_types::c_void,
+        buf: *mut crate::c_types::c_uchar,
+        len: usize,
+        timeout: u32,
+    ) -> crate::c_types::c_int,
+>;
+/// \brief          Callback type: set a pair of timers/delays to watch
+///
+/// \param ctx      Context pointer
+/// \param int_ms   Intermediate delay in milliseconds
+/// \param fin_ms   Final delay in milliseconds
+///                 0 cancels the current timer.
+///
+/// \note           This callback must at least store the necessary information
+///                 for the associated \c mbedtls_ssl_get_timer_t callback to
+///                 return correct information.
+///
+/// \note           If using an event-driven style of programming, an event must
+///                 be generated when the final delay is passed. The event must
+///                 cause a call to \c mbedtls_ssl_handshake() with the proper
+///                 SSL context to be scheduled. Care must be taken to ensure
+///                 that at most one such call happens at a time.
+///
+/// \note           Only one timer at a time must be running. Calling this
+///                 function while a timer is running must cancel it. Cancelled
+///                 timers must not generate any event.
+pub type mbedtls_ssl_set_timer_t = ::core::option::Option<
+    unsafe extern "C" fn(ctx: *mut crate::c_types::c_void, int_ms: u32, fin_ms: u32),
+>;
+/// \brief          Callback type: get status of timers/delays
+///
+/// \param ctx      Context pointer
+///
+/// \return         This callback must return:
+///                 -1 if cancelled (fin_ms == 0),
+///                  0 if none of the delays have passed,
+///                  1 if only the intermediate delay has passed,
+///                  2 if the final delay has passed.
+pub type mbedtls_ssl_get_timer_t = ::core::option::Option<
+    unsafe extern "C" fn(ctx: *mut crate::c_types::c_void) -> crate::c_types::c_int,
+>;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ssl_transform {
+    _unused: [u8; 0],
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ssl_handshake_params {
+    _unused: [u8; 0],
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ssl_sig_hash_set_t {
+    _unused: [u8; 0],
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ssl_key_cert {
+    _unused: [u8; 0],
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ssl_flight_item {
+    _unused: [u8; 0],
+}
+/// \brief          Callback type: server-side session cache getter
+///
+///                 The session cache is logically a key value store, with
+///                 keys being session IDs and values being instances of
+///                 mbedtls_ssl_session.
+///
+///                 This callback retrieves an entry in this key-value store.
+///
+/// \param data            The address of the session cache structure to query.
+/// \param session_id      The buffer holding the session ID to query.
+/// \param session_id_len  The length of \p session_id in Bytes.
+/// \param session         The address of the session structure to populate.
+///                        It is initialized with mbdtls_ssl_session_init(),
+///                        and the callback must always leave it in a state
+///                        where it can safely be freed via
+///                        mbedtls_ssl_session_free() independent of the
+///                        return code of this function.
+///
+/// \return                \c 0 on success
+/// \return                A non-zero return value on failure.
+pub type mbedtls_ssl_cache_get_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        data: *mut crate::c_types::c_void,
+        session_id: *const crate::c_types::c_uchar,
+        session_id_len: usize,
+        session: *mut mbedtls_ssl_session,
+    ) -> crate::c_types::c_int,
+>;
+/// \brief          Callback type: server-side session cache setter
+///
+///                 The session cache is logically a key value store, with
+///                 keys being session IDs and values being instances of
+///                 mbedtls_ssl_session.
+///
+///                 This callback sets an entry in this key-value store.
+///
+/// \param data            The address of the session cache structure to modify.
+/// \param session_id      The buffer holding the session ID to query.
+/// \param session_id_len  The length of \p session_id in Bytes.
+/// \param session         The address of the session to be stored in the
+///                        session cache.
+///
+/// \return                \c 0 on success
+/// \return                A non-zero return value on failure.
+pub type mbedtls_ssl_cache_set_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        data: *mut crate::c_types::c_void,
+        session_id: *const crate::c_types::c_uchar,
+        session_id_len: usize,
+        session: *const mbedtls_ssl_session,
+    ) -> crate::c_types::c_int,
+>;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ssl_tls13_application_secrets {
+    pub client_application_traffic_secret_N: [crate::c_types::c_uchar; 64usize],
+    pub server_application_traffic_secret_N: [crate::c_types::c_uchar; 64usize],
+    pub exporter_master_secret: [crate::c_types::c_uchar; 64usize],
+    pub resumption_master_secret: [crate::c_types::c_uchar; 64usize],
+}
+///< Context not in use or version not yet negotiated.
+pub const mbedtls_ssl_protocol_version_MBEDTLS_SSL_VERSION_UNKNOWN: mbedtls_ssl_protocol_version =
+    0;
+///< (D)TLS 1.2
+pub const mbedtls_ssl_protocol_version_MBEDTLS_SSL_VERSION_TLS1_2: mbedtls_ssl_protocol_version =
+    771;
+///< (D)TLS 1.3
+pub const mbedtls_ssl_protocol_version_MBEDTLS_SSL_VERSION_TLS1_3: mbedtls_ssl_protocol_version =
+    772;
+/// Human-friendly representation of the (D)TLS protocol version.
+pub type mbedtls_ssl_protocol_version = crate::c_types::c_uint;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ssl_session {
+    pub private_mfl_code: crate::c_types::c_uchar,
+    pub private_exported: crate::c_types::c_uchar,
+    pub private_tls_version: mbedtls_ssl_protocol_version,
+    pub private_ciphersuite: crate::c_types::c_int,
+    pub private_id_len: usize,
+    pub private_id: [crate::c_types::c_uchar; 32usize],
+    pub private_master: [crate::c_types::c_uchar; 48usize],
+    pub private_peer_cert: *mut mbedtls_x509_crt,
+    pub private_verify_result: u32,
+    pub private_ticket: *mut crate::c_types::c_uchar,
+    pub private_ticket_len: usize,
+    pub private_ticket_lifetime: u32,
+    pub private_endpoint: u8,
+    pub private_ticket_flags: u8,
+    pub private_ticket_age_add: u32,
+    pub private_resumption_key_len: u8,
+    pub private_resumption_key: [crate::c_types::c_uchar; 48usize],
+    pub private_hostname: *mut crate::c_types::c_char,
+    pub private_encrypt_then_mac: crate::c_types::c_int,
+    pub private_app_secrets: mbedtls_ssl_tls13_application_secrets,
+}
+pub const mbedtls_tls_prf_types_MBEDTLS_SSL_TLS_PRF_NONE: mbedtls_tls_prf_types = 0;
+pub const mbedtls_tls_prf_types_MBEDTLS_SSL_TLS_PRF_SHA384: mbedtls_tls_prf_types = 1;
+pub const mbedtls_tls_prf_types_MBEDTLS_SSL_TLS_PRF_SHA256: mbedtls_tls_prf_types = 2;
+pub const mbedtls_tls_prf_types_MBEDTLS_SSL_HKDF_EXPAND_SHA384: mbedtls_tls_prf_types = 3;
+pub const mbedtls_tls_prf_types_MBEDTLS_SSL_HKDF_EXPAND_SHA256: mbedtls_tls_prf_types = 4;
+pub type mbedtls_tls_prf_types = crate::c_types::c_uint;
+pub const mbedtls_ssl_key_export_type_MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET:
+    mbedtls_ssl_key_export_type = 0;
+pub const mbedtls_ssl_key_export_type_MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_EARLY_SECRET:
+    mbedtls_ssl_key_export_type = 1;
+pub const mbedtls_ssl_key_export_type_MBEDTLS_SSL_KEY_EXPORT_TLS1_3_EARLY_EXPORTER_SECRET:
+    mbedtls_ssl_key_export_type = 2;
+pub const mbedtls_ssl_key_export_type_MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_HANDSHAKE_TRAFFIC_SECRET : mbedtls_ssl_key_export_type = 3 ;
+pub const mbedtls_ssl_key_export_type_MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_HANDSHAKE_TRAFFIC_SECRET : mbedtls_ssl_key_export_type = 4 ;
+pub const mbedtls_ssl_key_export_type_MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_APPLICATION_TRAFFIC_SECRET : mbedtls_ssl_key_export_type = 5 ;
+pub const mbedtls_ssl_key_export_type_MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_APPLICATION_TRAFFIC_SECRET : mbedtls_ssl_key_export_type = 6 ;
+pub type mbedtls_ssl_key_export_type = crate::c_types::c_uint;
+/// \brief           Callback type: Export key alongside random values for
+///                                 session identification, and PRF for
+///                                 implementation of TLS key exporters.
+///
+/// \param p_expkey   Context for the callback.
+/// \param type       The type of the key that is being exported.
+/// \param secret     The address of the buffer holding the secret
+///                   that's being exporterd.
+/// \param secret_len The length of \p secret in bytes.
+/// \param client_random The client random bytes.
+/// \param server_random The server random bytes.
+/// \param tls_prf_type The identifier for the PRF used in the handshake
+///                     to which the key belongs.
+pub type mbedtls_ssl_export_keys_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        p_expkey: *mut crate::c_types::c_void,
+        type_: mbedtls_ssl_key_export_type,
+        secret: *const crate::c_types::c_uchar,
+        secret_len: usize,
+        client_random: *const crate::c_types::c_uchar,
+        server_random: *const crate::c_types::c_uchar,
+        tls_prf_type: mbedtls_tls_prf_types,
+    ),
+>;
+/// \brief           Callback type: generic handshake callback
+///
+/// \note            Callbacks may use user_data funcs to set/get app user data.
+///                  See \c mbedtls_ssl_get_user_data_p()
+///                      \c mbedtls_ssl_get_user_data_n()
+///                      \c mbedtls_ssl_conf_get_user_data_p()
+///                      \c mbedtls_ssl_conf_get_user_data_n()
+///
+/// \param ssl       \c mbedtls_ssl_context on which the callback is run
+///
+/// \return          The return value of the callback is 0 if successful,
+///                  or a specific MBEDTLS_ERR_XXX code, which will cause
+///                  the handshake to be aborted.
+pub type mbedtls_ssl_hs_cb_t = ::core::option::Option<
+    unsafe extern "C" fn(ssl: *mut mbedtls_ssl_context) -> crate::c_types::c_int,
+>;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union mbedtls_ssl_user_data_t {
+    pub n: usize,
+    pub p: *mut crate::c_types::c_void,
+}
+/// SSL/TLS configuration to be shared between mbedtls_ssl_context structures.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ssl_config {
+    pub private_max_tls_version: mbedtls_ssl_protocol_version,
+    pub private_min_tls_version: mbedtls_ssl_protocol_version,
+    pub private_endpoint: u8,
+    pub private_transport: u8,
+    pub private_authmode: u8,
+    pub private_allow_legacy_renegotiation: u8,
+    pub private_mfl_code: u8,
+    pub private_encrypt_then_mac: u8,
+    pub private_extended_ms: u8,
+    pub private_anti_replay: u8,
+    pub private_disable_renegotiation: u8,
+    pub private_session_tickets: u8,
+    pub private_new_session_tickets_count: u16,
+    pub private_cert_req_ca_list: u8,
+    pub private_respect_cli_pref: u8,
+    pub private_ignore_unexpected_cid: u8,
+    pub private_ciphersuite_list: *const crate::c_types::c_int,
+    pub private_tls13_kex_modes: crate::c_types::c_int,
+    pub private_f_dbg: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut crate::c_types::c_void,
+            arg2: crate::c_types::c_int,
+            arg3: *const crate::c_types::c_char,
+            arg4: crate::c_types::c_int,
+            arg5: *const crate::c_types::c_char,
+        ),
+    >,
+    pub private_p_dbg: *mut crate::c_types::c_void,
+    pub private_f_rng: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut crate::c_types::c_void,
+            arg2: *mut crate::c_types::c_uchar,
+            arg3: usize,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_p_rng: *mut crate::c_types::c_void,
+    pub private_f_get_cache: mbedtls_ssl_cache_get_t,
+    pub private_f_set_cache: mbedtls_ssl_cache_set_t,
+    pub private_p_cache: *mut crate::c_types::c_void,
+    pub private_f_sni: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut crate::c_types::c_void,
+            arg2: *mut mbedtls_ssl_context,
+            arg3: *const crate::c_types::c_uchar,
+            arg4: usize,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_p_sni: *mut crate::c_types::c_void,
+    pub private_f_vrfy: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut crate::c_types::c_void,
+            arg2: *mut mbedtls_x509_crt,
+            arg3: crate::c_types::c_int,
+            arg4: *mut u32,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_p_vrfy: *mut crate::c_types::c_void,
+    pub private_f_psk: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut crate::c_types::c_void,
+            arg2: *mut mbedtls_ssl_context,
+            arg3: *const crate::c_types::c_uchar,
+            arg4: usize,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_p_psk: *mut crate::c_types::c_void,
+    pub private_f_cookie_write: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut crate::c_types::c_void,
+            arg2: *mut *mut crate::c_types::c_uchar,
+            arg3: *mut crate::c_types::c_uchar,
+            arg4: *const crate::c_types::c_uchar,
+            arg5: usize,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_f_cookie_check: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut crate::c_types::c_void,
+            arg2: *const crate::c_types::c_uchar,
+            arg3: usize,
+            arg4: *const crate::c_types::c_uchar,
+            arg5: usize,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_p_cookie: *mut crate::c_types::c_void,
+    pub private_f_ticket_write: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut crate::c_types::c_void,
+            arg2: *const mbedtls_ssl_session,
+            arg3: *mut crate::c_types::c_uchar,
+            arg4: *const crate::c_types::c_uchar,
+            arg5: *mut usize,
+            arg6: *mut u32,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_f_ticket_parse: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut crate::c_types::c_void,
+            arg2: *mut mbedtls_ssl_session,
+            arg3: *mut crate::c_types::c_uchar,
+            arg4: usize,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_p_ticket: *mut crate::c_types::c_void,
+    pub private_cid_len: usize,
+    pub private_cert_profile: *const mbedtls_x509_crt_profile,
+    pub private_key_cert: *mut mbedtls_ssl_key_cert,
+    pub private_ca_chain: *mut mbedtls_x509_crt,
+    pub private_ca_crl: *mut mbedtls_x509_crl,
+    pub private_sig_hashes: *const crate::c_types::c_int,
+    pub private_sig_algs: *const u16,
+    pub private_curve_list: *const mbedtls_ecp_group_id,
+    pub private_group_list: *const u16,
+    pub private_dhm_P: mbedtls_mpi,
+    pub private_dhm_G: mbedtls_mpi,
+    pub private_psk: *mut crate::c_types::c_uchar,
+    pub private_psk_len: usize,
+    pub private_psk_identity: *mut crate::c_types::c_uchar,
+    pub private_psk_identity_len: usize,
+    pub private_alpn_list: *mut *const crate::c_types::c_char,
+    pub private_read_timeout: u32,
+    pub private_hs_timeout_min: u32,
+    pub private_hs_timeout_max: u32,
+    pub private_renego_max_records: crate::c_types::c_int,
+    pub private_renego_period: [crate::c_types::c_uchar; 8usize],
+    pub private_badmac_limit: crate::c_types::c_uint,
+    pub private_dhm_min_bitlen: crate::c_types::c_uint,
+    pub private_user_data: mbedtls_ssl_user_data_t,
+    pub private_f_cert_cb: mbedtls_ssl_hs_cb_t,
+    pub private_dn_hints: *const mbedtls_x509_crt,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ssl_context {
+    pub private_conf: *const mbedtls_ssl_config,
+    pub private_state: crate::c_types::c_int,
+    pub private_renego_status: crate::c_types::c_int,
+    pub private_renego_records_seen: crate::c_types::c_int,
+    pub private_tls_version: mbedtls_ssl_protocol_version,
+    pub private_badmac_seen: crate::c_types::c_uint,
+    pub private_f_vrfy: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut crate::c_types::c_void,
+            arg2: *mut mbedtls_x509_crt,
+            arg3: crate::c_types::c_int,
+            arg4: *mut u32,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_p_vrfy: *mut crate::c_types::c_void,
+    pub private_f_send: mbedtls_ssl_send_t,
+    pub private_f_recv: mbedtls_ssl_recv_t,
+    pub private_f_recv_timeout: mbedtls_ssl_recv_timeout_t,
+    pub private_p_bio: *mut crate::c_types::c_void,
+    pub private_session_in: *mut mbedtls_ssl_session,
+    pub private_session_out: *mut mbedtls_ssl_session,
+    pub private_session: *mut mbedtls_ssl_session,
+    pub private_session_negotiate: *mut mbedtls_ssl_session,
+    pub private_handshake: *mut mbedtls_ssl_handshake_params,
+    pub private_transform_in: *mut mbedtls_ssl_transform,
+    pub private_transform_out: *mut mbedtls_ssl_transform,
+    pub private_transform: *mut mbedtls_ssl_transform,
+    pub private_transform_negotiate: *mut mbedtls_ssl_transform,
+    pub private_transform_application: *mut mbedtls_ssl_transform,
+    pub private_p_timer: *mut crate::c_types::c_void,
+    pub private_f_set_timer: mbedtls_ssl_set_timer_t,
+    pub private_f_get_timer: mbedtls_ssl_get_timer_t,
+    pub private_in_buf: *mut crate::c_types::c_uchar,
+    pub private_in_ctr: *mut crate::c_types::c_uchar,
+    pub private_in_hdr: *mut crate::c_types::c_uchar,
+    pub private_in_cid: *mut crate::c_types::c_uchar,
+    pub private_in_len: *mut crate::c_types::c_uchar,
+    pub private_in_iv: *mut crate::c_types::c_uchar,
+    pub private_in_msg: *mut crate::c_types::c_uchar,
+    pub private_in_offt: *mut crate::c_types::c_uchar,
+    pub private_in_msgtype: crate::c_types::c_int,
+    pub private_in_msglen: usize,
+    pub private_in_left: usize,
+    pub private_in_epoch: u16,
+    pub private_next_record_offset: usize,
+    pub private_in_window_top: u64,
+    pub private_in_window: u64,
+    pub private_in_hslen: usize,
+    pub private_nb_zero: crate::c_types::c_int,
+    pub private_keep_current_message: crate::c_types::c_int,
+    pub private_send_alert: crate::c_types::c_uchar,
+    pub private_alert_type: crate::c_types::c_uchar,
+    pub private_alert_reason: crate::c_types::c_int,
+    pub private_disable_datagram_packing: u8,
+    pub private_out_buf: *mut crate::c_types::c_uchar,
+    pub private_out_ctr: *mut crate::c_types::c_uchar,
+    pub private_out_hdr: *mut crate::c_types::c_uchar,
+    pub private_out_cid: *mut crate::c_types::c_uchar,
+    pub private_out_len: *mut crate::c_types::c_uchar,
+    pub private_out_iv: *mut crate::c_types::c_uchar,
+    pub private_out_msg: *mut crate::c_types::c_uchar,
+    pub private_out_msgtype: crate::c_types::c_int,
+    pub private_out_msglen: usize,
+    pub private_out_left: usize,
+    pub private_cur_out_ctr: [crate::c_types::c_uchar; 8usize],
+    pub private_mtu: u16,
+    pub private_hostname: *mut crate::c_types::c_char,
+    pub private_alpn_chosen: *const crate::c_types::c_char,
+    pub private_cli_id: *mut crate::c_types::c_uchar,
+    pub private_cli_id_len: usize,
+    pub private_secure_renegotiation: crate::c_types::c_int,
+    pub private_verify_data_len: usize,
+    pub private_own_verify_data: [crate::c_types::c_char; 12usize],
+    pub private_peer_verify_data: [crate::c_types::c_char; 12usize],
+    pub private_own_cid: [crate::c_types::c_uchar; 32usize],
+    pub private_own_cid_len: u8,
+    pub private_negotiate_cid: u8,
+    pub private_f_export_keys: mbedtls_ssl_export_keys_t,
+    pub private_p_export_keys: *mut crate::c_types::c_void,
+    pub private_user_data: mbedtls_ssl_user_data_t,
+}
+extern "C" {
+    /// \brief               Return the name of the ciphersuite associated with the
+    ///                      given ID
+    ///
+    /// \param ciphersuite_id SSL ciphersuite ID
+    ///
+    /// \return              a string containing the ciphersuite name
+    pub fn mbedtls_ssl_get_ciphersuite_name(
+        ciphersuite_id: crate::c_types::c_int,
+    ) -> *const crate::c_types::c_char;
+}
+extern "C" {
+    /// \brief               Return the ID of the ciphersuite associated with the
+    ///                      given name
+    ///
+    /// \param ciphersuite_name SSL ciphersuite name
+    ///
+    /// \return              the ID with the ciphersuite or 0 if not found
+    pub fn mbedtls_ssl_get_ciphersuite_id(
+        ciphersuite_name: *const crate::c_types::c_char,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Initialize an SSL context
+    ///                 Just makes the context ready for mbedtls_ssl_setup() or
+    ///                 mbedtls_ssl_free()
+    ///
+    /// \param ssl      SSL context
+    pub fn mbedtls_ssl_init(ssl: *mut mbedtls_ssl_context);
+}
+extern "C" {
+    /// \brief          Set up an SSL context for use
+    ///
+    /// \note           No copy of the configuration context is made, it can be
+    ///                 shared by many mbedtls_ssl_context structures.
+    ///
+    /// \warning        The conf structure will be accessed during the session.
+    ///                 It must not be modified or freed as long as the session
+    ///                 is active.
+    ///
+    /// \warning        This function must be called exactly once per context.
+    ///                 Calling mbedtls_ssl_setup again is not supported, even
+    ///                 if no session is active.
+    ///
+    /// \note           If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+    ///                 subsystem must have been initialized by calling
+    ///                 psa_crypto_init() before calling this function.
+    ///
+    /// \param ssl      SSL context
+    /// \param conf     SSL configuration to use
+    ///
+    /// \return         0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED if
+    ///                 memory allocation failed
+    pub fn mbedtls_ssl_setup(
+        ssl: *mut mbedtls_ssl_context,
+        conf: *const mbedtls_ssl_config,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Reset an already initialized SSL context for re-use
+    ///                 while retaining application-set variables, function
+    ///                 pointers and data.
+    ///
+    /// \param ssl      SSL context
+    /// \return         0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED or
+    ///MBEDTLS_ERR_SSL_HW_ACCEL_FAILED
+    pub fn mbedtls_ssl_session_reset(ssl: *mut mbedtls_ssl_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Set the current endpoint type
+    ///
+    /// \param conf     SSL configuration
+    /// \param endpoint must be MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER
+    pub fn mbedtls_ssl_conf_endpoint(
+        conf: *mut mbedtls_ssl_config,
+        endpoint: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief           Set the transport type (TLS or DTLS).
+    ///                  Default: TLS
+    ///
+    /// \note            For DTLS, you must either provide a recv callback that
+    ///                  doesn't block, or one that handles timeouts, see
+    ///                  \c mbedtls_ssl_set_bio(). You also need to provide timer
+    ///                  callbacks with \c mbedtls_ssl_set_timer_cb().
+    ///
+    /// \param conf      SSL configuration
+    /// \param transport transport type:
+    ///                  MBEDTLS_SSL_TRANSPORT_STREAM for TLS,
+    ///                  MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS.
+    pub fn mbedtls_ssl_conf_transport(
+        conf: *mut mbedtls_ssl_config,
+        transport: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief          Set the certificate verification mode
+    ///                 Default: NONE on server, REQUIRED on client
+    ///
+    /// \param conf     SSL configuration
+    /// \param authmode can be:
+    ///
+    ///  MBEDTLS_SSL_VERIFY_NONE:      peer certificate is not checked
+    ///                        (default on server)
+    ///                        (insecure on client)
+    ///
+    ///  MBEDTLS_SSL_VERIFY_OPTIONAL:  peer certificate is checked, however the
+    ///                        handshake continues even if verification failed;
+    ///                        mbedtls_ssl_get_verify_result() can be called after the
+    ///                        handshake is complete.
+    ///
+    ///  MBEDTLS_SSL_VERIFY_REQUIRED:  peer *must* present a valid certificate,
+    ///                        handshake is aborted if verification failed.
+    ///                        (default on client)
+    ///
+    /// \note On client, MBEDTLS_SSL_VERIFY_REQUIRED is the recommended mode.
+    /// With MBEDTLS_SSL_VERIFY_OPTIONAL, the user needs to call mbedtls_ssl_get_verify_result() at
+    /// the right time(s), which may not be obvious, while REQUIRED always perform
+    /// the verification as soon as possible. For example, REQUIRED was protecting
+    /// against the "triple handshake" attack even before it was found.
+    pub fn mbedtls_ssl_conf_authmode(
+        conf: *mut mbedtls_ssl_config,
+        authmode: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief          Set the verification callback (Optional).
+    ///
+    ///                 If set, the provided verify callback is called for each
+    ///                 certificate in the peer's CRT chain, including the trusted
+    ///                 root. For more information, please see the documentation of
+    ///                 \c mbedtls_x509_crt_verify().
+    ///
+    /// \note           For per context callbacks and contexts, please use
+    ///                 mbedtls_ssl_set_verify() instead.
+    ///
+    /// \param conf     The SSL configuration to use.
+    /// \param f_vrfy   The verification callback to use during CRT verification.
+    /// \param p_vrfy   The opaque context to be passed to the callback.
+    pub fn mbedtls_ssl_conf_verify(
+        conf: *mut mbedtls_ssl_config,
+        f_vrfy: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut mbedtls_x509_crt,
+                arg3: crate::c_types::c_int,
+                arg4: *mut u32,
+            ) -> crate::c_types::c_int,
+        >,
+        p_vrfy: *mut crate::c_types::c_void,
+    );
+}
+extern "C" {
+    /// \brief          Set the random number generator callback
+    ///
+    /// \param conf     SSL configuration
+    /// \param f_rng    RNG function (mandatory)
+    /// \param p_rng    RNG parameter
+    pub fn mbedtls_ssl_conf_rng(
+        conf: *mut mbedtls_ssl_config,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    );
+}
+extern "C" {
+    /// \brief          Set the debug callback
+    ///
+    ///                 The callback has the following argument:
+    ///                 void *           opaque context for the callback
+    ///                 int              debug level
+    ///                 const char *     file name
+    ///                 int              line number
+    ///                 const char *     message
+    ///
+    /// \param conf     SSL configuration
+    /// \param f_dbg    debug function
+    /// \param p_dbg    debug parameter
+    pub fn mbedtls_ssl_conf_dbg(
+        conf: *mut mbedtls_ssl_config,
+        f_dbg: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: crate::c_types::c_int,
+                arg3: *const crate::c_types::c_char,
+                arg4: crate::c_types::c_int,
+                arg5: *const crate::c_types::c_char,
+            ),
+        >,
+        p_dbg: *mut crate::c_types::c_void,
+    );
+}
+extern "C" {
+    /// \brief          Set the underlying BIO callbacks for write, read and
+    ///                 read-with-timeout.
+    ///
+    /// \param ssl      SSL context
+    /// \param p_bio    parameter (context) shared by BIO callbacks
+    /// \param f_send   write callback
+    /// \param f_recv   read callback
+    /// \param f_recv_timeout blocking read callback with timeout.
+    ///
+    /// \note           One of f_recv or f_recv_timeout can be NULL, in which case
+    ///                 the other is used. If both are non-NULL, f_recv_timeout is
+    ///                 used and f_recv is ignored (as if it were NULL).
+    ///
+    /// \note           The two most common use cases are:
+    ///                 - non-blocking I/O, f_recv != NULL, f_recv_timeout == NULL
+    ///                 - blocking I/O, f_recv == NULL, f_recv_timeout != NULL
+    ///
+    /// \note           For DTLS, you need to provide either a non-NULL
+    ///                 f_recv_timeout callback, or a f_recv that doesn't block.
+    ///
+    /// \note           See the documentations of \c mbedtls_ssl_send_t,
+    ///                 \c mbedtls_ssl_recv_t and \c mbedtls_ssl_recv_timeout_t for
+    ///                 the conventions those callbacks must follow.
+    ///
+    /// \note           On some platforms, net_sockets.c provides
+    ///                 \c mbedtls_net_send(), \c mbedtls_net_recv() and
+    ///                 \c mbedtls_net_recv_timeout() that are suitable to be used
+    ///                 here.
+    pub fn mbedtls_ssl_set_bio(
+        ssl: *mut mbedtls_ssl_context,
+        p_bio: *mut crate::c_types::c_void,
+        f_send: mbedtls_ssl_send_t,
+        f_recv: mbedtls_ssl_recv_t,
+        f_recv_timeout: mbedtls_ssl_recv_timeout_t,
+    );
+}
+extern "C" {
+    /// \brief             Configure the use of the Connection ID (CID)
+    ///                    extension in the next handshake.
+    ///
+    ///                    Reference: RFC 9146 (or draft-ietf-tls-dtls-connection-id-05
+    ///                    https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05
+    ///                    for legacy version)
+    ///
+    ///                    The DTLS CID extension allows the reliable association of
+    ///                    DTLS records to DTLS connections across changes in the
+    ///                    underlying transport (changed IP and Port metadata) by
+    ///                    adding explicit connection identifiers (CIDs) to the
+    ///                    headers of encrypted DTLS records. The desired CIDs are
+    ///                    configured by the application layer and are exchanged in
+    ///                    new `ClientHello` / `ServerHello` extensions during the
+    ///                    handshake, where each side indicates the CID it wants the
+    ///                    peer to use when writing encrypted messages. The CIDs are
+    ///                    put to use once records get encrypted: the stack discards
+    ///                    any incoming records that don't include the configured CID
+    ///                    in their header, and adds the peer's requested CID to the
+    ///                    headers of outgoing messages.
+    ///
+    ///                    This API enables or disables the use of the CID extension
+    ///                    in the next handshake and sets the value of the CID to
+    ///                    be used for incoming messages.
+    ///
+    /// \param ssl         The SSL context to configure. This must be initialized.
+    /// \param enable      This value determines whether the CID extension should
+    ///                    be used or not. Possible values are:
+    ///                    - MBEDTLS_SSL_CID_ENABLED to enable the use of the CID.
+    ///                    - MBEDTLS_SSL_CID_DISABLED (default) to disable the use
+    ///                      of the CID.
+    /// \param own_cid     The address of the readable buffer holding the CID we want
+    ///                    the peer to use when sending encrypted messages to us.
+    ///                    This may be \c NULL if \p own_cid_len is \c 0.
+    ///                    This parameter is unused if \p enabled is set to
+    ///                    MBEDTLS_SSL_CID_DISABLED.
+    /// \param own_cid_len The length of \p own_cid.
+    ///                    This parameter is unused if \p enabled is set to
+    ///                    MBEDTLS_SSL_CID_DISABLED.
+    ///
+    /// \note              The value of \p own_cid_len must match the value of the
+    ///                    \c len parameter passed to mbedtls_ssl_conf_cid()
+    ///                    when configuring the ::mbedtls_ssl_config that \p ssl
+    ///                    is bound to.
+    ///
+    /// \note              This CID configuration applies to subsequent handshakes
+    ///                    performed on the SSL context \p ssl, but does not trigger
+    ///                    one. You still have to call `mbedtls_ssl_handshake()`
+    ///                    (for the initial handshake) or `mbedtls_ssl_renegotiate()`
+    ///                    (for a renegotiation handshake) explicitly after a
+    ///                    successful call to this function to run the handshake.
+    ///
+    /// \note              This call cannot guarantee that the use of the CID
+    ///                    will be successfully negotiated in the next handshake,
+    ///                    because the peer might not support it. Specifically:
+    ///                    - On the Client, enabling the use of the CID through
+    ///                      this call implies that the `ClientHello` in the next
+    ///                      handshake will include the CID extension, thereby
+    ///                      offering the use of the CID to the server. Only if
+    ///                      the `ServerHello` contains the CID extension, too,
+    ///                      the CID extension will actually be put to use.
+    ///                    - On the Server, enabling the use of the CID through
+    ///                      this call implies that the server will look for
+    ///                      the CID extension in a `ClientHello` from the client,
+    ///                      and, if present, reply with a CID extension in its
+    ///                      `ServerHello`.
+    ///
+    /// \note              To check whether the use of the CID was negotiated
+    ///                    after the subsequent handshake has completed, please
+    ///                    use the API mbedtls_ssl_get_peer_cid().
+    ///
+    /// \warning           If the use of the CID extension is enabled in this call
+    ///                    and the subsequent handshake negotiates its use, Mbed TLS
+    ///                    will silently drop every packet whose CID does not match
+    ///                    the CID configured in \p own_cid. It is the responsibility
+    ///                    of the user to adapt the underlying transport to take care
+    ///                    of CID-based demultiplexing before handing datagrams to
+    ///                    Mbed TLS.
+    ///
+    /// \return            \c 0 on success. In this case, the CID configuration
+    ///                    applies to the next handshake.
+    /// \return            A negative error code on failure.
+    pub fn mbedtls_ssl_set_cid(
+        ssl: *mut mbedtls_ssl_context,
+        enable: crate::c_types::c_int,
+        own_cid: *const crate::c_types::c_uchar,
+        own_cid_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief              Get information about our request for usage of the CID
+    ///                     extension in the current connection.
+    ///
+    /// \param ssl          The SSL context to query.
+    /// \param enabled      The address at which to store whether the CID extension
+    ///                     is requested to be used or not. If the CID is
+    ///                     requested, `*enabled` is set to
+    ///                     MBEDTLS_SSL_CID_ENABLED; otherwise, it is set to
+    ///                     MBEDTLS_SSL_CID_DISABLED.
+    /// \param own_cid      The address of the buffer in which to store our own
+    ///                     CID (if the CID extension is requested). This may be
+    ///                     \c NULL in case the value of our CID isn't needed. If
+    ///                     it is not \c NULL, \p own_cid_len must not be \c NULL.
+    /// \param own_cid_len  The address at which to store the size of our own CID
+    ///                     (if the CID extension is requested). This is also the
+    ///                     number of Bytes in \p own_cid that have been written.
+    ///                     This may be \c NULL in case the length of our own CID
+    ///                     isn't needed. If it is \c NULL, \p own_cid must be
+    ///                     \c NULL, too.
+    ///
+    ///\note                If we are requesting an empty CID this function sets
+    ///                     `*enabled` to #MBEDTLS_SSL_CID_DISABLED (the rationale
+    ///                     for this is that the resulting outcome is the
+    ///                     same as if the CID extensions wasn't requested).
+    ///
+    /// \return            \c 0 on success.
+    /// \return            A negative error code on failure.
+    pub fn mbedtls_ssl_get_own_cid(
+        ssl: *mut mbedtls_ssl_context,
+        enabled: *mut crate::c_types::c_int,
+        own_cid: *mut crate::c_types::c_uchar,
+        own_cid_len: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief              Get information about the use of the CID extension
+    ///                     in the current connection.
+    ///
+    /// \param ssl          The SSL context to query.
+    /// \param enabled      The address at which to store whether the CID extension
+    ///                     is currently in use or not. If the CID is in use,
+    ///                     `*enabled` is set to MBEDTLS_SSL_CID_ENABLED;
+    ///                     otherwise, it is set to MBEDTLS_SSL_CID_DISABLED.
+    /// \param peer_cid     The address of the buffer in which to store the CID
+    ///                     chosen by the peer (if the CID extension is used).
+    ///                     This may be \c NULL in case the value of peer CID
+    ///                     isn't needed. If it is not \c NULL, \p peer_cid_len
+    ///                     must not be \c NULL.
+    /// \param peer_cid_len The address at which to store the size of the CID
+    ///                     chosen by the peer (if the CID extension is used).
+    ///                     This is also the number of Bytes in \p peer_cid that
+    ///                     have been written.
+    ///                     This may be \c NULL in case the length of the peer CID
+    ///                     isn't needed. If it is \c NULL, \p peer_cid must be
+    ///                     \c NULL, too.
+    ///
+    /// \note               This applies to the state of the CID negotiated in
+    ///                     the last complete handshake. If a handshake is in
+    ///                     progress, this function will attempt to complete
+    ///                     the handshake first.
+    ///
+    /// \note               If CID extensions have been exchanged but both client
+    ///                     and server chose to use an empty CID, this function
+    ///                     sets `*enabled` to #MBEDTLS_SSL_CID_DISABLED
+    ///                     (the rationale for this is that the resulting
+    ///                     communication is the same as if the CID extensions
+    ///                     hadn't been used).
+    ///
+    /// \return            \c 0 on success.
+    /// \return            A negative error code on failure.
+    pub fn mbedtls_ssl_get_peer_cid(
+        ssl: *mut mbedtls_ssl_context,
+        enabled: *mut crate::c_types::c_int,
+        peer_cid: *mut crate::c_types::c_uchar,
+        peer_cid_len: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Set the Maximum Transport Unit (MTU).
+    ///                 Special value: 0 means unset (no limit).
+    ///                 This represents the maximum size of a datagram payload
+    ///                 handled by the transport layer (usually UDP) as determined
+    ///                 by the network link and stack. In practice, this controls
+    ///                 the maximum size datagram the DTLS layer will pass to the
+    ///                 \c f_send() callback set using \c mbedtls_ssl_set_bio().
+    ///
+    /// \note           The limit on datagram size is converted to a limit on
+    ///                 record payload by subtracting the current overhead of
+    ///                 encapsulation and encryption/authentication if any.
+    ///
+    /// \note           This can be called at any point during the connection, for
+    ///                 example when a Path Maximum Transfer Unit (PMTU)
+    ///                 estimate becomes available from other sources,
+    ///                 such as lower (or higher) protocol layers.
+    ///
+    /// \note           This setting only controls the size of the packets we send,
+    ///                 and does not restrict the size of the datagrams we're
+    ///                 willing to receive. Client-side, you can request the
+    ///                 server to use smaller records with \c
+    ///                 mbedtls_ssl_conf_max_frag_len().
+    ///
+    /// \note           If both a MTU and a maximum fragment length have been
+    ///                 configured (or negotiated with the peer), the resulting
+    ///                 lower limit on record payload (see first note) is used.
+    ///
+    /// \note           This can only be used to decrease the maximum size
+    ///                 of datagrams (hence records, see first note) sent. It
+    ///                 cannot be used to increase the maximum size of records over
+    ///                 the limit set by #MBEDTLS_SSL_OUT_CONTENT_LEN.
+    ///
+    /// \note           Values lower than the current record layer expansion will
+    ///                 result in an error when trying to send data.
+    ///
+    /// \param ssl      SSL context
+    /// \param mtu      Value of the path MTU in bytes
+    pub fn mbedtls_ssl_set_mtu(ssl: *mut mbedtls_ssl_context, mtu: u16);
+}
+extern "C" {
+    /// \brief          Set a connection-specific verification callback (optional).
+    ///
+    ///                 If set, the provided verify callback is called for each
+    ///                 certificate in the peer's CRT chain, including the trusted
+    ///                 root. For more information, please see the documentation of
+    ///                 \c mbedtls_x509_crt_verify().
+    ///
+    /// \note           This call is analogous to mbedtls_ssl_conf_verify() but
+    ///                 binds the verification callback and context to an SSL context
+    ///                 as opposed to an SSL configuration.
+    ///                 If mbedtls_ssl_conf_verify() and mbedtls_ssl_set_verify()
+    ///                 are both used, mbedtls_ssl_set_verify() takes precedence.
+    ///
+    /// \param ssl      The SSL context to use.
+    /// \param f_vrfy   The verification callback to use during CRT verification.
+    /// \param p_vrfy   The opaque context to be passed to the callback.
+    pub fn mbedtls_ssl_set_verify(
+        ssl: *mut mbedtls_ssl_context,
+        f_vrfy: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut mbedtls_x509_crt,
+                arg3: crate::c_types::c_int,
+                arg4: *mut u32,
+            ) -> crate::c_types::c_int,
+        >,
+        p_vrfy: *mut crate::c_types::c_void,
+    );
+}
+extern "C" {
+    /// \brief          Set the timeout period for mbedtls_ssl_read()
+    ///                 (Default: no timeout.)
+    ///
+    /// \param conf     SSL configuration context
+    /// \param timeout  Timeout value in milliseconds.
+    ///                 Use 0 for no timeout (default).
+    ///
+    /// \note           With blocking I/O, this will only work if a non-NULL
+    ///                 \c f_recv_timeout was set with \c mbedtls_ssl_set_bio().
+    ///                 With non-blocking I/O, this will only work if timer
+    ///                 callbacks were set with \c mbedtls_ssl_set_timer_cb().
+    ///
+    /// \note           With non-blocking I/O, you may also skip this function
+    ///                 altogether and handle timeouts at the application layer.
+    pub fn mbedtls_ssl_conf_read_timeout(conf: *mut mbedtls_ssl_config, timeout: u32);
+}
+extern "C" {
+    /// \brief          Check whether a buffer contains a valid and authentic record
+    ///                 that has not been seen before. (DTLS only).
+    ///
+    ///                 This function does not change the user-visible state
+    ///                 of the SSL context. Its sole purpose is to provide
+    ///                 an indication of the legitimacy of an incoming record.
+    ///
+    ///                 This can be useful e.g. in distributed server environments
+    ///                 using the DTLS Connection ID feature, in which connections
+    ///                 might need to be passed between service instances on a change
+    ///                 of peer address, but where such disruptive operations should
+    ///                 only happen after the validity of incoming records has been
+    ///                 confirmed.
+    ///
+    /// \param ssl      The SSL context to use.
+    /// \param buf      The address of the buffer holding the record to be checked.
+    ///                 This must be a read/write buffer of length \p buflen Bytes.
+    /// \param buflen   The length of \p buf in Bytes.
+    ///
+    /// \note           This routine only checks whether the provided buffer begins
+    ///                 with a valid and authentic record that has not been seen
+    ///                 before, but does not check potential data following the
+    ///                 initial record. In particular, it is possible to pass DTLS
+    ///                 datagrams containing multiple records, in which case only
+    ///                 the first record is checked.
+    ///
+    /// \note           This function modifies the input buffer \p buf. If you need
+    ///                 to preserve the original record, you have to maintain a copy.
+    ///
+    /// \return         \c 0 if the record is valid and authentic and has not been
+    ///                 seen before.
+    /// \return         MBEDTLS_ERR_SSL_INVALID_MAC if the check completed
+    ///                 successfully but the record was found to be not authentic.
+    /// \return         MBEDTLS_ERR_SSL_INVALID_RECORD if the check completed
+    ///                 successfully but the record was found to be invalid for
+    ///                 a reason different from authenticity checking.
+    /// \return         MBEDTLS_ERR_SSL_UNEXPECTED_RECORD if the check completed
+    ///                 successfully but the record was found to be unexpected
+    ///                 in the state of the SSL context, including replayed records.
+    /// \return         Another negative error code on different kinds of failure.
+    ///                 In this case, the SSL context becomes unusable and needs
+    ///                 to be freed or reset before reuse.
+    pub fn mbedtls_ssl_check_record(
+        ssl: *const mbedtls_ssl_context,
+        buf: *mut crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Set the timer callbacks (Mandatory for DTLS.)
+    ///
+    /// \param ssl      SSL context
+    /// \param p_timer  parameter (context) shared by timer callbacks
+    /// \param f_set_timer   set timer callback
+    /// \param f_get_timer   get timer callback. Must return:
+    ///
+    /// \note           See the documentation of \c mbedtls_ssl_set_timer_t and
+    ///                 \c mbedtls_ssl_get_timer_t for the conventions this pair of
+    ///                 callbacks must follow.
+    ///
+    /// \note           On some platforms, timing.c provides
+    ///                 \c mbedtls_timing_set_delay() and
+    ///                 \c mbedtls_timing_get_delay() that are suitable for using
+    ///                 here, except if using an event-driven style.
+    ///
+    /// \note           See also the "DTLS tutorial" article in our knowledge base.
+    ///                 https://mbed-tls.readthedocs.io/en/latest/kb/how-to/dtls-tutorial
+    pub fn mbedtls_ssl_set_timer_cb(
+        ssl: *mut mbedtls_ssl_context,
+        p_timer: *mut crate::c_types::c_void,
+        f_set_timer: mbedtls_ssl_set_timer_t,
+        f_get_timer: mbedtls_ssl_get_timer_t,
+    );
+}
+/// \brief           Callback type: generate and write session ticket
+///
+/// \note            This describes what a callback implementation should do.
+///                  This callback should generate an encrypted and
+///                  authenticated ticket for the session and write it to the
+///                  output buffer. Here, ticket means the opaque ticket part
+///                  of the NewSessionTicket structure of RFC 5077.
+///
+/// \param p_ticket  Context for the callback
+/// \param session   SSL session to be written in the ticket
+/// \param start     Start of the output buffer
+/// \param end       End of the output buffer
+/// \param tlen      On exit, holds the length written
+/// \param lifetime  On exit, holds the lifetime of the ticket in seconds
+///
+/// \return          0 if successful, or
+///                  a specific MBEDTLS_ERR_XXX code.
+pub type mbedtls_ssl_ticket_write_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        p_ticket: *mut crate::c_types::c_void,
+        session: *const mbedtls_ssl_session,
+        start: *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        tlen: *mut usize,
+        lifetime: *mut u32,
+    ) -> crate::c_types::c_int,
+>;
+/// \brief           Callback type: parse and load session ticket
+///
+/// \note            This describes what a callback implementation should do.
+///                  This callback should parse a session ticket as generated
+///                  by the corresponding mbedtls_ssl_ticket_write_t function,
+///                  and, if the ticket is authentic and valid, load the
+///                  session.
+///
+/// \note            The implementation is allowed to modify the first len
+///                  bytes of the input buffer, eg to use it as a temporary
+///                  area for the decrypted ticket contents.
+///
+/// \param p_ticket  Context for the callback
+/// \param session   SSL session to be loaded
+/// \param buf       Start of the buffer containing the ticket
+/// \param len       Length of the ticket.
+///
+/// \return          0 if successful, or
+///                  MBEDTLS_ERR_SSL_INVALID_MAC if not authentic, or
+///                  MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED if expired, or
+///                  any other non-zero code for other failures.
+pub type mbedtls_ssl_ticket_parse_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        p_ticket: *mut crate::c_types::c_void,
+        session: *mut mbedtls_ssl_session,
+        buf: *mut crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int,
+>;
+extern "C" {
+    /// \brief           Configure SSL session ticket callbacks (server only).
+    ///                  (Default: none.)
+    ///
+    /// \note            On server, session tickets are enabled by providing
+    ///                  non-NULL callbacks.
+    ///
+    /// \note            On client, use \c mbedtls_ssl_conf_session_tickets().
+    ///
+    /// \param conf      SSL configuration context
+    /// \param f_ticket_write    Callback for writing a ticket
+    /// \param f_ticket_parse    Callback for parsing a ticket
+    /// \param p_ticket          Context shared by the two callbacks
+    pub fn mbedtls_ssl_conf_session_tickets_cb(
+        conf: *mut mbedtls_ssl_config,
+        f_ticket_write: mbedtls_ssl_ticket_write_t,
+        f_ticket_parse: mbedtls_ssl_ticket_parse_t,
+        p_ticket: *mut crate::c_types::c_void,
+    );
+}
+extern "C" {
+    /// \brief   Configure a key export callback.
+    ///          (Default: none.)
+    ///
+    ///          This API can be used for two purposes:
+    ///          - Debugging: Use this API to e.g. generate an NSSKeylog
+    ///            file and use it to inspect encrypted traffic in tools
+    ///            such as Wireshark.
+    ///          - Application-specific export: Use this API to implement
+    ///            key exporters, e.g. for EAP-TLS or DTLS-SRTP.
+    ///
+    ///
+    /// \param ssl            The SSL context to which the export
+    ///                       callback should be attached.
+    /// \param f_export_keys  The callback for the key export.
+    /// \param p_export_keys  The opaque context pointer to be passed to the
+    ///                       callback \p f_export_keys.
+    pub fn mbedtls_ssl_set_export_keys_cb(
+        ssl: *mut mbedtls_ssl_context,
+        f_export_keys: mbedtls_ssl_export_keys_t,
+        p_export_keys: *mut crate::c_types::c_void,
+    );
+}
+/// \brief          Callback type: generate a cookie
+///
+/// \param ctx      Context for the callback
+/// \param p        Buffer to write to,
+///                 must be updated to point right after the cookie
+/// \param end      Pointer to one past the end of the output buffer
+/// \param info     Client ID info that was passed to
+///                 \c mbedtls_ssl_set_client_transport_id()
+/// \param ilen     Length of info in bytes
+///
+/// \return         The callback must return 0 on success,
+///                 or a negative error code.
+pub type mbedtls_ssl_cookie_write_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        ctx: *mut crate::c_types::c_void,
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *mut crate::c_types::c_uchar,
+        info: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int,
+>;
+/// \brief          Callback type: verify a cookie
+///
+/// \param ctx      Context for the callback
+/// \param cookie   Cookie to verify
+/// \param clen     Length of cookie
+/// \param info     Client ID info that was passed to
+///                 \c mbedtls_ssl_set_client_transport_id()
+/// \param ilen     Length of info in bytes
+///
+/// \return         The callback must return 0 if cookie is valid,
+///                 or a negative error code.
+pub type mbedtls_ssl_cookie_check_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        ctx: *mut crate::c_types::c_void,
+        cookie: *const crate::c_types::c_uchar,
+        clen: usize,
+        info: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int,
+>;
+extern "C" {
+    /// \brief           Register callbacks for DTLS cookies
+    ///                  (Server only. DTLS only.)
+    ///
+    ///                  Default: dummy callbacks that fail, in order to force you to
+    ///                  register working callbacks (and initialize their context).
+    ///
+    ///                  To disable HelloVerifyRequest, register NULL callbacks.
+    ///
+    /// \warning         Disabling hello verification allows your server to be used
+    ///                  for amplification in DoS attacks against other hosts.
+    ///                  Only disable if you known this can't happen in your
+    ///                  particular environment.
+    ///
+    /// \note            See comments on \c mbedtls_ssl_handshake() about handling
+    ///                  the MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED that is expected
+    ///                  on the first handshake attempt when this is enabled.
+    ///
+    /// \note            This is also necessary to handle client reconnection from
+    ///                  the same port as described in RFC 6347 section 4.2.8 (only
+    ///                  the variant with cookies is supported currently). See
+    ///                  comments on \c mbedtls_ssl_read() for details.
+    ///
+    /// \param conf              SSL configuration
+    /// \param f_cookie_write    Cookie write callback
+    /// \param f_cookie_check    Cookie check callback
+    /// \param p_cookie          Context for both callbacks
+    pub fn mbedtls_ssl_conf_dtls_cookies(
+        conf: *mut mbedtls_ssl_config,
+        f_cookie_write: mbedtls_ssl_cookie_write_t,
+        f_cookie_check: mbedtls_ssl_cookie_check_t,
+        p_cookie: *mut crate::c_types::c_void,
+    );
+}
+extern "C" {
+    /// \brief          Set client's transport-level identification info.
+    ///                 (Server only. DTLS only.)
+    ///
+    ///                 This is usually the IP address (and port), but could be
+    ///                 anything identify the client depending on the underlying
+    ///                 network stack. Used for HelloVerifyRequest with DTLS.
+    ///                 This is *not* used to route the actual packets.
+    ///
+    /// \param ssl      SSL context
+    /// \param info     Transport-level info identifying the client (eg IP + port)
+    /// \param ilen     Length of info in bytes
+    ///
+    /// \note           An internal copy is made, so the info buffer can be reused.
+    ///
+    /// \return         0 on success,
+    ///                 MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used on client,
+    ///                 MBEDTLS_ERR_SSL_ALLOC_FAILED if out of memory.
+    pub fn mbedtls_ssl_set_client_transport_id(
+        ssl: *mut mbedtls_ssl_context,
+        info: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Enable or disable anti-replay protection for DTLS.
+    ///                 (DTLS only, no effect on TLS.)
+    ///                 Default: enabled.
+    ///
+    /// \param conf     SSL configuration
+    /// \param mode     MBEDTLS_SSL_ANTI_REPLAY_ENABLED or MBEDTLS_SSL_ANTI_REPLAY_DISABLED.
+    ///
+    /// \warning        Disabling this is a security risk unless the application
+    ///                 protocol handles duplicated packets in a safe way. You
+    ///                 should not disable this without careful consideration.
+    ///                 However, if your application already detects duplicated
+    ///                 packets and needs information about them to adjust its
+    ///                 transmission strategy, then you'll want to disable this.
+    pub fn mbedtls_ssl_conf_dtls_anti_replay(
+        conf: *mut mbedtls_ssl_config,
+        mode: crate::c_types::c_char,
+    );
+}
+extern "C" {
+    /// \brief          Set a limit on the number of records with a bad MAC
+    ///                 before terminating the connection.
+    ///                 (DTLS only, no effect on TLS.)
+    ///                 Default: 0 (disabled).
+    ///
+    /// \param conf     SSL configuration
+    /// \param limit    Limit, or 0 to disable.
+    ///
+    /// \note           If the limit is N, then the connection is terminated when
+    ///                 the Nth non-authentic record is seen.
+    ///
+    /// \note           Records with an invalid header are not counted, only the
+    ///                 ones going through the authentication-decryption phase.
+    ///
+    /// \note           This is a security trade-off related to the fact that it's
+    ///                 often relatively easy for an active attacker to inject UDP
+    ///                 datagrams. On one hand, setting a low limit here makes it
+    ///                 easier for such an attacker to forcibly terminated a
+    ///                 connection. On the other hand, a high limit or no limit
+    ///                 might make us waste resources checking authentication on
+    ///                 many bogus packets.
+    pub fn mbedtls_ssl_conf_dtls_badmac_limit(
+        conf: *mut mbedtls_ssl_config,
+        limit: crate::c_types::c_uint,
+    );
+}
+extern "C" {
+    /// \brief          Allow or disallow packing of multiple handshake records
+    ///                 within a single datagram.
+    ///
+    /// \param ssl           The SSL context to configure.
+    /// \param allow_packing This determines whether datagram packing may
+    ///                      be used or not. A value of \c 0 means that every
+    ///                      record will be sent in a separate datagram; a
+    ///                      value of \c 1 means that, if space permits,
+    ///                      multiple handshake messages (including CCS) belonging to
+    ///                      a single flight may be packed within a single datagram.
+    ///
+    /// \note           This is enabled by default and should only be disabled
+    ///                 for test purposes, or if datagram packing causes
+    ///                 interoperability issues with peers that don't support it.
+    ///
+    /// \note           Allowing datagram packing reduces the network load since
+    ///                 there's less overhead if multiple messages share the same
+    ///                 datagram. Also, it increases the handshake efficiency
+    ///                 since messages belonging to a single datagram will not
+    ///                 be reordered in transit, and so future message buffering
+    ///                 or flight retransmission (if no buffering is used) as
+    ///                 means to deal with reordering are needed less frequently.
+    ///
+    /// \note           Application records are not affected by this option and
+    ///                 are currently always sent in separate datagrams.
+    pub fn mbedtls_ssl_set_datagram_packing(
+        ssl: *mut mbedtls_ssl_context,
+        allow_packing: crate::c_types::c_uint,
+    );
+}
+extern "C" {
+    /// \brief          Set retransmit timeout values for the DTLS handshake.
+    ///                 (DTLS only, no effect on TLS.)
+    ///
+    /// \param conf     SSL configuration
+    /// \param min      Initial timeout value in milliseconds.
+    ///                 Default: 1000 (1 second).
+    /// \param max      Maximum timeout value in milliseconds.
+    ///                 Default: 60000 (60 seconds).
+    ///
+    /// \note           Default values are from RFC 6347 section 4.2.4.1.
+    ///
+    /// \note           The 'min' value should typically be slightly above the
+    ///                 expected round-trip time to your peer, plus whatever time
+    ///                 it takes for the peer to process the message. For example,
+    ///                 if your RTT is about 600ms and you peer needs up to 1s to
+    ///                 do the cryptographic operations in the handshake, then you
+    ///                 should set 'min' slightly above 1600. Lower values of 'min'
+    ///                 might cause spurious resends which waste network resources,
+    ///                 while larger value of 'min' will increase overall latency
+    ///                 on unreliable network links.
+    ///
+    /// \note           The more unreliable your network connection is, the larger
+    ///                 your max / min ratio needs to be in order to achieve
+    ///                 reliable handshakes.
+    ///
+    /// \note           Messages are retransmitted up to log2(ceil(max/min)) times.
+    ///                 For example, if min = 1s and max = 5s, the retransmit plan
+    ///                 goes: send ... 1s -> resend ... 2s -> resend ... 4s ->
+    ///                 resend ... 5s -> give up and return a timeout error.
+    pub fn mbedtls_ssl_conf_handshake_timeout(conf: *mut mbedtls_ssl_config, min: u32, max: u32);
+}
+extern "C" {
+    /// \brief          Set the session cache callbacks (server-side only)
+    ///                 If not set, no session resuming is done (except if session
+    ///                 tickets are enabled too).
+    ///
+    ///                 The session cache has the responsibility to check for stale
+    ///                 entries based on timeout. See RFC 5246 for recommendations.
+    ///
+    ///                 Warning: session.peer_cert is cleared by the SSL/TLS layer on
+    ///                 connection shutdown, so do not cache the pointer! Either set
+    ///                 it to NULL or make a full copy of the certificate.
+    ///
+    ///                 The get callback is called once during the initial handshake
+    ///                 to enable session resuming. The get function has the
+    ///                 following parameters: (void *parameter, mbedtls_ssl_session *session)
+    ///                 If a valid entry is found, it should fill the master of
+    ///                 the session object with the cached values and return 0,
+    ///                 return 1 otherwise. Optionally peer_cert can be set as well
+    ///                 if it is properly present in cache entry.
+    ///
+    ///                 The set callback is called once during the initial handshake
+    ///                 to enable session resuming after the entire handshake has
+    ///                 been finished. The set function has the following parameters:
+    ///                 (void *parameter, const mbedtls_ssl_session *session). The function
+    ///                 should create a cache entry for future retrieval based on
+    ///                 the data in the session structure and should keep in mind
+    ///                 that the mbedtls_ssl_session object presented (and all its referenced
+    ///                 data) is cleared by the SSL/TLS layer when the connection is
+    ///                 terminated. It is recommended to add metadata to determine if
+    ///                 an entry is still valid in the future. Return 0 if
+    ///                 successfully cached, return 1 otherwise.
+    ///
+    /// \param conf           SSL configuration
+    /// \param p_cache        parameter (context) for both callbacks
+    /// \param f_get_cache    session get callback
+    /// \param f_set_cache    session set callback
+    pub fn mbedtls_ssl_conf_session_cache(
+        conf: *mut mbedtls_ssl_config,
+        p_cache: *mut crate::c_types::c_void,
+        f_get_cache: mbedtls_ssl_cache_get_t,
+        f_set_cache: mbedtls_ssl_cache_set_t,
+    );
+}
+extern "C" {
+    /// \brief          Load a session for session resumption.
+    ///
+    ///                 Sessions loaded through this call will be considered
+    ///                 for session resumption in the next handshake.
+    ///
+    /// \note           Even if this call succeeds, it is not guaranteed that
+    ///                 the next handshake will indeed be shortened through the
+    ///                 use of session resumption: The server is always free
+    ///                 to reject any attempt for resumption and fall back to
+    ///                 a full handshake.
+    ///
+    /// \note           This function can handle a variety of mechanisms for session
+    ///                 resumption: For TLS 1.2, both session ID-based resumption and
+    ///                 ticket-based resumption will be considered. For TLS 1.3,
+    ///                 once implemented, sessions equate to tickets, and loading
+    ///                 one or more sessions via this call will lead to their
+    ///                 corresponding tickets being advertised as resumption PSKs
+    ///                 by the client.
+    ///
+    /// \note           Calling this function multiple times will only be useful
+    ///                 once TLS 1.3 is supported. For TLS 1.2 connections, this
+    ///                 function should be called at most once.
+    ///
+    /// \param ssl      The SSL context representing the connection which should
+    ///                 be attempted to be setup using session resumption. This
+    ///                 must be initialized via mbedtls_ssl_init() and bound to
+    ///                 an SSL configuration via mbedtls_ssl_setup(), but
+    ///                 the handshake must not yet have been started.
+    /// \param session  The session to be considered for session resumption.
+    ///                 This must be a session previously exported via
+    ///                 mbedtls_ssl_get_session(), and potentially serialized and
+    ///                 deserialized through mbedtls_ssl_session_save() and
+    ///                 mbedtls_ssl_session_load() in the meantime.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         \c MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if the session
+    ///                 could not be loaded because of an implementation limitation.
+    ///                 This error is non-fatal, and has no observable effect on
+    ///                 the SSL context or the session that was attempted to be loaded.
+    /// \return         Another negative error code on other kinds of failure.
+    ///
+    /// \sa             mbedtls_ssl_get_session()
+    /// \sa             mbedtls_ssl_session_load()
+    pub fn mbedtls_ssl_set_session(
+        ssl: *mut mbedtls_ssl_context,
+        session: *const mbedtls_ssl_session,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Load serialized session data into a session structure.
+    ///                 On client, this can be used for loading saved sessions
+    ///                 before resuming them with mbedtls_ssl_set_session().
+    ///                 On server, this can be used for alternative implementations
+    ///                 of session cache or session tickets.
+    ///
+    /// \warning        If a peer certificate chain is associated with the session,
+    ///                 the serialized state will only contain the peer's
+    ///                 end-entity certificate and the result of the chain
+    ///                 verification (unless verification was disabled), but not
+    ///                 the rest of the chain.
+    ///
+    /// \see            mbedtls_ssl_session_save()
+    /// \see            mbedtls_ssl_set_session()
+    ///
+    /// \param session  The session structure to be populated. It must have been
+    ///                 initialised with mbedtls_ssl_session_init() but not
+    ///                 populated yet.
+    /// \param buf      The buffer holding the serialized session data. It must be a
+    ///                 readable buffer of at least \p len bytes.
+    /// \param len      The size of the serialized data in bytes.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed.
+    /// \return         #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid.
+    /// \return         #MBEDTLS_ERR_SSL_VERSION_MISMATCH if the serialized data
+    ///                 was generated in a different version or configuration of
+    ///                 Mbed TLS.
+    /// \return         Another negative value for other kinds of errors (for
+    ///                 example, unsupported features in the embedded certificate).
+    pub fn mbedtls_ssl_session_load(
+        session: *mut mbedtls_ssl_session,
+        buf: *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Save session structure as serialized data in a buffer.
+    ///                 On client, this can be used for saving session data,
+    ///                 potentially in non-volatile storage, for resuming later.
+    ///                 On server, this can be used for alternative implementations
+    ///                 of session cache or session tickets.
+    ///
+    /// \see            mbedtls_ssl_session_load()
+    ///
+    /// \param session  The session structure to be saved.
+    /// \param buf      The buffer to write the serialized data to. It must be a
+    ///                 writeable buffer of at least \p len bytes, or may be \c
+    ///                 NULL if \p len is \c 0.
+    /// \param buf_len  The number of bytes available for writing in \p buf.
+    /// \param olen     The size in bytes of the data that has been or would have
+    ///                 been written. It must point to a valid \c size_t.
+    ///
+    /// \note           \p olen is updated to the correct value regardless of
+    ///                 whether \p buf_len was large enough. This makes it possible
+    ///                 to determine the necessary size by calling this function
+    ///                 with \p buf set to \c NULL and \p buf_len to \c 0.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small.
+    pub fn mbedtls_ssl_session_save(
+        session: *const mbedtls_ssl_session,
+        buf: *mut crate::c_types::c_uchar,
+        buf_len: usize,
+        olen: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               Set the list of allowed ciphersuites and the preference
+    ///                      order. First in the list has the highest preference.
+    ///
+    ///                      For TLS 1.2, the notion of ciphersuite determines both
+    ///                      the key exchange mechanism and the suite of symmetric
+    ///                      algorithms to be used during and after the handshake.
+    ///
+    ///                      For TLS 1.3 (in development), the notion of ciphersuite
+    ///                      only determines the suite of symmetric algorithms to be
+    ///                      used during and after the handshake, while key exchange
+    ///                      mechanisms are configured separately.
+    ///
+    ///                      In Mbed TLS, ciphersuites for both TLS 1.2 and TLS 1.3
+    ///                      are configured via this function. For users of TLS 1.3,
+    ///                      there will be separate API for the configuration of key
+    ///                      exchange mechanisms.
+    ///
+    ///                      The list of ciphersuites passed to this function may
+    ///                      contain a mixture of TLS 1.2 and TLS 1.3 ciphersuite
+    ///                      identifiers. This is useful if negotiation of TLS 1.3
+    ///                      should be attempted, but a fallback to TLS 1.2 would
+    ///                      be tolerated.
+    ///
+    /// \note                By default, the server chooses its preferred
+    ///                      ciphersuite among those that the client supports. If
+    ///                      mbedtls_ssl_conf_preference_order() is called to prefer
+    ///                      the client's preferences, the server instead chooses
+    ///                      the client's preferred ciphersuite among those that
+    ///                      the server supports.
+    ///
+    /// \warning             The ciphersuites array \p ciphersuites is not copied.
+    ///                      It must remain valid for the lifetime of the SSL
+    ///                      configuration \p conf.
+    ///
+    /// \param conf          The SSL configuration to modify.
+    /// \param ciphersuites  A 0-terminated list of IANA identifiers of supported
+    ///                      ciphersuites, accessible through \c MBEDTLS_TLS_XXX
+    ///                      and \c MBEDTLS_TLS1_3_XXX macros defined in
+    ///                      ssl_ciphersuites.h.
+    pub fn mbedtls_ssl_conf_ciphersuites(
+        conf: *mut mbedtls_ssl_config,
+        ciphersuites: *const crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief Set the supported key exchange modes for TLS 1.3 connections.
+    ///
+    ///        In contrast to TLS 1.2, the ciphersuite concept in TLS 1.3 does not
+    ///        include the choice of key exchange mechanism. It is therefore not
+    ///        covered by the API mbedtls_ssl_conf_ciphersuites(). See the
+    ///        documentation of mbedtls_ssl_conf_ciphersuites() for more
+    ///        information on the ciphersuite concept in TLS 1.2 and TLS 1.3.
+    ///
+    ///        The present function is specific to TLS 1.3 and allows users to
+    ///        configure the set of supported key exchange mechanisms in TLS 1.3.
+    ///
+    /// \param conf       The SSL configuration the change should apply to.
+    /// \param kex_modes  A bitwise combination of one or more of the following:
+    ///                   - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK
+    ///                     This flag enables pure-PSK key exchanges.
+    ///                   - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL
+    ///                     This flag enables combined PSK-ephemeral key exchanges.
+    ///                   - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL
+    ///                     This flag enables pure-ephemeral key exchanges.
+    ///                   For convenience, the following pre-defined macros are
+    ///                   available for combinations of the above:
+    ///                   - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL
+    ///                     Includes all of pure-PSK, PSK-ephemeral and pure-ephemeral.
+    ///                   - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL
+    ///                     Includes both pure-PSK and combined PSK-ephemeral
+    ///                     key exchanges, but excludes pure-ephemeral key exchanges.
+    ///                   - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL
+    ///                     Includes both pure-ephemeral and combined PSK-ephemeral
+    ///                     key exchanges.
+    ///
+    /// \note  If a PSK-based key exchange mode shall be supported, applications
+    ///        must also use the APIs mbedtls_ssl_conf_psk() or
+    ///        mbedtls_ssl_conf_psk_cb() or mbedtls_ssl_conf_psk_opaque()
+    ///        to configure the PSKs to be used.
+    ///
+    /// \note  If a pure-ephemeral key exchange mode shall be supported,
+    ///        server-side applications must also provide a certificate via
+    ///        mbedtls_ssl_conf_own_cert().
+    pub fn mbedtls_ssl_conf_tls13_key_exchange_modes(
+        conf: *mut mbedtls_ssl_config,
+        kex_modes: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief               Specify the length of Connection IDs for incoming
+    ///                      encrypted DTLS records, as well as the behaviour
+    ///                      on unexpected CIDs.
+    ///
+    ///                      By default, the CID length is set to \c 0,
+    ///                      and unexpected CIDs are silently ignored.
+    ///
+    /// \param conf          The SSL configuration to modify.
+    /// \param len           The length in Bytes of the CID fields in encrypted
+    ///                      DTLS records using the CID mechanism. This must
+    ///                      not be larger than #MBEDTLS_SSL_CID_OUT_LEN_MAX.
+    /// \param ignore_other_cids This determines the stack's behaviour when
+    ///                          receiving a record with an unexpected CID.
+    ///                          Possible values are:
+    ///                          - #MBEDTLS_SSL_UNEXPECTED_CID_IGNORE
+    ///                            In this case, the record is silently ignored.
+    ///                          - #MBEDTLS_SSL_UNEXPECTED_CID_FAIL
+    ///                            In this case, the stack fails with the specific
+    ///                            error code #MBEDTLS_ERR_SSL_UNEXPECTED_CID.
+    ///
+    /// \note                The CID specification allows implementations to either
+    ///                      use a common length for all incoming connection IDs or
+    ///                      allow variable-length incoming IDs. Mbed TLS currently
+    ///                      requires a common length for all connections sharing the
+    ///                      same SSL configuration; this allows simpler parsing of
+    ///                      record headers.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if \p own_cid_len
+    ///                      is too large.
+    pub fn mbedtls_ssl_conf_cid(
+        conf: *mut mbedtls_ssl_config,
+        len: usize,
+        ignore_other_cids: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Set the X.509 security profile used for verification
+    ///
+    /// \note           The restrictions are enforced for all certificates in the
+    ///                 chain. However, signatures in the handshake are not covered
+    ///                 by this setting but by \b mbedtls_ssl_conf_sig_hashes().
+    ///
+    /// \param conf     SSL configuration
+    /// \param profile  Profile to use
+    pub fn mbedtls_ssl_conf_cert_profile(
+        conf: *mut mbedtls_ssl_config,
+        profile: *const mbedtls_x509_crt_profile,
+    );
+}
+extern "C" {
+    /// \brief          Set the data required to verify peer certificate
+    ///
+    /// \note           See \c mbedtls_x509_crt_verify() for notes regarding the
+    ///                 parameters ca_chain (maps to trust_ca for that function)
+    ///                 and ca_crl.
+    ///
+    /// \param conf     SSL configuration
+    /// \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs)
+    /// \param ca_crl   trusted CA CRLs
+    pub fn mbedtls_ssl_conf_ca_chain(
+        conf: *mut mbedtls_ssl_config,
+        ca_chain: *mut mbedtls_x509_crt,
+        ca_crl: *mut mbedtls_x509_crl,
+    );
+}
+extern "C" {
+    /// \brief          Set own certificate chain and private key
+    ///
+    /// \note           own_cert should contain in order from the bottom up your
+    ///                 certificate chain. The top certificate (self-signed)
+    ///                 can be omitted.
+    ///
+    /// \note           On server, this function can be called multiple times to
+    ///                 provision more than one cert/key pair (eg one ECDSA, one
+    ///                 RSA with SHA-256, one RSA with SHA-1). An adequate
+    ///                 certificate will be selected according to the client's
+    ///                 advertised capabilities. In case multiple certificates are
+    ///                 adequate, preference is given to the one set by the first
+    ///                 call to this function, then second, etc.
+    ///
+    /// \note           On client, only the first call has any effect. That is,
+    ///                 only one client certificate can be provisioned. The
+    ///                 server's preferences in its CertificateRequest message will
+    ///                 be ignored and our only cert will be sent regardless of
+    ///                 whether it matches those preferences - the server can then
+    ///                 decide what it wants to do with it.
+    ///
+    /// \note           The provided \p pk_key needs to match the public key in the
+    ///                 first certificate in \p own_cert, or all handshakes using
+    ///                 that certificate will fail. It is your responsibility
+    ///                 to ensure that; this function will not perform any check.
+    ///                 You may use mbedtls_pk_check_pair() in order to perform
+    ///                 this check yourself, but be aware that this function can
+    ///                 be computationally expensive on some key types.
+    ///
+    /// \param conf     SSL configuration
+    /// \param own_cert own public certificate chain
+    /// \param pk_key   own private key
+    ///
+    /// \return         0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED
+    pub fn mbedtls_ssl_conf_own_cert(
+        conf: *mut mbedtls_ssl_config,
+        own_cert: *mut mbedtls_x509_crt,
+        pk_key: *mut mbedtls_pk_context,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Configure pre-shared keys (PSKs) and their
+    ///                 identities to be used in PSK-based ciphersuites.
+    ///
+    ///                 Only one PSK can be registered, through either
+    ///                 mbedtls_ssl_conf_psk() or mbedtls_ssl_conf_psk_opaque().
+    ///                 If you attempt to register more than one PSK, this function
+    ///                 fails, though this may change in future versions, which
+    ///                 may add support for multiple PSKs.
+    ///
+    /// \note           This is mainly useful for clients. Servers will usually
+    ///                 want to use \c mbedtls_ssl_conf_psk_cb() instead.
+    ///
+    /// \note           A PSK set by \c mbedtls_ssl_set_hs_psk() in the PSK callback
+    ///                 takes precedence over a PSK configured by this function.
+    ///
+    /// \param conf     The SSL configuration to register the PSK with.
+    /// \param psk      The pointer to the pre-shared key to use.
+    /// \param psk_len  The length of the pre-shared key in bytes.
+    /// \param psk_identity      The pointer to the pre-shared key identity.
+    /// \param psk_identity_len  The length of the pre-shared key identity
+    ///                          in bytes.
+    ///
+    /// \note           The PSK and its identity are copied internally and
+    ///                 hence need not be preserved by the caller for the lifetime
+    ///                 of the SSL configuration.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if no more PSKs
+    ///                 can be configured. In this case, the old PSK(s) remain intact.
+    /// \return         Another negative error code on other kinds of failure.
+    pub fn mbedtls_ssl_conf_psk(
+        conf: *mut mbedtls_ssl_config,
+        psk: *const crate::c_types::c_uchar,
+        psk_len: usize,
+        psk_identity: *const crate::c_types::c_uchar,
+        psk_identity_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Set the pre-shared Key (PSK) for the current handshake.
+    ///
+    /// \note           This should only be called inside the PSK callback,
+    ///                 i.e. the function passed to \c mbedtls_ssl_conf_psk_cb().
+    ///
+    /// \note           A PSK set by this function takes precedence over a PSK
+    ///                 configured by \c mbedtls_ssl_conf_psk().
+    ///
+    /// \param ssl      The SSL context to configure a PSK for.
+    /// \param psk      The pointer to the pre-shared key.
+    /// \param psk_len  The length of the pre-shared key in bytes.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         An \c MBEDTLS_ERR_SSL_XXX error code on failure.
+    pub fn mbedtls_ssl_set_hs_psk(
+        ssl: *mut mbedtls_ssl_context,
+        psk: *const crate::c_types::c_uchar,
+        psk_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Set the PSK callback (server-side only).
+    ///
+    ///                 If set, the PSK callback is called for each
+    ///                 handshake where a PSK-based ciphersuite was negotiated.
+    ///                 The caller provides the identity received and wants to
+    ///                 receive the actual PSK data and length.
+    ///
+    ///                 The callback has the following parameters:
+    ///                 - \c void*: The opaque pointer \p p_psk.
+    ///                 - \c mbedtls_ssl_context*: The SSL context to which
+    ///                                            the operation applies.
+    ///                 - \c const unsigned char*: The PSK identity
+    ///                                            selected by the client.
+    ///                 - \c size_t: The length of the PSK identity
+    ///                              selected by the client.
+    ///
+    ///                 If a valid PSK identity is found, the callback should use
+    ///                 \c mbedtls_ssl_set_hs_psk() or
+    ///                 \c mbedtls_ssl_set_hs_psk_opaque()
+    ///                 on the SSL context to set the correct PSK and return \c 0.
+    ///                 Any other return value will result in a denied PSK identity.
+    ///
+    /// \note           A dynamic PSK (i.e. set by the PSK callback) takes
+    ///                 precedence over a static PSK (i.e. set by
+    ///                 \c mbedtls_ssl_conf_psk() or
+    ///                 \c mbedtls_ssl_conf_psk_opaque()).
+    ///                 This means that if you set a PSK callback using this
+    ///                 function, you don't need to set a PSK using
+    ///                 \c mbedtls_ssl_conf_psk() or
+    ///                 \c mbedtls_ssl_conf_psk_opaque()).
+    ///
+    /// \param conf     The SSL configuration to register the callback with.
+    /// \param f_psk    The callback for selecting and setting the PSK based
+    ///                 in the PSK identity chosen by the client.
+    /// \param p_psk    A pointer to an opaque structure to be passed to
+    ///                 the callback, for example a PSK store.
+    pub fn mbedtls_ssl_conf_psk_cb(
+        conf: *mut mbedtls_ssl_config,
+        f_psk: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut mbedtls_ssl_context,
+                arg3: *const crate::c_types::c_uchar,
+                arg4: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_psk: *mut crate::c_types::c_void,
+    );
+}
+extern "C" {
+    /// \brief          Set the Diffie-Hellman public P and G values
+    ///                 from big-endian binary presentations.
+    ///                 (Default values: MBEDTLS_DHM_RFC3526_MODP_2048_[PG]_BIN)
+    ///
+    /// \param conf     SSL configuration
+    /// \param dhm_P    Diffie-Hellman-Merkle modulus in big-endian binary form
+    /// \param P_len    Length of DHM modulus
+    /// \param dhm_G    Diffie-Hellman-Merkle generator in big-endian binary form
+    /// \param G_len    Length of DHM generator
+    ///
+    /// \return         0 if successful
+    pub fn mbedtls_ssl_conf_dh_param_bin(
+        conf: *mut mbedtls_ssl_config,
+        dhm_P: *const crate::c_types::c_uchar,
+        P_len: usize,
+        dhm_G: *const crate::c_types::c_uchar,
+        G_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Set the Diffie-Hellman public P and G values,
+    ///                 read from existing context (server-side only)
+    ///
+    /// \param conf     SSL configuration
+    /// \param dhm_ctx  Diffie-Hellman-Merkle context
+    ///
+    /// \return         0 if successful
+    pub fn mbedtls_ssl_conf_dh_param_ctx(
+        conf: *mut mbedtls_ssl_config,
+        dhm_ctx: *mut mbedtls_dhm_context,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Set the minimum length for Diffie-Hellman parameters.
+    ///                 (Client-side only.)
+    ///                 (Default: 1024 bits.)
+    ///
+    /// \param conf     SSL configuration
+    /// \param bitlen   Minimum bit length of the DHM prime
+    pub fn mbedtls_ssl_conf_dhm_min_bitlen(
+        conf: *mut mbedtls_ssl_config,
+        bitlen: crate::c_types::c_uint,
+    );
+}
+extern "C" {
+    /// \brief          Set the allowed curves in order of preference.
+    ///
+    ///                 On server: this only affects selection of the ECDHE curve;
+    ///                 the curves used for ECDH and ECDSA are determined by the
+    ///                 list of available certificates instead.
+    ///
+    ///                 On client: this affects the list of curves offered for any
+    ///                 use. The server can override our preference order.
+    ///
+    ///                 Both sides: limits the set of curves accepted for use in
+    ///                 ECDHE and in the peer's end-entity certificate.
+    ///
+    /// \deprecated     Superseded by mbedtls_ssl_conf_groups().
+    ///
+    /// \note           This has no influence on which curves are allowed inside the
+    ///                 certificate chains, see \c mbedtls_ssl_conf_cert_profile()
+    ///                 for that. For the end-entity certificate however, the key
+    ///                 will be accepted only if it is allowed both by this list
+    ///                 and by the cert profile.
+    ///
+    /// \note           This list should be ordered by decreasing preference
+    ///                 (preferred curve first).
+    ///
+    /// \note           The default list is the same set of curves that
+    ///                 #mbedtls_x509_crt_profile_default allows, plus
+    ///                 ECDHE-only curves selected according to the same criteria.
+    ///                 The order favors curves with the lowest resource usage.
+    ///
+    /// \note           New minor versions of Mbed TLS may extend this list,
+    ///                 for example if new curves are added to the library.
+    ///                 New minor versions of Mbed TLS will not remove items
+    ///                 from this list unless serious security concerns require it.
+    ///                 New minor versions of Mbed TLS may change the order in
+    ///                 keeping with the general principle of favoring the lowest
+    ///                 resource usage.
+    ///
+    /// \param conf     SSL configuration
+    /// \param curves   Ordered list of allowed curves,
+    ///                 terminated by MBEDTLS_ECP_DP_NONE.
+    pub fn mbedtls_ssl_conf_curves(
+        conf: *mut mbedtls_ssl_config,
+        curves: *const mbedtls_ecp_group_id,
+    );
+}
+extern "C" {
+    /// \brief          Set the allowed groups in order of preference.
+    ///
+    ///                 On server: This only affects the choice of key agreement mechanism
+    ///
+    ///                 On client: this affects the list of groups offered for any
+    ///                 use. The server can override our preference order.
+    ///
+    ///                 Both sides: limits the set of groups accepted for use in
+    ///                 key sharing.
+    ///
+    /// \note           This function replaces the deprecated mbedtls_ssl_conf_curves(),
+    ///                 which only allows ECP curves to be configured.
+    ///
+    /// \note           The most recent invocation of either mbedtls_ssl_conf_curves()
+    ///                 or mbedtls_ssl_conf_groups() nullifies all previous invocations
+    ///                 of both.
+    ///
+    /// \note           This list should be ordered by decreasing preference
+    ///                 (preferred group first).
+    ///
+    /// \note           When this function is not called, a default list is used,
+    ///                 consisting of all supported curves at 255 bits and above,
+    ///                 and all supported finite fields at 2048 bits and above.
+    ///                 The order favors groups with the lowest resource usage.
+    ///
+    /// \note           New minor versions of Mbed TLS will not remove items
+    ///                 from the default list unless serious security concerns require it.
+    ///                 New minor versions of Mbed TLS may change the order in
+    ///                 keeping with the general principle of favoring the lowest
+    ///                 resource usage.
+    ///
+    /// \param conf     SSL configuration
+    /// \param groups   List of allowed groups ordered by preference, terminated by 0.
+    ///                 Must contain valid IANA NamedGroup IDs (provided via either an integer
+    ///                 or using MBEDTLS_TLS1_3_NAMED_GROUP_XXX macros).
+    pub fn mbedtls_ssl_conf_groups(conf: *mut mbedtls_ssl_config, groups: *const u16);
+}
+extern "C" {
+    /// \brief          Set the allowed hashes for signatures during the handshake.
+    ///
+    /// \note           This only affects which hashes are offered and can be used
+    ///                 for signatures during the handshake. Hashes for message
+    ///                 authentication and the TLS PRF are controlled by the
+    ///                 ciphersuite, see \c mbedtls_ssl_conf_ciphersuites(). Hashes
+    ///                 used for certificate signature are controlled by the
+    ///                 verification profile, see \c mbedtls_ssl_conf_cert_profile().
+    ///
+    /// \note           This list should be ordered by decreasing preference
+    ///                 (preferred hash first).
+    ///
+    /// \note           By default, all supported hashes whose length is at least
+    ///                 256 bits are allowed. This is the same set as the default
+    ///                 for certificate verification
+    ///                 (#mbedtls_x509_crt_profile_default).
+    ///                 The preference order is currently unspecified and may
+    ///                 change in future versions.
+    ///
+    /// \note           New minor versions of Mbed TLS may extend this list,
+    ///                 for example if new curves are added to the library.
+    ///                 New minor versions of Mbed TLS will not remove items
+    ///                 from this list unless serious security concerns require it.
+    ///
+    /// \param conf     SSL configuration
+    /// \param hashes   Ordered list of allowed signature hashes,
+    ///                 terminated by \c MBEDTLS_MD_NONE.
+    pub fn mbedtls_ssl_conf_sig_hashes(
+        conf: *mut mbedtls_ssl_config,
+        hashes: *const crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief          Configure allowed signature algorithms for use in TLS 1.3
+    ///
+    /// \param conf     The SSL configuration to use.
+    /// \param sig_algs List of allowed IANA values for TLS 1.3 signature algorithms,
+    ///                 terminated by \c MBEDTLS_TLS1_3_SIG_NONE. The list must remain
+    ///                 available throughout the lifetime of the conf object. Supported
+    ///                 values are available as \c MBEDTLS_TLS1_3_SIG_XXXX
+    pub fn mbedtls_ssl_conf_sig_algs(conf: *mut mbedtls_ssl_config, sig_algs: *const u16);
+}
+extern "C" {
+    /// \brief          Set or reset the hostname to check against the received
+    ///                 server certificate. It sets the ServerName TLS extension,
+    ///                 too, if that extension is enabled. (client-side only)
+    ///
+    /// \param ssl      SSL context
+    /// \param hostname the server hostname, may be NULL to clear hostname
+    ///
+    /// \note           Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN.
+    ///
+    /// \return         0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on
+    ///                 allocation failure, MBEDTLS_ERR_SSL_BAD_INPUT_DATA on
+    ///                 too long input hostname.
+    ///
+    ///                 Hostname set to the one provided on success (cleared
+    ///                 when NULL). On allocation failure hostname is cleared.
+    ///                 On too long input failure, old hostname is unchanged.
+    pub fn mbedtls_ssl_set_hostname(
+        ssl: *mut mbedtls_ssl_context,
+        hostname: *const crate::c_types::c_char,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Retrieve SNI extension value for the current handshake.
+    ///                 Available in \p f_cert_cb of \c mbedtls_ssl_conf_cert_cb(),
+    ///                 this is the same value passed to \p f_sni callback of
+    ///                 \c mbedtls_ssl_conf_sni() and may be used instead of
+    ///                 \c mbedtls_ssl_conf_sni().
+    ///
+    /// \param ssl      SSL context
+    /// \param name_len pointer into which to store length of returned value.
+    ///                 0 if SNI extension is not present or not yet processed.
+    ///
+    /// \return         const pointer to SNI extension value.
+    ///                 - value is valid only when called in \p f_cert_cb
+    ///                   registered with \c mbedtls_ssl_conf_cert_cb().
+    ///                 - value is NULL if SNI extension is not present.
+    ///                 - value is not '\0'-terminated.  Use \c name_len for len.
+    ///                 - value must not be freed.
+    pub fn mbedtls_ssl_get_hs_sni(
+        ssl: *mut mbedtls_ssl_context,
+        name_len: *mut usize,
+    ) -> *const crate::c_types::c_uchar;
+}
+extern "C" {
+    /// \brief          Set own certificate and key for the current handshake
+    ///
+    /// \note           Same as \c mbedtls_ssl_conf_own_cert() but for use within
+    ///                 the SNI callback or the certificate selection callback.
+    ///
+    /// \note           Passing null \c own_cert clears the certificate list for
+    ///                 the current handshake.
+    ///
+    /// \param ssl      SSL context
+    /// \param own_cert own public certificate chain
+    /// \param pk_key   own private key
+    ///
+    /// \return         0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED
+    pub fn mbedtls_ssl_set_hs_own_cert(
+        ssl: *mut mbedtls_ssl_context,
+        own_cert: *mut mbedtls_x509_crt,
+        pk_key: *mut mbedtls_pk_context,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Set the data required to verify peer certificate for the
+    ///                 current handshake
+    ///
+    /// \note           Same as \c mbedtls_ssl_conf_ca_chain() but for use within
+    ///                 the SNI callback or the certificate selection callback.
+    ///
+    /// \param ssl      SSL context
+    /// \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs)
+    /// \param ca_crl   trusted CA CRLs
+    pub fn mbedtls_ssl_set_hs_ca_chain(
+        ssl: *mut mbedtls_ssl_context,
+        ca_chain: *mut mbedtls_x509_crt,
+        ca_crl: *mut mbedtls_x509_crl,
+    );
+}
+extern "C" {
+    /// \brief          Set DN hints sent to client in CertificateRequest message
+    ///
+    /// \note           Same as \c mbedtls_ssl_conf_dn_hints() but for use within
+    ///                 the SNI callback or the certificate selection callback.
+    ///
+    /// \param ssl      SSL context
+    /// \param crt      crt chain whose subject DNs are issuer DNs of client certs
+    ///                 from which the client should select client peer certificate.
+    pub fn mbedtls_ssl_set_hs_dn_hints(ssl: *mut mbedtls_ssl_context, crt: *const mbedtls_x509_crt);
+}
+extern "C" {
+    /// \brief          Set authmode for the current handshake.
+    ///
+    /// \note           Same as \c mbedtls_ssl_conf_authmode() but for use within
+    ///                 the SNI callback or the certificate selection callback.
+    ///
+    /// \param ssl      SSL context
+    /// \param authmode MBEDTLS_SSL_VERIFY_NONE, MBEDTLS_SSL_VERIFY_OPTIONAL or
+    ///                 MBEDTLS_SSL_VERIFY_REQUIRED
+    pub fn mbedtls_ssl_set_hs_authmode(
+        ssl: *mut mbedtls_ssl_context,
+        authmode: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief          Set server side ServerName TLS extension callback
+    ///                 (optional, server-side only).
+    ///
+    ///                 If set, the ServerName callback is called whenever the
+    ///                 server receives a ServerName TLS extension from the client
+    ///                 during a handshake. The ServerName callback has the
+    ///                 following parameters: (void *parameter, mbedtls_ssl_context *ssl,
+    ///                 const unsigned char *hostname, size_t len). If a suitable
+    ///                 certificate is found, the callback must set the
+    ///                 certificate(s) and key(s) to use with \c
+    ///                 mbedtls_ssl_set_hs_own_cert() (can be called repeatedly),
+    ///                 and may optionally adjust the CA and associated CRL with \c
+    ///                 mbedtls_ssl_set_hs_ca_chain() as well as the client
+    ///                 authentication mode with \c mbedtls_ssl_set_hs_authmode(),
+    ///                 then must return 0. If no matching name is found, the
+    ///                 callback may return non-zero to abort the handshake.
+    ///
+    /// \param conf     SSL configuration
+    /// \param f_sni    verification function
+    /// \param p_sni    verification parameter
+    pub fn mbedtls_ssl_conf_sni(
+        conf: *mut mbedtls_ssl_config,
+        f_sni: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut mbedtls_ssl_context,
+                arg3: *const crate::c_types::c_uchar,
+                arg4: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_sni: *mut crate::c_types::c_void,
+    );
+}
+extern "C" {
+    /// \brief          Set the supported Application Layer Protocols.
+    ///
+    /// \param conf     SSL configuration
+    /// \param protos   Pointer to a NULL-terminated list of supported protocols,
+    ///                 in decreasing preference order. The pointer to the list is
+    ///                 recorded by the library for later reference as required, so
+    ///                 the lifetime of the table must be at least as long as the
+    ///                 lifetime of the SSL configuration structure.
+    ///
+    /// \return         0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA.
+    pub fn mbedtls_ssl_conf_alpn_protocols(
+        conf: *mut mbedtls_ssl_config,
+        protos: *mut *const crate::c_types::c_char,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Get the name of the negotiated Application Layer Protocol.
+    ///                 This function should be called after the handshake is
+    ///                 completed.
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         Protocol name, or NULL if no protocol was negotiated.
+    pub fn mbedtls_ssl_get_alpn_protocol(
+        ssl: *const mbedtls_ssl_context,
+    ) -> *const crate::c_types::c_char;
+}
+extern "C" {
+    /// \brief          Set the maximum supported version sent from the client side
+    ///                 and/or accepted at the server side.
+    ///
+    ///                 See also the documentation of mbedtls_ssl_conf_min_version().
+    ///
+    /// \note           This ignores ciphersuites from higher versions.
+    ///
+    /// \note           This function is deprecated and has been replaced by
+    ///                 \c mbedtls_ssl_conf_max_tls_version().
+    ///
+    /// \param conf     SSL configuration
+    /// \param major    Major version number (#MBEDTLS_SSL_MAJOR_VERSION_3)
+    /// \param minor    Minor version number
+    ///                 (#MBEDTLS_SSL_MINOR_VERSION_3 for (D)TLS 1.2,
+    ///                 #MBEDTLS_SSL_MINOR_VERSION_4 for TLS 1.3)
+    pub fn mbedtls_ssl_conf_max_version(
+        conf: *mut mbedtls_ssl_config,
+        major: crate::c_types::c_int,
+        minor: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief          Set the minimum accepted SSL/TLS protocol version
+    ///
+    /// \note           By default, all supported versions are accepted.
+    ///                 Future versions of the library may disable older
+    ///                 protocol versions by default if they become deprecated.
+    ///
+    /// \note           The following versions are supported (if enabled at
+    ///                 compile time):
+    ///                 - (D)TLS 1.2: \p major = #MBEDTLS_SSL_MAJOR_VERSION_3,
+    ///                   \p minor = #MBEDTLS_SSL_MINOR_VERSION_3
+    ///                 - TLS 1.3: \p major = #MBEDTLS_SSL_MAJOR_VERSION_3,
+    ///                   \p minor = #MBEDTLS_SSL_MINOR_VERSION_4
+    ///
+    ///                 Note that the numbers in the constant names are the
+    ///                 TLS internal protocol numbers, and the minor versions
+    ///                 differ by one from the human-readable versions!
+    ///
+    /// \note           Input outside of the SSL_MAX_XXXXX_VERSION and
+    ///                 SSL_MIN_XXXXX_VERSION range is ignored.
+    ///
+    /// \note           After the handshake, you can call
+    ///                 mbedtls_ssl_get_version_number() to see what version was
+    ///                 negotiated.
+    ///
+    /// \note           This function is deprecated and has been replaced by
+    ///                 \c mbedtls_ssl_conf_min_tls_version().
+    ///
+    /// \param conf     SSL configuration
+    /// \param major    Major version number (#MBEDTLS_SSL_MAJOR_VERSION_3)
+    /// \param minor    Minor version number
+    ///                 (#MBEDTLS_SSL_MINOR_VERSION_3 for (D)TLS 1.2,
+    ///                 #MBEDTLS_SSL_MINOR_VERSION_4 for TLS 1.3)
+    pub fn mbedtls_ssl_conf_min_version(
+        conf: *mut mbedtls_ssl_config,
+        major: crate::c_types::c_int,
+        minor: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief           Enable or disable Encrypt-then-MAC
+    ///                  (Default: MBEDTLS_SSL_ETM_ENABLED)
+    ///
+    /// \note            This should always be enabled, it is a security
+    ///                  improvement, and should not cause any interoperability
+    ///                  issue (used only if the peer supports it too).
+    ///
+    /// \param conf      SSL configuration
+    /// \param etm       MBEDTLS_SSL_ETM_ENABLED or MBEDTLS_SSL_ETM_DISABLED
+    pub fn mbedtls_ssl_conf_encrypt_then_mac(
+        conf: *mut mbedtls_ssl_config,
+        etm: crate::c_types::c_char,
+    );
+}
+extern "C" {
+    /// \brief           Enable or disable Extended Master Secret negotiation.
+    ///                  (Default: MBEDTLS_SSL_EXTENDED_MS_ENABLED)
+    ///
+    /// \note            This should always be enabled, it is a security fix to the
+    ///                  protocol, and should not cause any interoperability issue
+    ///                  (used only if the peer supports it too).
+    ///
+    /// \param conf      SSL configuration
+    /// \param ems       MBEDTLS_SSL_EXTENDED_MS_ENABLED or MBEDTLS_SSL_EXTENDED_MS_DISABLED
+    pub fn mbedtls_ssl_conf_extended_master_secret(
+        conf: *mut mbedtls_ssl_config,
+        ems: crate::c_types::c_char,
+    );
+}
+extern "C" {
+    /// \brief          Whether to send a list of acceptable CAs in
+    ///                 CertificateRequest messages.
+    ///                 (Default: do send)
+    ///
+    /// \param conf     SSL configuration
+    /// \param cert_req_ca_list   MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED or
+    ///                          MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED
+    pub fn mbedtls_ssl_conf_cert_req_ca_list(
+        conf: *mut mbedtls_ssl_config,
+        cert_req_ca_list: crate::c_types::c_char,
+    );
+}
+extern "C" {
+    /// \brief          Set the maximum fragment length to emit and/or negotiate.
+    ///                 (Typical: the smaller of #MBEDTLS_SSL_IN_CONTENT_LEN and
+    ///                 #MBEDTLS_SSL_OUT_CONTENT_LEN, usually `2^14` bytes)
+    ///                 (Server: set maximum fragment length to emit,
+    ///                 usually negotiated by the client during handshake)
+    ///                 (Client: set maximum fragment length to emit *and*
+    ///                 negotiate with the server during handshake)
+    ///                 (Default: #MBEDTLS_SSL_MAX_FRAG_LEN_NONE)
+    ///
+    /// \note           On the client side, the maximum fragment length extension
+    ///                 *will not* be used, unless the maximum fragment length has
+    ///                 been set via this function to a value different than
+    ///                 #MBEDTLS_SSL_MAX_FRAG_LEN_NONE.
+    ///
+    /// \note           With TLS, this currently only affects ApplicationData (sent
+    ///                 with \c mbedtls_ssl_read()), not handshake messages.
+    ///                 With DTLS, this affects both ApplicationData and handshake.
+    ///
+    /// \note           This sets the maximum length for a record's payload,
+    ///                 excluding record overhead that will be added to it, see
+    ///                 \c mbedtls_ssl_get_record_expansion().
+    ///
+    /// \note           For DTLS, it is also possible to set a limit for the total
+    ///                 size of datagrams passed to the transport layer, including
+    ///                 record overhead, see \c mbedtls_ssl_set_mtu().
+    ///
+    /// \param conf     SSL configuration
+    /// \param mfl_code Code for maximum fragment length (allowed values:
+    ///                 MBEDTLS_SSL_MAX_FRAG_LEN_512,  MBEDTLS_SSL_MAX_FRAG_LEN_1024,
+    ///                 MBEDTLS_SSL_MAX_FRAG_LEN_2048, MBEDTLS_SSL_MAX_FRAG_LEN_4096)
+    ///
+    /// \return         0 if successful or MBEDTLS_ERR_SSL_BAD_INPUT_DATA
+    pub fn mbedtls_ssl_conf_max_frag_len(
+        conf: *mut mbedtls_ssl_config,
+        mfl_code: crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Pick the ciphersuites order according to the second parameter
+    ///                 in the SSL Server module (MBEDTLS_SSL_SRV_C).
+    ///                 (Default, if never called: MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER)
+    ///
+    /// \param conf     SSL configuration
+    /// \param order    Server or client (MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER
+    ///                                or MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT)
+    pub fn mbedtls_ssl_conf_preference_order(
+        conf: *mut mbedtls_ssl_config,
+        order: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief          Enable / Disable session tickets (client only).
+    ///                 (Default: MBEDTLS_SSL_SESSION_TICKETS_ENABLED.)
+    ///
+    /// \note           On server, use \c mbedtls_ssl_conf_session_tickets_cb().
+    ///
+    /// \param conf     SSL configuration
+    /// \param use_tickets   Enable or disable (MBEDTLS_SSL_SESSION_TICKETS_ENABLED or
+    ///                                         MBEDTLS_SSL_SESSION_TICKETS_DISABLED)
+    pub fn mbedtls_ssl_conf_session_tickets(
+        conf: *mut mbedtls_ssl_config,
+        use_tickets: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief   Number of NewSessionTicket messages for the server to send
+    ///          after handshake completion.
+    ///
+    /// \note    The default value is
+    ///          \c MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS.
+    ///
+    /// \note    In case of a session resumption, this setting only partially apply.
+    ///          At most one ticket is sent in that case to just renew the pool of
+    ///          tickets of the client. The rationale is to avoid the number of
+    ///          tickets on the server to become rapidly out of control when the
+    ///          server has the same configuration for all its connection instances.
+    ///
+    /// \param conf    SSL configuration
+    /// \param num_tickets    Number of NewSessionTicket.
+    pub fn mbedtls_ssl_conf_new_session_tickets(conf: *mut mbedtls_ssl_config, num_tickets: u16);
+}
+extern "C" {
+    /// \brief          Enable / Disable renegotiation support for connection when
+    ///                 initiated by peer
+    ///                 (Default: MBEDTLS_SSL_RENEGOTIATION_DISABLED)
+    ///
+    /// \warning        It is recommended to always disable renegotiation unless you
+    ///                 know you need it and you know what you're doing. In the
+    ///                 past, there have been several issues associated with
+    ///                 renegotiation or a poor understanding of its properties.
+    ///
+    /// \note           Server-side, enabling renegotiation also makes the server
+    ///                 susceptible to a resource DoS by a malicious client.
+    ///
+    /// \param conf    SSL configuration
+    /// \param renegotiation     Enable or disable (MBEDTLS_SSL_RENEGOTIATION_ENABLED or
+    ///                                             MBEDTLS_SSL_RENEGOTIATION_DISABLED)
+    pub fn mbedtls_ssl_conf_renegotiation(
+        conf: *mut mbedtls_ssl_config,
+        renegotiation: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief          Prevent or allow legacy renegotiation.
+    ///                 (Default: MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION)
+    ///
+    ///                 MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION allows connections to
+    ///                 be established even if the peer does not support
+    ///                 secure renegotiation, but does not allow renegotiation
+    ///                 to take place if not secure.
+    ///                 (Interoperable and secure option)
+    ///
+    ///                 MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION allows renegotiations
+    ///                 with non-upgraded peers. Allowing legacy renegotiation
+    ///                 makes the connection vulnerable to specific man in the
+    ///                 middle attacks. (See RFC 5746)
+    ///                 (Most interoperable and least secure option)
+    ///
+    ///                 MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE breaks off connections
+    ///                 if peer does not support secure renegotiation. Results
+    ///                 in interoperability issues with non-upgraded peers
+    ///                 that do not support renegotiation altogether.
+    ///                 (Most secure option, interoperability issues)
+    ///
+    /// \param conf     SSL configuration
+    /// \param allow_legacy  Prevent or allow (SSL_NO_LEGACY_RENEGOTIATION,
+    ///                                        SSL_ALLOW_LEGACY_RENEGOTIATION or
+    ///                                        MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE)
+    pub fn mbedtls_ssl_conf_legacy_renegotiation(
+        conf: *mut mbedtls_ssl_config,
+        allow_legacy: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief          Enforce renegotiation requests.
+    ///                 (Default: enforced, max_records = 16)
+    ///
+    ///                 When we request a renegotiation, the peer can comply or
+    ///                 ignore the request. This function allows us to decide
+    ///                 whether to enforce our renegotiation requests by closing
+    ///                 the connection if the peer doesn't comply.
+    ///
+    ///                 However, records could already be in transit from the peer
+    ///                 when the request is emitted. In order to increase
+    ///                 reliability, we can accept a number of records before the
+    ///                 expected handshake records.
+    ///
+    ///                 The optimal value is highly dependent on the specific usage
+    ///                 scenario.
+    ///
+    /// \note           With DTLS and server-initiated renegotiation, the
+    ///                 HelloRequest is retransmitted every time mbedtls_ssl_read() times
+    ///                 out or receives Application Data, until:
+    ///                 - max_records records have beens seen, if it is >= 0, or
+    ///                 - the number of retransmits that would happen during an
+    ///                 actual handshake has been reached.
+    ///                 Please remember the request might be lost a few times
+    ///                 if you consider setting max_records to a really low value.
+    ///
+    /// \warning        On client, the grace period can only happen during
+    ///                 mbedtls_ssl_read(), as opposed to mbedtls_ssl_write() and mbedtls_ssl_renegotiate()
+    ///                 which always behave as if max_record was 0. The reason is,
+    ///                 if we receive application data from the server, we need a
+    ///                 place to write it, which only happens during mbedtls_ssl_read().
+    ///
+    /// \param conf     SSL configuration
+    /// \param max_records Use MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED if you don't want to
+    ///                 enforce renegotiation, or a non-negative value to enforce
+    ///                 it but allow for a grace period of max_records records.
+    pub fn mbedtls_ssl_conf_renegotiation_enforced(
+        conf: *mut mbedtls_ssl_config,
+        max_records: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief          Set record counter threshold for periodic renegotiation.
+    ///                 (Default: 2^48 - 1)
+    ///
+    ///                 Renegotiation is automatically triggered when a record
+    ///                 counter (outgoing or incoming) crosses the defined
+    ///                 threshold. The default value is meant to prevent the
+    ///                 connection from being closed when the counter is about to
+    ///                 reached its maximal value (it is not allowed to wrap).
+    ///
+    ///                 Lower values can be used to enforce policies such as "keys
+    ///                 must be refreshed every N packets with cipher X".
+    ///
+    ///                 The renegotiation period can be disabled by setting
+    ///                 conf->disable_renegotiation to
+    ///                 MBEDTLS_SSL_RENEGOTIATION_DISABLED.
+    ///
+    /// \note           When the configured transport is
+    ///                 MBEDTLS_SSL_TRANSPORT_DATAGRAM the maximum renegotiation
+    ///                 period is 2^48 - 1, and for MBEDTLS_SSL_TRANSPORT_STREAM,
+    ///                 the maximum renegotiation period is 2^64 - 1.
+    ///
+    /// \param conf     SSL configuration
+    /// \param period   The threshold value: a big-endian 64-bit number.
+    pub fn mbedtls_ssl_conf_renegotiation_period(
+        conf: *mut mbedtls_ssl_config,
+        period: *const crate::c_types::c_uchar,
+    );
+}
+extern "C" {
+    /// \brief          Check if there is data already read from the
+    ///                 underlying transport but not yet processed.
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         0 if nothing's pending, 1 otherwise.
+    ///
+    /// \note           This is different in purpose and behaviour from
+    ///                 \c mbedtls_ssl_get_bytes_avail in that it considers
+    ///                 any kind of unprocessed data, not only unread
+    ///                 application data. If \c mbedtls_ssl_get_bytes
+    ///                 returns a non-zero value, this function will
+    ///                 also signal pending data, but the converse does
+    ///                 not hold. For example, in DTLS there might be
+    ///                 further records waiting to be processed from
+    ///                 the current underlying transport's datagram.
+    ///
+    /// \note           If this function returns 1 (data pending), this
+    ///                 does not imply that a subsequent call to
+    ///                 \c mbedtls_ssl_read will provide any data;
+    ///                 e.g., the unprocessed data might turn out
+    ///                 to be an alert or a handshake message.
+    ///
+    /// \note           This function is useful in the following situation:
+    ///                 If the SSL/TLS module successfully returns from an
+    ///                 operation - e.g. a handshake or an application record
+    ///                 read - and you're awaiting incoming data next, you
+    ///                 must not immediately idle on the underlying transport
+    ///                 to have data ready, but you need to check the value
+    ///                 of this function first. The reason is that the desired
+    ///                 data might already be read but not yet processed.
+    ///                 If, in contrast, a previous call to the SSL/TLS module
+    ///                 returned MBEDTLS_ERR_SSL_WANT_READ, it is not necessary
+    ///                 to call this function, as the latter error code entails
+    ///                 that all internal data has been processed.
+    pub fn mbedtls_ssl_check_pending(ssl: *const mbedtls_ssl_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Return the number of application data bytes
+    ///                 remaining to be read from the current record.
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         How many bytes are available in the application
+    ///                 data record read buffer.
+    ///
+    /// \note           When working over a datagram transport, this is
+    ///                 useful to detect the current datagram's boundary
+    ///                 in case \c mbedtls_ssl_read has written the maximal
+    ///                 amount of data fitting into the input buffer.
+    pub fn mbedtls_ssl_get_bytes_avail(ssl: *const mbedtls_ssl_context) -> usize;
+}
+extern "C" {
+    /// \brief          Return the result of the certificate verification
+    ///
+    /// \param ssl      The SSL context to use.
+    ///
+    /// \return         \c 0 if the certificate verification was successful.
+    /// \return         \c -1u if the result is not available. This may happen
+    ///                 e.g. if the handshake aborts early, or a verification
+    ///                 callback returned a fatal error.
+    /// \return         A bitwise combination of \c MBEDTLS_X509_BADCERT_XXX
+    ///                 and \c MBEDTLS_X509_BADCRL_XXX failure flags; see x509.h.
+    pub fn mbedtls_ssl_get_verify_result(ssl: *const mbedtls_ssl_context) -> u32;
+}
+extern "C" {
+    /// \brief          Return the id of the current ciphersuite
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         a ciphersuite id
+    pub fn mbedtls_ssl_get_ciphersuite_id_from_ssl(
+        ssl: *const mbedtls_ssl_context,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Return the name of the current ciphersuite
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         a string containing the ciphersuite name
+    pub fn mbedtls_ssl_get_ciphersuite(
+        ssl: *const mbedtls_ssl_context,
+    ) -> *const crate::c_types::c_char;
+}
+extern "C" {
+    /// \brief          Return the current TLS version
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         a string containing the TLS version
+    pub fn mbedtls_ssl_get_version(
+        ssl: *const mbedtls_ssl_context,
+    ) -> *const crate::c_types::c_char;
+}
+extern "C" {
+    /// \brief          Return the (maximum) number of bytes added by the record
+    ///                 layer: header + encryption/MAC overhead (inc. padding)
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         Current maximum record expansion in bytes
+    pub fn mbedtls_ssl_get_record_expansion(
+        ssl: *const mbedtls_ssl_context,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Return the current maximum outgoing record payload in bytes.
+    ///
+    /// \note           The logic to determine the maximum outgoing record payload is
+    ///                 version-specific. It takes into account various factors, such as
+    ///                 the mbedtls_config.h setting \c MBEDTLS_SSL_OUT_CONTENT_LEN, extensions
+    ///                 such as the max fragment length or record size limit extension if
+    ///                 used, and for DTLS the path MTU as configured and current
+    ///                 record expansion.
+    ///
+    /// \note           With DTLS, \c mbedtls_ssl_write() will return an error if
+    ///                 called with a larger length value.
+    ///                 With TLS, \c mbedtls_ssl_write() will fragment the input if
+    ///                 necessary and return the number of bytes written; it is up
+    ///                 to the caller to call \c mbedtls_ssl_write() again in
+    ///                 order to send the remaining bytes if any.
+    ///
+    /// \sa             mbedtls_ssl_get_max_out_record_payload()
+    /// \sa             mbedtls_ssl_get_record_expansion()
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         Current maximum payload for an outgoing record,
+    ///                 or a negative error code.
+    pub fn mbedtls_ssl_get_max_out_record_payload(
+        ssl: *const mbedtls_ssl_context,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Return the current maximum incoming record payload in bytes.
+    ///
+    /// \note           The logic to determine the maximum incoming record payload is
+    ///                 version-specific. It takes into account various factors, such as
+    ///                 the mbedtls_config.h setting \c MBEDTLS_SSL_IN_CONTENT_LEN, extensions
+    ///                 such as the max fragment length extension or record size limit
+    ///                 extension if used, and the current record expansion.
+    ///
+    /// \sa             mbedtls_ssl_set_mtu()
+    /// \sa             mbedtls_ssl_get_max_in_record_payload()
+    /// \sa             mbedtls_ssl_get_record_expansion()
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         Current maximum payload for an incoming record,
+    ///                 or a negative error code.
+    pub fn mbedtls_ssl_get_max_in_record_payload(
+        ssl: *const mbedtls_ssl_context,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Return the peer certificate from the current connection.
+    ///
+    /// \param  ssl     The SSL context to use. This must be initialized and setup.
+    ///
+    /// \return         The current peer certificate, if available.
+    ///                 The returned certificate is owned by the SSL context and
+    ///                 is valid only until the next call to the SSL API.
+    /// \return         \c NULL if no peer certificate is available. This might
+    ///                 be because the chosen ciphersuite doesn't use CRTs
+    ///                 (PSK-based ciphersuites, for example), or because
+    ///                 #MBEDTLS_SSL_KEEP_PEER_CERTIFICATE has been disabled,
+    ///                 allowing the stack to free the peer's CRT to save memory.
+    ///
+    /// \note           For one-time inspection of the peer's certificate during
+    ///                 the handshake, consider registering an X.509 CRT verification
+    ///                 callback through mbedtls_ssl_conf_verify() instead of calling
+    ///                 this function. Using mbedtls_ssl_conf_verify() also comes at
+    ///                 the benefit of allowing you to influence the verification
+    ///                 process, for example by masking expected and tolerated
+    ///                 verification failures.
+    ///
+    /// \warning        You must not use the pointer returned by this function
+    ///                 after any further call to the SSL API, including
+    ///                 mbedtls_ssl_read() and mbedtls_ssl_write(); this is
+    ///                 because the pointer might change during renegotiation,
+    ///                 which happens transparently to the user.
+    ///                 If you want to use the certificate across API calls,
+    ///                 you must make a copy.
+    pub fn mbedtls_ssl_get_peer_cert(ssl: *const mbedtls_ssl_context) -> *const mbedtls_x509_crt;
+}
+extern "C" {
+    /// \brief          Export a session in order to resume it later.
+    ///
+    /// \param ssl      The SSL context representing the connection for which to
+    ///                 to export a session structure for later resumption.
+    /// \param session  The target structure in which to store the exported session.
+    ///                 This must have been initialized with mbedtls_ssl_init_session()
+    ///                 but otherwise be unused.
+    ///
+    /// \note           This function can handle a variety of mechanisms for session
+    ///                 resumption: For TLS 1.2, both session ID-based resumption and
+    ///                 ticket-based resumption will be considered. For TLS 1.3,
+    ///                 once implemented, sessions equate to tickets, and calling
+    ///                 this function multiple times will export the available
+    ///                 tickets one a time until no further tickets are available,
+    ///                 in which case MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE will
+    ///                 be returned.
+    ///
+    /// \note           Calling this function multiple times will only be useful
+    ///                 once TLS 1.3 is supported. For TLS 1.2 connections, this
+    ///                 function should be called at most once.
+    ///
+    /// \return         \c 0 if successful. In this case, \p session can be used for
+    ///                 session resumption by passing it to mbedtls_ssl_set_session(),
+    ///                 and serialized for storage via mbedtls_ssl_session_save().
+    /// \return         #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if no further session
+    ///                 is available for export.
+    ///                 This error is a non-fatal, and has no observable effect on
+    ///                 the SSL context or the destination session.
+    /// \return         Another negative error code on other kinds of failure.
+    ///
+    /// \sa             mbedtls_ssl_set_session()
+    /// \sa             mbedtls_ssl_session_save()
+    pub fn mbedtls_ssl_get_session(
+        ssl: *const mbedtls_ssl_context,
+        session: *mut mbedtls_ssl_session,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform the SSL handshake
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_SSL_WANT_READ or #MBEDTLS_ERR_SSL_WANT_WRITE
+    ///                 if the handshake is incomplete and waiting for data to
+    ///                 be available for reading from or writing to the underlying
+    ///                 transport - in this case you must call this function again
+    ///                 when the underlying transport is ready for the operation.
+    /// \return         #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if an asynchronous
+    ///                 operation is in progress (see
+    ///                 mbedtls_ssl_conf_async_private_cb()) - in this case you
+    ///                 must call this function again when the operation is ready.
+    /// \return         #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS if a cryptographic
+    ///                 operation is in progress (see mbedtls_ecp_set_max_ops()) -
+    ///                 in this case you must call this function again to complete
+    ///                 the handshake when you're done attending other tasks.
+    /// \return         #MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED if DTLS is in use
+    ///                 and the client did not demonstrate reachability yet - in
+    ///                 this case you must stop using the context (see below).
+    /// \return         Another SSL error code - in this case you must stop using
+    ///                 the context (see below).
+    ///
+    /// \warning        If this function returns something other than
+    ///                 \c 0,
+    ///                 #MBEDTLS_ERR_SSL_WANT_READ,
+    ///                 #MBEDTLS_ERR_SSL_WANT_WRITE,
+    ///                 #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or
+    ///                 #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS,
+    ///                 you must stop using the SSL context for reading or writing,
+    ///                 and either free it or call \c mbedtls_ssl_session_reset()
+    ///                 on it before re-using it for a new connection; the current
+    ///                 connection must be closed.
+    ///
+    /// \note           If DTLS is in use, then you may choose to handle
+    ///                 #MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED specially for logging
+    ///                 purposes, as it is an expected return value rather than an
+    ///                 actual error, but you still need to reset/free the context.
+    ///
+    /// \note           Remarks regarding event-driven DTLS:
+    ///                 If the function returns #MBEDTLS_ERR_SSL_WANT_READ, no datagram
+    ///                 from the underlying transport layer is currently being processed,
+    ///                 and it is safe to idle until the timer or the underlying transport
+    ///                 signal a new event. This is not true for a successful handshake,
+    ///                 in which case the datagram of the underlying transport that is
+    ///                 currently being processed might or might not contain further
+    ///                 DTLS records.
+    ///
+    /// \note           If the context is configured to allow TLS 1.3, or if
+    ///                 #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+    ///                 subsystem must have been initialized by calling
+    ///                 psa_crypto_init() before calling this function.
+    pub fn mbedtls_ssl_handshake(ssl: *mut mbedtls_ssl_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a single step of the SSL handshake
+    ///
+    /// \note           The state of the context (ssl->state) will be at
+    ///                 the next state after this function returns \c 0. Do not
+    ///                 call this function if mbedtls_ssl_is_handshake_over()
+    ///                 returns \c 1.
+    ///
+    /// \warning        Whilst in the past you may have used direct access to the
+    ///                 context state (ssl->state) in order to ascertain when to
+    ///                 stop calling this function and although you can still do
+    ///                 so with something like ssl->MBEDTLS_PRIVATE(state) or by
+    ///                 defining MBEDTLS_ALLOW_PRIVATE_ACCESS, this is now
+    ///                 considered deprecated and could be broken in any future
+    ///                 release. If you still find you have good reason for such
+    ///                 direct access, then please do contact the team to explain
+    ///                 this (raise an issue or post to the mailing list), so that
+    ///                 we can add a solution to your problem that will be
+    ///                 guaranteed to work in the future.
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         See mbedtls_ssl_handshake().
+    ///
+    /// \warning        If this function returns something other than \c 0,
+    ///                 #MBEDTLS_ERR_SSL_WANT_READ, #MBEDTLS_ERR_SSL_WANT_WRITE,
+    ///                 #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or
+    ///                 #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, you must stop using
+    ///                 the SSL context for reading or writing, and either free it
+    ///                 or call \c mbedtls_ssl_session_reset() on it before
+    ///                 re-using it for a new connection; the current connection
+    ///                 must be closed.
+    pub fn mbedtls_ssl_handshake_step(ssl: *mut mbedtls_ssl_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Initiate an SSL renegotiation on the running connection.
+    ///                 Client: perform the renegotiation right now.
+    ///                 Server: request renegotiation, which will be performed
+    ///                 during the next call to mbedtls_ssl_read() if honored by
+    ///                 client.
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         0 if successful, or any mbedtls_ssl_handshake() return
+    ///                 value except #MBEDTLS_ERR_SSL_CLIENT_RECONNECT that can't
+    ///                 happen during a renegotiation.
+    ///
+    /// \warning        If this function returns something other than \c 0,
+    ///                 #MBEDTLS_ERR_SSL_WANT_READ, #MBEDTLS_ERR_SSL_WANT_WRITE,
+    ///                 #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or
+    ///                 #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, you must stop using
+    ///                 the SSL context for reading or writing, and either free it
+    ///                 or call \c mbedtls_ssl_session_reset() on it before
+    ///                 re-using it for a new connection; the current connection
+    ///                 must be closed.
+    pub fn mbedtls_ssl_renegotiate(ssl: *mut mbedtls_ssl_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Read at most 'len' application data bytes
+    ///
+    /// \param ssl      SSL context
+    /// \param buf      buffer that will hold the data
+    /// \param len      maximum number of bytes to read
+    ///
+    /// \return         The (positive) number of bytes read if successful.
+    /// \return         \c 0 if the read end of the underlying transport was closed
+    ///                 without sending a CloseNotify beforehand, which might happen
+    ///                 because of various reasons (internal error of an underlying
+    ///                 stack, non-conformant peer not sending a CloseNotify and
+    ///                 such) - in this case you must stop using the context
+    ///                 (see below).
+    /// \return         #MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY if the underlying
+    ///                 transport is still functional, but the peer has
+    ///                 acknowledged to not send anything anymore.
+    /// \return         #MBEDTLS_ERR_SSL_WANT_READ or #MBEDTLS_ERR_SSL_WANT_WRITE
+    ///                 if the handshake is incomplete and waiting for data to
+    ///                 be available for reading from or writing to the underlying
+    ///                 transport - in this case you must call this function again
+    ///                 when the underlying transport is ready for the operation.
+    /// \return         #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if an asynchronous
+    ///                 operation is in progress (see
+    ///                 mbedtls_ssl_conf_async_private_cb()) - in this case you
+    ///                 must call this function again when the operation is ready.
+    /// \return         #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS if a cryptographic
+    ///                 operation is in progress (see mbedtls_ecp_set_max_ops()) -
+    ///                 in this case you must call this function again to complete
+    ///                 the handshake when you're done attending other tasks.
+    /// \return         #MBEDTLS_ERR_SSL_CLIENT_RECONNECT if we're at the server
+    ///                 side of a DTLS connection and the client is initiating a
+    ///                 new connection using the same source port. See below.
+    /// \return         Another SSL error code - in this case you must stop using
+    ///                 the context (see below).
+    ///
+    /// \warning        If this function returns something other than
+    ///                 a positive value,
+    ///                 #MBEDTLS_ERR_SSL_WANT_READ,
+    ///                 #MBEDTLS_ERR_SSL_WANT_WRITE,
+    ///                 #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS,
+    ///                 #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS or
+    ///                 #MBEDTLS_ERR_SSL_CLIENT_RECONNECT,
+    ///                 you must stop using the SSL context for reading or writing,
+    ///                 and either free it or call \c mbedtls_ssl_session_reset()
+    ///                 on it before re-using it for a new connection; the current
+    ///                 connection must be closed.
+    ///
+    /// \note           When this function returns #MBEDTLS_ERR_SSL_CLIENT_RECONNECT
+    ///                 (which can only happen server-side), it means that a client
+    ///                 is initiating a new connection using the same source port.
+    ///                 You can either treat that as a connection close and wait
+    ///                 for the client to resend a ClientHello, or directly
+    ///                 continue with \c mbedtls_ssl_handshake() with the same
+    ///                 context (as it has been reset internally). Either way, you
+    ///                 must make sure this is seen by the application as a new
+    ///                 connection: application state, if any, should be reset, and
+    ///                 most importantly the identity of the client must be checked
+    ///                 again. WARNING: not validating the identity of the client
+    ///                 again, or not transmitting the new identity to the
+    ///                 application layer, would allow authentication bypass!
+    ///
+    /// \note           Remarks regarding event-driven DTLS:
+    ///                 - If the function returns #MBEDTLS_ERR_SSL_WANT_READ, no datagram
+    ///                   from the underlying transport layer is currently being processed,
+    ///                   and it is safe to idle until the timer or the underlying transport
+    ///                   signal a new event.
+    ///                 - This function may return MBEDTLS_ERR_SSL_WANT_READ even if data was
+    ///                   initially available on the underlying transport, as this data may have
+    ///                   been only e.g. duplicated messages or a renegotiation request.
+    ///                   Therefore, you must be prepared to receive MBEDTLS_ERR_SSL_WANT_READ even
+    ///                   when reacting to an incoming-data event from the underlying transport.
+    ///                 - On success, the datagram of the underlying transport that is currently
+    ///                   being processed may contain further DTLS records. You should call
+    ///                   \c mbedtls_ssl_check_pending to check for remaining records.
+    pub fn mbedtls_ssl_read(
+        ssl: *mut mbedtls_ssl_context,
+        buf: *mut crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Try to write exactly 'len' application data bytes
+    ///
+    /// \warning        This function will do partial writes in some cases. If the
+    ///                 return value is non-negative but less than length, the
+    ///                 function must be called again with updated arguments:
+    ///                 buf + ret, len - ret (if ret is the return value) until
+    ///                 it returns a value equal to the last 'len' argument.
+    ///
+    /// \param ssl      SSL context
+    /// \param buf      buffer holding the data
+    /// \param len      how many bytes must be written
+    ///
+    /// \return         The (non-negative) number of bytes actually written if
+    ///                 successful (may be less than \p len).
+    /// \return         #MBEDTLS_ERR_SSL_WANT_READ or #MBEDTLS_ERR_SSL_WANT_WRITE
+    ///                 if the handshake is incomplete and waiting for data to
+    ///                 be available for reading from or writing to the underlying
+    ///                 transport - in this case you must call this function again
+    ///                 when the underlying transport is ready for the operation.
+    /// \return         #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if an asynchronous
+    ///                 operation is in progress (see
+    ///                 mbedtls_ssl_conf_async_private_cb()) - in this case you
+    ///                 must call this function again when the operation is ready.
+    /// \return         #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS if a cryptographic
+    ///                 operation is in progress (see mbedtls_ecp_set_max_ops()) -
+    ///                 in this case you must call this function again to complete
+    ///                 the handshake when you're done attending other tasks.
+    /// \return         Another SSL error code - in this case you must stop using
+    ///                 the context (see below).
+    ///
+    /// \warning        If this function returns something other than
+    ///                 a non-negative value,
+    ///                 #MBEDTLS_ERR_SSL_WANT_READ,
+    ///                 #MBEDTLS_ERR_SSL_WANT_WRITE,
+    ///                 #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or
+    ///                 #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS,
+    ///                 you must stop using the SSL context for reading or writing,
+    ///                 and either free it or call \c mbedtls_ssl_session_reset()
+    ///                 on it before re-using it for a new connection; the current
+    ///                 connection must be closed.
+    ///
+    /// \note           When this function returns #MBEDTLS_ERR_SSL_WANT_WRITE/READ,
+    ///                 it must be called later with the *same* arguments,
+    ///                 until it returns a value greater than or equal to 0. When
+    ///                 the function returns #MBEDTLS_ERR_SSL_WANT_WRITE there may be
+    ///                 some partial data in the output buffer, however this is not
+    ///                 yet sent.
+    ///
+    /// \note           If the requested length is greater than the maximum
+    ///                 fragment length (either the built-in limit or the one set
+    ///                 or negotiated with the peer), then:
+    ///                 - with TLS, less bytes than requested are written.
+    ///                 - with DTLS, MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned.
+    ///                 \c mbedtls_ssl_get_max_out_record_payload() may be used to
+    ///                 query the active maximum fragment length.
+    ///
+    /// \note           Attempting to write 0 bytes will result in an empty TLS
+    ///                 application record being sent.
+    pub fn mbedtls_ssl_write(
+        ssl: *mut mbedtls_ssl_context,
+        buf: *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Send an alert message
+    ///
+    /// \param ssl       SSL context
+    /// \param level     The alert level of the message
+    ///                  (MBEDTLS_SSL_ALERT_LEVEL_WARNING or MBEDTLS_SSL_ALERT_LEVEL_FATAL)
+    /// \param message   The alert message (SSL_ALERT_MSG_*)
+    ///
+    /// \return          0 if successful, or a specific SSL error code.
+    ///
+    /// \note           If this function returns something other than 0 or
+    ///                 MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using
+    ///                 the SSL context for reading or writing, and either free it or
+    ///                 call \c mbedtls_ssl_session_reset() on it before re-using it
+    ///                 for a new connection; the current connection must be closed.
+    pub fn mbedtls_ssl_send_alert_message(
+        ssl: *mut mbedtls_ssl_context,
+        level: crate::c_types::c_uchar,
+        message: crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Notify the peer that the connection is being closed
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return          0 if successful, or a specific SSL error code.
+    ///
+    /// \note           If this function returns something other than 0 or
+    ///                 MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using
+    ///                 the SSL context for reading or writing, and either free it or
+    ///                 call \c mbedtls_ssl_session_reset() on it before re-using it
+    ///                 for a new connection; the current connection must be closed.
+    pub fn mbedtls_ssl_close_notify(ssl: *mut mbedtls_ssl_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Free referenced items in an SSL context and clear memory
+    ///
+    /// \param ssl      SSL context
+    pub fn mbedtls_ssl_free(ssl: *mut mbedtls_ssl_context);
+}
+extern "C" {
+    /// \brief          Save an active connection as serialized data in a buffer.
+    ///                 This allows the freeing or re-using of the SSL context
+    ///                 while still picking up the connection later in a way that
+    ///                 it entirely transparent to the peer.
+    ///
+    /// \see            mbedtls_ssl_context_load()
+    ///
+    /// \note           The serialized data only contains the data that is
+    ///                 necessary to resume the connection: negotiated protocol
+    ///                 options, session identifier, keys, etc.
+    ///                 Loading a saved SSL context does not restore settings and
+    ///                 state related to how the application accesses the context,
+    ///                 such as configured callback functions, user data, pending
+    ///                 incoming or outgoing data, etc.
+    ///
+    /// \note           This feature is currently only available under certain
+    ///                 conditions, see the documentation of the return value
+    ///                 #MBEDTLS_ERR_SSL_BAD_INPUT_DATA for details.
+    ///
+    /// \note           When this function succeeds, it calls
+    ///                 mbedtls_ssl_session_reset() on \p ssl which as a result is
+    ///                 no longer associated with the connection that has been
+    ///                 serialized. This avoids creating copies of the connection
+    ///                 state. You're then free to either re-use the context
+    ///                 structure for a different connection, or call
+    ///                 mbedtls_ssl_free() on it. See the documentation of
+    ///                 mbedtls_ssl_session_reset() for more details.
+    ///
+    /// \param ssl      The SSL context to save. On success, it is no longer
+    ///                 associated with the connection that has been serialized.
+    /// \param buf      The buffer to write the serialized data to. It must be a
+    ///                 writeable buffer of at least \p buf_len bytes, or may be \c
+    ///                 NULL if \p buf_len is \c 0.
+    /// \param buf_len  The number of bytes available for writing in \p buf.
+    /// \param olen     The size in bytes of the data that has been or would have
+    ///                 been written. It must point to a valid \c size_t.
+    ///
+    /// \note           \p olen is updated to the correct value regardless of
+    ///                 whether \p buf_len was large enough. This makes it possible
+    ///                 to determine the necessary size by calling this function
+    ///                 with \p buf set to \c NULL and \p buf_len to \c 0. However,
+    ///                 the value of \p olen is only guaranteed to be correct when
+    ///                 the function returns #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL or
+    ///                 \c 0. If the return value is different, then the value of
+    ///                 \p olen is undefined.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small.
+    /// \return         #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed
+    ///                 while resetting the context.
+    /// \return         #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if a handshake is in
+    ///                 progress, or there is pending data for reading or sending,
+    ///                 or the connection does not use DTLS 1.2 with an AEAD
+    ///                 ciphersuite, or renegotiation is enabled.
+    pub fn mbedtls_ssl_context_save(
+        ssl: *mut mbedtls_ssl_context,
+        buf: *mut crate::c_types::c_uchar,
+        buf_len: usize,
+        olen: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Load serialized connection data to an SSL context.
+    ///
+    /// \see            mbedtls_ssl_context_save()
+    ///
+    /// \warning        The same serialized data must never be loaded into more
+    ///                 that one context. In order to ensure that, after
+    ///                 successfully loading serialized data to an SSL context, you
+    ///                 should immediately destroy or invalidate all copies of the
+    ///                 serialized data that was loaded. Loading the same data in
+    ///                 more than one context would cause severe security failures
+    ///                 including but not limited to loss of confidentiality.
+    ///
+    /// \note           Before calling this function, the SSL context must be
+    ///                 prepared in one of the two following ways. The first way is
+    ///                 to take a context freshly initialised with
+    ///                 mbedtls_ssl_init() and call mbedtls_ssl_setup() on it with
+    ///                 the same ::mbedtls_ssl_config structure that was used in
+    ///                 the original connection. The second way is to
+    ///                 call mbedtls_ssl_session_reset() on a context that was
+    ///                 previously prepared as above but used in the meantime.
+    ///                 Either way, you must not use the context to perform a
+    ///                 handshake between calling mbedtls_ssl_setup() or
+    ///                 mbedtls_ssl_session_reset() and calling this function. You
+    ///                 may however call other setter functions in that time frame
+    ///                 as indicated in the note below.
+    ///
+    /// \note           Before or after calling this function successfully, you
+    ///                 also need to configure some connection-specific callbacks
+    ///                 and settings before you can use the connection again
+    ///                 (unless they were already set before calling
+    ///                 mbedtls_ssl_session_reset() and the values are suitable for
+    ///                 the present connection). Specifically, you want to call
+    ///                 at least mbedtls_ssl_set_bio(),
+    ///                 mbedtls_ssl_set_timer_cb(), and
+    ///                 mbedtls_ssl_set_user_data_n() or
+    ///                 mbedtls_ssl_set_user_data_p() if they were set originally.
+    ///                 All other SSL setter functions
+    ///                 are not necessary to call, either because they're only used
+    ///                 in handshakes, or because the setting is already saved. You
+    ///                 might choose to call them anyway, for example in order to
+    ///                 share code between the cases of establishing a new
+    ///                 connection and the case of loading an already-established
+    ///                 connection.
+    ///
+    /// \note           If you have new information about the path MTU, you want to
+    ///                 call mbedtls_ssl_set_mtu() after calling this function, as
+    ///                 otherwise this function would overwrite your
+    ///                 newly-configured value with the value that was active when
+    ///                 the context was saved.
+    ///
+    /// \note           When this function returns an error code, it calls
+    ///                 mbedtls_ssl_free() on \p ssl. In this case, you need to
+    ///                 prepare the context with the usual sequence starting with a
+    ///                 call to mbedtls_ssl_init() if you want to use it again.
+    ///
+    /// \param ssl      The SSL context structure to be populated. It must have
+    ///                 been prepared as described in the note above.
+    /// \param buf      The buffer holding the serialized connection data. It must
+    ///                 be a readable buffer of at least \p len bytes.
+    /// \param len      The size of the serialized data in bytes.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed.
+    /// \return         #MBEDTLS_ERR_SSL_VERSION_MISMATCH if the serialized data
+    ///                 comes from a different Mbed TLS version or build.
+    /// \return         #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid.
+    pub fn mbedtls_ssl_context_load(
+        ssl: *mut mbedtls_ssl_context,
+        buf: *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Initialize an SSL configuration context
+    ///                 Just makes the context ready for
+    ///                 mbedtls_ssl_config_defaults() or mbedtls_ssl_config_free().
+    ///
+    /// \note           You need to call mbedtls_ssl_config_defaults() unless you
+    ///                 manually set all of the relevant fields yourself.
+    ///
+    /// \param conf     SSL configuration context
+    pub fn mbedtls_ssl_config_init(conf: *mut mbedtls_ssl_config);
+}
+extern "C" {
+    /// \brief          Load reasonable default SSL configuration values.
+    ///                 (You need to call mbedtls_ssl_config_init() first.)
+    ///
+    /// \param conf     SSL configuration context
+    /// \param endpoint MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER
+    /// \param transport MBEDTLS_SSL_TRANSPORT_STREAM for TLS, or
+    ///                  MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS
+    /// \param preset   a MBEDTLS_SSL_PRESET_XXX value
+    ///
+    /// \note           See \c mbedtls_ssl_conf_transport() for notes on DTLS.
+    ///
+    /// \return         0 if successful, or
+    ///                 MBEDTLS_ERR_XXX_ALLOC_FAILED on memory allocation error.
+    pub fn mbedtls_ssl_config_defaults(
+        conf: *mut mbedtls_ssl_config,
+        endpoint: crate::c_types::c_int,
+        transport: crate::c_types::c_int,
+        preset: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Free an SSL configuration context
+    ///
+    /// \param conf     SSL configuration context
+    pub fn mbedtls_ssl_config_free(conf: *mut mbedtls_ssl_config);
+}
+extern "C" {
+    /// \brief          Initialize SSL session structure
+    ///
+    /// \param session  SSL session
+    pub fn mbedtls_ssl_session_init(session: *mut mbedtls_ssl_session);
+}
+extern "C" {
+    /// \brief          Free referenced items in an SSL session including the
+    ///                 peer certificate and clear memory
+    ///
+    /// \note           A session object can be freed even if the SSL context
+    ///                 that was used to retrieve the session is still in use.
+    ///
+    /// \param session  SSL session
+    pub fn mbedtls_ssl_session_free(session: *mut mbedtls_ssl_session);
+}
+extern "C" {
+    /// \brief          TLS-PRF function for key derivation.
+    ///
+    /// \param prf      The tls_prf type function type to be used.
+    /// \param secret   Secret for the key derivation function.
+    /// \param slen     Length of the secret.
+    /// \param label    String label for the key derivation function,
+    ///                 terminated with null character.
+    /// \param random   Random bytes.
+    /// \param rlen     Length of the random bytes buffer.
+    /// \param dstbuf   The buffer holding the derived key.
+    /// \param dlen     Length of the output buffer.
+    ///
+    /// \return         0 on success. An SSL specific error on failure.
+    pub fn mbedtls_ssl_tls_prf(
+        prf: mbedtls_tls_prf_types,
+        secret: *const crate::c_types::c_uchar,
+        slen: usize,
+        label: *const crate::c_types::c_char,
+        random: *const crate::c_types::c_uchar,
+        rlen: usize,
+        dstbuf: *mut crate::c_types::c_uchar,
+        dlen: usize,
+    ) -> crate::c_types::c_int;
+}
+/// \brief           Entropy poll callback pointer
+///
+/// \param data      Callback-specific data pointer
+/// \param output    Data to fill
+/// \param len       Maximum size to provide
+/// \param olen      The actual amount of bytes put into the buffer (Can be 0)
+///
+/// \return          0 if no critical failures occurred,
+///                  MBEDTLS_ERR_ENTROPY_SOURCE_FAILED otherwise
+pub type mbedtls_entropy_f_source_ptr = ::core::option::Option<
+    unsafe extern "C" fn(
+        data: *mut crate::c_types::c_void,
+        output: *mut crate::c_types::c_uchar,
+        len: usize,
+        olen: *mut usize,
+    ) -> crate::c_types::c_int,
+>;
+/// \brief           Entropy source state
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_entropy_source_state {
+    pub private_f_source: mbedtls_entropy_f_source_ptr,
+    pub private_p_source: *mut crate::c_types::c_void,
+    pub private_size: usize,
+    pub private_threshold: usize,
+    pub private_strong: crate::c_types::c_int,
+}
+/// \brief           Entropy context structure
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_entropy_context {
+    pub private_accumulator_started: crate::c_types::c_int,
+    pub private_accumulator: mbedtls_sha512_context,
+    pub private_source_count: crate::c_types::c_int,
+    pub private_source: [mbedtls_entropy_source_state; 20usize],
+}
+extern "C" {
+    /// \brief           Initialize the context
+    ///
+    /// \param ctx       Entropy context to initialize
+    pub fn mbedtls_entropy_init(ctx: *mut mbedtls_entropy_context);
+}
+extern "C" {
+    /// \brief           Free the data in the context
+    ///
+    /// \param ctx       Entropy context to free
+    pub fn mbedtls_entropy_free(ctx: *mut mbedtls_entropy_context);
+}
+extern "C" {
+    /// \brief           Adds an entropy source to poll
+    ///                  (Thread-safe if MBEDTLS_THREADING_C is enabled)
+    ///
+    /// \param ctx       Entropy context
+    /// \param f_source  Entropy function
+    /// \param p_source  Function data
+    /// \param threshold Minimum required from source before entropy is released
+    ///                  ( with mbedtls_entropy_func() ) (in bytes)
+    /// \param strong    MBEDTLS_ENTROPY_SOURCE_STRONG or
+    ///                  MBEDTLS_ENTROPY_SOURCE_WEAK.
+    ///                  At least one strong source needs to be added.
+    ///                  Weaker sources (such as the cycle counter) can be used as
+    ///                  a complement.
+    ///
+    /// \return          0 if successful or MBEDTLS_ERR_ENTROPY_MAX_SOURCES
+    pub fn mbedtls_entropy_add_source(
+        ctx: *mut mbedtls_entropy_context,
+        f_source: mbedtls_entropy_f_source_ptr,
+        p_source: *mut crate::c_types::c_void,
+        threshold: usize,
+        strong: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Trigger an extra gather poll for the accumulator
+    ///                  (Thread-safe if MBEDTLS_THREADING_C is enabled)
+    ///
+    /// \param ctx       Entropy context
+    ///
+    /// \return          0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+    pub fn mbedtls_entropy_gather(ctx: *mut mbedtls_entropy_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Retrieve entropy from the accumulator
+    ///                  (Maximum length: MBEDTLS_ENTROPY_BLOCK_SIZE)
+    ///                  (Thread-safe if MBEDTLS_THREADING_C is enabled)
+    ///
+    /// \param data      Entropy context
+    /// \param output    Buffer to fill
+    /// \param len       Number of bytes desired, must be at most MBEDTLS_ENTROPY_BLOCK_SIZE
+    ///
+    /// \return          0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+    pub fn mbedtls_entropy_func(
+        data: *mut crate::c_types::c_void,
+        output: *mut crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Add data to the accumulator manually
+    ///                  (Thread-safe if MBEDTLS_THREADING_C is enabled)
+    ///
+    /// \param ctx       Entropy context
+    /// \param data      Data to add
+    /// \param len       Length of data
+    ///
+    /// \return          0 if successful
+    pub fn mbedtls_entropy_update_manual(
+        ctx: *mut mbedtls_entropy_context,
+        data: *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Checkup routine
+    ///
+    ///                 This module self-test also calls the entropy self-test,
+    ///                 mbedtls_entropy_source_self_test();
+    ///
+    /// \return         0 if successful, or 1 if a test failed
+    pub fn mbedtls_entropy_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief   Set the threshold error level to handle globally all debug output.
+    ///          Debug messages that have a level over the threshold value are
+    ///          discarded.
+    ///          (Default value: 0 = No debug )
+    ///
+    /// \param threshold     threshold level of messages to filter on. Messages at a
+    ///                      higher level will be discarded.
+    ///                          - Debug levels
+    ///                              - 0 No debug
+    ///                              - 1 Error
+    ///                              - 2 State change
+    ///                              - 3 Informational
+    ///                              - 4 Verbose
+    pub fn mbedtls_debug_set_threshold(threshold: crate::c_types::c_int);
+}
+extern "C" {
+    /// \brief    Print a message to the debug output. This function is always used
+    ///          through the MBEDTLS_SSL_DEBUG_MSG() macro, which supplies the ssl
+    ///          context, file and line number parameters.
+    ///
+    /// \param ssl       SSL context
+    /// \param level     error level of the debug message
+    /// \param file      file the message has occurred in
+    /// \param line      line number the message has occurred at
+    /// \param format    format specifier, in printf format
+    /// \param ...       variables used by the format specifier
+    ///
+    /// \attention       This function is intended for INTERNAL usage within the
+    ///                  library only.
+    pub fn mbedtls_debug_print_msg(
+        ssl: *const mbedtls_ssl_context,
+        level: crate::c_types::c_int,
+        file: *const crate::c_types::c_char,
+        line: crate::c_types::c_int,
+        format: *const crate::c_types::c_char,
+        ...
+    );
+}
+extern "C" {
+    /// \brief   Print the return value of a function to the debug output. This
+    ///          function is always used through the MBEDTLS_SSL_DEBUG_RET() macro,
+    ///          which supplies the ssl context, file and line number parameters.
+    ///
+    /// \param ssl       SSL context
+    /// \param level     error level of the debug message
+    /// \param file      file the error has occurred in
+    /// \param line      line number the error has occurred in
+    /// \param text      the name of the function that returned the error
+    /// \param ret       the return code value
+    ///
+    /// \attention       This function is intended for INTERNAL usage within the
+    ///                  library only.
+    pub fn mbedtls_debug_print_ret(
+        ssl: *const mbedtls_ssl_context,
+        level: crate::c_types::c_int,
+        file: *const crate::c_types::c_char,
+        line: crate::c_types::c_int,
+        text: *const crate::c_types::c_char,
+        ret: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief   Output a buffer of size len bytes to the debug output. This function
+    ///          is always used through the MBEDTLS_SSL_DEBUG_BUF() macro,
+    ///          which supplies the ssl context, file and line number parameters.
+    ///
+    /// \param ssl       SSL context
+    /// \param level     error level of the debug message
+    /// \param file      file the error has occurred in
+    /// \param line      line number the error has occurred in
+    /// \param text      a name or label for the buffer being dumped. Normally the
+    ///                  variable or buffer name
+    /// \param buf       the buffer to be outputted
+    /// \param len       length of the buffer
+    ///
+    /// \attention       This function is intended for INTERNAL usage within the
+    ///                  library only.
+    pub fn mbedtls_debug_print_buf(
+        ssl: *const mbedtls_ssl_context,
+        level: crate::c_types::c_int,
+        file: *const crate::c_types::c_char,
+        line: crate::c_types::c_int,
+        text: *const crate::c_types::c_char,
+        buf: *const crate::c_types::c_uchar,
+        len: usize,
+    );
+}
+extern "C" {
+    /// \brief   Print a MPI variable to the debug output. This function is always
+    ///          used through the MBEDTLS_SSL_DEBUG_MPI() macro, which supplies the
+    ///          ssl context, file and line number parameters.
+    ///
+    /// \param ssl       SSL context
+    /// \param level     error level of the debug message
+    /// \param file      file the error has occurred in
+    /// \param line      line number the error has occurred in
+    /// \param text      a name or label for the MPI being output. Normally the
+    ///                  variable name
+    /// \param X         the MPI variable
+    ///
+    /// \attention       This function is intended for INTERNAL usage within the
+    ///                  library only.
+    pub fn mbedtls_debug_print_mpi(
+        ssl: *const mbedtls_ssl_context,
+        level: crate::c_types::c_int,
+        file: *const crate::c_types::c_char,
+        line: crate::c_types::c_int,
+        text: *const crate::c_types::c_char,
+        X: *const mbedtls_mpi,
+    );
+}
+extern "C" {
+    /// \brief   Print an ECP point to the debug output. This function is always
+    ///          used through the MBEDTLS_SSL_DEBUG_ECP() macro, which supplies the
+    ///          ssl context, file and line number parameters.
+    ///
+    /// \param ssl       SSL context
+    /// \param level     error level of the debug message
+    /// \param file      file the error has occurred in
+    /// \param line      line number the error has occurred in
+    /// \param text      a name or label for the ECP point being output. Normally the
+    ///                  variable name
+    /// \param X         the ECP point
+    ///
+    /// \attention       This function is intended for INTERNAL usage within the
+    ///                  library only.
+    pub fn mbedtls_debug_print_ecp(
+        ssl: *const mbedtls_ssl_context,
+        level: crate::c_types::c_int,
+        file: *const crate::c_types::c_char,
+        line: crate::c_types::c_int,
+        text: *const crate::c_types::c_char,
+        X: *const mbedtls_ecp_point,
+    );
+}
+extern "C" {
+    /// \brief   Print a X.509 certificate structure to the debug output. This
+    ///          function is always used through the MBEDTLS_SSL_DEBUG_CRT() macro,
+    ///          which supplies the ssl context, file and line number parameters.
+    ///
+    /// \param ssl       SSL context
+    /// \param level     error level of the debug message
+    /// \param file      file the error has occurred in
+    /// \param line      line number the error has occurred in
+    /// \param text      a name or label for the certificate being output
+    /// \param crt       X.509 certificate structure
+    ///
+    /// \attention       This function is intended for INTERNAL usage within the
+    ///                  library only.
+    pub fn mbedtls_debug_print_crt(
+        ssl: *const mbedtls_ssl_context,
+        level: crate::c_types::c_int,
+        file: *const crate::c_types::c_char,
+        line: crate::c_types::c_int,
+        text: *const crate::c_types::c_char,
+        crt: *const mbedtls_x509_crt,
+    );
+}
+pub const mbedtls_debug_ecdh_attr_MBEDTLS_DEBUG_ECDH_Q: mbedtls_debug_ecdh_attr = 0;
+pub const mbedtls_debug_ecdh_attr_MBEDTLS_DEBUG_ECDH_QP: mbedtls_debug_ecdh_attr = 1;
+pub const mbedtls_debug_ecdh_attr_MBEDTLS_DEBUG_ECDH_Z: mbedtls_debug_ecdh_attr = 2;
+pub type mbedtls_debug_ecdh_attr = crate::c_types::c_uint;
+extern "C" {
+    /// \brief   Print a field of the ECDH structure in the SSL context to the debug
+    ///          output. This function is always used through the
+    ///          MBEDTLS_SSL_DEBUG_ECDH() macro, which supplies the ssl context, file
+    ///          and line number parameters.
+    ///
+    /// \param ssl       SSL context
+    /// \param level     error level of the debug message
+    /// \param file      file the error has occurred in
+    /// \param line      line number the error has occurred in
+    /// \param ecdh      the ECDH context
+    /// \param attr      the identifier of the attribute being output
+    ///
+    /// \attention       This function is intended for INTERNAL usage within the
+    ///                  library only.
+    pub fn mbedtls_debug_printf_ecdh(
+        ssl: *const mbedtls_ssl_context,
+        level: crate::c_types::c_int,
+        file: *const crate::c_types::c_char,
+        line: crate::c_types::c_int,
+        ecdh: *const mbedtls_ecdh_context,
+        attr: mbedtls_debug_ecdh_attr,
+    );
+}
+/// \brief The AES context-type definition.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_aes_context {
+    pub private_nr: crate::c_types::c_int,
+    pub private_rk_offset: usize,
+    pub private_buf: [u32; 68usize],
+}
+/// \brief The AES XTS context-type definition.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_aes_xts_context {
+    pub private_crypt: mbedtls_aes_context,
+    pub private_tweak: mbedtls_aes_context,
+}
+extern "C" {
+    /// \brief          This function initializes the specified AES context.
+    ///
+    ///                 It must be the first API called before using
+    ///                 the context.
+    ///
+    /// \param ctx      The AES context to initialize. This must not be \c NULL.
+    pub fn mbedtls_aes_init(ctx: *mut mbedtls_aes_context);
+}
+extern "C" {
+    /// \brief          This function releases and clears the specified AES context.
+    ///
+    /// \param ctx      The AES context to clear.
+    ///                 If this is \c NULL, this function does nothing.
+    ///                 Otherwise, the context must have been at least initialized.
+    pub fn mbedtls_aes_free(ctx: *mut mbedtls_aes_context);
+}
+extern "C" {
+    /// \brief          This function initializes the specified AES XTS context.
+    ///
+    ///                 It must be the first API called before using
+    ///                 the context.
+    ///
+    /// \param ctx      The AES XTS context to initialize. This must not be \c NULL.
+    pub fn mbedtls_aes_xts_init(ctx: *mut mbedtls_aes_xts_context);
+}
+extern "C" {
+    /// \brief          This function releases and clears the specified AES XTS context.
+    ///
+    /// \param ctx      The AES XTS context to clear.
+    ///                 If this is \c NULL, this function does nothing.
+    ///                 Otherwise, the context must have been at least initialized.
+    pub fn mbedtls_aes_xts_free(ctx: *mut mbedtls_aes_xts_context);
+}
+extern "C" {
+    /// \brief          This function sets the encryption key.
+    ///
+    /// \param ctx      The AES context to which the key should be bound.
+    ///                 It must be initialized.
+    /// \param key      The encryption key.
+    ///                 This must be a readable buffer of size \p keybits bits.
+    /// \param keybits  The size of data passed in bits. Valid options are:
+    ///                 <ul><li>128 bits</li>
+    ///                 <li>192 bits</li>
+    ///                 <li>256 bits</li></ul>
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
+    pub fn mbedtls_aes_setkey_enc(
+        ctx: *mut mbedtls_aes_context,
+        key: *const crate::c_types::c_uchar,
+        keybits: crate::c_types::c_uint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function sets the decryption key.
+    ///
+    /// \param ctx      The AES context to which the key should be bound.
+    ///                 It must be initialized.
+    /// \param key      The decryption key.
+    ///                 This must be a readable buffer of size \p keybits bits.
+    /// \param keybits  The size of data passed. Valid options are:
+    ///                 <ul><li>128 bits</li>
+    ///                 <li>192 bits</li>
+    ///                 <li>256 bits</li></ul>
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
+    pub fn mbedtls_aes_setkey_dec(
+        ctx: *mut mbedtls_aes_context,
+        key: *const crate::c_types::c_uchar,
+        keybits: crate::c_types::c_uint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function prepares an XTS context for encryption and
+    ///                 sets the encryption key.
+    ///
+    /// \param ctx      The AES XTS context to which the key should be bound.
+    ///                 It must be initialized.
+    /// \param key      The encryption key. This is comprised of the XTS key1
+    ///                 concatenated with the XTS key2.
+    ///                 This must be a readable buffer of size \p keybits bits.
+    /// \param keybits  The size of \p key passed in bits. Valid options are:
+    ///                 <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li>
+    ///                 <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul>
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
+    pub fn mbedtls_aes_xts_setkey_enc(
+        ctx: *mut mbedtls_aes_xts_context,
+        key: *const crate::c_types::c_uchar,
+        keybits: crate::c_types::c_uint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function prepares an XTS context for decryption and
+    ///                 sets the decryption key.
+    ///
+    /// \param ctx      The AES XTS context to which the key should be bound.
+    ///                 It must be initialized.
+    /// \param key      The decryption key. This is comprised of the XTS key1
+    ///                 concatenated with the XTS key2.
+    ///                 This must be a readable buffer of size \p keybits bits.
+    /// \param keybits  The size of \p key passed in bits. Valid options are:
+    ///                 <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li>
+    ///                 <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul>
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
+    pub fn mbedtls_aes_xts_setkey_dec(
+        ctx: *mut mbedtls_aes_xts_context,
+        key: *const crate::c_types::c_uchar,
+        keybits: crate::c_types::c_uint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs an AES single-block encryption or
+    ///                 decryption operation.
+    ///
+    ///                 It performs the operation defined in the \p mode parameter
+    ///                 (encrypt or decrypt), on the input data buffer defined in
+    ///                 the \p input parameter.
+    ///
+    ///                 mbedtls_aes_init(), and either mbedtls_aes_setkey_enc() or
+    ///                 mbedtls_aes_setkey_dec() must be called before the first
+    ///                 call to this API with the same context.
+    ///
+    /// \param ctx      The AES context to use for encryption or decryption.
+    ///                 It must be initialized and bound to a key.
+    /// \param mode     The AES operation: #MBEDTLS_AES_ENCRYPT or
+    ///                 #MBEDTLS_AES_DECRYPT.
+    /// \param input    The buffer holding the input data.
+    ///                 It must be readable and at least \c 16 Bytes long.
+    /// \param output   The buffer where the output data will be written.
+    ///                 It must be writeable and at least \c 16 Bytes long.
+    ///
+    /// \return         \c 0 on success.
+    pub fn mbedtls_aes_crypt_ecb(
+        ctx: *mut mbedtls_aes_context,
+        mode: crate::c_types::c_int,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief  This function performs an AES-CBC encryption or decryption operation
+    ///         on full blocks.
+    ///
+    ///         It performs the operation defined in the \p mode
+    ///         parameter (encrypt/decrypt), on the input data buffer defined in
+    ///         the \p input parameter.
+    ///
+    ///         It can be called as many times as needed, until all the input
+    ///         data is processed. mbedtls_aes_init(), and either
+    ///         mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called
+    ///         before the first call to this API with the same context.
+    ///
+    /// \note   This function operates on full blocks, that is, the input size
+    ///         must be a multiple of the AES block size of \c 16 Bytes.
+    ///
+    /// \note   Upon exit, the content of the IV is updated so that you can
+    ///         call the same function again on the next
+    ///         block(s) of data and get the same result as if it was
+    ///         encrypted in one call. This allows a "streaming" usage.
+    ///         If you need to retain the contents of the IV, you should
+    ///         either save it manually or use the cipher module instead.
+    ///
+    ///
+    /// \param ctx      The AES context to use for encryption or decryption.
+    ///                 It must be initialized and bound to a key.
+    /// \param mode     The AES operation: #MBEDTLS_AES_ENCRYPT or
+    ///                 #MBEDTLS_AES_DECRYPT.
+    /// \param length   The length of the input data in Bytes. This must be a
+    ///                 multiple of the block size (\c 16 Bytes).
+    /// \param iv       Initialization vector (updated after use).
+    ///                 It must be a readable and writeable buffer of \c 16 Bytes.
+    /// \param input    The buffer holding the input data.
+    ///                 It must be readable and of size \p length Bytes.
+    /// \param output   The buffer holding the output data.
+    ///                 It must be writeable and of size \p length Bytes.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
+    ///                 on failure.
+    pub fn mbedtls_aes_crypt_cbc(
+        ctx: *mut mbedtls_aes_context,
+        mode: crate::c_types::c_int,
+        length: usize,
+        iv: *mut crate::c_types::c_uchar,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief      This function performs an AES-XTS encryption or decryption
+    ///             operation for an entire XTS data unit.
+    ///
+    ///             AES-XTS encrypts or decrypts blocks based on their location as
+    ///             defined by a data unit number. The data unit number must be
+    ///             provided by \p data_unit.
+    ///
+    ///             NIST SP 800-38E limits the maximum size of a data unit to 2^20
+    ///             AES blocks. If the data unit is larger than this, this function
+    ///             returns #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH.
+    ///
+    /// \param ctx          The AES XTS context to use for AES XTS operations.
+    ///                     It must be initialized and bound to a key.
+    /// \param mode         The AES operation: #MBEDTLS_AES_ENCRYPT or
+    ///                     #MBEDTLS_AES_DECRYPT.
+    /// \param length       The length of a data unit in Bytes. This can be any
+    ///                     length between 16 bytes and 2^24 bytes inclusive
+    ///                     (between 1 and 2^20 block cipher blocks).
+    /// \param data_unit    The address of the data unit encoded as an array of 16
+    ///                     bytes in little-endian format. For disk encryption, this
+    ///                     is typically the index of the block device sector that
+    ///                     contains the data.
+    /// \param input        The buffer holding the input data (which is an entire
+    ///                     data unit). This function reads \p length Bytes from \p
+    ///                     input.
+    /// \param output       The buffer holding the output data (which is an entire
+    ///                     data unit). This function writes \p length Bytes to \p
+    ///                     output.
+    ///
+    /// \return             \c 0 on success.
+    /// \return             #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH if \p length is
+    ///                     smaller than an AES block in size (16 Bytes) or if \p
+    ///                     length is larger than 2^20 blocks (16 MiB).
+    pub fn mbedtls_aes_crypt_xts(
+        ctx: *mut mbedtls_aes_xts_context,
+        mode: crate::c_types::c_int,
+        length: usize,
+        data_unit: *const crate::c_types::c_uchar,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief This function performs an AES-CFB128 encryption or decryption
+    ///        operation.
+    ///
+    ///        It performs the operation defined in the \p mode
+    ///        parameter (encrypt or decrypt), on the input data buffer
+    ///        defined in the \p input parameter.
+    ///
+    ///        For CFB, you must set up the context with mbedtls_aes_setkey_enc(),
+    ///        regardless of whether you are performing an encryption or decryption
+    ///        operation, that is, regardless of the \p mode parameter. This is
+    ///        because CFB mode uses the same key schedule for encryption and
+    ///        decryption.
+    ///
+    /// \note  Upon exit, the content of the IV is updated so that you can
+    ///        call the same function again on the next
+    ///        block(s) of data and get the same result as if it was
+    ///        encrypted in one call. This allows a "streaming" usage.
+    ///        If you need to retain the contents of the
+    ///        IV, you must either save it manually or use the cipher
+    ///        module instead.
+    ///
+    ///
+    /// \param ctx      The AES context to use for encryption or decryption.
+    ///                 It must be initialized and bound to a key.
+    /// \param mode     The AES operation: #MBEDTLS_AES_ENCRYPT or
+    ///                 #MBEDTLS_AES_DECRYPT.
+    /// \param length   The length of the input data in Bytes.
+    /// \param iv_off   The offset in IV (updated after use).
+    ///                 It must point to a valid \c size_t.
+    /// \param iv       The initialization vector (updated after use).
+    ///                 It must be a readable and writeable buffer of \c 16 Bytes.
+    /// \param input    The buffer holding the input data.
+    ///                 It must be readable and of size \p length Bytes.
+    /// \param output   The buffer holding the output data.
+    ///                 It must be writeable and of size \p length Bytes.
+    ///
+    /// \return         \c 0 on success.
+    pub fn mbedtls_aes_crypt_cfb128(
+        ctx: *mut mbedtls_aes_context,
+        mode: crate::c_types::c_int,
+        length: usize,
+        iv_off: *mut usize,
+        iv: *mut crate::c_types::c_uchar,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief This function performs an AES-CFB8 encryption or decryption
+    ///        operation.
+    ///
+    ///        It performs the operation defined in the \p mode
+    ///        parameter (encrypt/decrypt), on the input data buffer defined
+    ///        in the \p input parameter.
+    ///
+    ///        Due to the nature of CFB, you must use the same key schedule for
+    ///        both encryption and decryption operations. Therefore, you must
+    ///        use the context initialized with mbedtls_aes_setkey_enc() for
+    ///        both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT.
+    ///
+    /// \note  Upon exit, the content of the IV is updated so that you can
+    ///        call the same function again on the next
+    ///        block(s) of data and get the same result as if it was
+    ///        encrypted in one call. This allows a "streaming" usage.
+    ///        If you need to retain the contents of the
+    ///        IV, you should either save it manually or use the cipher
+    ///        module instead.
+    ///
+    ///
+    /// \param ctx      The AES context to use for encryption or decryption.
+    ///                 It must be initialized and bound to a key.
+    /// \param mode     The AES operation: #MBEDTLS_AES_ENCRYPT or
+    ///                 #MBEDTLS_AES_DECRYPT
+    /// \param length   The length of the input data.
+    /// \param iv       The initialization vector (updated after use).
+    ///                 It must be a readable and writeable buffer of \c 16 Bytes.
+    /// \param input    The buffer holding the input data.
+    ///                 It must be readable and of size \p length Bytes.
+    /// \param output   The buffer holding the output data.
+    ///                 It must be writeable and of size \p length Bytes.
+    ///
+    /// \return         \c 0 on success.
+    pub fn mbedtls_aes_crypt_cfb8(
+        ctx: *mut mbedtls_aes_context,
+        mode: crate::c_types::c_int,
+        length: usize,
+        iv: *mut crate::c_types::c_uchar,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       This function performs an AES-OFB (Output Feedback Mode)
+    ///              encryption or decryption operation.
+    ///
+    ///              For OFB, you must set up the context with
+    ///              mbedtls_aes_setkey_enc(), regardless of whether you are
+    ///              performing an encryption or decryption operation. This is
+    ///              because OFB mode uses the same key schedule for encryption and
+    ///              decryption.
+    ///
+    ///              The OFB operation is identical for encryption or decryption,
+    ///              therefore no operation mode needs to be specified.
+    ///
+    /// \note        Upon exit, the content of iv, the Initialisation Vector, is
+    ///              updated so that you can call the same function again on the next
+    ///              block(s) of data and get the same result as if it was encrypted
+    ///              in one call. This allows a "streaming" usage, by initialising
+    ///              iv_off to 0 before the first call, and preserving its value
+    ///              between calls.
+    ///
+    ///              For non-streaming use, the iv should be initialised on each call
+    ///              to a unique value, and iv_off set to 0 on each call.
+    ///
+    ///              If you need to retain the contents of the initialisation vector,
+    ///              you must either save it manually or use the cipher module
+    ///              instead.
+    ///
+    /// \warning     For the OFB mode, the initialisation vector must be unique
+    ///              every encryption operation. Reuse of an initialisation vector
+    ///              will compromise security.
+    ///
+    /// \param ctx      The AES context to use for encryption or decryption.
+    ///                 It must be initialized and bound to a key.
+    /// \param length   The length of the input data.
+    /// \param iv_off   The offset in IV (updated after use).
+    ///                 It must point to a valid \c size_t.
+    /// \param iv       The initialization vector (updated after use).
+    ///                 It must be a readable and writeable buffer of \c 16 Bytes.
+    /// \param input    The buffer holding the input data.
+    ///                 It must be readable and of size \p length Bytes.
+    /// \param output   The buffer holding the output data.
+    ///                 It must be writeable and of size \p length Bytes.
+    ///
+    /// \return         \c 0 on success.
+    pub fn mbedtls_aes_crypt_ofb(
+        ctx: *mut mbedtls_aes_context,
+        length: usize,
+        iv_off: *mut usize,
+        iv: *mut crate::c_types::c_uchar,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief      This function performs an AES-CTR encryption or decryption
+    ///             operation.
+    ///
+    ///             Due to the nature of CTR, you must use the same key schedule
+    ///             for both encryption and decryption operations. Therefore, you
+    ///             must use the context initialized with mbedtls_aes_setkey_enc()
+    ///             for both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT.
+    ///
+    /// \warning    You must never reuse a nonce value with the same key. Doing so
+    ///             would void the encryption for the two messages encrypted with
+    ///             the same nonce and key.
+    ///
+    ///             There are two common strategies for managing nonces with CTR:
+    ///
+    ///             1. You can handle everything as a single message processed over
+    ///             successive calls to this function. In that case, you want to
+    ///             set \p nonce_counter and \p nc_off to 0 for the first call, and
+    ///             then preserve the values of \p nonce_counter, \p nc_off and \p
+    ///             stream_block across calls to this function as they will be
+    ///             updated by this function.
+    ///
+    ///             With this strategy, you must not encrypt more than 2**128
+    ///             blocks of data with the same key.
+    ///
+    ///             2. You can encrypt separate messages by dividing the \p
+    ///             nonce_counter buffer in two areas: the first one used for a
+    ///             per-message nonce, handled by yourself, and the second one
+    ///             updated by this function internally.
+    ///
+    ///             For example, you might reserve the first 12 bytes for the
+    ///             per-message nonce, and the last 4 bytes for internal use. In that
+    ///             case, before calling this function on a new message you need to
+    ///             set the first 12 bytes of \p nonce_counter to your chosen nonce
+    ///             value, the last 4 to 0, and \p nc_off to 0 (which will cause \p
+    ///             stream_block to be ignored). That way, you can encrypt at most
+    ///             2**96 messages of up to 2**32 blocks each with the same key.
+    ///
+    ///             The per-message nonce (or information sufficient to reconstruct
+    ///             it) needs to be communicated with the ciphertext and must be unique.
+    ///             The recommended way to ensure uniqueness is to use a message
+    ///             counter. An alternative is to generate random nonces, but this
+    ///             limits the number of messages that can be securely encrypted:
+    ///             for example, with 96-bit random nonces, you should not encrypt
+    ///             more than 2**32 messages with the same key.
+    ///
+    ///             Note that for both strategies, sizes are measured in blocks and
+    ///             that an AES block is 16 bytes.
+    ///
+    /// \warning    Upon return, \p stream_block contains sensitive data. Its
+    ///             content must not be written to insecure storage and should be
+    ///             securely discarded as soon as it's no longer needed.
+    ///
+    /// \param ctx              The AES context to use for encryption or decryption.
+    ///                         It must be initialized and bound to a key.
+    /// \param length           The length of the input data.
+    /// \param nc_off           The offset in the current \p stream_block, for
+    ///                         resuming within the current cipher stream. The
+    ///                         offset pointer should be 0 at the start of a stream.
+    ///                         It must point to a valid \c size_t.
+    /// \param nonce_counter    The 128-bit nonce and counter.
+    ///                         It must be a readable-writeable buffer of \c 16 Bytes.
+    /// \param stream_block     The saved stream block for resuming. This is
+    ///                         overwritten by the function.
+    ///                         It must be a readable-writeable buffer of \c 16 Bytes.
+    /// \param input            The buffer holding the input data.
+    ///                         It must be readable and of size \p length Bytes.
+    /// \param output           The buffer holding the output data.
+    ///                         It must be writeable and of size \p length Bytes.
+    ///
+    /// \return                 \c 0 on success.
+    pub fn mbedtls_aes_crypt_ctr(
+        ctx: *mut mbedtls_aes_context,
+        length: usize,
+        nc_off: *mut usize,
+        nonce_counter: *mut crate::c_types::c_uchar,
+        stream_block: *mut crate::c_types::c_uchar,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Internal AES block encryption function. This is only
+    ///                  exposed to allow overriding it using
+    ///                  \c MBEDTLS_AES_ENCRYPT_ALT.
+    ///
+    /// \param ctx       The AES context to use for encryption.
+    /// \param input     The plaintext block.
+    /// \param output    The output (ciphertext) block.
+    ///
+    /// \return          \c 0 on success.
+    pub fn mbedtls_internal_aes_encrypt(
+        ctx: *mut mbedtls_aes_context,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Internal AES block decryption function. This is only
+    ///                  exposed to allow overriding it using see
+    ///                  \c MBEDTLS_AES_DECRYPT_ALT.
+    ///
+    /// \param ctx       The AES context to use for decryption.
+    /// \param input     The ciphertext block.
+    /// \param output    The output (plaintext) block.
+    ///
+    /// \return          \c 0 on success.
+    pub fn mbedtls_internal_aes_decrypt(
+        ctx: *mut mbedtls_aes_context,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Checkup routine.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_aes_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+/// \brief          The CTR_DRBG context structure.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ctr_drbg_context {
+    pub private_counter: [crate::c_types::c_uchar; 16usize],
+    pub private_reseed_counter: crate::c_types::c_int,
+    pub private_prediction_resistance: crate::c_types::c_int,
+    pub private_entropy_len: usize,
+    pub private_reseed_interval: crate::c_types::c_int,
+    pub private_aes_ctx: mbedtls_aes_context,
+    pub private_f_entropy: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut crate::c_types::c_void,
+            arg2: *mut crate::c_types::c_uchar,
+            arg3: usize,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_p_entropy: *mut crate::c_types::c_void,
+}
+extern "C" {
+    /// \brief               This function initializes the CTR_DRBG context,
+    ///                      and prepares it for mbedtls_ctr_drbg_seed()
+    ///                      or mbedtls_ctr_drbg_free().
+    ///
+    /// \note                The reseed interval is
+    ///                      #MBEDTLS_CTR_DRBG_RESEED_INTERVAL by default.
+    ///                      You can override it by calling
+    ///                      mbedtls_ctr_drbg_set_reseed_interval().
+    ///
+    /// \param ctx           The CTR_DRBG context to initialize.
+    pub fn mbedtls_ctr_drbg_init(ctx: *mut mbedtls_ctr_drbg_context);
+}
+extern "C" {
+    /// - The \p custom string.
+    ///
+    /// \note                To achieve the nominal security strength permitted
+    ///                      by CTR_DRBG, the entropy length must be:
+    ///                      - at least 16 bytes for a 128-bit strength
+    ///                      (maximum achievable strength when using AES-128);
+    ///                      - at least 32 bytes for a 256-bit strength
+    ///                      (maximum achievable strength when using AES-256).
+    ///
+    ///                      In addition, if you do not pass a nonce in \p custom,
+    ///                      the sum of the entropy length
+    ///                      and the entropy nonce length must be:
+    ///                      - at least 24 bytes for a 128-bit strength
+    ///                      (maximum achievable strength when using AES-128);
+    ///                      - at least 48 bytes for a 256-bit strength
+    ///                      (maximum achievable strength when using AES-256).
+    ///
+    /// \param ctx           The CTR_DRBG context to seed.
+    ///                      It must have been initialized with
+    ///                      mbedtls_ctr_drbg_init().
+    ///                      After a successful call to mbedtls_ctr_drbg_seed(),
+    ///                      you may not call mbedtls_ctr_drbg_seed() again on
+    ///                      the same context unless you call
+    ///                      mbedtls_ctr_drbg_free() and mbedtls_ctr_drbg_init()
+    ///                      again first.
+    ///                      After a failed call to mbedtls_ctr_drbg_seed(),
+    ///                      you must call mbedtls_ctr_drbg_free().
+    /// \param f_entropy     The entropy callback, taking as arguments the
+    ///                      \p p_entropy context, the buffer to fill, and the
+    ///                      length of the buffer.
+    ///                      \p f_entropy is always called with a buffer size
+    ///                      less than or equal to the entropy length.
+    /// \param p_entropy     The entropy context to pass to \p f_entropy.
+    /// \param custom        The personalization string.
+    ///                      This can be \c NULL, in which case the personalization
+    ///                      string is empty regardless of the value of \p len.
+    /// \param len           The length of the personalization string.
+    ///                      This must be at most
+    ///                      #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT
+    ///                      - #MBEDTLS_CTR_DRBG_ENTROPY_LEN.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
+    pub fn mbedtls_ctr_drbg_seed(
+        ctx: *mut mbedtls_ctr_drbg_context,
+        f_entropy: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_entropy: *mut crate::c_types::c_void,
+        custom: *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function resets CTR_DRBG context to the state immediately
+    ///                      after initial call of mbedtls_ctr_drbg_init().
+    ///
+    /// \param ctx           The CTR_DRBG context to clear.
+    pub fn mbedtls_ctr_drbg_free(ctx: *mut mbedtls_ctr_drbg_context);
+}
+extern "C" {
+    /// \brief               This function turns prediction resistance on or off.
+    ///                      The default value is off.
+    ///
+    /// \note                If enabled, entropy is gathered at the beginning of
+    ///                      every call to mbedtls_ctr_drbg_random_with_add()
+    ///                      or mbedtls_ctr_drbg_random().
+    ///                      Only use this if your entropy source has sufficient
+    ///                      throughput.
+    ///
+    /// \param ctx           The CTR_DRBG context.
+    /// \param resistance    #MBEDTLS_CTR_DRBG_PR_ON or #MBEDTLS_CTR_DRBG_PR_OFF.
+    pub fn mbedtls_ctr_drbg_set_prediction_resistance(
+        ctx: *mut mbedtls_ctr_drbg_context,
+        resistance: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief               This function sets the amount of entropy grabbed on each
+    ///                      seed or reseed.
+    ///
+    /// The default value is #MBEDTLS_CTR_DRBG_ENTROPY_LEN.
+    ///
+    /// \note                The security strength of CTR_DRBG is bounded by the
+    ///                      entropy length. Thus:
+    ///                      - When using AES-256
+    ///                        (\c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is disabled,
+    ///                        which is the default),
+    ///                        \p len must be at least 32 (in bytes)
+    ///                        to achieve a 256-bit strength.
+    ///                      - When using AES-128
+    ///                        (\c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is enabled)
+    ///                        \p len must be at least 16 (in bytes)
+    ///                        to achieve a 128-bit strength.
+    ///
+    /// \param ctx           The CTR_DRBG context.
+    /// \param len           The amount of entropy to grab, in bytes.
+    ///                      This must be at most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT
+    ///                      and at most the maximum length accepted by the
+    ///                      entropy function that is set in the context.
+    pub fn mbedtls_ctr_drbg_set_entropy_len(ctx: *mut mbedtls_ctr_drbg_context, len: usize);
+}
+extern "C" {
+    /// \brief               This function sets the amount of entropy grabbed
+    ///                      as a nonce for the initial seeding.
+    ///
+    /// Call this function before calling mbedtls_ctr_drbg_seed() to read
+    /// a nonce from the entropy source during the initial seeding.
+    ///
+    /// \param ctx           The CTR_DRBG context.
+    /// \param len           The amount of entropy to grab for the nonce, in bytes.
+    ///                      This must be at most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT
+    ///                      and at most the maximum length accepted by the
+    ///                      entropy function that is set in the context.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if \p len is
+    ///                      more than #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
+    /// \return              #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
+    ///                      if the initial seeding has already taken place.
+    pub fn mbedtls_ctr_drbg_set_nonce_len(
+        ctx: *mut mbedtls_ctr_drbg_context,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function sets the reseed interval.
+    ///
+    /// The reseed interval is the number of calls to mbedtls_ctr_drbg_random()
+    /// or mbedtls_ctr_drbg_random_with_add() after which the entropy function
+    /// is called again.
+    ///
+    /// The default value is #MBEDTLS_CTR_DRBG_RESEED_INTERVAL.
+    ///
+    /// \param ctx           The CTR_DRBG context.
+    /// \param interval      The reseed interval.
+    pub fn mbedtls_ctr_drbg_set_reseed_interval(
+        ctx: *mut mbedtls_ctr_drbg_context,
+        interval: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief               This function reseeds the CTR_DRBG context, that is
+    ///                      extracts data from the entropy source.
+    ///
+    /// \note                This function is not thread-safe. It is not safe
+    ///                      to call this function if another thread might be
+    ///                      concurrently obtaining random numbers from the same
+    ///                      context or updating or reseeding the same context.
+    ///
+    /// \param ctx           The CTR_DRBG context.
+    /// \param additional    Additional data to add to the state. Can be \c NULL.
+    /// \param len           The length of the additional data.
+    ///                      This must be less than
+    ///                      #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - \c entropy_len
+    ///                      where \c entropy_len is the entropy length
+    ///                      configured for the context.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
+    pub fn mbedtls_ctr_drbg_reseed(
+        ctx: *mut mbedtls_ctr_drbg_context,
+        additional: *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief              This function updates the state of the CTR_DRBG context.
+    ///
+    /// \note                This function is not thread-safe. It is not safe
+    ///                      to call this function if another thread might be
+    ///                      concurrently obtaining random numbers from the same
+    ///                      context or updating or reseeding the same context.
+    ///
+    /// \param ctx          The CTR_DRBG context.
+    /// \param additional   The data to update the state with. This must not be
+    ///                     \c NULL unless \p add_len is \c 0.
+    /// \param add_len      Length of \p additional in bytes. This must be at
+    ///                     most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
+    ///
+    /// \return             \c 0 on success.
+    /// \return             #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if
+    ///                     \p add_len is more than
+    ///                     #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
+    /// \return             An error from the underlying AES cipher on failure.
+    pub fn mbedtls_ctr_drbg_update(
+        ctx: *mut mbedtls_ctr_drbg_context,
+        additional: *const crate::c_types::c_uchar,
+        add_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief   This function updates a CTR_DRBG instance with additional
+    ///          data and uses it to generate random data.
+    ///
+    /// This function automatically reseeds if the reseed counter is exceeded
+    /// or prediction resistance is enabled.
+    ///
+    /// \note                This function is not thread-safe. It is not safe
+    ///                      to call this function if another thread might be
+    ///                      concurrently obtaining random numbers from the same
+    ///                      context or updating or reseeding the same context.
+    ///
+    /// \param p_rng         The CTR_DRBG context. This must be a pointer to a
+    ///                      #mbedtls_ctr_drbg_context structure.
+    /// \param output        The buffer to fill.
+    /// \param output_len    The length of the buffer in bytes.
+    /// \param additional    Additional data to update. Can be \c NULL, in which
+    ///                      case the additional data is empty regardless of
+    ///                      the value of \p add_len.
+    /// \param add_len       The length of the additional data
+    ///                      if \p additional is not \c NULL.
+    ///                      This must be less than #MBEDTLS_CTR_DRBG_MAX_INPUT
+    ///                      and less than
+    ///                      #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - \c entropy_len
+    ///                      where \c entropy_len is the entropy length
+    ///                      configured for the context.
+    ///
+    /// \return    \c 0 on success.
+    /// \return    #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
+    ///            #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure.
+    pub fn mbedtls_ctr_drbg_random_with_add(
+        p_rng: *mut crate::c_types::c_void,
+        output: *mut crate::c_types::c_uchar,
+        output_len: usize,
+        additional: *const crate::c_types::c_uchar,
+        add_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \param p_rng         The CTR_DRBG context. This must be a pointer to a
+    ///                      #mbedtls_ctr_drbg_context structure.
+    /// \param output        The buffer to fill.
+    /// \param output_len    The length of the buffer in bytes.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
+    ///                      #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure.
+    pub fn mbedtls_ctr_drbg_random(
+        p_rng: *mut crate::c_types::c_void,
+        output: *mut crate::c_types::c_uchar,
+        output_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               The CTR_DRBG checkup routine.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              \c 1 on failure.
+    pub fn mbedtls_ctr_drbg_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
diff --git a/esp-mbedtls-sys/src/include/esp32s2.rs b/esp-mbedtls-sys/src/include/esp32s2.rs
new file mode 100644
index 0000000..34a5e23
--- /dev/null
+++ b/esp-mbedtls-sys/src/include/esp32s2.rs
@@ -0,0 +1,22631 @@
+/* automatically generated by rust-bindgen 0.68.1 */
+
+#![allow(
+    non_camel_case_types,
+    non_snake_case,
+    non_upper_case_globals,
+    dead_code
+)]
+
+#[repr(C)]
+#[derive(Copy, Clone, Debug, Default, Eq, Hash, Ord, PartialEq, PartialOrd)]
+pub struct __BindgenBitfieldUnit<Storage> {
+    storage: Storage,
+}
+impl<Storage> __BindgenBitfieldUnit<Storage> {
+    #[inline]
+    pub const fn new(storage: Storage) -> Self {
+        Self { storage }
+    }
+}
+impl<Storage> __BindgenBitfieldUnit<Storage>
+where
+    Storage: AsRef<[u8]> + AsMut<[u8]>,
+{
+    #[inline]
+    pub fn get_bit(&self, index: usize) -> bool {
+        debug_assert!(index / 8 < self.storage.as_ref().len());
+        let byte_index = index / 8;
+        let byte = self.storage.as_ref()[byte_index];
+        let bit_index = if cfg!(target_endian = "big") {
+            7 - (index % 8)
+        } else {
+            index % 8
+        };
+        let mask = 1 << bit_index;
+        byte & mask == mask
+    }
+    #[inline]
+    pub fn set_bit(&mut self, index: usize, val: bool) {
+        debug_assert!(index / 8 < self.storage.as_ref().len());
+        let byte_index = index / 8;
+        let byte = &mut self.storage.as_mut()[byte_index];
+        let bit_index = if cfg!(target_endian = "big") {
+            7 - (index % 8)
+        } else {
+            index % 8
+        };
+        let mask = 1 << bit_index;
+        if val {
+            *byte |= mask;
+        } else {
+            *byte &= !mask;
+        }
+    }
+    #[inline]
+    pub fn get(&self, bit_offset: usize, bit_width: u8) -> u64 {
+        debug_assert!(bit_width <= 64);
+        debug_assert!(bit_offset / 8 < self.storage.as_ref().len());
+        debug_assert!((bit_offset + (bit_width as usize)) / 8 <= self.storage.as_ref().len());
+        let mut val = 0;
+        for i in 0..(bit_width as usize) {
+            if self.get_bit(i + bit_offset) {
+                let index = if cfg!(target_endian = "big") {
+                    bit_width as usize - 1 - i
+                } else {
+                    i
+                };
+                val |= 1 << index;
+            }
+        }
+        val
+    }
+    #[inline]
+    pub fn set(&mut self, bit_offset: usize, bit_width: u8, val: u64) {
+        debug_assert!(bit_width <= 64);
+        debug_assert!(bit_offset / 8 < self.storage.as_ref().len());
+        debug_assert!((bit_offset + (bit_width as usize)) / 8 <= self.storage.as_ref().len());
+        for i in 0..(bit_width as usize) {
+            let mask = 1 << i;
+            let val_bit_is_set = val & mask == mask;
+            let index = if cfg!(target_endian = "big") {
+                bit_width as usize - 1 - i
+            } else {
+                i
+            };
+            self.set_bit(index + bit_offset, val_bit_is_set);
+        }
+    }
+}
+pub const MBEDTLS_CONFIG_FILE: &[u8; 9] = b"config.h\0";
+pub const MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT: u32 = 0;
+pub const MBEDTLS_SSL_MAX_EARLY_DATA_SIZE: u32 = 1024;
+pub const MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE: u32 = 6000;
+pub const MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH: u32 = 32;
+pub const MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS: u32 = 1;
+pub const MBEDTLS_VERSION_MAJOR: u32 = 3;
+pub const MBEDTLS_VERSION_MINOR: u32 = 4;
+pub const MBEDTLS_VERSION_PATCH: u32 = 0;
+pub const MBEDTLS_VERSION_NUMBER: u32 = 50593792;
+pub const MBEDTLS_VERSION_STRING: &[u8; 6] = b"3.4.0\0";
+pub const MBEDTLS_VERSION_STRING_FULL: &[u8; 15] = b"mbed TLS 3.4.0\0";
+pub const MBEDTLS_PSA_BUILTIN_ALG_CCM: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG: u32 = 1;
+pub const PSA_WANT_ALG_CCM: u32 = 1;
+pub const PSA_WANT_ALG_CCM_STAR_NO_TAG: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_CMAC: u32 = 1;
+pub const PSA_WANT_ALG_CMAC: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_ECDH: u32 = 1;
+pub const PSA_WANT_ALG_ECDH: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_ECDSA: u32 = 1;
+pub const PSA_WANT_ALG_ECDSA: u32 = 1;
+pub const PSA_WANT_ALG_ECDSA_ANY: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA: u32 = 1;
+pub const PSA_WANT_ALG_DETERMINISTIC_ECDSA: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_ECC_KEY_PAIR: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_GCM: u32 = 1;
+pub const PSA_WANT_ALG_GCM: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_HMAC: u32 = 1;
+pub const PSA_WANT_ALG_HMAC: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_HKDF: u32 = 1;
+pub const PSA_WANT_ALG_HKDF: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT: u32 = 1;
+pub const PSA_WANT_ALG_HKDF_EXTRACT: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND: u32 = 1;
+pub const PSA_WANT_ALG_HKDF_EXPAND: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF: u32 = 1;
+pub const PSA_WANT_ALG_TLS12_PRF: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS: u32 = 1;
+pub const PSA_WANT_ALG_TLS12_PSK_TO_MS: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_MD5: u32 = 1;
+pub const PSA_WANT_ALG_MD5: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_PAKE: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_JPAKE: u32 = 1;
+pub const PSA_WANT_ALG_JPAKE: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160: u32 = 1;
+pub const PSA_WANT_ALG_RIPEMD160: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT: u32 = 1;
+pub const PSA_WANT_ALG_RSA_PKCS1V15_CRYPT: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN: u32 = 1;
+pub const PSA_WANT_ALG_RSA_PKCS1V15_SIGN: u32 = 1;
+pub const PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP: u32 = 1;
+pub const PSA_WANT_ALG_RSA_OAEP: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS: u32 = 1;
+pub const PSA_WANT_ALG_RSA_PSS: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_RSA_KEY_PAIR: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_SHA_1: u32 = 1;
+pub const PSA_WANT_ALG_SHA_1: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_SHA_224: u32 = 1;
+pub const PSA_WANT_ALG_SHA_224: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_SHA_256: u32 = 1;
+pub const PSA_WANT_ALG_SHA_256: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_SHA_384: u32 = 1;
+pub const PSA_WANT_ALG_SHA_384: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_SHA_512: u32 = 1;
+pub const PSA_WANT_ALG_SHA_512: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_AES: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_ARIA: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_CAMELLIA: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_DES: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS: u32 = 1;
+pub const PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_CHACHA20: u32 = 1;
+pub const PSA_WANT_ALG_STREAM_CIPHER: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER: u32 = 1;
+pub const PSA_WANT_ALG_CHACHA20_POLY1305: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING: u32 = 1;
+pub const PSA_WANT_ALG_CBC_NO_PADDING: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7: u32 = 1;
+pub const PSA_WANT_ALG_CBC_PKCS7: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING: u32 = 1;
+pub const PSA_WANT_ALG_ECB_NO_PADDING: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_CFB: u32 = 1;
+pub const PSA_WANT_ALG_CFB: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_CTR: u32 = 1;
+pub const PSA_WANT_ALG_CTR: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_OFB: u32 = 1;
+pub const PSA_WANT_ALG_OFB: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256: u32 = 1;
+pub const PSA_HAVE_FULL_ECDSA: u32 = 1;
+pub const PSA_HAVE_FULL_JPAKE: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_DERIVE: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_PASSWORD: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_PASSWORD_HASH: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_RAW_DATA: u32 = 1;
+pub const _LIBC_LIMITS_H_: u32 = 1;
+pub const __NEWLIB_H__: u32 = 1;
+pub const _NEWLIB_VERSION_H__: u32 = 1;
+pub const _NEWLIB_VERSION: &[u8; 6] = b"3.3.0\0";
+pub const __NEWLIB__: u32 = 3;
+pub const __NEWLIB_MINOR__: u32 = 3;
+pub const __NEWLIB_PATCHLEVEL__: u32 = 0;
+pub const _WANT_IO_C99_FORMATS: u32 = 1;
+pub const _WANT_IO_LONG_LONG: u32 = 1;
+pub const _WANT_IO_POS_ARGS: u32 = 1;
+pub const _WANT_REENT_SMALL: u32 = 1;
+pub const _REENT_CHECK_VERIFY: u32 = 1;
+pub const _MB_LEN_MAX: u32 = 1;
+pub const _ICONV_ENABLED: u32 = 1;
+pub const HAVE_INITFINI_ARRAY: u32 = 1;
+pub const _ATEXIT_DYNAMIC_ALLOC: u32 = 1;
+pub const _HAVE_LONG_DOUBLE: u32 = 1;
+pub const _HAVE_CC_INHIBIT_LOOP_TO_LIBCALL: u32 = 1;
+pub const _LDBL_EQ_DBL: u32 = 1;
+pub const _FVWRITE_IN_STREAMIO: u32 = 1;
+pub const _FSEEK_OPTIMIZATION: u32 = 1;
+pub const _UNBUF_STREAM_OPT: u32 = 1;
+pub const _RETARGETABLE_LOCKING: u32 = 1;
+pub const _WANT_USE_LONG_TIME_T: u32 = 1;
+pub const _DEFAULT_SOURCE: u32 = 1;
+pub const _POSIX_SOURCE: u32 = 1;
+pub const _POSIX_C_SOURCE: u32 = 200809;
+pub const _ATFILE_SOURCE: u32 = 1;
+pub const __ATFILE_VISIBLE: u32 = 1;
+pub const __BSD_VISIBLE: u32 = 1;
+pub const __GNU_VISIBLE: u32 = 0;
+pub const __ISO_C_VISIBLE: u32 = 2011;
+pub const __LARGEFILE_VISIBLE: u32 = 0;
+pub const __MISC_VISIBLE: u32 = 1;
+pub const __POSIX_VISIBLE: u32 = 200809;
+pub const __SVID_VISIBLE: u32 = 1;
+pub const __XSI_VISIBLE: u32 = 0;
+pub const __SSP_FORTIFY_LEVEL: u32 = 0;
+pub const _POSIX_THREADS: u32 = 1;
+pub const _POSIX_TIMEOUTS: u32 = 1;
+pub const _POSIX_TIMERS: u32 = 1;
+pub const _POSIX_MONOTONIC_CLOCK: u32 = 200112;
+pub const _POSIX_CLOCK_SELECTION: u32 = 200112;
+pub const _UNIX98_THREAD_MUTEX_ATTRIBUTES: u32 = 1;
+pub const __have_longlong64: u32 = 1;
+pub const __have_long32: u32 = 1;
+pub const ___int8_t_defined: u32 = 1;
+pub const ___int16_t_defined: u32 = 1;
+pub const ___int32_t_defined: u32 = 1;
+pub const ___int64_t_defined: u32 = 1;
+pub const ___int_least8_t_defined: u32 = 1;
+pub const ___int_least16_t_defined: u32 = 1;
+pub const ___int_least32_t_defined: u32 = 1;
+pub const ___int_least64_t_defined: u32 = 1;
+pub const __GNUCLIKE_ASM: u32 = 3;
+pub const __GNUCLIKE___TYPEOF: u32 = 1;
+pub const __GNUCLIKE___OFFSETOF: u32 = 1;
+pub const __GNUCLIKE___SECTION: u32 = 1;
+pub const __GNUCLIKE_CTOR_SECTION_HANDLING: u32 = 1;
+pub const __GNUCLIKE_BUILTIN_CONSTANT_P: u32 = 1;
+pub const __GNUCLIKE_BUILTIN_VARARGS: u32 = 1;
+pub const __GNUCLIKE_BUILTIN_STDARG: u32 = 1;
+pub const __GNUCLIKE_BUILTIN_VAALIST: u32 = 1;
+pub const __GNUC_VA_LIST_COMPATIBILITY: u32 = 1;
+pub const __GNUCLIKE_BUILTIN_NEXT_ARG: u32 = 1;
+pub const __GNUCLIKE_BUILTIN_MEMCPY: u32 = 1;
+pub const __CC_SUPPORTS_INLINE: u32 = 1;
+pub const __CC_SUPPORTS___INLINE: u32 = 1;
+pub const __CC_SUPPORTS___INLINE__: u32 = 1;
+pub const __CC_SUPPORTS___FUNC__: u32 = 1;
+pub const __CC_SUPPORTS_WARNING: u32 = 1;
+pub const __CC_SUPPORTS_VARADIC_XXX: u32 = 1;
+pub const __CC_SUPPORTS_DYNAMIC_ARRAY_INIT: u32 = 1;
+pub const ARG_MAX: u32 = 4096;
+pub const CHILD_MAX: u32 = 40;
+pub const LINK_MAX: u32 = 32767;
+pub const MAX_CANON: u32 = 255;
+pub const MAX_INPUT: u32 = 255;
+pub const NAME_MAX: u32 = 255;
+pub const NGROUPS_MAX: u32 = 16;
+pub const OPEN_MAX: u32 = 64;
+pub const PATH_MAX: u32 = 1024;
+pub const PIPE_BUF: u32 = 512;
+pub const IOV_MAX: u32 = 1024;
+pub const BC_BASE_MAX: u32 = 99;
+pub const BC_DIM_MAX: u32 = 2048;
+pub const BC_SCALE_MAX: u32 = 99;
+pub const BC_STRING_MAX: u32 = 1000;
+pub const COLL_WEIGHTS_MAX: u32 = 0;
+pub const EXPR_NEST_MAX: u32 = 32;
+pub const LINE_MAX: u32 = 2048;
+pub const RE_DUP_MAX: u32 = 255;
+pub const MB_LEN_MAX: u32 = 1;
+pub const NL_ARGMAX: u32 = 32;
+pub const _POSIX2_RE_DUP_MAX: u32 = 255;
+pub const __int20: u32 = 2;
+pub const __int20__: u32 = 2;
+pub const __INT8: &[u8; 3] = b"hh\0";
+pub const __INT16: &[u8; 2] = b"h\0";
+pub const __INT64: &[u8; 3] = b"ll\0";
+pub const __FAST8: &[u8; 3] = b"hh\0";
+pub const __FAST16: &[u8; 2] = b"h\0";
+pub const __FAST64: &[u8; 3] = b"ll\0";
+pub const __LEAST8: &[u8; 3] = b"hh\0";
+pub const __LEAST16: &[u8; 2] = b"h\0";
+pub const __LEAST64: &[u8; 3] = b"ll\0";
+pub const __int8_t_defined: u32 = 1;
+pub const __int16_t_defined: u32 = 1;
+pub const __int32_t_defined: u32 = 1;
+pub const __int64_t_defined: u32 = 1;
+pub const __int_least8_t_defined: u32 = 1;
+pub const __int_least16_t_defined: u32 = 1;
+pub const __int_least32_t_defined: u32 = 1;
+pub const __int_least64_t_defined: u32 = 1;
+pub const __int_fast8_t_defined: u32 = 1;
+pub const __int_fast16_t_defined: u32 = 1;
+pub const __int_fast32_t_defined: u32 = 1;
+pub const __int_fast64_t_defined: u32 = 1;
+pub const WINT_MIN: u32 = 0;
+pub const MBEDTLS_ERR_MPI_FILE_IO_ERROR: i32 = -2;
+pub const MBEDTLS_ERR_MPI_BAD_INPUT_DATA: i32 = -4;
+pub const MBEDTLS_ERR_MPI_INVALID_CHARACTER: i32 = -6;
+pub const MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL: i32 = -8;
+pub const MBEDTLS_ERR_MPI_NEGATIVE_VALUE: i32 = -10;
+pub const MBEDTLS_ERR_MPI_DIVISION_BY_ZERO: i32 = -12;
+pub const MBEDTLS_ERR_MPI_NOT_ACCEPTABLE: i32 = -14;
+pub const MBEDTLS_ERR_MPI_ALLOC_FAILED: i32 = -16;
+pub const MBEDTLS_MPI_MAX_LIMBS: u32 = 10000;
+pub const MBEDTLS_MPI_WINDOW_SIZE: u32 = 2;
+pub const MBEDTLS_MPI_MAX_SIZE: u32 = 1024;
+pub const MBEDTLS_MPI_MAX_BITS: u32 = 8192;
+pub const MBEDTLS_MPI_MAX_BITS_SCALE100: u32 = 819200;
+pub const MBEDTLS_LN_2_DIV_LN_10_SCALE100: u32 = 332;
+pub const MBEDTLS_MPI_RW_BUFFER_SIZE: u32 = 2484;
+pub const MBEDTLS_ERR_ECP_BAD_INPUT_DATA: i32 = -20352;
+pub const MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL: i32 = -20224;
+pub const MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE: i32 = -20096;
+pub const MBEDTLS_ERR_ECP_VERIFY_FAILED: i32 = -19968;
+pub const MBEDTLS_ERR_ECP_ALLOC_FAILED: i32 = -19840;
+pub const MBEDTLS_ERR_ECP_RANDOM_FAILED: i32 = -19712;
+pub const MBEDTLS_ERR_ECP_INVALID_KEY: i32 = -19584;
+pub const MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH: i32 = -19456;
+pub const MBEDTLS_ERR_ECP_IN_PROGRESS: i32 = -19200;
+pub const MBEDTLS_ECP_DP_MAX: u32 = 14;
+pub const MBEDTLS_ECP_WINDOW_SIZE: u32 = 4;
+pub const MBEDTLS_ECP_FIXED_POINT_OPTIM: u32 = 1;
+pub const MBEDTLS_ECP_MAX_BITS: u32 = 521;
+pub const MBEDTLS_ECP_MAX_BYTES: u32 = 66;
+pub const MBEDTLS_ECP_MAX_PT_LEN: u32 = 133;
+pub const MBEDTLS_ECP_PF_UNCOMPRESSED: u32 = 0;
+pub const MBEDTLS_ECP_PF_COMPRESSED: u32 = 1;
+pub const MBEDTLS_ECP_TLS_NAMED_CURVE: u32 = 3;
+pub const MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE: i32 = -20608;
+pub const MBEDTLS_ERR_MD_BAD_INPUT_DATA: i32 = -20736;
+pub const MBEDTLS_ERR_MD_ALLOC_FAILED: i32 = -20864;
+pub const MBEDTLS_ERR_MD_FILE_IO_ERROR: i32 = -20992;
+pub const MBEDTLS_MD_MAX_SIZE: u32 = 64;
+pub const MBEDTLS_MD_MAX_BLOCK_SIZE: u32 = 128;
+pub const MBEDTLS_ERR_RSA_BAD_INPUT_DATA: i32 = -16512;
+pub const MBEDTLS_ERR_RSA_INVALID_PADDING: i32 = -16640;
+pub const MBEDTLS_ERR_RSA_KEY_GEN_FAILED: i32 = -16768;
+pub const MBEDTLS_ERR_RSA_KEY_CHECK_FAILED: i32 = -16896;
+pub const MBEDTLS_ERR_RSA_PUBLIC_FAILED: i32 = -17024;
+pub const MBEDTLS_ERR_RSA_PRIVATE_FAILED: i32 = -17152;
+pub const MBEDTLS_ERR_RSA_VERIFY_FAILED: i32 = -17280;
+pub const MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE: i32 = -17408;
+pub const MBEDTLS_ERR_RSA_RNG_FAILED: i32 = -17536;
+pub const MBEDTLS_RSA_PKCS_V15: u32 = 0;
+pub const MBEDTLS_RSA_PKCS_V21: u32 = 1;
+pub const MBEDTLS_RSA_SIGN: u32 = 1;
+pub const MBEDTLS_RSA_CRYPT: u32 = 2;
+pub const MBEDTLS_RSA_SALT_LEN_ANY: i32 = -1;
+pub const MBEDTLS_ERR_PK_ALLOC_FAILED: i32 = -16256;
+pub const MBEDTLS_ERR_PK_TYPE_MISMATCH: i32 = -16128;
+pub const MBEDTLS_ERR_PK_BAD_INPUT_DATA: i32 = -16000;
+pub const MBEDTLS_ERR_PK_FILE_IO_ERROR: i32 = -15872;
+pub const MBEDTLS_ERR_PK_KEY_INVALID_VERSION: i32 = -15744;
+pub const MBEDTLS_ERR_PK_KEY_INVALID_FORMAT: i32 = -15616;
+pub const MBEDTLS_ERR_PK_UNKNOWN_PK_ALG: i32 = -15488;
+pub const MBEDTLS_ERR_PK_PASSWORD_REQUIRED: i32 = -15360;
+pub const MBEDTLS_ERR_PK_PASSWORD_MISMATCH: i32 = -15232;
+pub const MBEDTLS_ERR_PK_INVALID_PUBKEY: i32 = -15104;
+pub const MBEDTLS_ERR_PK_INVALID_ALG: i32 = -14976;
+pub const MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE: i32 = -14848;
+pub const MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE: i32 = -14720;
+pub const MBEDTLS_ERR_PK_SIG_LEN_MISMATCH: i32 = -14592;
+pub const MBEDTLS_ERR_PK_BUFFER_TOO_SMALL: i32 = -14464;
+pub const MBEDTLS_PK_SIGNATURE_MAX_SIZE: u32 = 0;
+pub const MBEDTLS_PK_DEBUG_MAX_ITEMS: u32 = 3;
+pub const MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE: i32 = -24704;
+pub const MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA: i32 = -24832;
+pub const MBEDTLS_ERR_CIPHER_ALLOC_FAILED: i32 = -24960;
+pub const MBEDTLS_ERR_CIPHER_INVALID_PADDING: i32 = -25088;
+pub const MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED: i32 = -25216;
+pub const MBEDTLS_ERR_CIPHER_AUTH_FAILED: i32 = -25344;
+pub const MBEDTLS_ERR_CIPHER_INVALID_CONTEXT: i32 = -25472;
+pub const MBEDTLS_CIPHER_VARIABLE_IV_LEN: u32 = 1;
+pub const MBEDTLS_CIPHER_VARIABLE_KEY_LEN: u32 = 2;
+pub const MBEDTLS_MAX_IV_LENGTH: u32 = 16;
+pub const MBEDTLS_MAX_BLOCK_LENGTH: u32 = 16;
+pub const MBEDTLS_MAX_KEY_LENGTH: u32 = 64;
+pub const MBEDTLS_TLS_RSA_WITH_NULL_MD5: u32 = 1;
+pub const MBEDTLS_TLS_RSA_WITH_NULL_SHA: u32 = 2;
+pub const MBEDTLS_TLS_PSK_WITH_NULL_SHA: u32 = 44;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA: u32 = 45;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA: u32 = 46;
+pub const MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA: u32 = 47;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA: u32 = 51;
+pub const MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA: u32 = 53;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA: u32 = 57;
+pub const MBEDTLS_TLS_RSA_WITH_NULL_SHA256: u32 = 59;
+pub const MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256: u32 = 60;
+pub const MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256: u32 = 61;
+pub const MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: u32 = 65;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: u32 = 69;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: u32 = 103;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: u32 = 107;
+pub const MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: u32 = 132;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: u32 = 136;
+pub const MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA: u32 = 140;
+pub const MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA: u32 = 141;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA: u32 = 144;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA: u32 = 145;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA: u32 = 148;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA: u32 = 149;
+pub const MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256: u32 = 156;
+pub const MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384: u32 = 157;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: u32 = 158;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: u32 = 159;
+pub const MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256: u32 = 168;
+pub const MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384: u32 = 169;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256: u32 = 170;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384: u32 = 171;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256: u32 = 172;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384: u32 = 173;
+pub const MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256: u32 = 174;
+pub const MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384: u32 = 175;
+pub const MBEDTLS_TLS_PSK_WITH_NULL_SHA256: u32 = 176;
+pub const MBEDTLS_TLS_PSK_WITH_NULL_SHA384: u32 = 177;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256: u32 = 178;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384: u32 = 179;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256: u32 = 180;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384: u32 = 181;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256: u32 = 182;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384: u32 = 183;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256: u32 = 184;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384: u32 = 185;
+pub const MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256: u32 = 186;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256: u32 = 190;
+pub const MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256: u32 = 192;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256: u32 = 196;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA: u32 = 49153;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: u32 = 49156;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: u32 = 49157;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA: u32 = 49158;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: u32 = 49161;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: u32 = 49162;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA: u32 = 49163;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: u32 = 49166;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: u32 = 49167;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA: u32 = 49168;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: u32 = 49171;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: u32 = 49172;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: u32 = 49187;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: u32 = 49188;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256: u32 = 49189;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384: u32 = 49190;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: u32 = 49191;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: u32 = 49192;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256: u32 = 49193;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384: u32 = 49194;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: u32 = 49195;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: u32 = 49196;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256: u32 = 49197;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384: u32 = 49198;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: u32 = 49199;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: u32 = 49200;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256: u32 = 49201;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384: u32 = 49202;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA: u32 = 49205;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA: u32 = 49206;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256: u32 = 49207;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384: u32 = 49208;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA: u32 = 49209;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256: u32 = 49210;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384: u32 = 49211;
+pub const MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256: u32 = 49212;
+pub const MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384: u32 = 49213;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256: u32 = 49220;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384: u32 = 49221;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256: u32 = 49224;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384: u32 = 49225;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256: u32 = 49226;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384: u32 = 49227;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256: u32 = 49228;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384: u32 = 49229;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256: u32 = 49230;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384: u32 = 49231;
+pub const MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256: u32 = 49232;
+pub const MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384: u32 = 49233;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256: u32 = 49234;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384: u32 = 49235;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256: u32 = 49244;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384: u32 = 49245;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256: u32 = 49246;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384: u32 = 49247;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256: u32 = 49248;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384: u32 = 49249;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256: u32 = 49250;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384: u32 = 49251;
+pub const MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256: u32 = 49252;
+pub const MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384: u32 = 49253;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256: u32 = 49254;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384: u32 = 49255;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256: u32 = 49256;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384: u32 = 49257;
+pub const MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256: u32 = 49258;
+pub const MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384: u32 = 49259;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256: u32 = 49260;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384: u32 = 49261;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256: u32 = 49262;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384: u32 = 49263;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256: u32 = 49264;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384: u32 = 49265;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256: u32 = 49266;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384: u32 = 49267;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256: u32 = 49268;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384: u32 = 49269;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256: u32 = 49270;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384: u32 = 49271;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256: u32 = 49272;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384: u32 = 49273;
+pub const MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256: u32 = 49274;
+pub const MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384: u32 = 49275;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256: u32 = 49276;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384: u32 = 49277;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256: u32 = 49286;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384: u32 = 49287;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256: u32 = 49288;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384: u32 = 49289;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256: u32 = 49290;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384: u32 = 49291;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256: u32 = 49292;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384: u32 = 49293;
+pub const MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256: u32 = 49294;
+pub const MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384: u32 = 49295;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256: u32 = 49296;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384: u32 = 49297;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256: u32 = 49298;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384: u32 = 49299;
+pub const MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256: u32 = 49300;
+pub const MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384: u32 = 49301;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256: u32 = 49302;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384: u32 = 49303;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256: u32 = 49304;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384: u32 = 49305;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256: u32 = 49306;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384: u32 = 49307;
+pub const MBEDTLS_TLS_RSA_WITH_AES_128_CCM: u32 = 49308;
+pub const MBEDTLS_TLS_RSA_WITH_AES_256_CCM: u32 = 49309;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM: u32 = 49310;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM: u32 = 49311;
+pub const MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8: u32 = 49312;
+pub const MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8: u32 = 49313;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8: u32 = 49314;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8: u32 = 49315;
+pub const MBEDTLS_TLS_PSK_WITH_AES_128_CCM: u32 = 49316;
+pub const MBEDTLS_TLS_PSK_WITH_AES_256_CCM: u32 = 49317;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM: u32 = 49318;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM: u32 = 49319;
+pub const MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8: u32 = 49320;
+pub const MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8: u32 = 49321;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8: u32 = 49322;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8: u32 = 49323;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM: u32 = 49324;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM: u32 = 49325;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8: u32 = 49326;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8: u32 = 49327;
+pub const MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8: u32 = 49407;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: u32 = 52392;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: u32 = 52393;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256: u32 = 52394;
+pub const MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256: u32 = 52395;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256: u32 = 52396;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256: u32 = 52397;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256: u32 = 52398;
+pub const MBEDTLS_TLS1_3_AES_128_GCM_SHA256: u32 = 4865;
+pub const MBEDTLS_TLS1_3_AES_256_GCM_SHA384: u32 = 4866;
+pub const MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256: u32 = 4867;
+pub const MBEDTLS_TLS1_3_AES_128_CCM_SHA256: u32 = 4868;
+pub const MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256: u32 = 4869;
+pub const MBEDTLS_CIPHERSUITE_WEAK: u32 = 1;
+pub const MBEDTLS_CIPHERSUITE_SHORT_TAG: u32 = 2;
+pub const MBEDTLS_CIPHERSUITE_NODTLS: u32 = 4;
+pub const PSA_CRYPTO_API_VERSION_MAJOR: u32 = 1;
+pub const PSA_CRYPTO_API_VERSION_MINOR: u32 = 0;
+pub const PSA_MAC_TRUNCATION_OFFSET: u32 = 16;
+pub const PSA_AEAD_TAG_LENGTH_OFFSET: u32 = 16;
+pub const PSA_HASH_MAX_SIZE: u32 = 64;
+pub const PSA_HMAC_MAX_HASH_BLOCK_SIZE: u32 = 128;
+pub const PSA_MAC_MAX_SIZE: u32 = 64;
+pub const PSA_AEAD_TAG_MAX_SIZE: u32 = 16;
+pub const PSA_VENDOR_RSA_MAX_KEY_BITS: u32 = 4096;
+pub const PSA_VENDOR_ECC_MAX_CURVE_BITS: u32 = 521;
+pub const PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE: u32 = 128;
+pub const PSA_TLS12_ECJPAKE_TO_PMS_INPUT_SIZE: u32 = 65;
+pub const PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE: u32 = 32;
+pub const PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE: u32 = 16;
+pub const PSA_AEAD_NONCE_MAX_SIZE: u32 = 13;
+pub const PSA_AEAD_FINISH_OUTPUT_MAX_SIZE: u32 = 16;
+pub const PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE: u32 = 16;
+pub const PSA_CIPHER_IV_MAX_SIZE: u32 = 16;
+pub const PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE: u32 = 16;
+pub const MBEDTLS_AES_BLOCK_SIZE: u32 = 16;
+pub const MBEDTLS_DES3_BLOCK_SIZE: u32 = 8;
+pub const MBEDTLS_CIPHER_BLKSIZE_MAX: u32 = 16;
+pub const MBEDTLS_GCM_ENCRYPT: u32 = 1;
+pub const MBEDTLS_GCM_DECRYPT: u32 = 0;
+pub const MBEDTLS_ERR_GCM_AUTH_FAILED: i32 = -18;
+pub const MBEDTLS_ERR_GCM_BAD_INPUT: i32 = -20;
+pub const MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL: i32 = -22;
+pub const MBEDTLS_CCM_DECRYPT: u32 = 0;
+pub const MBEDTLS_CCM_ENCRYPT: u32 = 1;
+pub const MBEDTLS_CCM_STAR_DECRYPT: u32 = 2;
+pub const MBEDTLS_CCM_STAR_ENCRYPT: u32 = 3;
+pub const MBEDTLS_ERR_CCM_BAD_INPUT: i32 = -13;
+pub const MBEDTLS_ERR_CCM_AUTH_FAILED: i32 = -15;
+pub const MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA: i32 = -87;
+pub const MBEDTLS_ERR_CHACHAPOLY_BAD_STATE: i32 = -84;
+pub const MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED: i32 = -86;
+pub const MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA: i32 = -81;
+pub const MBEDTLS_ERR_SHA1_BAD_INPUT_DATA: i32 = -115;
+pub const MBEDTLS_ERR_SHA256_BAD_INPUT_DATA: i32 = -116;
+pub const MBEDTLS_ERR_SHA512_BAD_INPUT_DATA: i32 = -117;
+pub const MBEDTLS_PSA_BUILTIN_CIPHER: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_AEAD: u32 = 1;
+pub const MBEDTLS_PSA_JPAKE_BUFFER_SIZE: u32 = 336;
+pub const PSA_MAX_KEY_BITS: u32 = 65528;
+pub const MBEDTLS_PSA_KA_MASK_DUAL_USE: u32 = 0;
+pub const PSA_CRYPTO_ITS_RANDOM_SEED_UID: u32 = 4294967122;
+pub const MBEDTLS_PSA_KEY_SLOT_COUNT: u32 = 32;
+pub const PSA_PAKE_OPERATION_STAGE_SETUP: u32 = 0;
+pub const PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS: u32 = 1;
+pub const PSA_PAKE_OPERATION_STAGE_COMPUTATION: u32 = 2;
+pub const PSA_PAKE_OUTPUT_MAX_SIZE: u32 = 65;
+pub const PSA_PAKE_INPUT_MAX_SIZE: u32 = 65;
+pub const MBEDTLS_ERR_ASN1_OUT_OF_DATA: i32 = -96;
+pub const MBEDTLS_ERR_ASN1_UNEXPECTED_TAG: i32 = -98;
+pub const MBEDTLS_ERR_ASN1_INVALID_LENGTH: i32 = -100;
+pub const MBEDTLS_ERR_ASN1_LENGTH_MISMATCH: i32 = -102;
+pub const MBEDTLS_ERR_ASN1_INVALID_DATA: i32 = -104;
+pub const MBEDTLS_ERR_ASN1_ALLOC_FAILED: i32 = -106;
+pub const MBEDTLS_ERR_ASN1_BUF_TOO_SMALL: i32 = -108;
+pub const MBEDTLS_ASN1_BOOLEAN: u32 = 1;
+pub const MBEDTLS_ASN1_INTEGER: u32 = 2;
+pub const MBEDTLS_ASN1_BIT_STRING: u32 = 3;
+pub const MBEDTLS_ASN1_OCTET_STRING: u32 = 4;
+pub const MBEDTLS_ASN1_NULL: u32 = 5;
+pub const MBEDTLS_ASN1_OID: u32 = 6;
+pub const MBEDTLS_ASN1_ENUMERATED: u32 = 10;
+pub const MBEDTLS_ASN1_UTF8_STRING: u32 = 12;
+pub const MBEDTLS_ASN1_SEQUENCE: u32 = 16;
+pub const MBEDTLS_ASN1_SET: u32 = 17;
+pub const MBEDTLS_ASN1_PRINTABLE_STRING: u32 = 19;
+pub const MBEDTLS_ASN1_T61_STRING: u32 = 20;
+pub const MBEDTLS_ASN1_IA5_STRING: u32 = 22;
+pub const MBEDTLS_ASN1_UTC_TIME: u32 = 23;
+pub const MBEDTLS_ASN1_GENERALIZED_TIME: u32 = 24;
+pub const MBEDTLS_ASN1_UNIVERSAL_STRING: u32 = 28;
+pub const MBEDTLS_ASN1_BMP_STRING: u32 = 30;
+pub const MBEDTLS_ASN1_PRIMITIVE: u32 = 0;
+pub const MBEDTLS_ASN1_CONSTRUCTED: u32 = 32;
+pub const MBEDTLS_ASN1_CONTEXT_SPECIFIC: u32 = 128;
+pub const MBEDTLS_ASN1_TAG_CLASS_MASK: u32 = 192;
+pub const MBEDTLS_ASN1_TAG_PC_MASK: u32 = 32;
+pub const MBEDTLS_ASN1_TAG_VALUE_MASK: u32 = 31;
+pub const MBEDTLS_X509_MAX_INTERMEDIATE_CA: u32 = 8;
+pub const MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE: i32 = -8320;
+pub const MBEDTLS_ERR_X509_UNKNOWN_OID: i32 = -8448;
+pub const MBEDTLS_ERR_X509_INVALID_FORMAT: i32 = -8576;
+pub const MBEDTLS_ERR_X509_INVALID_VERSION: i32 = -8704;
+pub const MBEDTLS_ERR_X509_INVALID_SERIAL: i32 = -8832;
+pub const MBEDTLS_ERR_X509_INVALID_ALG: i32 = -8960;
+pub const MBEDTLS_ERR_X509_INVALID_NAME: i32 = -9088;
+pub const MBEDTLS_ERR_X509_INVALID_DATE: i32 = -9216;
+pub const MBEDTLS_ERR_X509_INVALID_SIGNATURE: i32 = -9344;
+pub const MBEDTLS_ERR_X509_INVALID_EXTENSIONS: i32 = -9472;
+pub const MBEDTLS_ERR_X509_UNKNOWN_VERSION: i32 = -9600;
+pub const MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG: i32 = -9728;
+pub const MBEDTLS_ERR_X509_SIG_MISMATCH: i32 = -9856;
+pub const MBEDTLS_ERR_X509_CERT_VERIFY_FAILED: i32 = -9984;
+pub const MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT: i32 = -10112;
+pub const MBEDTLS_ERR_X509_BAD_INPUT_DATA: i32 = -10240;
+pub const MBEDTLS_ERR_X509_ALLOC_FAILED: i32 = -10368;
+pub const MBEDTLS_ERR_X509_FILE_IO_ERROR: i32 = -10496;
+pub const MBEDTLS_ERR_X509_BUFFER_TOO_SMALL: i32 = -10624;
+pub const MBEDTLS_ERR_X509_FATAL_ERROR: i32 = -12288;
+pub const MBEDTLS_X509_BADCERT_EXPIRED: u32 = 1;
+pub const MBEDTLS_X509_BADCERT_REVOKED: u32 = 2;
+pub const MBEDTLS_X509_BADCERT_CN_MISMATCH: u32 = 4;
+pub const MBEDTLS_X509_BADCERT_NOT_TRUSTED: u32 = 8;
+pub const MBEDTLS_X509_BADCRL_NOT_TRUSTED: u32 = 16;
+pub const MBEDTLS_X509_BADCRL_EXPIRED: u32 = 32;
+pub const MBEDTLS_X509_BADCERT_MISSING: u32 = 64;
+pub const MBEDTLS_X509_BADCERT_SKIP_VERIFY: u32 = 128;
+pub const MBEDTLS_X509_BADCERT_OTHER: u32 = 256;
+pub const MBEDTLS_X509_BADCERT_FUTURE: u32 = 512;
+pub const MBEDTLS_X509_BADCRL_FUTURE: u32 = 1024;
+pub const MBEDTLS_X509_BADCERT_KEY_USAGE: u32 = 2048;
+pub const MBEDTLS_X509_BADCERT_EXT_KEY_USAGE: u32 = 4096;
+pub const MBEDTLS_X509_BADCERT_NS_CERT_TYPE: u32 = 8192;
+pub const MBEDTLS_X509_BADCERT_BAD_MD: u32 = 16384;
+pub const MBEDTLS_X509_BADCERT_BAD_PK: u32 = 32768;
+pub const MBEDTLS_X509_BADCERT_BAD_KEY: u32 = 65536;
+pub const MBEDTLS_X509_BADCRL_BAD_MD: u32 = 131072;
+pub const MBEDTLS_X509_BADCRL_BAD_PK: u32 = 262144;
+pub const MBEDTLS_X509_BADCRL_BAD_KEY: u32 = 524288;
+pub const MBEDTLS_X509_SAN_OTHER_NAME: u32 = 0;
+pub const MBEDTLS_X509_SAN_RFC822_NAME: u32 = 1;
+pub const MBEDTLS_X509_SAN_DNS_NAME: u32 = 2;
+pub const MBEDTLS_X509_SAN_X400_ADDRESS_NAME: u32 = 3;
+pub const MBEDTLS_X509_SAN_DIRECTORY_NAME: u32 = 4;
+pub const MBEDTLS_X509_SAN_EDI_PARTY_NAME: u32 = 5;
+pub const MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER: u32 = 6;
+pub const MBEDTLS_X509_SAN_IP_ADDRESS: u32 = 7;
+pub const MBEDTLS_X509_SAN_REGISTERED_ID: u32 = 8;
+pub const MBEDTLS_X509_KU_DIGITAL_SIGNATURE: u32 = 128;
+pub const MBEDTLS_X509_KU_NON_REPUDIATION: u32 = 64;
+pub const MBEDTLS_X509_KU_KEY_ENCIPHERMENT: u32 = 32;
+pub const MBEDTLS_X509_KU_DATA_ENCIPHERMENT: u32 = 16;
+pub const MBEDTLS_X509_KU_KEY_AGREEMENT: u32 = 8;
+pub const MBEDTLS_X509_KU_KEY_CERT_SIGN: u32 = 4;
+pub const MBEDTLS_X509_KU_CRL_SIGN: u32 = 2;
+pub const MBEDTLS_X509_KU_ENCIPHER_ONLY: u32 = 1;
+pub const MBEDTLS_X509_KU_DECIPHER_ONLY: u32 = 32768;
+pub const MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT: u32 = 128;
+pub const MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER: u32 = 64;
+pub const MBEDTLS_X509_NS_CERT_TYPE_EMAIL: u32 = 32;
+pub const MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING: u32 = 16;
+pub const MBEDTLS_X509_NS_CERT_TYPE_RESERVED: u32 = 8;
+pub const MBEDTLS_X509_NS_CERT_TYPE_SSL_CA: u32 = 4;
+pub const MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA: u32 = 2;
+pub const MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA: u32 = 1;
+pub const MBEDTLS_X509_FORMAT_DER: u32 = 1;
+pub const MBEDTLS_X509_FORMAT_PEM: u32 = 2;
+pub const MBEDTLS_X509_MAX_DN_NAME_SIZE: u32 = 256;
+pub const MBEDTLS_X509_CRT_VERSION_1: u32 = 0;
+pub const MBEDTLS_X509_CRT_VERSION_2: u32 = 1;
+pub const MBEDTLS_X509_CRT_VERSION_3: u32 = 2;
+pub const MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN: u32 = 20;
+pub const MBEDTLS_X509_RFC5280_UTC_TIME_LEN: u32 = 15;
+pub const MBEDTLS_X509_MAX_FILE_PATH_LEN: u32 = 512;
+pub const MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE: u32 = 10;
+pub const MBEDTLS_ERR_DHM_BAD_INPUT_DATA: i32 = -12416;
+pub const MBEDTLS_ERR_DHM_READ_PARAMS_FAILED: i32 = -12544;
+pub const MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED: i32 = -12672;
+pub const MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED: i32 = -12800;
+pub const MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED: i32 = -12928;
+pub const MBEDTLS_ERR_DHM_CALC_SECRET_FAILED: i32 = -13056;
+pub const MBEDTLS_ERR_DHM_INVALID_FORMAT: i32 = -13184;
+pub const MBEDTLS_ERR_DHM_ALLOC_FAILED: i32 = -13312;
+pub const MBEDTLS_ERR_DHM_FILE_IO_ERROR: i32 = -13440;
+pub const MBEDTLS_ERR_DHM_SET_GROUP_FAILED: i32 = -13696;
+pub const MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS: i32 = -28672;
+pub const MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE: i32 = -28800;
+pub const MBEDTLS_ERR_SSL_BAD_INPUT_DATA: i32 = -28928;
+pub const MBEDTLS_ERR_SSL_INVALID_MAC: i32 = -29056;
+pub const MBEDTLS_ERR_SSL_INVALID_RECORD: i32 = -29184;
+pub const MBEDTLS_ERR_SSL_CONN_EOF: i32 = -29312;
+pub const MBEDTLS_ERR_SSL_DECODE_ERROR: i32 = -29440;
+pub const MBEDTLS_ERR_SSL_NO_RNG: i32 = -29696;
+pub const MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE: i32 = -29824;
+pub const MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION: i32 = -29952;
+pub const MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL: i32 = -30080;
+pub const MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED: i32 = -30208;
+pub const MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED: i32 = -30336;
+pub const MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE: i32 = -30464;
+pub const MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE: i32 = -30592;
+pub const MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME: i32 = -30720;
+pub const MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY: i32 = -30848;
+pub const MBEDTLS_ERR_SSL_BAD_CERTIFICATE: i32 = -31232;
+pub const MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET: i32 = -31488;
+pub const MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA: i32 = -31616;
+pub const MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA: i32 = -31744;
+pub const MBEDTLS_ERR_SSL_ALLOC_FAILED: i32 = -32512;
+pub const MBEDTLS_ERR_SSL_HW_ACCEL_FAILED: i32 = -32640;
+pub const MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH: i32 = -28544;
+pub const MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION: i32 = -28288;
+pub const MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE: i32 = -28160;
+pub const MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED: i32 = -28032;
+pub const MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH: i32 = -27904;
+pub const MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY: i32 = -27776;
+pub const MBEDTLS_ERR_SSL_INTERNAL_ERROR: i32 = -27648;
+pub const MBEDTLS_ERR_SSL_COUNTER_WRAPPING: i32 = -27520;
+pub const MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO: i32 = -27392;
+pub const MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED: i32 = -27264;
+pub const MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL: i32 = -27136;
+pub const MBEDTLS_ERR_SSL_WANT_READ: i32 = -26880;
+pub const MBEDTLS_ERR_SSL_WANT_WRITE: i32 = -26752;
+pub const MBEDTLS_ERR_SSL_TIMEOUT: i32 = -26624;
+pub const MBEDTLS_ERR_SSL_CLIENT_RECONNECT: i32 = -26496;
+pub const MBEDTLS_ERR_SSL_UNEXPECTED_RECORD: i32 = -26368;
+pub const MBEDTLS_ERR_SSL_NON_FATAL: i32 = -26240;
+pub const MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER: i32 = -26112;
+pub const MBEDTLS_ERR_SSL_CONTINUE_PROCESSING: i32 = -25984;
+pub const MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS: i32 = -25856;
+pub const MBEDTLS_ERR_SSL_EARLY_MESSAGE: i32 = -25728;
+pub const MBEDTLS_ERR_SSL_UNEXPECTED_CID: i32 = -24576;
+pub const MBEDTLS_ERR_SSL_VERSION_MISMATCH: i32 = -24320;
+pub const MBEDTLS_ERR_SSL_BAD_CONFIG: i32 = -24192;
+pub const MBEDTLS_SSL_TLS1_3_PSK_MODE_PURE: u32 = 0;
+pub const MBEDTLS_SSL_TLS1_3_PSK_MODE_ECDHE: u32 = 1;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_NONE: u32 = 0;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1: u32 = 18;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1: u32 = 19;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1: u32 = 20;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1: u32 = 21;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1: u32 = 22;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1: u32 = 23;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1: u32 = 24;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1: u32 = 25;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1: u32 = 26;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1: u32 = 27;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1: u32 = 28;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_X25519: u32 = 29;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_X448: u32 = 30;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048: u32 = 256;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072: u32 = 257;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096: u32 = 258;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144: u32 = 259;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192: u32 = 260;
+pub const MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK: u32 = 1;
+pub const MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL: u32 = 2;
+pub const MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL: u32 = 4;
+pub const MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL: u32 = 7;
+pub const MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL: u32 = 5;
+pub const MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL: u32 = 6;
+pub const MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE: u32 = 0;
+pub const MBEDTLS_SSL_MAJOR_VERSION_3: u32 = 3;
+pub const MBEDTLS_SSL_MINOR_VERSION_3: u32 = 3;
+pub const MBEDTLS_SSL_MINOR_VERSION_4: u32 = 4;
+pub const MBEDTLS_SSL_TRANSPORT_STREAM: u32 = 0;
+pub const MBEDTLS_SSL_TRANSPORT_DATAGRAM: u32 = 1;
+pub const MBEDTLS_SSL_MAX_HOST_NAME_LEN: u32 = 255;
+pub const MBEDTLS_SSL_MAX_ALPN_NAME_LEN: u32 = 255;
+pub const MBEDTLS_SSL_MAX_ALPN_LIST_LEN: u32 = 65535;
+pub const MBEDTLS_SSL_MAX_FRAG_LEN_NONE: u32 = 0;
+pub const MBEDTLS_SSL_MAX_FRAG_LEN_512: u32 = 1;
+pub const MBEDTLS_SSL_MAX_FRAG_LEN_1024: u32 = 2;
+pub const MBEDTLS_SSL_MAX_FRAG_LEN_2048: u32 = 3;
+pub const MBEDTLS_SSL_MAX_FRAG_LEN_4096: u32 = 4;
+pub const MBEDTLS_SSL_MAX_FRAG_LEN_INVALID: u32 = 5;
+pub const MBEDTLS_SSL_IS_CLIENT: u32 = 0;
+pub const MBEDTLS_SSL_IS_SERVER: u32 = 1;
+pub const MBEDTLS_SSL_EXTENDED_MS_DISABLED: u32 = 0;
+pub const MBEDTLS_SSL_EXTENDED_MS_ENABLED: u32 = 1;
+pub const MBEDTLS_SSL_CID_DISABLED: u32 = 0;
+pub const MBEDTLS_SSL_CID_ENABLED: u32 = 1;
+pub const MBEDTLS_SSL_ETM_DISABLED: u32 = 0;
+pub const MBEDTLS_SSL_ETM_ENABLED: u32 = 1;
+pub const MBEDTLS_SSL_COMPRESS_NULL: u32 = 0;
+pub const MBEDTLS_SSL_VERIFY_NONE: u32 = 0;
+pub const MBEDTLS_SSL_VERIFY_OPTIONAL: u32 = 1;
+pub const MBEDTLS_SSL_VERIFY_REQUIRED: u32 = 2;
+pub const MBEDTLS_SSL_VERIFY_UNSET: u32 = 3;
+pub const MBEDTLS_SSL_LEGACY_RENEGOTIATION: u32 = 0;
+pub const MBEDTLS_SSL_SECURE_RENEGOTIATION: u32 = 1;
+pub const MBEDTLS_SSL_RENEGOTIATION_DISABLED: u32 = 0;
+pub const MBEDTLS_SSL_RENEGOTIATION_ENABLED: u32 = 1;
+pub const MBEDTLS_SSL_ANTI_REPLAY_DISABLED: u32 = 0;
+pub const MBEDTLS_SSL_ANTI_REPLAY_ENABLED: u32 = 1;
+pub const MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED: i32 = -1;
+pub const MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT: u32 = 16;
+pub const MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION: u32 = 0;
+pub const MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION: u32 = 1;
+pub const MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE: u32 = 2;
+pub const MBEDTLS_SSL_TRUNC_HMAC_DISABLED: u32 = 0;
+pub const MBEDTLS_SSL_TRUNC_HMAC_ENABLED: u32 = 1;
+pub const MBEDTLS_SSL_TRUNCATED_HMAC_LEN: u32 = 10;
+pub const MBEDTLS_SSL_SESSION_TICKETS_DISABLED: u32 = 0;
+pub const MBEDTLS_SSL_SESSION_TICKETS_ENABLED: u32 = 1;
+pub const MBEDTLS_SSL_PRESET_DEFAULT: u32 = 0;
+pub const MBEDTLS_SSL_PRESET_SUITEB: u32 = 2;
+pub const MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED: u32 = 1;
+pub const MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED: u32 = 0;
+pub const MBEDTLS_SSL_EARLY_DATA_DISABLED: u32 = 0;
+pub const MBEDTLS_SSL_EARLY_DATA_ENABLED: u32 = 1;
+pub const MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED: u32 = 0;
+pub const MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED: u32 = 1;
+pub const MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT: u32 = 1;
+pub const MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER: u32 = 0;
+pub const MBEDTLS_SSL_TLS1_3_TICKET_RESUMPTION_KEY_LEN: u32 = 48;
+pub const MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN: u32 = 1000;
+pub const MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX: u32 = 60000;
+pub const MBEDTLS_SSL_IN_CONTENT_LEN: u32 = 16384;
+pub const MBEDTLS_SSL_OUT_CONTENT_LEN: u32 = 16384;
+pub const MBEDTLS_SSL_DTLS_MAX_BUFFERING: u32 = 32768;
+pub const MBEDTLS_SSL_CID_IN_LEN_MAX: u32 = 32;
+pub const MBEDTLS_SSL_CID_OUT_LEN_MAX: u32 = 32;
+pub const MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY: u32 = 16;
+pub const MBEDTLS_SSL_VERIFY_DATA_MAX_LEN: u32 = 12;
+pub const MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO: u32 = 255;
+pub const MBEDTLS_SSL_HASH_NONE: u32 = 0;
+pub const MBEDTLS_SSL_HASH_MD5: u32 = 1;
+pub const MBEDTLS_SSL_HASH_SHA1: u32 = 2;
+pub const MBEDTLS_SSL_HASH_SHA224: u32 = 3;
+pub const MBEDTLS_SSL_HASH_SHA256: u32 = 4;
+pub const MBEDTLS_SSL_HASH_SHA384: u32 = 5;
+pub const MBEDTLS_SSL_HASH_SHA512: u32 = 6;
+pub const MBEDTLS_SSL_SIG_ANON: u32 = 0;
+pub const MBEDTLS_SSL_SIG_RSA: u32 = 1;
+pub const MBEDTLS_SSL_SIG_ECDSA: u32 = 3;
+pub const MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256: u32 = 1025;
+pub const MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384: u32 = 1281;
+pub const MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512: u32 = 1537;
+pub const MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256: u32 = 1027;
+pub const MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384: u32 = 1283;
+pub const MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512: u32 = 1539;
+pub const MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: u32 = 2052;
+pub const MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: u32 = 2053;
+pub const MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: u32 = 2054;
+pub const MBEDTLS_TLS1_3_SIG_ED25519: u32 = 2055;
+pub const MBEDTLS_TLS1_3_SIG_ED448: u32 = 2056;
+pub const MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA256: u32 = 2057;
+pub const MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA384: u32 = 2058;
+pub const MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA512: u32 = 2059;
+pub const MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA1: u32 = 513;
+pub const MBEDTLS_TLS1_3_SIG_ECDSA_SHA1: u32 = 515;
+pub const MBEDTLS_TLS1_3_SIG_NONE: u32 = 0;
+pub const MBEDTLS_SSL_CERT_TYPE_RSA_SIGN: u32 = 1;
+pub const MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN: u32 = 64;
+pub const MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC: u32 = 20;
+pub const MBEDTLS_SSL_MSG_ALERT: u32 = 21;
+pub const MBEDTLS_SSL_MSG_HANDSHAKE: u32 = 22;
+pub const MBEDTLS_SSL_MSG_APPLICATION_DATA: u32 = 23;
+pub const MBEDTLS_SSL_MSG_CID: u32 = 25;
+pub const MBEDTLS_SSL_ALERT_LEVEL_WARNING: u32 = 1;
+pub const MBEDTLS_SSL_ALERT_LEVEL_FATAL: u32 = 2;
+pub const MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY: u32 = 0;
+pub const MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE: u32 = 10;
+pub const MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC: u32 = 20;
+pub const MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED: u32 = 21;
+pub const MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW: u32 = 22;
+pub const MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE: u32 = 30;
+pub const MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE: u32 = 40;
+pub const MBEDTLS_SSL_ALERT_MSG_NO_CERT: u32 = 41;
+pub const MBEDTLS_SSL_ALERT_MSG_BAD_CERT: u32 = 42;
+pub const MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT: u32 = 43;
+pub const MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED: u32 = 44;
+pub const MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED: u32 = 45;
+pub const MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN: u32 = 46;
+pub const MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER: u32 = 47;
+pub const MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA: u32 = 48;
+pub const MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED: u32 = 49;
+pub const MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR: u32 = 50;
+pub const MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR: u32 = 51;
+pub const MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION: u32 = 60;
+pub const MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION: u32 = 70;
+pub const MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY: u32 = 71;
+pub const MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR: u32 = 80;
+pub const MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK: u32 = 86;
+pub const MBEDTLS_SSL_ALERT_MSG_USER_CANCELED: u32 = 90;
+pub const MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION: u32 = 100;
+pub const MBEDTLS_SSL_ALERT_MSG_MISSING_EXTENSION: u32 = 109;
+pub const MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT: u32 = 110;
+pub const MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME: u32 = 112;
+pub const MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY: u32 = 115;
+pub const MBEDTLS_SSL_ALERT_MSG_CERT_REQUIRED: u32 = 116;
+pub const MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL: u32 = 120;
+pub const MBEDTLS_SSL_HS_HELLO_REQUEST: u32 = 0;
+pub const MBEDTLS_SSL_HS_CLIENT_HELLO: u32 = 1;
+pub const MBEDTLS_SSL_HS_SERVER_HELLO: u32 = 2;
+pub const MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST: u32 = 3;
+pub const MBEDTLS_SSL_HS_NEW_SESSION_TICKET: u32 = 4;
+pub const MBEDTLS_SSL_HS_END_OF_EARLY_DATA: u32 = 5;
+pub const MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS: u32 = 8;
+pub const MBEDTLS_SSL_HS_CERTIFICATE: u32 = 11;
+pub const MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE: u32 = 12;
+pub const MBEDTLS_SSL_HS_CERTIFICATE_REQUEST: u32 = 13;
+pub const MBEDTLS_SSL_HS_SERVER_HELLO_DONE: u32 = 14;
+pub const MBEDTLS_SSL_HS_CERTIFICATE_VERIFY: u32 = 15;
+pub const MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE: u32 = 16;
+pub const MBEDTLS_SSL_HS_FINISHED: u32 = 20;
+pub const MBEDTLS_SSL_HS_MESSAGE_HASH: u32 = 254;
+pub const MBEDTLS_TLS_EXT_SERVERNAME: u32 = 0;
+pub const MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME: u32 = 0;
+pub const MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH: u32 = 1;
+pub const MBEDTLS_TLS_EXT_TRUNCATED_HMAC: u32 = 4;
+pub const MBEDTLS_TLS_EXT_STATUS_REQUEST: u32 = 5;
+pub const MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES: u32 = 10;
+pub const MBEDTLS_TLS_EXT_SUPPORTED_GROUPS: u32 = 10;
+pub const MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS: u32 = 11;
+pub const MBEDTLS_TLS_EXT_SIG_ALG: u32 = 13;
+pub const MBEDTLS_TLS_EXT_USE_SRTP: u32 = 14;
+pub const MBEDTLS_TLS_EXT_HEARTBEAT: u32 = 15;
+pub const MBEDTLS_TLS_EXT_ALPN: u32 = 16;
+pub const MBEDTLS_TLS_EXT_SCT: u32 = 18;
+pub const MBEDTLS_TLS_EXT_CLI_CERT_TYPE: u32 = 19;
+pub const MBEDTLS_TLS_EXT_SERV_CERT_TYPE: u32 = 20;
+pub const MBEDTLS_TLS_EXT_PADDING: u32 = 21;
+pub const MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC: u32 = 22;
+pub const MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET: u32 = 23;
+pub const MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT: u32 = 28;
+pub const MBEDTLS_TLS_EXT_SESSION_TICKET: u32 = 35;
+pub const MBEDTLS_TLS_EXT_PRE_SHARED_KEY: u32 = 41;
+pub const MBEDTLS_TLS_EXT_EARLY_DATA: u32 = 42;
+pub const MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS: u32 = 43;
+pub const MBEDTLS_TLS_EXT_COOKIE: u32 = 44;
+pub const MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES: u32 = 45;
+pub const MBEDTLS_TLS_EXT_CERT_AUTH: u32 = 47;
+pub const MBEDTLS_TLS_EXT_OID_FILTERS: u32 = 48;
+pub const MBEDTLS_TLS_EXT_POST_HANDSHAKE_AUTH: u32 = 49;
+pub const MBEDTLS_TLS_EXT_SIG_ALG_CERT: u32 = 50;
+pub const MBEDTLS_TLS_EXT_KEY_SHARE: u32 = 51;
+pub const MBEDTLS_TLS_EXT_CID: u32 = 54;
+pub const MBEDTLS_TLS_EXT_ECJPAKE_KKPP: u32 = 256;
+pub const MBEDTLS_TLS_EXT_RENEGOTIATION_INFO: u32 = 65281;
+pub const MBEDTLS_PSK_MAX_LEN: u32 = 48;
+pub const MBEDTLS_TLS1_3_MD_MAX_SIZE: u32 = 64;
+pub const MBEDTLS_SSL_SEQUENCE_NUMBER_LEN: u32 = 8;
+pub const MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION: u32 = 1;
+pub const MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION: u32 = 4;
+pub const MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA: u32 = 8;
+pub const MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK: u32 = 13;
+pub const MBEDTLS_SSL_UNEXPECTED_CID_IGNORE: u32 = 0;
+pub const MBEDTLS_SSL_UNEXPECTED_CID_FAIL: u32 = 1;
+pub const MBEDTLS_ERR_ENTROPY_SOURCE_FAILED: i32 = -60;
+pub const MBEDTLS_ERR_ENTROPY_MAX_SOURCES: i32 = -62;
+pub const MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED: i32 = -64;
+pub const MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE: i32 = -61;
+pub const MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR: i32 = -63;
+pub const MBEDTLS_ENTROPY_MAX_SOURCES: u32 = 20;
+pub const MBEDTLS_ENTROPY_MAX_GATHER: u32 = 128;
+pub const MBEDTLS_ENTROPY_BLOCK_SIZE: u32 = 64;
+pub const MBEDTLS_ENTROPY_MAX_SEED_SIZE: u32 = 1024;
+pub const MBEDTLS_ENTROPY_SOURCE_MANUAL: u32 = 20;
+pub const MBEDTLS_ENTROPY_SOURCE_STRONG: u32 = 1;
+pub const MBEDTLS_ENTROPY_SOURCE_WEAK: u32 = 0;
+pub const MBEDTLS_PRINTF_SIZET: &[u8; 3] = b"zu\0";
+pub const MBEDTLS_PRINTF_LONGLONG: &[u8; 4] = b"lld\0";
+pub const MBEDTLS_AES_ENCRYPT: u32 = 1;
+pub const MBEDTLS_AES_DECRYPT: u32 = 0;
+pub const MBEDTLS_ERR_AES_INVALID_KEY_LENGTH: i32 = -32;
+pub const MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH: i32 = -34;
+pub const MBEDTLS_ERR_AES_BAD_INPUT_DATA: i32 = -33;
+pub const MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED: i32 = -52;
+pub const MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG: i32 = -54;
+pub const MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG: i32 = -56;
+pub const MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR: i32 = -58;
+pub const MBEDTLS_CTR_DRBG_BLOCKSIZE: u32 = 16;
+pub const MBEDTLS_CTR_DRBG_KEYSIZE: u32 = 32;
+pub const MBEDTLS_CTR_DRBG_KEYBITS: u32 = 256;
+pub const MBEDTLS_CTR_DRBG_SEEDLEN: u32 = 48;
+pub const MBEDTLS_CTR_DRBG_ENTROPY_LEN: u32 = 48;
+pub const MBEDTLS_CTR_DRBG_RESEED_INTERVAL: u32 = 10000;
+pub const MBEDTLS_CTR_DRBG_MAX_INPUT: u32 = 256;
+pub const MBEDTLS_CTR_DRBG_MAX_REQUEST: u32 = 1024;
+pub const MBEDTLS_CTR_DRBG_MAX_SEED_INPUT: u32 = 384;
+pub const MBEDTLS_CTR_DRBG_PR_OFF: u32 = 0;
+pub const MBEDTLS_CTR_DRBG_PR_ON: u32 = 1;
+pub const MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN: u32 = 0;
+pub type __int8_t = crate::c_types::c_schar;
+pub type __uint8_t = crate::c_types::c_uchar;
+pub type __int16_t = crate::c_types::c_short;
+pub type __uint16_t = crate::c_types::c_ushort;
+pub type __int32_t = crate::c_types::c_int;
+pub type __uint32_t = crate::c_types::c_uint;
+pub type __int64_t = crate::c_types::c_longlong;
+pub type __uint64_t = crate::c_types::c_ulonglong;
+pub type __int_least8_t = crate::c_types::c_schar;
+pub type __uint_least8_t = crate::c_types::c_uchar;
+pub type __int_least16_t = crate::c_types::c_short;
+pub type __uint_least16_t = crate::c_types::c_ushort;
+pub type __int_least32_t = crate::c_types::c_int;
+pub type __uint_least32_t = crate::c_types::c_uint;
+pub type __int_least64_t = crate::c_types::c_longlong;
+pub type __uint_least64_t = crate::c_types::c_ulonglong;
+pub type __intmax_t = crate::c_types::c_longlong;
+pub type __uintmax_t = crate::c_types::c_ulonglong;
+pub type __intptr_t = crate::c_types::c_int;
+pub type __uintptr_t = crate::c_types::c_uint;
+pub type wchar_t = crate::c_types::c_uchar;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct max_align_t {
+    pub __clang_max_align_nonce1: crate::c_types::c_longlong,
+    pub __clang_max_align_nonce2: f64,
+}
+pub type intmax_t = __intmax_t;
+pub type uintmax_t = __uintmax_t;
+pub type int_least8_t = __int_least8_t;
+pub type uint_least8_t = __uint_least8_t;
+pub type int_least16_t = __int_least16_t;
+pub type uint_least16_t = __uint_least16_t;
+pub type int_least32_t = __int_least32_t;
+pub type uint_least32_t = __uint_least32_t;
+pub type int_least64_t = __int_least64_t;
+pub type uint_least64_t = __uint_least64_t;
+pub type int_fast8_t = crate::c_types::c_schar;
+pub type uint_fast8_t = crate::c_types::c_uchar;
+pub type int_fast16_t = crate::c_types::c_short;
+pub type uint_fast16_t = crate::c_types::c_ushort;
+pub type int_fast32_t = crate::c_types::c_int;
+pub type uint_fast32_t = crate::c_types::c_uint;
+pub type int_fast64_t = crate::c_types::c_longlong;
+pub type uint_fast64_t = crate::c_types::c_ulonglong;
+pub type mbedtls_iso_c_forbids_empty_translation_units = crate::c_types::c_int;
+extern "C" {
+    /// \brief       Securely zeroize a buffer
+    ///
+    ///              The function is meant to wipe the data contained in a buffer so
+    ///              that it can no longer be recovered even if the program memory
+    ///              is later compromised. Call this function on sensitive data
+    ///              stored on the stack before returning from a function, and on
+    ///              sensitive data stored on the heap before freeing the heap
+    ///              object.
+    ///
+    ///              It is extremely difficult to guarantee that calls to
+    ///              mbedtls_platform_zeroize() are not removed by aggressive
+    ///              compiler optimizations in a portable way. For this reason, Mbed
+    ///              TLS provides the configuration option
+    ///              MBEDTLS_PLATFORM_ZEROIZE_ALT, which allows users to configure
+    ///              mbedtls_platform_zeroize() to use a suitable implementation for
+    ///              their platform and needs
+    ///
+    /// \param buf   Buffer to be zeroized
+    /// \param len   Length of the buffer in bytes
+    pub fn mbedtls_platform_zeroize(buf: *mut crate::c_types::c_void, len: usize);
+}
+pub type mbedtls_mpi_sint = i32;
+pub type mbedtls_mpi_uint = u32;
+pub type mbedtls_t_udbl = u64;
+/// \brief          MPI structure
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_mpi {
+    pub private_s: crate::c_types::c_int,
+    pub private_n: usize,
+    pub private_p: *mut mbedtls_mpi_uint,
+}
+extern "C" {
+    /// \brief           Initialize an MPI context.
+    ///
+    ///                  This makes the MPI ready to be set or freed,
+    ///                  but does not define a value for the MPI.
+    ///
+    /// \param X         The MPI context to initialize. This must not be \c NULL.
+    pub fn mbedtls_mpi_init(X: *mut mbedtls_mpi);
+}
+extern "C" {
+    /// \brief          This function frees the components of an MPI context.
+    ///
+    /// \param X        The MPI context to be cleared. This may be \c NULL,
+    ///                 in which case this function is a no-op. If it is
+    ///                 not \c NULL, it must point to an initialized MPI.
+    pub fn mbedtls_mpi_free(X: *mut mbedtls_mpi);
+}
+extern "C" {
+    /// \brief          Enlarge an MPI to the specified number of limbs.
+    ///
+    /// \note           This function does nothing if the MPI is
+    ///                 already large enough.
+    ///
+    /// \param X        The MPI to grow. It must be initialized.
+    /// \param nblimbs  The target number of limbs.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+    /// \return         Another negative error code on other kinds of failure.
+    pub fn mbedtls_mpi_grow(X: *mut mbedtls_mpi, nblimbs: usize) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function resizes an MPI downwards, keeping at least the
+    ///                 specified number of limbs.
+    ///
+    ///                 If \c X is smaller than \c nblimbs, it is resized up
+    ///                 instead.
+    ///
+    /// \param X        The MPI to shrink. This must point to an initialized MPI.
+    /// \param nblimbs  The minimum number of limbs to keep.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+    ///                 (this can only happen when resizing up).
+    /// \return         Another negative error code on other kinds of failure.
+    pub fn mbedtls_mpi_shrink(X: *mut mbedtls_mpi, nblimbs: usize) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Make a copy of an MPI.
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param Y        The source MPI. This must point to an initialized MPI.
+    ///
+    /// \note           The limb-buffer in the destination MPI is enlarged
+    ///                 if necessary to hold the value in the source MPI.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+    /// \return         Another negative error code on other kinds of failure.
+    pub fn mbedtls_mpi_copy(X: *mut mbedtls_mpi, Y: *const mbedtls_mpi) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Swap the contents of two MPIs.
+    ///
+    /// \param X        The first MPI. It must be initialized.
+    /// \param Y        The second MPI. It must be initialized.
+    pub fn mbedtls_mpi_swap(X: *mut mbedtls_mpi, Y: *mut mbedtls_mpi);
+}
+extern "C" {
+    /// \brief          Perform a safe conditional copy of MPI which doesn't
+    ///                 reveal whether the condition was true or not.
+    ///
+    /// \param X        The MPI to conditionally assign to. This must point
+    ///                 to an initialized MPI.
+    /// \param Y        The MPI to be assigned from. This must point to an
+    ///                 initialized MPI.
+    /// \param assign   The condition deciding whether to perform the
+    ///                 assignment or not. Must be either 0 or 1:
+    ///                 * \c 1: Perform the assignment `X = Y`.
+    ///                 * \c 0: Keep the original value of \p X.
+    ///
+    /// \note           This function is equivalent to
+    ///                      `if( assign ) mbedtls_mpi_copy( X, Y );`
+    ///                 except that it avoids leaking any information about whether
+    ///                 the assignment was done or not (the above code may leak
+    ///                 information through branch prediction and/or memory access
+    ///                 patterns analysis).
+    ///
+    /// \warning        If \p assign is neither 0 nor 1, the result of this function
+    ///                 is indeterminate, and the resulting value in \p X might be
+    ///                 neither its original value nor the value in \p Y.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+    /// \return         Another negative error code on other kinds of failure.
+    pub fn mbedtls_mpi_safe_cond_assign(
+        X: *mut mbedtls_mpi,
+        Y: *const mbedtls_mpi,
+        assign: crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a safe conditional swap which doesn't
+    ///                 reveal whether the condition was true or not.
+    ///
+    /// \param X        The first MPI. This must be initialized.
+    /// \param Y        The second MPI. This must be initialized.
+    /// \param swap     The condition deciding whether to perform
+    ///                 the swap or not. Must be either 0 or 1:
+    ///                 * \c 1: Swap the values of \p X and \p Y.
+    ///                 * \c 0: Keep the original values of \p X and \p Y.
+    ///
+    /// \note           This function is equivalent to
+    ///                      if( swap ) mbedtls_mpi_swap( X, Y );
+    ///                 except that it avoids leaking any information about whether
+    ///                 the swap was done or not (the above code may leak
+    ///                 information through branch prediction and/or memory access
+    ///                 patterns analysis).
+    ///
+    /// \warning        If \p swap is neither 0 nor 1, the result of this function
+    ///                 is indeterminate, and both \p X and \p Y might end up with
+    ///                 values different to either of the original ones.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+    /// \return         Another negative error code on other kinds of failure.
+    pub fn mbedtls_mpi_safe_cond_swap(
+        X: *mut mbedtls_mpi,
+        Y: *mut mbedtls_mpi,
+        swap: crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Store integer value in MPI.
+    ///
+    /// \param X        The MPI to set. This must be initialized.
+    /// \param z        The value to use.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+    /// \return         Another negative error code on other kinds of failure.
+    pub fn mbedtls_mpi_lset(X: *mut mbedtls_mpi, z: mbedtls_mpi_sint) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Get a specific bit from an MPI.
+    ///
+    /// \param X        The MPI to query. This must be initialized.
+    /// \param pos      Zero-based index of the bit to query.
+    ///
+    /// \return         \c 0 or \c 1 on success, depending on whether bit \c pos
+    ///                 of \c X is unset or set.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_mpi_get_bit(X: *const mbedtls_mpi, pos: usize) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Modify a specific bit in an MPI.
+    ///
+    /// \note           This function will grow the target MPI if necessary to set a
+    ///                 bit to \c 1 in a not yet existing limb. It will not grow if
+    ///                 the bit should be set to \c 0.
+    ///
+    /// \param X        The MPI to modify. This must be initialized.
+    /// \param pos      Zero-based index of the bit to modify.
+    /// \param val      The desired value of bit \c pos: \c 0 or \c 1.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+    /// \return         Another negative error code on other kinds of failure.
+    pub fn mbedtls_mpi_set_bit(
+        X: *mut mbedtls_mpi,
+        pos: usize,
+        val: crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Return the number of bits of value \c 0 before the
+    ///                 least significant bit of value \c 1.
+    ///
+    /// \note           This is the same as the zero-based index of
+    ///                 the least significant bit of value \c 1.
+    ///
+    /// \param X        The MPI to query.
+    ///
+    /// \return         The number of bits of value \c 0 before the least significant
+    ///                 bit of value \c 1 in \p X.
+    pub fn mbedtls_mpi_lsb(X: *const mbedtls_mpi) -> usize;
+}
+extern "C" {
+    /// \brief          Return the number of bits up to and including the most
+    ///                 significant bit of value \c 1.
+    ///
+    /// * \note         This is same as the one-based index of the most
+    ///                 significant bit of value \c 1.
+    ///
+    /// \param X        The MPI to query. This must point to an initialized MPI.
+    ///
+    /// \return         The number of bits up to and including the most
+    ///                 significant bit of value \c 1.
+    pub fn mbedtls_mpi_bitlen(X: *const mbedtls_mpi) -> usize;
+}
+extern "C" {
+    /// \brief          Return the total size of an MPI value in bytes.
+    ///
+    /// \param X        The MPI to use. This must point to an initialized MPI.
+    ///
+    /// \note           The value returned by this function may be less than
+    ///                 the number of bytes used to store \p X internally.
+    ///                 This happens if and only if there are trailing bytes
+    ///                 of value zero.
+    ///
+    /// \return         The least number of bytes capable of storing
+    ///                 the absolute value of \p X.
+    pub fn mbedtls_mpi_size(X: *const mbedtls_mpi) -> usize;
+}
+extern "C" {
+    /// \brief          Import an MPI from an ASCII string.
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param radix    The numeric base of the input string.
+    /// \param s        Null-terminated string buffer.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_mpi_read_string(
+        X: *mut mbedtls_mpi,
+        radix: crate::c_types::c_int,
+        s: *const crate::c_types::c_char,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Export an MPI to an ASCII string.
+    ///
+    /// \param X        The source MPI. This must point to an initialized MPI.
+    /// \param radix    The numeric base of the output string.
+    /// \param buf      The buffer to write the string to. This must be writable
+    ///                 buffer of length \p buflen Bytes.
+    /// \param buflen   The available size in Bytes of \p buf.
+    /// \param olen     The address at which to store the length of the string
+    ///                 written, including the  final \c NULL byte. This must
+    ///                 not be \c NULL.
+    ///
+    /// \note           You can call this function with `buflen == 0` to obtain the
+    ///                 minimum required buffer size in `*olen`.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if the target buffer \p buf
+    ///                 is too small to hold the value of \p X in the desired base.
+    ///                 In this case, `*olen` is nonetheless updated to contain the
+    ///                 size of \p buf required for a successful call.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_write_string(
+        X: *const mbedtls_mpi,
+        radix: crate::c_types::c_int,
+        buf: *mut crate::c_types::c_char,
+        buflen: usize,
+        olen: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Import an MPI from unsigned big endian binary data.
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param buf      The input buffer. This must be a readable buffer of length
+    ///                 \p buflen Bytes.
+    /// \param buflen   The length of the input buffer \p p in Bytes.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_read_binary(
+        X: *mut mbedtls_mpi,
+        buf: *const crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Import X from unsigned binary data, little endian
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param buf      The input buffer. This must be a readable buffer of length
+    ///                 \p buflen Bytes.
+    /// \param buflen   The length of the input buffer \p p in Bytes.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_read_binary_le(
+        X: *mut mbedtls_mpi,
+        buf: *const crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Export X into unsigned binary data, big endian.
+    ///                 Always fills the whole buffer, which will start with zeros
+    ///                 if the number is smaller.
+    ///
+    /// \param X        The source MPI. This must point to an initialized MPI.
+    /// \param buf      The output buffer. This must be a writable buffer of length
+    ///                 \p buflen Bytes.
+    /// \param buflen   The size of the output buffer \p buf in Bytes.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't
+    ///                 large enough to hold the value of \p X.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_write_binary(
+        X: *const mbedtls_mpi,
+        buf: *mut crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Export X into unsigned binary data, little endian.
+    ///                 Always fills the whole buffer, which will end with zeros
+    ///                 if the number is smaller.
+    ///
+    /// \param X        The source MPI. This must point to an initialized MPI.
+    /// \param buf      The output buffer. This must be a writable buffer of length
+    ///                 \p buflen Bytes.
+    /// \param buflen   The size of the output buffer \p buf in Bytes.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't
+    ///                 large enough to hold the value of \p X.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_write_binary_le(
+        X: *const mbedtls_mpi,
+        buf: *mut crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a left-shift on an MPI: X <<= count
+    ///
+    /// \param X        The MPI to shift. This must point to an initialized MPI.
+    /// \param count    The number of bits to shift by.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_shift_l(X: *mut mbedtls_mpi, count: usize) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a right-shift on an MPI: X >>= count
+    ///
+    /// \param X        The MPI to shift. This must point to an initialized MPI.
+    /// \param count    The number of bits to shift by.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_shift_r(X: *mut mbedtls_mpi, count: usize) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Compare the absolute values of two MPIs.
+    ///
+    /// \param X        The left-hand MPI. This must point to an initialized MPI.
+    /// \param Y        The right-hand MPI. This must point to an initialized MPI.
+    ///
+    /// \return         \c 1 if `|X|` is greater than `|Y|`.
+    /// \return         \c -1 if `|X|` is lesser than `|Y|`.
+    /// \return         \c 0 if `|X|` is equal to `|Y|`.
+    pub fn mbedtls_mpi_cmp_abs(
+        X: *const mbedtls_mpi,
+        Y: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Compare two MPIs.
+    ///
+    /// \param X        The left-hand MPI. This must point to an initialized MPI.
+    /// \param Y        The right-hand MPI. This must point to an initialized MPI.
+    ///
+    /// \return         \c 1 if \p X is greater than \p Y.
+    /// \return         \c -1 if \p X is lesser than \p Y.
+    /// \return         \c 0 if \p X is equal to \p Y.
+    pub fn mbedtls_mpi_cmp_mpi(
+        X: *const mbedtls_mpi,
+        Y: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Check if an MPI is less than the other in constant time.
+    ///
+    /// \param X        The left-hand MPI. This must point to an initialized MPI
+    ///                 with the same allocated length as Y.
+    /// \param Y        The right-hand MPI. This must point to an initialized MPI
+    ///                 with the same allocated length as X.
+    /// \param ret      The result of the comparison:
+    ///                 \c 1 if \p X is less than \p Y.
+    ///                 \c 0 if \p X is greater than or equal to \p Y.
+    ///
+    /// \return         0 on success.
+    /// \return         MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the allocated length of
+    ///                 the two input MPIs is not the same.
+    pub fn mbedtls_mpi_lt_mpi_ct(
+        X: *const mbedtls_mpi,
+        Y: *const mbedtls_mpi,
+        ret: *mut crate::c_types::c_uint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Compare an MPI with an integer.
+    ///
+    /// \param X        The left-hand MPI. This must point to an initialized MPI.
+    /// \param z        The integer value to compare \p X to.
+    ///
+    /// \return         \c 1 if \p X is greater than \p z.
+    /// \return         \c -1 if \p X is lesser than \p z.
+    /// \return         \c 0 if \p X is equal to \p z.
+    pub fn mbedtls_mpi_cmp_int(X: *const mbedtls_mpi, z: mbedtls_mpi_sint)
+        -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform an unsigned addition of MPIs: X = |A| + |B|
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param A        The first summand. This must point to an initialized MPI.
+    /// \param B        The second summand. This must point to an initialized MPI.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_add_abs(
+        X: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        B: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform an unsigned subtraction of MPIs: X = |A| - |B|
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param A        The minuend. This must point to an initialized MPI.
+    /// \param B        The subtrahend. This must point to an initialized MPI.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p B is greater than \p A.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_sub_abs(
+        X: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        B: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a signed addition of MPIs: X = A + B
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param A        The first summand. This must point to an initialized MPI.
+    /// \param B        The second summand. This must point to an initialized MPI.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_add_mpi(
+        X: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        B: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a signed subtraction of MPIs: X = A - B
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param A        The minuend. This must point to an initialized MPI.
+    /// \param B        The subtrahend. This must point to an initialized MPI.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_sub_mpi(
+        X: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        B: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a signed addition of an MPI and an integer: X = A + b
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param A        The first summand. This must point to an initialized MPI.
+    /// \param b        The second summand.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_add_int(
+        X: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        b: mbedtls_mpi_sint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a signed subtraction of an MPI and an integer:
+    ///                 X = A - b
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param A        The minuend. This must point to an initialized MPI.
+    /// \param b        The subtrahend.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_sub_int(
+        X: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        b: mbedtls_mpi_sint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a multiplication of two MPIs: X = A * B
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param A        The first factor. This must point to an initialized MPI.
+    /// \param B        The second factor. This must point to an initialized MPI.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_mul_mpi(
+        X: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        B: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a multiplication of an MPI with an unsigned integer:
+    ///                 X = A * b
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param A        The first factor. This must point to an initialized MPI.
+    /// \param b        The second factor.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_mul_int(
+        X: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        b: mbedtls_mpi_uint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a division with remainder of two MPIs:
+    ///                 A = Q * B + R
+    ///
+    /// \param Q        The destination MPI for the quotient.
+    ///                 This may be \c NULL if the value of the
+    ///                 quotient is not needed. This must not alias A or B.
+    /// \param R        The destination MPI for the remainder value.
+    ///                 This may be \c NULL if the value of the
+    ///                 remainder is not needed. This must not alias A or B.
+    /// \param A        The dividend. This must point to an initialized MPI.
+    /// \param B        The divisor. This must point to an initialized MPI.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+    /// \return         #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p B equals zero.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_div_mpi(
+        Q: *mut mbedtls_mpi,
+        R: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        B: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a division with remainder of an MPI by an integer:
+    ///                 A = Q * b + R
+    ///
+    /// \param Q        The destination MPI for the quotient.
+    ///                 This may be \c NULL if the value of the
+    ///                 quotient is not needed.  This must not alias A.
+    /// \param R        The destination MPI for the remainder value.
+    ///                 This may be \c NULL if the value of the
+    ///                 remainder is not needed.  This must not alias A.
+    /// \param A        The dividend. This must point to an initialized MPi.
+    /// \param b        The divisor.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+    /// \return         #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p b equals zero.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_div_int(
+        Q: *mut mbedtls_mpi,
+        R: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        b: mbedtls_mpi_sint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a modular reduction. R = A mod B
+    ///
+    /// \param R        The destination MPI for the residue value.
+    ///                 This must point to an initialized MPI.
+    /// \param A        The MPI to compute the residue of.
+    ///                 This must point to an initialized MPI.
+    /// \param B        The base of the modular reduction.
+    ///                 This must point to an initialized MPI.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p B equals zero.
+    /// \return         #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p B is negative.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_mod_mpi(
+        R: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        B: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a modular reduction with respect to an integer.
+    ///                 r = A mod b
+    ///
+    /// \param r        The address at which to store the residue.
+    ///                 This must not be \c NULL.
+    /// \param A        The MPI to compute the residue of.
+    ///                 This must point to an initialized MPi.
+    /// \param b        The integer base of the modular reduction.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p b equals zero.
+    /// \return         #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p b is negative.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_mod_int(
+        r: *mut mbedtls_mpi_uint,
+        A: *const mbedtls_mpi,
+        b: mbedtls_mpi_sint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a sliding-window exponentiation: X = A^E mod N
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    ///                 This must not alias E or N.
+    /// \param A        The base of the exponentiation.
+    ///                 This must point to an initialized MPI.
+    /// \param E        The exponent MPI. This must point to an initialized MPI.
+    /// \param N        The base for the modular reduction. This must point to an
+    ///                 initialized MPI.
+    /// \param prec_RR  A helper MPI depending solely on \p N which can be used to
+    ///                 speed-up multiple modular exponentiations for the same value
+    ///                 of \p N. This may be \c NULL. If it is not \c NULL, it must
+    ///                 point to an initialized MPI. If it hasn't been used after
+    ///                 the call to mbedtls_mpi_init(), this function will compute
+    ///                 the helper value and store it in \p prec_RR for reuse on
+    ///                 subsequent calls to this function. Otherwise, the function
+    ///                 will assume that \p prec_RR holds the helper value set by a
+    ///                 previous call to mbedtls_mpi_exp_mod(), and reuse it.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \c N is negative or
+    ///                 even, or if \c E is negative.
+    /// \return         Another negative error code on different kinds of failures.
+    pub fn mbedtls_mpi_exp_mod(
+        X: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        E: *const mbedtls_mpi,
+        N: *const mbedtls_mpi,
+        prec_RR: *mut mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Fill an MPI with a number of random bytes.
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param size     The number of random bytes to generate.
+    /// \param f_rng    The RNG function to use. This must not be \c NULL.
+    /// \param p_rng    The RNG parameter to be passed to \p f_rng. This may be
+    ///                 \c NULL if \p f_rng doesn't need a context argument.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         Another negative error code on failure.
+    ///
+    /// \note           The bytes obtained from the RNG are interpreted
+    ///                 as a big-endian representation of an MPI; this can
+    ///                 be relevant in applications like deterministic ECDSA.
+    pub fn mbedtls_mpi_fill_random(
+        X: *mut mbedtls_mpi,
+        size: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// Generate a random number uniformly in a range.
+    ///
+    /// This function generates a random number between \p min inclusive and
+    /// \p N exclusive.
+    ///
+    /// The procedure complies with RFC 6979 §3.3 (deterministic ECDSA)
+    /// when the RNG is a suitably parametrized instance of HMAC_DRBG
+    /// and \p min is \c 1.
+    ///
+    /// \note           There are `N - min` possible outputs. The lower bound
+    ///                 \p min can be reached, but the upper bound \p N cannot.
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param min      The minimum value to return.
+    ///                 It must be nonnegative.
+    /// \param N        The upper bound of the range, exclusive.
+    ///                 In other words, this is one plus the maximum value to return.
+    ///                 \p N must be strictly larger than \p min.
+    /// \param f_rng    The RNG function to use. This must not be \c NULL.
+    /// \param p_rng    The RNG parameter to be passed to \p f_rng.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p min or \p N is invalid
+    ///                 or if they are incompatible.
+    /// \return         #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if the implementation was
+    ///                 unable to find a suitable value within a limited number
+    ///                 of attempts. This has a negligible probability if \p N
+    ///                 is significantly larger than \p min, which is the case
+    ///                 for all usual cryptographic applications.
+    /// \return         Another negative error code on failure.
+    pub fn mbedtls_mpi_random(
+        X: *mut mbedtls_mpi,
+        min: mbedtls_mpi_sint,
+        N: *const mbedtls_mpi,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Compute the greatest common divisor: G = gcd(A, B)
+    ///
+    /// \param G        The destination MPI. This must point to an initialized MPI.
+    /// \param A        The first operand. This must point to an initialized MPI.
+    /// \param B        The second operand. This must point to an initialized MPI.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_gcd(
+        G: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        B: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Compute the modular inverse: X = A^-1 mod N
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param A        The MPI to calculate the modular inverse of. This must point
+    ///                 to an initialized MPI.
+    /// \param N        The base of the modular inversion. This must point to an
+    ///                 initialized MPI.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p N is less than
+    ///                 or equal to one.
+    /// \return         #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p has no modular inverse
+    ///                 with respect to \p N.
+    pub fn mbedtls_mpi_inv_mod(
+        X: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        N: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Miller-Rabin primality test.
+    ///
+    /// \warning        If \p X is potentially generated by an adversary, for example
+    ///                 when validating cryptographic parameters that you didn't
+    ///                 generate yourself and that are supposed to be prime, then
+    ///                 \p rounds should be at least the half of the security
+    ///                 strength of the cryptographic algorithm. On the other hand,
+    ///                 if \p X is chosen uniformly or non-adversarially (as is the
+    ///                 case when mbedtls_mpi_gen_prime calls this function), then
+    ///                 \p rounds can be much lower.
+    ///
+    /// \param X        The MPI to check for primality.
+    ///                 This must point to an initialized MPI.
+    /// \param rounds   The number of bases to perform the Miller-Rabin primality
+    ///                 test for. The probability of returning 0 on a composite is
+    ///                 at most 2<sup>-2*\p rounds</sup>.
+    /// \param f_rng    The RNG function to use. This must not be \c NULL.
+    /// \param p_rng    The RNG parameter to be passed to \p f_rng.
+    ///                 This may be \c NULL if \p f_rng doesn't use
+    ///                 a context parameter.
+    ///
+    /// \return         \c 0 if successful, i.e. \p X is probably prime.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p X is not prime.
+    /// \return         Another negative error code on other kinds of failure.
+    pub fn mbedtls_mpi_is_prime_ext(
+        X: *const mbedtls_mpi,
+        rounds: crate::c_types::c_int,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+///< (X-1)/2 is prime too
+pub const mbedtls_mpi_gen_prime_flag_t_MBEDTLS_MPI_GEN_PRIME_FLAG_DH: mbedtls_mpi_gen_prime_flag_t =
+    1;
+///< lower error rate from 2<sup>-80</sup> to 2<sup>-128</sup>
+pub const mbedtls_mpi_gen_prime_flag_t_MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR:
+    mbedtls_mpi_gen_prime_flag_t = 2;
+/// \brief Flags for mbedtls_mpi_gen_prime()
+///
+/// Each of these flags is a constraint on the result X returned by
+/// mbedtls_mpi_gen_prime().
+pub type mbedtls_mpi_gen_prime_flag_t = crate::c_types::c_uint;
+extern "C" {
+    /// \brief          Generate a prime number.
+    ///
+    /// \param X        The destination MPI to store the generated prime in.
+    ///                 This must point to an initialized MPi.
+    /// \param nbits    The required size of the destination MPI in bits.
+    ///                 This must be between \c 3 and #MBEDTLS_MPI_MAX_BITS.
+    /// \param flags    A mask of flags of type #mbedtls_mpi_gen_prime_flag_t.
+    /// \param f_rng    The RNG function to use. This must not be \c NULL.
+    /// \param p_rng    The RNG parameter to be passed to \p f_rng.
+    ///                 This may be \c NULL if \p f_rng doesn't use
+    ///                 a context parameter.
+    ///
+    /// \return         \c 0 if successful, in which case \p X holds a
+    ///                 probably prime number.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if `nbits` is not between
+    ///                 \c 3 and #MBEDTLS_MPI_MAX_BITS.
+    pub fn mbedtls_mpi_gen_prime(
+        X: *mut mbedtls_mpi,
+        nbits: usize,
+        flags: crate::c_types::c_int,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Checkup routine
+    ///
+    /// \return         0 if successful, or 1 if the test failed
+    pub fn mbedtls_mpi_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+///< Curve not defined.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_NONE: mbedtls_ecp_group_id = 0;
+///< Domain parameters for the 192-bit curve defined by FIPS 186-4 and SEC1.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_SECP192R1: mbedtls_ecp_group_id = 1;
+///< Domain parameters for the 224-bit curve defined by FIPS 186-4 and SEC1.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_SECP224R1: mbedtls_ecp_group_id = 2;
+///< Domain parameters for the 256-bit curve defined by FIPS 186-4 and SEC1.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_SECP256R1: mbedtls_ecp_group_id = 3;
+///< Domain parameters for the 384-bit curve defined by FIPS 186-4 and SEC1.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_SECP384R1: mbedtls_ecp_group_id = 4;
+///< Domain parameters for the 521-bit curve defined by FIPS 186-4 and SEC1.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_SECP521R1: mbedtls_ecp_group_id = 5;
+///< Domain parameters for 256-bit Brainpool curve.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_BP256R1: mbedtls_ecp_group_id = 6;
+///< Domain parameters for 384-bit Brainpool curve.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_BP384R1: mbedtls_ecp_group_id = 7;
+///< Domain parameters for 512-bit Brainpool curve.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_BP512R1: mbedtls_ecp_group_id = 8;
+///< Domain parameters for Curve25519.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_CURVE25519: mbedtls_ecp_group_id = 9;
+///< Domain parameters for 192-bit "Koblitz" curve.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_SECP192K1: mbedtls_ecp_group_id = 10;
+///< Domain parameters for 224-bit "Koblitz" curve.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_SECP224K1: mbedtls_ecp_group_id = 11;
+///< Domain parameters for 256-bit "Koblitz" curve.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_SECP256K1: mbedtls_ecp_group_id = 12;
+///< Domain parameters for Curve448.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_CURVE448: mbedtls_ecp_group_id = 13;
+/// Domain-parameter identifiers: curve, subgroup, and generator.
+///
+/// \note Only curves over prime fields are supported.
+///
+/// \warning This library does not support validation of arbitrary domain
+/// parameters. Therefore, only standardized domain parameters from trusted
+/// sources should be used. See mbedtls_ecp_group_load().
+pub type mbedtls_ecp_group_id = crate::c_types::c_uint;
+pub const mbedtls_ecp_curve_type_MBEDTLS_ECP_TYPE_NONE: mbedtls_ecp_curve_type = 0;
+pub const mbedtls_ecp_curve_type_MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS: mbedtls_ecp_curve_type = 1;
+pub const mbedtls_ecp_curve_type_MBEDTLS_ECP_TYPE_MONTGOMERY: mbedtls_ecp_curve_type = 2;
+pub type mbedtls_ecp_curve_type = crate::c_types::c_uint;
+pub const mbedtls_ecp_modulus_type_MBEDTLS_ECP_MOD_NONE: mbedtls_ecp_modulus_type = 0;
+pub const mbedtls_ecp_modulus_type_MBEDTLS_ECP_MOD_COORDINATE: mbedtls_ecp_modulus_type = 1;
+pub const mbedtls_ecp_modulus_type_MBEDTLS_ECP_MOD_SCALAR: mbedtls_ecp_modulus_type = 2;
+pub type mbedtls_ecp_modulus_type = crate::c_types::c_uint;
+/// Curve information, for use by other modules.
+///
+/// The fields of this structure are part of the public API and can be
+/// accessed directly by applications. Future versions of the library may
+/// add extra fields or reorder existing fields.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ecp_curve_info {
+    ///< An internal identifier.
+    pub grp_id: mbedtls_ecp_group_id,
+    ///< The TLS NamedCurve identifier.
+    pub tls_id: u16,
+    ///< The curve size in bits.
+    pub bit_size: u16,
+    ///< A human-friendly name.
+    pub name: *const crate::c_types::c_char,
+}
+/// \brief           The ECP point structure, in Jacobian coordinates.
+///
+/// \note            All functions expect and return points satisfying
+///                  the following condition: <code>Z == 0</code> or
+///                  <code>Z == 1</code>. Other values of \p Z are
+///                  used only by internal functions.
+///                  The point is zero, or "at infinity", if <code>Z == 0</code>.
+///                  Otherwise, \p X and \p Y are its standard (affine)
+///                  coordinates.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ecp_point {
+    pub private_X: mbedtls_mpi,
+    pub private_Y: mbedtls_mpi,
+    pub private_Z: mbedtls_mpi,
+}
+/// \brief           The ECP group structure.
+///
+/// We consider two types of curve equations:
+/// <ul><li>Short Weierstrass: <code>y^2 = x^3 + A x + B mod P</code>
+/// (SEC1 + RFC-4492)</li>
+/// <li>Montgomery: <code>y^2 = x^3 + A x^2 + x mod P</code> (Curve25519,
+/// Curve448)</li></ul>
+/// In both cases, the generator (\p G) for a prime-order subgroup is fixed.
+///
+/// For Short Weierstrass, this subgroup is the whole curve, and its
+/// cardinality is denoted by \p N. Our code requires that \p N is an
+/// odd prime as mbedtls_ecp_mul() requires an odd number, and
+/// mbedtls_ecdsa_sign() requires that it is prime for blinding purposes.
+///
+/// For Montgomery curves, we do not store \p A, but <code>(A + 2) / 4</code>,
+/// which is the quantity used in the formulas. Additionally, \p nbits is
+/// not the size of \p N but the required size for private keys.
+///
+/// If \p modp is NULL, reduction modulo \p P is done using a generic algorithm.
+/// Otherwise, \p modp must point to a function that takes an \p mbedtls_mpi in the
+/// range of <code>0..2^(2*pbits)-1</code>, and transforms it in-place to an integer
+/// which is congruent mod \p P to the given MPI, and is close enough to \p pbits
+/// in size, so that it may be efficiently brought in the 0..P-1 range by a few
+/// additions or subtractions. Therefore, it is only an approximative modular
+/// reduction. It must return 0 on success and non-zero on failure.
+///
+/// \note        Alternative implementations of the ECP module must obey the
+///              following constraints.
+///              * Group IDs must be distinct: if two group structures have
+///                the same ID, then they must be identical.
+///              * The fields \c id, \c P, \c A, \c B, \c G, \c N,
+///                \c pbits and \c nbits must have the same type and semantics
+///                as in the built-in implementation.
+///                They must be available for reading, but direct modification
+///                of these fields does not need to be supported.
+///                They do not need to be at the same offset in the structure.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ecp_group {
+    ///< An internal group identifier.
+    pub id: mbedtls_ecp_group_id,
+    ///< The prime modulus of the base field.
+    pub P: mbedtls_mpi,
+    ///< For Short Weierstrass: \p A in the equation. For
+    ///Montgomery curves: <code>(A + 2) / 4</code>.
+    pub A: mbedtls_mpi,
+    ///< For Short Weierstrass: \p B in the equation.
+    ///For Montgomery curves: unused.
+    pub B: mbedtls_mpi,
+    ///< The generator of the subgroup used.
+    pub G: mbedtls_ecp_point,
+    ///< The order of \p G.
+    pub N: mbedtls_mpi,
+    ///< The number of bits in \p P.
+    pub pbits: usize,
+    ///< For Short Weierstrass: The number of bits in \p P.
+    ///For Montgomery curves: the number of bits in the
+    ///private keys.
+    pub nbits: usize,
+    pub private_h: crate::c_types::c_uint,
+    pub private_modp: ::core::option::Option<
+        unsafe extern "C" fn(arg1: *mut mbedtls_mpi) -> crate::c_types::c_int,
+    >,
+    pub private_t_pre: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut mbedtls_ecp_point,
+            arg2: *mut crate::c_types::c_void,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_t_post: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut mbedtls_ecp_point,
+            arg2: *mut crate::c_types::c_void,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_t_data: *mut crate::c_types::c_void,
+    pub private_T: *mut mbedtls_ecp_point,
+    pub private_T_size: usize,
+}
+pub type mbedtls_ecp_restart_ctx = crate::c_types::c_void;
+/// \brief    The ECP key-pair structure.
+///
+/// A generic key-pair that may be used for ECDSA and fixed ECDH, for example.
+///
+/// \note    Members are deliberately in the same order as in the
+///          ::mbedtls_ecdsa_context structure.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ecp_keypair {
+    pub private_grp: mbedtls_ecp_group,
+    pub private_d: mbedtls_mpi,
+    pub private_Q: mbedtls_ecp_point,
+}
+extern "C" {
+    pub fn mbedtls_ecp_get_type(grp: *const mbedtls_ecp_group) -> mbedtls_ecp_curve_type;
+}
+extern "C" {
+    /// \brief           This function retrieves the information defined in
+    ///                  mbedtls_ecp_curve_info() for all supported curves.
+    ///
+    /// \note            This function returns information about all curves
+    ///                  supported by the library. Some curves may not be
+    ///                  supported for all algorithms. Call mbedtls_ecdh_can_do()
+    ///                  or mbedtls_ecdsa_can_do() to check if a curve is
+    ///                  supported for ECDH or ECDSA.
+    ///
+    /// \return          A statically allocated array. The last entry is 0.
+    pub fn mbedtls_ecp_curve_list() -> *const mbedtls_ecp_curve_info;
+}
+extern "C" {
+    /// \brief           This function retrieves the list of internal group
+    ///                  identifiers of all supported curves in the order of
+    ///                  preference.
+    ///
+    /// \note            This function returns information about all curves
+    ///                  supported by the library. Some curves may not be
+    ///                  supported for all algorithms. Call mbedtls_ecdh_can_do()
+    ///                  or mbedtls_ecdsa_can_do() to check if a curve is
+    ///                  supported for ECDH or ECDSA.
+    ///
+    /// \return          A statically allocated array,
+    ///                  terminated with MBEDTLS_ECP_DP_NONE.
+    pub fn mbedtls_ecp_grp_id_list() -> *const mbedtls_ecp_group_id;
+}
+extern "C" {
+    /// \brief           This function retrieves curve information from an internal
+    ///                  group identifier.
+    ///
+    /// \param grp_id    An \c MBEDTLS_ECP_DP_XXX value.
+    ///
+    /// \return          The associated curve information on success.
+    /// \return          NULL on failure.
+    pub fn mbedtls_ecp_curve_info_from_grp_id(
+        grp_id: mbedtls_ecp_group_id,
+    ) -> *const mbedtls_ecp_curve_info;
+}
+extern "C" {
+    /// \brief           This function retrieves curve information from a TLS
+    ///                  NamedCurve value.
+    ///
+    /// \param tls_id    An \c MBEDTLS_ECP_DP_XXX value.
+    ///
+    /// \return          The associated curve information on success.
+    /// \return          NULL on failure.
+    pub fn mbedtls_ecp_curve_info_from_tls_id(tls_id: u16) -> *const mbedtls_ecp_curve_info;
+}
+extern "C" {
+    /// \brief           This function retrieves curve information from a
+    ///                  human-readable name.
+    ///
+    /// \param name      The human-readable name.
+    ///
+    /// \return          The associated curve information on success.
+    /// \return          NULL on failure.
+    pub fn mbedtls_ecp_curve_info_from_name(
+        name: *const crate::c_types::c_char,
+    ) -> *const mbedtls_ecp_curve_info;
+}
+extern "C" {
+    /// \brief           This function initializes a point as zero.
+    ///
+    /// \param pt        The point to initialize.
+    pub fn mbedtls_ecp_point_init(pt: *mut mbedtls_ecp_point);
+}
+extern "C" {
+    /// \brief           This function initializes an ECP group context
+    ///                  without loading any domain parameters.
+    ///
+    /// \note            After this function is called, domain parameters
+    ///                  for various ECP groups can be loaded through the
+    ///                  mbedtls_ecp_group_load() or mbedtls_ecp_tls_read_group()
+    ///                  functions.
+    pub fn mbedtls_ecp_group_init(grp: *mut mbedtls_ecp_group);
+}
+extern "C" {
+    /// \brief           This function initializes a key pair as an invalid one.
+    ///
+    /// \param key       The key pair to initialize.
+    pub fn mbedtls_ecp_keypair_init(key: *mut mbedtls_ecp_keypair);
+}
+extern "C" {
+    /// \brief           This function frees the components of a point.
+    ///
+    /// \param pt        The point to free.
+    pub fn mbedtls_ecp_point_free(pt: *mut mbedtls_ecp_point);
+}
+extern "C" {
+    /// \brief           This function frees the components of an ECP group.
+    ///
+    /// \param grp       The group to free. This may be \c NULL, in which
+    ///                  case this function returns immediately. If it is not
+    ///                  \c NULL, it must point to an initialized ECP group.
+    pub fn mbedtls_ecp_group_free(grp: *mut mbedtls_ecp_group);
+}
+extern "C" {
+    /// \brief           This function frees the components of a key pair.
+    ///
+    /// \param key       The key pair to free. This may be \c NULL, in which
+    ///                  case this function returns immediately. If it is not
+    ///                  \c NULL, it must point to an initialized ECP key pair.
+    pub fn mbedtls_ecp_keypair_free(key: *mut mbedtls_ecp_keypair);
+}
+extern "C" {
+    /// \brief           This function copies the contents of point \p Q into
+    ///                  point \p P.
+    ///
+    /// \param P         The destination point. This must be initialized.
+    /// \param Q         The source point. This must be initialized.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+    /// \return          Another negative error code for other kinds of failure.
+    pub fn mbedtls_ecp_copy(
+        P: *mut mbedtls_ecp_point,
+        Q: *const mbedtls_ecp_point,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function copies the contents of group \p src into
+    ///                  group \p dst.
+    ///
+    /// \param dst       The destination group. This must be initialized.
+    /// \param src       The source group. This must be initialized.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_group_copy(
+        dst: *mut mbedtls_ecp_group,
+        src: *const mbedtls_ecp_group,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function sets a point to the point at infinity.
+    ///
+    /// \param pt        The point to set. This must be initialized.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_set_zero(pt: *mut mbedtls_ecp_point) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function checks if a point is the point at infinity.
+    ///
+    /// \param pt        The point to test. This must be initialized.
+    ///
+    /// \return          \c 1 if the point is zero.
+    /// \return          \c 0 if the point is non-zero.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_ecp_is_zero(pt: *mut mbedtls_ecp_point) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function compares two points.
+    ///
+    /// \note            This assumes that the points are normalized. Otherwise,
+    ///                  they may compare as "not equal" even if they are.
+    ///
+    /// \param P         The first point to compare. This must be initialized.
+    /// \param Q         The second point to compare. This must be initialized.
+    ///
+    /// \return          \c 0 if the points are equal.
+    /// \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the points are not equal.
+    pub fn mbedtls_ecp_point_cmp(
+        P: *const mbedtls_ecp_point,
+        Q: *const mbedtls_ecp_point,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function imports a non-zero point from two ASCII
+    ///                  strings.
+    ///
+    /// \param P         The destination point. This must be initialized.
+    /// \param radix     The numeric base of the input.
+    /// \param x         The first affine coordinate, as a null-terminated string.
+    /// \param y         The second affine coordinate, as a null-terminated string.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_MPI_XXX error code on failure.
+    pub fn mbedtls_ecp_point_read_string(
+        P: *mut mbedtls_ecp_point,
+        radix: crate::c_types::c_int,
+        x: *const crate::c_types::c_char,
+        y: *const crate::c_types::c_char,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function exports a point into unsigned binary data.
+    ///
+    /// \param grp       The group to which the point should belong.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param P         The point to export. This must be initialized.
+    /// \param format    The point format. This must be either
+    ///                  #MBEDTLS_ECP_PF_COMPRESSED or #MBEDTLS_ECP_PF_UNCOMPRESSED.
+    ///                  (For groups without these formats, this parameter is
+    ///                  ignored. But it still has to be either of the above
+    ///                  values.)
+    /// \param olen      The address at which to store the length of
+    ///                  the output in Bytes. This must not be \c NULL.
+    /// \param buf       The output buffer. This must be a writable buffer
+    ///                  of length \p buflen Bytes.
+    /// \param buflen    The length of the output buffer \p buf in Bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the output buffer
+    ///                  is too small to hold the point.
+    /// \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the point format
+    ///                  or the export for the given group is not implemented.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_point_write_binary(
+        grp: *const mbedtls_ecp_group,
+        P: *const mbedtls_ecp_point,
+        format: crate::c_types::c_int,
+        olen: *mut usize,
+        buf: *mut crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function imports a point from unsigned binary data.
+    ///
+    /// \note            This function does not check that the point actually
+    ///                  belongs to the given group, see mbedtls_ecp_check_pubkey()
+    ///                  for that.
+    ///
+    /// \note            For compressed points, see #MBEDTLS_ECP_PF_COMPRESSED for
+    ///                  limitations.
+    ///
+    /// \param grp       The group to which the point should belong.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param P         The destination context to import the point to.
+    ///                  This must be initialized.
+    /// \param buf       The input buffer. This must be a readable buffer
+    ///                  of length \p ilen Bytes.
+    /// \param ilen      The length of the input buffer \p buf in Bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the input is invalid.
+    /// \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+    /// \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the import for the
+    ///                  given group is not implemented.
+    pub fn mbedtls_ecp_point_read_binary(
+        grp: *const mbedtls_ecp_group,
+        P: *mut mbedtls_ecp_point,
+        buf: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function imports a point from a TLS ECPoint record.
+    ///
+    /// \note            On function return, \p *buf is updated to point immediately
+    ///                  after the ECPoint record.
+    ///
+    /// \param grp       The ECP group to use.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param pt        The destination point.
+    /// \param buf       The address of the pointer to the start of the input buffer.
+    /// \param len       The length of the buffer.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_MPI_XXX error code on initialization
+    ///                  failure.
+    /// \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
+    pub fn mbedtls_ecp_tls_read_point(
+        grp: *const mbedtls_ecp_group,
+        pt: *mut mbedtls_ecp_point,
+        buf: *mut *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function exports a point as a TLS ECPoint record
+    ///                  defined in RFC 4492, Section 5.4.
+    ///
+    /// \param grp       The ECP group to use.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param pt        The point to be exported. This must be initialized.
+    /// \param format    The point format to use. This must be either
+    ///                  #MBEDTLS_ECP_PF_COMPRESSED or #MBEDTLS_ECP_PF_UNCOMPRESSED.
+    /// \param olen      The address at which to store the length in Bytes
+    ///                  of the data written.
+    /// \param buf       The target buffer. This must be a writable buffer of
+    ///                  length \p blen Bytes.
+    /// \param blen      The length of the target buffer \p buf in Bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the input is invalid.
+    /// \return          #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the target buffer
+    ///                  is too small to hold the exported point.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_tls_write_point(
+        grp: *const mbedtls_ecp_group,
+        pt: *const mbedtls_ecp_point,
+        format: crate::c_types::c_int,
+        olen: *mut usize,
+        buf: *mut crate::c_types::c_uchar,
+        blen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function sets up an ECP group context
+    ///                  from a standardized set of domain parameters.
+    ///
+    /// \note            The index should be a value of the NamedCurve enum,
+    ///                  as defined in <em>RFC-4492: Elliptic Curve Cryptography
+    ///                  (ECC) Cipher Suites for Transport Layer Security (TLS)</em>,
+    ///                  usually in the form of an \c MBEDTLS_ECP_DP_XXX macro.
+    ///
+    /// \param grp       The group context to setup. This must be initialized.
+    /// \param id        The identifier of the domain parameter set to load.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if \p id doesn't
+    ///                  correspond to a known group.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_group_load(
+        grp: *mut mbedtls_ecp_group,
+        id: mbedtls_ecp_group_id,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function sets up an ECP group context from a TLS
+    ///                  ECParameters record as defined in RFC 4492, Section 5.4.
+    ///
+    /// \note            The read pointer \p buf is updated to point right after
+    ///                  the ECParameters record on exit.
+    ///
+    /// \param grp       The group context to setup. This must be initialized.
+    /// \param buf       The address of the pointer to the start of the input buffer.
+    /// \param len       The length of the input buffer \c *buf in Bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
+    /// \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the group is not
+    ///                  recognized.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_tls_read_group(
+        grp: *mut mbedtls_ecp_group,
+        buf: *mut *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function extracts an elliptic curve group ID from a
+    ///                  TLS ECParameters record as defined in RFC 4492, Section 5.4.
+    ///
+    /// \note            The read pointer \p buf is updated to point right after
+    ///                  the ECParameters record on exit.
+    ///
+    /// \param grp       The address at which to store the group id.
+    ///                  This must not be \c NULL.
+    /// \param buf       The address of the pointer to the start of the input buffer.
+    /// \param len       The length of the input buffer \c *buf in Bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
+    /// \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the group is not
+    ///                  recognized.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_tls_read_group_id(
+        grp: *mut mbedtls_ecp_group_id,
+        buf: *mut *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function exports an elliptic curve as a TLS
+    ///                  ECParameters record as defined in RFC 4492, Section 5.4.
+    ///
+    /// \param grp       The ECP group to be exported.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param olen      The address at which to store the number of Bytes written.
+    ///                  This must not be \c NULL.
+    /// \param buf       The buffer to write to. This must be a writable buffer
+    ///                  of length \p blen Bytes.
+    /// \param blen      The length of the output buffer \p buf in Bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the output
+    ///                  buffer is too small to hold the exported group.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_tls_write_group(
+        grp: *const mbedtls_ecp_group,
+        olen: *mut usize,
+        buf: *mut crate::c_types::c_uchar,
+        blen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function performs a scalar multiplication of a point
+    ///                  by an integer: \p R = \p m * \p P.
+    ///
+    ///                  It is not thread-safe to use same group in multiple threads.
+    ///
+    /// \note            To prevent timing attacks, this function
+    ///                  executes the exact same sequence of base-field
+    ///                  operations for any valid \p m. It avoids any if-branch or
+    ///                  array index depending on the value of \p m. It also uses
+    ///                  \p f_rng to randomize some intermediate results.
+    ///
+    /// \param grp       The ECP group to use.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param R         The point in which to store the result of the calculation.
+    ///                  This must be initialized.
+    /// \param m         The integer by which to multiply. This must be initialized.
+    /// \param P         The point to multiply. This must be initialized.
+    /// \param f_rng     The RNG function. This must not be \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may be \c
+    ///                  NULL if \p f_rng doesn't need a context.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_INVALID_KEY if \p m is not a valid private
+    ///                  key, or \p P is not a valid public key.
+    /// \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_mul(
+        grp: *mut mbedtls_ecp_group,
+        R: *mut mbedtls_ecp_point,
+        m: *const mbedtls_mpi,
+        P: *const mbedtls_ecp_point,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function performs multiplication of a point by
+    ///                  an integer: \p R = \p m * \p P in a restartable way.
+    ///
+    /// \see             mbedtls_ecp_mul()
+    ///
+    /// \note            This function does the same as \c mbedtls_ecp_mul(), but
+    ///                  it can return early and restart according to the limit set
+    ///                  with \c mbedtls_ecp_set_max_ops() to reduce blocking.
+    ///
+    /// \param grp       The ECP group to use.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param R         The point in which to store the result of the calculation.
+    ///                  This must be initialized.
+    /// \param m         The integer by which to multiply. This must be initialized.
+    /// \param P         The point to multiply. This must be initialized.
+    /// \param f_rng     The RNG function. This must not be \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may be \c
+    ///                  NULL if \p f_rng doesn't need a context.
+    /// \param rs_ctx    The restart context (NULL disables restart).
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_INVALID_KEY if \p m is not a valid private
+    ///                  key, or \p P is not a valid public key.
+    /// \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+    /// \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                  operations was reached: see \c mbedtls_ecp_set_max_ops().
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_mul_restartable(
+        grp: *mut mbedtls_ecp_group,
+        R: *mut mbedtls_ecp_point,
+        m: *const mbedtls_mpi,
+        P: *const mbedtls_ecp_point,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        rs_ctx: *mut mbedtls_ecp_restart_ctx,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function performs multiplication and addition of two
+    ///                  points by integers: \p R = \p m * \p P + \p n * \p Q
+    ///
+    ///                  It is not thread-safe to use same group in multiple threads.
+    ///
+    /// \note            In contrast to mbedtls_ecp_mul(), this function does not
+    ///                  guarantee a constant execution flow and timing.
+    ///
+    /// \note            This function is only defined for short Weierstrass curves.
+    ///                  It may not be included in builds without any short
+    ///                  Weierstrass curve.
+    ///
+    /// \param grp       The ECP group to use.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param R         The point in which to store the result of the calculation.
+    ///                  This must be initialized.
+    /// \param m         The integer by which to multiply \p P.
+    ///                  This must be initialized.
+    /// \param P         The point to multiply by \p m. This must be initialized.
+    /// \param n         The integer by which to multiply \p Q.
+    ///                  This must be initialized.
+    /// \param Q         The point to be multiplied by \p n.
+    ///                  This must be initialized.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_INVALID_KEY if \p m or \p n are not
+    ///                  valid private keys, or \p P or \p Q are not valid public
+    ///                  keys.
+    /// \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+    /// \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if \p grp does not
+    ///                  designate a short Weierstrass curve.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_muladd(
+        grp: *mut mbedtls_ecp_group,
+        R: *mut mbedtls_ecp_point,
+        m: *const mbedtls_mpi,
+        P: *const mbedtls_ecp_point,
+        n: *const mbedtls_mpi,
+        Q: *const mbedtls_ecp_point,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function performs multiplication and addition of two
+    ///                  points by integers: \p R = \p m * \p P + \p n * \p Q in a
+    ///                  restartable way.
+    ///
+    /// \see             \c mbedtls_ecp_muladd()
+    ///
+    /// \note            This function works the same as \c mbedtls_ecp_muladd(),
+    ///                  but it can return early and restart according to the limit
+    ///                  set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
+    ///
+    /// \note            This function is only defined for short Weierstrass curves.
+    ///                  It may not be included in builds without any short
+    ///                  Weierstrass curve.
+    ///
+    /// \param grp       The ECP group to use.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param R         The point in which to store the result of the calculation.
+    ///                  This must be initialized.
+    /// \param m         The integer by which to multiply \p P.
+    ///                  This must be initialized.
+    /// \param P         The point to multiply by \p m. This must be initialized.
+    /// \param n         The integer by which to multiply \p Q.
+    ///                  This must be initialized.
+    /// \param Q         The point to be multiplied by \p n.
+    ///                  This must be initialized.
+    /// \param rs_ctx    The restart context (NULL disables restart).
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_INVALID_KEY if \p m or \p n are not
+    ///                  valid private keys, or \p P or \p Q are not valid public
+    ///                  keys.
+    /// \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+    /// \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if \p grp does not
+    ///                  designate a short Weierstrass curve.
+    /// \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                  operations was reached: see \c mbedtls_ecp_set_max_ops().
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_muladd_restartable(
+        grp: *mut mbedtls_ecp_group,
+        R: *mut mbedtls_ecp_point,
+        m: *const mbedtls_mpi,
+        P: *const mbedtls_ecp_point,
+        n: *const mbedtls_mpi,
+        Q: *const mbedtls_ecp_point,
+        rs_ctx: *mut mbedtls_ecp_restart_ctx,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function checks that a point is a valid public key
+    ///                  on this curve.
+    ///
+    ///                  It only checks that the point is non-zero, has
+    ///                  valid coordinates and lies on the curve. It does not verify
+    ///                  that it is indeed a multiple of \p G. This additional
+    ///                  check is computationally more expensive, is not required
+    ///                  by standards, and should not be necessary if the group
+    ///                  used has a small cofactor. In particular, it is useless for
+    ///                  the NIST groups which all have a cofactor of 1.
+    ///
+    /// \note            This function uses bare components rather than an
+    ///                  ::mbedtls_ecp_keypair structure, to ease use with other
+    ///                  structures, such as ::mbedtls_ecdh_context or
+    ///                  ::mbedtls_ecdsa_context.
+    ///
+    /// \param grp       The ECP group the point should belong to.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param pt        The point to check. This must be initialized.
+    ///
+    /// \return          \c 0 if the point is a valid public key.
+    /// \return          #MBEDTLS_ERR_ECP_INVALID_KEY if the point is not
+    ///                  a valid public key for the given curve.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_check_pubkey(
+        grp: *const mbedtls_ecp_group,
+        pt: *const mbedtls_ecp_point,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function checks that an \p mbedtls_mpi is a
+    ///                  valid private key for this curve.
+    ///
+    /// \note            This function uses bare components rather than an
+    ///                  ::mbedtls_ecp_keypair structure to ease use with other
+    ///                  structures, such as ::mbedtls_ecdh_context or
+    ///                  ::mbedtls_ecdsa_context.
+    ///
+    /// \param grp       The ECP group the private key should belong to.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param d         The integer to check. This must be initialized.
+    ///
+    /// \return          \c 0 if the point is a valid private key.
+    /// \return          #MBEDTLS_ERR_ECP_INVALID_KEY if the point is not a valid
+    ///                  private key for the given curve.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_check_privkey(
+        grp: *const mbedtls_ecp_group,
+        d: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function generates a private key.
+    ///
+    /// \param grp       The ECP group to generate a private key for.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param d         The destination MPI (secret part). This must be initialized.
+    /// \param f_rng     The RNG function. This must not be \c NULL.
+    /// \param p_rng     The RNG parameter to be passed to \p f_rng. This may be
+    ///                  \c NULL if \p f_rng doesn't need a context argument.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
+    ///                  on failure.
+    pub fn mbedtls_ecp_gen_privkey(
+        grp: *const mbedtls_ecp_group,
+        d: *mut mbedtls_mpi,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function generates a keypair with a configurable base
+    ///                  point.
+    ///
+    /// \note            This function uses bare components rather than an
+    ///                  ::mbedtls_ecp_keypair structure to ease use with other
+    ///                  structures, such as ::mbedtls_ecdh_context or
+    ///                  ::mbedtls_ecdsa_context.
+    ///
+    /// \param grp       The ECP group to generate a key pair for.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param G         The base point to use. This must be initialized
+    ///                  and belong to \p grp. It replaces the default base
+    ///                  point \c grp->G used by mbedtls_ecp_gen_keypair().
+    /// \param d         The destination MPI (secret part).
+    ///                  This must be initialized.
+    /// \param Q         The destination point (public part).
+    ///                  This must be initialized.
+    /// \param f_rng     The RNG function. This must not be \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may
+    ///                  be \c NULL if \p f_rng doesn't need a context argument.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
+    ///                  on failure.
+    pub fn mbedtls_ecp_gen_keypair_base(
+        grp: *mut mbedtls_ecp_group,
+        G: *const mbedtls_ecp_point,
+        d: *mut mbedtls_mpi,
+        Q: *mut mbedtls_ecp_point,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function generates an ECP keypair.
+    ///
+    /// \note            This function uses bare components rather than an
+    ///                  ::mbedtls_ecp_keypair structure to ease use with other
+    ///                  structures, such as ::mbedtls_ecdh_context or
+    ///                  ::mbedtls_ecdsa_context.
+    ///
+    /// \param grp       The ECP group to generate a key pair for.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param d         The destination MPI (secret part).
+    ///                  This must be initialized.
+    /// \param Q         The destination point (public part).
+    ///                  This must be initialized.
+    /// \param f_rng     The RNG function. This must not be \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may
+    ///                  be \c NULL if \p f_rng doesn't need a context argument.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
+    ///                  on failure.
+    pub fn mbedtls_ecp_gen_keypair(
+        grp: *mut mbedtls_ecp_group,
+        d: *mut mbedtls_mpi,
+        Q: *mut mbedtls_ecp_point,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function generates an ECP key.
+    ///
+    /// \param grp_id    The ECP group identifier.
+    /// \param key       The destination key. This must be initialized.
+    /// \param f_rng     The RNG function to use. This must not be \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may
+    ///                  be \c NULL if \p f_rng doesn't need a context argument.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
+    ///                  on failure.
+    pub fn mbedtls_ecp_gen_key(
+        grp_id: mbedtls_ecp_group_id,
+        key: *mut mbedtls_ecp_keypair,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function reads an elliptic curve private key.
+    ///
+    /// \param grp_id    The ECP group identifier.
+    /// \param key       The destination key.
+    /// \param buf       The buffer containing the binary representation of the
+    ///                  key. (Big endian integer for Weierstrass curves, byte
+    ///                  string for Montgomery curves.)
+    /// \param buflen    The length of the buffer in bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_INVALID_KEY error if the key is
+    ///                  invalid.
+    /// \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+    /// \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the operation for
+    ///                  the group is not implemented.
+    /// \return          Another negative error code on different kinds of failure.
+    pub fn mbedtls_ecp_read_key(
+        grp_id: mbedtls_ecp_group_id,
+        key: *mut mbedtls_ecp_keypair,
+        buf: *const crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function exports an elliptic curve private key.
+    ///
+    /// \param key       The private key.
+    /// \param buf       The output buffer for containing the binary representation
+    ///                  of the key. (Big endian integer for Weierstrass curves, byte
+    ///                  string for Montgomery curves.)
+    /// \param buflen    The total length of the buffer in bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the \p key
+    ///representation is larger than the available space in \p buf.
+    /// \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the operation for
+    ///                  the group is not implemented.
+    /// \return          Another negative error code on different kinds of failure.
+    pub fn mbedtls_ecp_write_key(
+        key: *mut mbedtls_ecp_keypair,
+        buf: *mut crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function checks that the keypair objects
+    ///                  \p pub and \p prv have the same group and the
+    ///                  same public point, and that the private key in
+    ///                  \p prv is consistent with the public key.
+    ///
+    /// \param pub       The keypair structure holding the public key. This
+    ///                  must be initialized. If it contains a private key, that
+    ///                  part is ignored.
+    /// \param prv       The keypair structure holding the full keypair.
+    ///                  This must be initialized.
+    /// \param f_rng     The RNG function. This must not be \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may be \c
+    ///                  NULL if \p f_rng doesn't need a context.
+    ///
+    /// \return          \c 0 on success, meaning that the keys are valid and match.
+    /// \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the keys are invalid or do not match.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX or an \c MBEDTLS_ERR_MPI_XXX
+    ///                  error code on calculation failure.
+    pub fn mbedtls_ecp_check_pub_priv(
+        pub_: *const mbedtls_ecp_keypair,
+        prv: *const mbedtls_ecp_keypair,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function exports generic key-pair parameters.
+    ///
+    /// \param key       The key pair to export from.
+    /// \param grp       Slot for exported ECP group.
+    ///                  It must point to an initialized ECP group.
+    /// \param d         Slot for the exported secret value.
+    ///                  It must point to an initialized mpi.
+    /// \param Q         Slot for the exported public value.
+    ///                  It must point to an initialized ECP point.
+    ///
+    /// \return          \c 0 on success,
+    /// \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+    /// \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if key id doesn't
+    ///                  correspond to a known group.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_export(
+        key: *const mbedtls_ecp_keypair,
+        grp: *mut mbedtls_ecp_group,
+        d: *mut mbedtls_mpi,
+        Q: *mut mbedtls_ecp_point,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          The ECP checkup routine.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_ecp_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+///< None.
+pub const mbedtls_md_type_t_MBEDTLS_MD_NONE: mbedtls_md_type_t = 0;
+///< The MD5 message digest.
+pub const mbedtls_md_type_t_MBEDTLS_MD_MD5: mbedtls_md_type_t = 1;
+///< The SHA-1 message digest.
+pub const mbedtls_md_type_t_MBEDTLS_MD_SHA1: mbedtls_md_type_t = 2;
+///< The SHA-224 message digest.
+pub const mbedtls_md_type_t_MBEDTLS_MD_SHA224: mbedtls_md_type_t = 3;
+///< The SHA-256 message digest.
+pub const mbedtls_md_type_t_MBEDTLS_MD_SHA256: mbedtls_md_type_t = 4;
+///< The SHA-384 message digest.
+pub const mbedtls_md_type_t_MBEDTLS_MD_SHA384: mbedtls_md_type_t = 5;
+///< The SHA-512 message digest.
+pub const mbedtls_md_type_t_MBEDTLS_MD_SHA512: mbedtls_md_type_t = 6;
+///< The RIPEMD-160 message digest.
+pub const mbedtls_md_type_t_MBEDTLS_MD_RIPEMD160: mbedtls_md_type_t = 7;
+/// \brief     Supported message digests.
+///
+/// \warning   MD5 and SHA-1 are considered weak message digests and
+///            their use constitutes a security risk. We recommend considering
+///            stronger message digests instead.
+pub type mbedtls_md_type_t = crate::c_types::c_uint;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_md_info_t {
+    _unused: [u8; 0],
+}
+pub const mbedtls_md_engine_t_MBEDTLS_MD_ENGINE_LEGACY: mbedtls_md_engine_t = 0;
+pub const mbedtls_md_engine_t_MBEDTLS_MD_ENGINE_PSA: mbedtls_md_engine_t = 1;
+/// Used internally to indicate whether a context uses legacy or PSA.
+///
+/// Internal use only.
+pub type mbedtls_md_engine_t = crate::c_types::c_uint;
+/// The generic message-digest context.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_md_context_t {
+    pub private_md_info: *const mbedtls_md_info_t,
+    pub private_md_ctx: *mut crate::c_types::c_void,
+    pub private_hmac_ctx: *mut crate::c_types::c_void,
+}
+extern "C" {
+    /// \brief           This function returns the message-digest information
+    ///                  associated with the given digest type.
+    ///
+    /// \param md_type   The type of digest to search for.
+    ///
+    /// \return          The message-digest information associated with \p md_type.
+    /// \return          NULL if the associated message-digest information is not found.
+    pub fn mbedtls_md_info_from_type(md_type: mbedtls_md_type_t) -> *const mbedtls_md_info_t;
+}
+extern "C" {
+    /// \brief           This function initializes a message-digest context without
+    ///                  binding it to a particular message-digest algorithm.
+    ///
+    ///                  This function should always be called first. It prepares the
+    ///                  context for mbedtls_md_setup() for binding it to a
+    ///                  message-digest algorithm.
+    pub fn mbedtls_md_init(ctx: *mut mbedtls_md_context_t);
+}
+extern "C" {
+    /// \brief           This function clears the internal structure of \p ctx and
+    ///                  frees any embedded internal structure, but does not free
+    ///                  \p ctx itself.
+    ///
+    ///                  If you have called mbedtls_md_setup() on \p ctx, you must
+    ///                  call mbedtls_md_free() when you are no longer using the
+    ///                  context.
+    ///                  Calling this function if you have previously
+    ///                  called mbedtls_md_init() and nothing else is optional.
+    ///                  You must not call this function if you have not called
+    ///                  mbedtls_md_init().
+    pub fn mbedtls_md_free(ctx: *mut mbedtls_md_context_t);
+}
+extern "C" {
+    /// \brief           This function selects the message digest algorithm to use,
+    ///                  and allocates internal structures.
+    ///
+    ///                  It should be called after mbedtls_md_init() or
+    ///                  mbedtls_md_free(). Makes it necessary to call
+    ///                  mbedtls_md_free() later.
+    ///
+    /// \param ctx       The context to set up.
+    /// \param md_info   The information structure of the message-digest algorithm
+    ///                  to use.
+    /// \param hmac      Defines if HMAC is used. 0: HMAC is not used (saves some memory),
+    ///                  or non-zero: HMAC is used with this context.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+    ///                  failure.
+    /// \return          #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure.
+    pub fn mbedtls_md_setup(
+        ctx: *mut mbedtls_md_context_t,
+        md_info: *const mbedtls_md_info_t,
+        hmac: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function clones the state of a message-digest
+    ///                  context.
+    ///
+    /// \note            You must call mbedtls_md_setup() on \c dst before calling
+    ///                  this function.
+    ///
+    /// \note            The two contexts must have the same type,
+    ///                  for example, both are SHA-256.
+    ///
+    /// \warning         This function clones the message-digest state, not the
+    ///                  HMAC state.
+    ///
+    /// \param dst       The destination context.
+    /// \param src       The context to be cloned.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification failure.
+    /// \return          #MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE if both contexts are
+    ///                  not using the same engine. This can be avoided by moving
+    ///                  the call to psa_crypto_init() before the first call to
+    ///                  mbedtls_md_setup().
+    pub fn mbedtls_md_clone(
+        dst: *mut mbedtls_md_context_t,
+        src: *const mbedtls_md_context_t,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function extracts the message-digest size from the
+    ///                  message-digest information structure.
+    ///
+    /// \param md_info   The information structure of the message-digest algorithm
+    ///                  to use.
+    ///
+    /// \return          The size of the message-digest output in Bytes.
+    pub fn mbedtls_md_get_size(md_info: *const mbedtls_md_info_t) -> crate::c_types::c_uchar;
+}
+extern "C" {
+    /// \brief           This function extracts the message-digest type from the
+    ///                  message-digest information structure.
+    ///
+    /// \param md_info   The information structure of the message-digest algorithm
+    ///                  to use.
+    ///
+    /// \return          The type of the message digest.
+    pub fn mbedtls_md_get_type(md_info: *const mbedtls_md_info_t) -> mbedtls_md_type_t;
+}
+extern "C" {
+    /// \brief           This function starts a message-digest computation.
+    ///
+    ///                  You must call this function after setting up the context
+    ///                  with mbedtls_md_setup(), and before passing data with
+    ///                  mbedtls_md_update().
+    ///
+    /// \param ctx       The generic message-digest context.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+    ///                  failure.
+    pub fn mbedtls_md_starts(ctx: *mut mbedtls_md_context_t) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function feeds an input buffer into an ongoing
+    ///                  message-digest computation.
+    ///
+    ///                  You must call mbedtls_md_starts() before calling this
+    ///                  function. You may call this function multiple times.
+    ///                  Afterwards, call mbedtls_md_finish().
+    ///
+    /// \param ctx       The generic message-digest context.
+    /// \param input     The buffer holding the input data.
+    /// \param ilen      The length of the input data.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+    ///                  failure.
+    pub fn mbedtls_md_update(
+        ctx: *mut mbedtls_md_context_t,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function finishes the digest operation,
+    ///                  and writes the result to the output buffer.
+    ///
+    ///                  Call this function after a call to mbedtls_md_starts(),
+    ///                  followed by any number of calls to mbedtls_md_update().
+    ///                  Afterwards, you may either clear the context with
+    ///                  mbedtls_md_free(), or call mbedtls_md_starts() to reuse
+    ///                  the context for another digest operation with the same
+    ///                  algorithm.
+    ///
+    /// \param ctx       The generic message-digest context.
+    /// \param output    The buffer for the generic message-digest checksum result.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+    ///                  failure.
+    pub fn mbedtls_md_finish(
+        ctx: *mut mbedtls_md_context_t,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function calculates the message-digest of a buffer,
+    ///                 with respect to a configurable message-digest algorithm
+    ///                 in a single call.
+    ///
+    ///                 The result is calculated as
+    ///                 Output = message_digest(input buffer).
+    ///
+    /// \param md_info  The information structure of the message-digest algorithm
+    ///                 to use.
+    /// \param input    The buffer holding the data.
+    /// \param ilen     The length of the input data.
+    /// \param output   The generic message-digest checksum result.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+    ///                 failure.
+    pub fn mbedtls_md(
+        md_info: *const mbedtls_md_info_t,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function returns the list of digests supported by the
+    ///                  generic digest module.
+    ///
+    /// \note            The list starts with the strongest available hashes.
+    ///
+    /// \return          A statically allocated array of digests. Each element
+    ///                  in the returned list is an integer belonging to the
+    ///                  message-digest enumeration #mbedtls_md_type_t.
+    ///                  The last entry is 0.
+    pub fn mbedtls_md_list() -> *const crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function returns the message-digest information
+    ///                  associated with the given digest name.
+    ///
+    /// \param md_name   The name of the digest to search for.
+    ///
+    /// \return          The message-digest information associated with \p md_name.
+    /// \return          NULL if the associated message-digest information is not found.
+    pub fn mbedtls_md_info_from_string(
+        md_name: *const crate::c_types::c_char,
+    ) -> *const mbedtls_md_info_t;
+}
+extern "C" {
+    /// \brief           This function extracts the message-digest name from the
+    ///                  message-digest information structure.
+    ///
+    /// \param md_info   The information structure of the message-digest algorithm
+    ///                  to use.
+    ///
+    /// \return          The name of the message digest.
+    pub fn mbedtls_md_get_name(md_info: *const mbedtls_md_info_t) -> *const crate::c_types::c_char;
+}
+extern "C" {
+    /// \brief           This function returns the message-digest information
+    ///                  from the given context.
+    ///
+    /// \param ctx       The context from which to extract the information.
+    ///                  This must be initialized (or \c NULL).
+    ///
+    /// \return          The message-digest information associated with \p ctx.
+    /// \return          \c NULL if \p ctx is \c NULL.
+    pub fn mbedtls_md_info_from_ctx(ctx: *const mbedtls_md_context_t) -> *const mbedtls_md_info_t;
+}
+extern "C" {
+    /// \brief           This function sets the HMAC key and prepares to
+    ///                  authenticate a new message.
+    ///
+    ///                  Call this function after mbedtls_md_setup(), to use
+    ///                  the MD context for an HMAC calculation, then call
+    ///                  mbedtls_md_hmac_update() to provide the input data, and
+    ///                  mbedtls_md_hmac_finish() to get the HMAC value.
+    ///
+    /// \param ctx       The message digest context containing an embedded HMAC
+    ///                  context.
+    /// \param key       The HMAC secret key.
+    /// \param keylen    The length of the HMAC key in Bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+    ///                  failure.
+    pub fn mbedtls_md_hmac_starts(
+        ctx: *mut mbedtls_md_context_t,
+        key: *const crate::c_types::c_uchar,
+        keylen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function feeds an input buffer into an ongoing HMAC
+    ///                  computation.
+    ///
+    ///                  Call mbedtls_md_hmac_starts() or mbedtls_md_hmac_reset()
+    ///                  before calling this function.
+    ///                  You may call this function multiple times to pass the
+    ///                  input piecewise.
+    ///                  Afterwards, call mbedtls_md_hmac_finish().
+    ///
+    /// \param ctx       The message digest context containing an embedded HMAC
+    ///                  context.
+    /// \param input     The buffer holding the input data.
+    /// \param ilen      The length of the input data.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+    ///                  failure.
+    pub fn mbedtls_md_hmac_update(
+        ctx: *mut mbedtls_md_context_t,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function finishes the HMAC operation, and writes
+    ///                  the result to the output buffer.
+    ///
+    ///                  Call this function after mbedtls_md_hmac_starts() and
+    ///                  mbedtls_md_hmac_update() to get the HMAC value. Afterwards
+    ///                  you may either call mbedtls_md_free() to clear the context,
+    ///                  or call mbedtls_md_hmac_reset() to reuse the context with
+    ///                  the same HMAC key.
+    ///
+    /// \param ctx       The message digest context containing an embedded HMAC
+    ///                  context.
+    /// \param output    The generic HMAC checksum result.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+    ///                  failure.
+    pub fn mbedtls_md_hmac_finish(
+        ctx: *mut mbedtls_md_context_t,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function prepares to authenticate a new message with
+    ///                  the same key as the previous HMAC operation.
+    ///
+    ///                  You may call this function after mbedtls_md_hmac_finish().
+    ///                  Afterwards call mbedtls_md_hmac_update() to pass the new
+    ///                  input.
+    ///
+    /// \param ctx       The message digest context containing an embedded HMAC
+    ///                  context.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+    ///                  failure.
+    pub fn mbedtls_md_hmac_reset(ctx: *mut mbedtls_md_context_t) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function calculates the full generic HMAC
+    ///                 on the input buffer with the provided key.
+    ///
+    ///                 The function allocates the context, performs the
+    ///                 calculation, and frees the context.
+    ///
+    ///                 The HMAC result is calculated as
+    ///                 output = generic HMAC(hmac key, input buffer).
+    ///
+    /// \param md_info  The information structure of the message-digest algorithm
+    ///                 to use.
+    /// \param key      The HMAC secret key.
+    /// \param keylen   The length of the HMAC secret key in Bytes.
+    /// \param input    The buffer holding the input data.
+    /// \param ilen     The length of the input data.
+    /// \param output   The generic HMAC result.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+    ///                 failure.
+    pub fn mbedtls_md_hmac(
+        md_info: *const mbedtls_md_info_t,
+        key: *const crate::c_types::c_uchar,
+        keylen: usize,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+/// \brief   The RSA context structure.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_rsa_context {
+    pub private_ver: crate::c_types::c_int,
+    pub private_len: usize,
+    pub private_N: mbedtls_mpi,
+    pub private_E: mbedtls_mpi,
+    pub private_D: mbedtls_mpi,
+    pub private_P: mbedtls_mpi,
+    pub private_Q: mbedtls_mpi,
+    pub private_DP: mbedtls_mpi,
+    pub private_DQ: mbedtls_mpi,
+    pub private_QP: mbedtls_mpi,
+    pub private_RN: mbedtls_mpi,
+    pub private_RP: mbedtls_mpi,
+    pub private_RQ: mbedtls_mpi,
+    pub private_Vi: mbedtls_mpi,
+    pub private_Vf: mbedtls_mpi,
+    pub private_padding: crate::c_types::c_int,
+    pub private_hash_id: crate::c_types::c_int,
+}
+extern "C" {
+    /// \brief          This function initializes an RSA context.
+    ///
+    /// \note           This function initializes the padding and the hash
+    ///                 identifier to respectively #MBEDTLS_RSA_PKCS_V15 and
+    ///                 #MBEDTLS_MD_NONE. See mbedtls_rsa_set_padding() for more
+    ///                 information about those parameters.
+    ///
+    /// \param ctx      The RSA context to initialize. This must not be \c NULL.
+    pub fn mbedtls_rsa_init(ctx: *mut mbedtls_rsa_context);
+}
+extern "C" {
+    /// \brief          This function sets padding for an already initialized RSA
+    ///                 context.
+    ///
+    /// \note           Set padding to #MBEDTLS_RSA_PKCS_V21 for the RSAES-OAEP
+    ///                 encryption scheme and the RSASSA-PSS signature scheme.
+    ///
+    /// \note           The \p hash_id parameter is ignored when using
+    ///                 #MBEDTLS_RSA_PKCS_V15 padding.
+    ///
+    /// \note           The choice of padding mode is strictly enforced for private
+    ///                 key operations, since there might be security concerns in
+    ///                 mixing padding modes. For public key operations it is
+    ///                 a default value, which can be overridden by calling specific
+    ///                 \c mbedtls_rsa_rsaes_xxx or \c mbedtls_rsa_rsassa_xxx
+    ///                 functions.
+    ///
+    /// \note           The hash selected in \p hash_id is always used for OEAP
+    ///                 encryption. For PSS signatures, it is always used for
+    ///                 making signatures, but can be overridden for verifying them.
+    ///                 If set to #MBEDTLS_MD_NONE, it is always overridden.
+    ///
+    /// \param ctx      The initialized RSA context to be configured.
+    /// \param padding  The padding mode to use. This must be either
+    ///                 #MBEDTLS_RSA_PKCS_V15 or #MBEDTLS_RSA_PKCS_V21.
+    /// \param hash_id  The hash identifier for PSS or OAEP, if \p padding is
+    ///                 #MBEDTLS_RSA_PKCS_V21. #MBEDTLS_MD_NONE is accepted by this
+    ///                 function but may be not suitable for some operations.
+    ///                 Ignored if \p padding is #MBEDTLS_RSA_PKCS_V15.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_RSA_INVALID_PADDING failure:
+    ///                 \p padding or \p hash_id is invalid.
+    pub fn mbedtls_rsa_set_padding(
+        ctx: *mut mbedtls_rsa_context,
+        padding: crate::c_types::c_int,
+        hash_id: mbedtls_md_type_t,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function retrieves padding mode of initialized
+    ///                 RSA context.
+    ///
+    /// \param ctx      The initialized RSA context.
+    ///
+    /// \return         RSA padding mode.
+    pub fn mbedtls_rsa_get_padding_mode(ctx: *const mbedtls_rsa_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function retrieves hash identifier of mbedtls_md_type_t
+    ///                 type.
+    ///
+    /// \param ctx      The initialized RSA context.
+    ///
+    /// \return         Hash identifier of mbedtls_md_type_t type.
+    pub fn mbedtls_rsa_get_md_alg(ctx: *const mbedtls_rsa_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function imports a set of core parameters into an
+    ///                 RSA context.
+    ///
+    /// \note           This function can be called multiple times for successive
+    ///                 imports, if the parameters are not simultaneously present.
+    ///
+    ///                 Any sequence of calls to this function should be followed
+    ///                 by a call to mbedtls_rsa_complete(), which checks and
+    ///                 completes the provided information to a ready-for-use
+    ///                 public or private RSA key.
+    ///
+    /// \note           See mbedtls_rsa_complete() for more information on which
+    ///                 parameters are necessary to set up a private or public
+    ///                 RSA key.
+    ///
+    /// \note           The imported parameters are copied and need not be preserved
+    ///                 for the lifetime of the RSA context being set up.
+    ///
+    /// \param ctx      The initialized RSA context to store the parameters in.
+    /// \param N        The RSA modulus. This may be \c NULL.
+    /// \param P        The first prime factor of \p N. This may be \c NULL.
+    /// \param Q        The second prime factor of \p N. This may be \c NULL.
+    /// \param D        The private exponent. This may be \c NULL.
+    /// \param E        The public exponent. This may be \c NULL.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A non-zero error code on failure.
+    pub fn mbedtls_rsa_import(
+        ctx: *mut mbedtls_rsa_context,
+        N: *const mbedtls_mpi,
+        P: *const mbedtls_mpi,
+        Q: *const mbedtls_mpi,
+        D: *const mbedtls_mpi,
+        E: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function imports core RSA parameters, in raw big-endian
+    ///                 binary format, into an RSA context.
+    ///
+    /// \note           This function can be called multiple times for successive
+    ///                 imports, if the parameters are not simultaneously present.
+    ///
+    ///                 Any sequence of calls to this function should be followed
+    ///                 by a call to mbedtls_rsa_complete(), which checks and
+    ///                 completes the provided information to a ready-for-use
+    ///                 public or private RSA key.
+    ///
+    /// \note           See mbedtls_rsa_complete() for more information on which
+    ///                 parameters are necessary to set up a private or public
+    ///                 RSA key.
+    ///
+    /// \note           The imported parameters are copied and need not be preserved
+    ///                 for the lifetime of the RSA context being set up.
+    ///
+    /// \param ctx      The initialized RSA context to store the parameters in.
+    /// \param N        The RSA modulus. This may be \c NULL.
+    /// \param N_len    The Byte length of \p N; it is ignored if \p N == NULL.
+    /// \param P        The first prime factor of \p N. This may be \c NULL.
+    /// \param P_len    The Byte length of \p P; it is ignored if \p P == NULL.
+    /// \param Q        The second prime factor of \p N. This may be \c NULL.
+    /// \param Q_len    The Byte length of \p Q; it is ignored if \p Q == NULL.
+    /// \param D        The private exponent. This may be \c NULL.
+    /// \param D_len    The Byte length of \p D; it is ignored if \p D == NULL.
+    /// \param E        The public exponent. This may be \c NULL.
+    /// \param E_len    The Byte length of \p E; it is ignored if \p E == NULL.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A non-zero error code on failure.
+    pub fn mbedtls_rsa_import_raw(
+        ctx: *mut mbedtls_rsa_context,
+        N: *const crate::c_types::c_uchar,
+        N_len: usize,
+        P: *const crate::c_types::c_uchar,
+        P_len: usize,
+        Q: *const crate::c_types::c_uchar,
+        Q_len: usize,
+        D: *const crate::c_types::c_uchar,
+        D_len: usize,
+        E: *const crate::c_types::c_uchar,
+        E_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function completes an RSA context from
+    ///                 a set of imported core parameters.
+    ///
+    ///                 To setup an RSA public key, precisely \p N and \p E
+    ///                 must have been imported.
+    ///
+    ///                 To setup an RSA private key, sufficient information must
+    ///                 be present for the other parameters to be derivable.
+    ///
+    ///                 The default implementation supports the following:
+    ///                 <ul><li>Derive \p P, \p Q from \p N, \p D, \p E.</li>
+    ///                 <li>Derive \p N, \p D from \p P, \p Q, \p E.</li></ul>
+    ///                 Alternative implementations need not support these.
+    ///
+    ///                 If this function runs successfully, it guarantees that
+    ///                 the RSA context can be used for RSA operations without
+    ///                 the risk of failure or crash.
+    ///
+    /// \warning        This function need not perform consistency checks
+    ///                 for the imported parameters. In particular, parameters that
+    ///                 are not needed by the implementation might be silently
+    ///                 discarded and left unchecked. To check the consistency
+    ///                 of the key material, see mbedtls_rsa_check_privkey().
+    ///
+    /// \param ctx      The initialized RSA context holding imported parameters.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the attempted derivations
+    ///                 failed.
+    pub fn mbedtls_rsa_complete(ctx: *mut mbedtls_rsa_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function exports the core parameters of an RSA key.
+    ///
+    ///                 If this function runs successfully, the non-NULL buffers
+    ///                 pointed to by \p N, \p P, \p Q, \p D, and \p E are fully
+    ///                 written, with additional unused space filled leading by
+    ///                 zero Bytes.
+    ///
+    ///                 Possible reasons for returning
+    ///                 #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED:<ul>
+    ///                 <li>An alternative RSA implementation is in use, which
+    ///                 stores the key externally, and either cannot or should
+    ///                 not export it into RAM.</li>
+    ///                 <li>A SW or HW implementation might not support a certain
+    ///                 deduction. For example, \p P, \p Q from \p N, \p D,
+    ///                 and \p E if the former are not part of the
+    ///                 implementation.</li></ul>
+    ///
+    ///                 If the function fails due to an unsupported operation,
+    ///                 the RSA context stays intact and remains usable.
+    ///
+    /// \param ctx      The initialized RSA context.
+    /// \param N        The MPI to hold the RSA modulus.
+    ///                 This may be \c NULL if this field need not be exported.
+    /// \param P        The MPI to hold the first prime factor of \p N.
+    ///                 This may be \c NULL if this field need not be exported.
+    /// \param Q        The MPI to hold the second prime factor of \p N.
+    ///                 This may be \c NULL if this field need not be exported.
+    /// \param D        The MPI to hold the private exponent.
+    ///                 This may be \c NULL if this field need not be exported.
+    /// \param E        The MPI to hold the public exponent.
+    ///                 This may be \c NULL if this field need not be exported.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED if exporting the
+    ///                 requested parameters cannot be done due to missing
+    ///                 functionality or because of security policies.
+    /// \return         A non-zero return code on any other failure.
+    pub fn mbedtls_rsa_export(
+        ctx: *const mbedtls_rsa_context,
+        N: *mut mbedtls_mpi,
+        P: *mut mbedtls_mpi,
+        Q: *mut mbedtls_mpi,
+        D: *mut mbedtls_mpi,
+        E: *mut mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function exports core parameters of an RSA key
+    ///                 in raw big-endian binary format.
+    ///
+    ///                 If this function runs successfully, the non-NULL buffers
+    ///                 pointed to by \p N, \p P, \p Q, \p D, and \p E are fully
+    ///                 written, with additional unused space filled leading by
+    ///                 zero Bytes.
+    ///
+    ///                 Possible reasons for returning
+    ///                 #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED:<ul>
+    ///                 <li>An alternative RSA implementation is in use, which
+    ///                 stores the key externally, and either cannot or should
+    ///                 not export it into RAM.</li>
+    ///                 <li>A SW or HW implementation might not support a certain
+    ///                 deduction. For example, \p P, \p Q from \p N, \p D,
+    ///                 and \p E if the former are not part of the
+    ///                 implementation.</li></ul>
+    ///                 If the function fails due to an unsupported operation,
+    ///                 the RSA context stays intact and remains usable.
+    ///
+    /// \note           The length parameters are ignored if the corresponding
+    ///                 buffer pointers are NULL.
+    ///
+    /// \param ctx      The initialized RSA context.
+    /// \param N        The Byte array to store the RSA modulus,
+    ///                 or \c NULL if this field need not be exported.
+    /// \param N_len    The size of the buffer for the modulus.
+    /// \param P        The Byte array to hold the first prime factor of \p N,
+    ///                 or \c NULL if this field need not be exported.
+    /// \param P_len    The size of the buffer for the first prime factor.
+    /// \param Q        The Byte array to hold the second prime factor of \p N,
+    ///                 or \c NULL if this field need not be exported.
+    /// \param Q_len    The size of the buffer for the second prime factor.
+    /// \param D        The Byte array to hold the private exponent,
+    ///                 or \c NULL if this field need not be exported.
+    /// \param D_len    The size of the buffer for the private exponent.
+    /// \param E        The Byte array to hold the public exponent,
+    ///                 or \c NULL if this field need not be exported.
+    /// \param E_len    The size of the buffer for the public exponent.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED if exporting the
+    ///                 requested parameters cannot be done due to missing
+    ///                 functionality or because of security policies.
+    /// \return         A non-zero return code on any other failure.
+    pub fn mbedtls_rsa_export_raw(
+        ctx: *const mbedtls_rsa_context,
+        N: *mut crate::c_types::c_uchar,
+        N_len: usize,
+        P: *mut crate::c_types::c_uchar,
+        P_len: usize,
+        Q: *mut crate::c_types::c_uchar,
+        Q_len: usize,
+        D: *mut crate::c_types::c_uchar,
+        D_len: usize,
+        E: *mut crate::c_types::c_uchar,
+        E_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function exports CRT parameters of a private RSA key.
+    ///
+    /// \note           Alternative RSA implementations not using CRT-parameters
+    ///                 internally can implement this function based on
+    ///                 mbedtls_rsa_deduce_opt().
+    ///
+    /// \param ctx      The initialized RSA context.
+    /// \param DP       The MPI to hold \c D modulo `P-1`,
+    ///                 or \c NULL if it need not be exported.
+    /// \param DQ       The MPI to hold \c D modulo `Q-1`,
+    ///                 or \c NULL if it need not be exported.
+    /// \param QP       The MPI to hold modular inverse of \c Q modulo \c P,
+    ///                 or \c NULL if it need not be exported.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A non-zero error code on failure.
+    pub fn mbedtls_rsa_export_crt(
+        ctx: *const mbedtls_rsa_context,
+        DP: *mut mbedtls_mpi,
+        DQ: *mut mbedtls_mpi,
+        QP: *mut mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function retrieves the length of RSA modulus in Bytes.
+    ///
+    /// \param ctx      The initialized RSA context.
+    ///
+    /// \return         The length of the RSA modulus in Bytes.
+    pub fn mbedtls_rsa_get_len(ctx: *const mbedtls_rsa_context) -> usize;
+}
+extern "C" {
+    /// \brief          This function generates an RSA keypair.
+    ///
+    /// \note           mbedtls_rsa_init() must be called before this function,
+    ///                 to set up the RSA context.
+    ///
+    /// \param ctx      The initialized RSA context used to hold the key.
+    /// \param f_rng    The RNG function to be used for key generation.
+    ///                 This is mandatory and must not be \c NULL.
+    /// \param p_rng    The RNG context to be passed to \p f_rng.
+    ///                 This may be \c NULL if \p f_rng doesn't need a context.
+    /// \param nbits    The size of the public key in bits.
+    /// \param exponent The public exponent to use. For example, \c 65537.
+    ///                 This must be odd and greater than \c 1.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_gen_key(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        nbits: crate::c_types::c_uint,
+        exponent: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function checks if a context contains at least an RSA
+    ///                 public key.
+    ///
+    ///                 If the function runs successfully, it is guaranteed that
+    ///                 enough information is present to perform an RSA public key
+    ///                 operation using mbedtls_rsa_public().
+    ///
+    /// \param ctx      The initialized RSA context to check.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_check_pubkey(ctx: *const mbedtls_rsa_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief      This function checks if a context contains an RSA private key
+    ///             and perform basic consistency checks.
+    ///
+    /// \note       The consistency checks performed by this function not only
+    ///             ensure that mbedtls_rsa_private() can be called successfully
+    ///             on the given context, but that the various parameters are
+    ///             mutually consistent with high probability, in the sense that
+    ///             mbedtls_rsa_public() and mbedtls_rsa_private() are inverses.
+    ///
+    /// \warning    This function should catch accidental misconfigurations
+    ///             like swapping of parameters, but it cannot establish full
+    ///             trust in neither the quality nor the consistency of the key
+    ///             material that was used to setup the given RSA context:
+    ///             <ul><li>Consistency: Imported parameters that are irrelevant
+    ///             for the implementation might be silently dropped. If dropped,
+    ///             the current function does not have access to them,
+    ///             and therefore cannot check them. See mbedtls_rsa_complete().
+    ///             If you want to check the consistency of the entire
+    ///             content of a PKCS1-encoded RSA private key, for example, you
+    ///             should use mbedtls_rsa_validate_params() before setting
+    ///             up the RSA context.
+    ///             Additionally, if the implementation performs empirical checks,
+    ///             these checks substantiate but do not guarantee consistency.</li>
+    ///             <li>Quality: This function is not expected to perform
+    ///             extended quality assessments like checking that the prime
+    ///             factors are safe. Additionally, it is the responsibility of the
+    ///             user to ensure the trustworthiness of the source of his RSA
+    ///             parameters, which goes beyond what is effectively checkable
+    ///             by the library.</li></ul>
+    ///
+    /// \param ctx  The initialized RSA context to check.
+    ///
+    /// \return     \c 0 on success.
+    /// \return     An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_check_privkey(ctx: *const mbedtls_rsa_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function checks a public-private RSA key pair.
+    ///
+    ///                 It checks each of the contexts, and makes sure they match.
+    ///
+    /// \param pub      The initialized RSA context holding the public key.
+    /// \param prv      The initialized RSA context holding the private key.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_check_pub_priv(
+        pub_: *const mbedtls_rsa_context,
+        prv: *const mbedtls_rsa_context,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs an RSA public key operation.
+    ///
+    /// \param ctx      The initialized RSA context to use.
+    /// \param input    The input buffer. This must be a readable buffer
+    ///                 of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    /// \param output   The output buffer. This must be a writable buffer
+    ///                 of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    ///
+    /// \note           This function does not handle message padding.
+    ///
+    /// \note           Make sure to set \p input[0] = 0 or ensure that
+    ///                 input is smaller than \p N.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_public(
+        ctx: *mut mbedtls_rsa_context,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs an RSA private key operation.
+    ///
+    /// \note           Blinding is used if and only if a PRNG is provided.
+    ///
+    /// \note           If blinding is used, both the base of exponentiation
+    ///                 and the exponent are blinded, providing protection
+    ///                 against some side-channel attacks.
+    ///
+    /// \warning        It is deprecated and a security risk to not provide
+    ///                 a PRNG here and thereby prevent the use of blinding.
+    ///                 Future versions of the library may enforce the presence
+    ///                 of a PRNG.
+    ///
+    /// \param ctx      The initialized RSA context to use.
+    /// \param f_rng    The RNG function, used for blinding. It is mandatory.
+    /// \param p_rng    The RNG context to pass to \p f_rng. This may be \c NULL
+    ///                 if \p f_rng doesn't need a context.
+    /// \param input    The input buffer. This must be a readable buffer
+    ///                 of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    /// \param output   The output buffer. This must be a writable buffer
+    ///                 of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_private(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function adds the message padding, then performs an RSA
+    ///                 operation.
+    ///
+    ///                 It is the generic wrapper for performing a PKCS#1 encryption
+    ///                 operation.
+    ///
+    /// \param ctx      The initialized RSA context to use.
+    /// \param f_rng    The RNG to use. It is used for padding generation
+    ///                 and it is mandatory.
+    /// \param p_rng    The RNG context to be passed to \p f_rng. May be
+    ///                 \c NULL if \p f_rng doesn't need a context argument.
+    /// \param ilen     The length of the plaintext in Bytes.
+    /// \param input    The input data to encrypt. This must be a readable
+    ///                 buffer of size \p ilen Bytes. It may be \c NULL if
+    ///                 `ilen == 0`.
+    /// \param output   The output buffer. This must be a writable buffer
+    ///                 of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_pkcs1_encrypt(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        ilen: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs a PKCS#1 v1.5 encryption operation
+    ///                 (RSAES-PKCS1-v1_5-ENCRYPT).
+    ///
+    /// \param ctx      The initialized RSA context to use.
+    /// \param f_rng    The RNG function to use. It is mandatory and used for
+    ///                 padding generation.
+    /// \param p_rng    The RNG context to be passed to \p f_rng. This may
+    ///                 be \c NULL if \p f_rng doesn't need a context argument.
+    /// \param ilen     The length of the plaintext in Bytes.
+    /// \param input    The input data to encrypt. This must be a readable
+    ///                 buffer of size \p ilen Bytes. It may be \c NULL if
+    ///                 `ilen == 0`.
+    /// \param output   The output buffer. This must be a writable buffer
+    ///                 of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_rsaes_pkcs1_v15_encrypt(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        ilen: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief            This function performs a PKCS#1 v2.1 OAEP encryption
+    ///                   operation (RSAES-OAEP-ENCRYPT).
+    ///
+    /// \note             The output buffer must be as large as the size
+    ///                   of ctx->N. For example, 128 Bytes if RSA-1024 is used.
+    ///
+    /// \param ctx        The initialized RSA context to use.
+    /// \param f_rng      The RNG function to use. This is needed for padding
+    ///                   generation and is mandatory.
+    /// \param p_rng      The RNG context to be passed to \p f_rng. This may
+    ///                   be \c NULL if \p f_rng doesn't need a context argument.
+    /// \param label      The buffer holding the custom label to use.
+    ///                   This must be a readable buffer of length \p label_len
+    ///                   Bytes. It may be \c NULL if \p label_len is \c 0.
+    /// \param label_len  The length of the label in Bytes.
+    /// \param ilen       The length of the plaintext buffer \p input in Bytes.
+    /// \param input      The input data to encrypt. This must be a readable
+    ///                   buffer of size \p ilen Bytes. It may be \c NULL if
+    ///                   `ilen == 0`.
+    /// \param output     The output buffer. This must be a writable buffer
+    ///                   of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                   for an 2048-bit RSA modulus.
+    ///
+    /// \return           \c 0 on success.
+    /// \return           An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_rsaes_oaep_encrypt(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        label: *const crate::c_types::c_uchar,
+        label_len: usize,
+        ilen: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs an RSA operation, then removes the
+    ///                 message padding.
+    ///
+    ///                 It is the generic wrapper for performing a PKCS#1 decryption
+    ///                 operation.
+    ///
+    /// \note           The output buffer length \c output_max_len should be
+    ///                 as large as the size \p ctx->len of \p ctx->N (for example,
+    ///                 128 Bytes if RSA-1024 is used) to be able to hold an
+    ///                 arbitrary decrypted message. If it is not large enough to
+    ///                 hold the decryption of the particular ciphertext provided,
+    ///                 the function returns \c MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
+    ///
+    /// \param ctx      The initialized RSA context to use.
+    /// \param f_rng    The RNG function. This is used for blinding and is
+    ///                 mandatory; see mbedtls_rsa_private() for more.
+    /// \param p_rng    The RNG context to be passed to \p f_rng. This may be
+    ///                 \c NULL if \p f_rng doesn't need a context.
+    /// \param olen     The address at which to store the length of
+    ///                 the plaintext. This must not be \c NULL.
+    /// \param input    The ciphertext buffer. This must be a readable buffer
+    ///                 of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    /// \param output   The buffer used to hold the plaintext. This must
+    ///                 be a writable buffer of length \p output_max_len Bytes.
+    /// \param output_max_len The length in Bytes of the output buffer \p output.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_pkcs1_decrypt(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        olen: *mut usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+        output_max_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs a PKCS#1 v1.5 decryption
+    ///                 operation (RSAES-PKCS1-v1_5-DECRYPT).
+    ///
+    /// \note           The output buffer length \c output_max_len should be
+    ///                 as large as the size \p ctx->len of \p ctx->N, for example,
+    ///                 128 Bytes if RSA-1024 is used, to be able to hold an
+    ///                 arbitrary decrypted message. If it is not large enough to
+    ///                 hold the decryption of the particular ciphertext provided,
+    ///                 the function returns #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
+    ///
+    /// \param ctx      The initialized RSA context to use.
+    /// \param f_rng    The RNG function. This is used for blinding and is
+    ///                 mandatory; see mbedtls_rsa_private() for more.
+    /// \param p_rng    The RNG context to be passed to \p f_rng. This may be
+    ///                 \c NULL if \p f_rng doesn't need a context.
+    /// \param olen     The address at which to store the length of
+    ///                 the plaintext. This must not be \c NULL.
+    /// \param input    The ciphertext buffer. This must be a readable buffer
+    ///                 of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    /// \param output   The buffer used to hold the plaintext. This must
+    ///                 be a writable buffer of length \p output_max_len Bytes.
+    /// \param output_max_len The length in Bytes of the output buffer \p output.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_rsaes_pkcs1_v15_decrypt(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        olen: *mut usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+        output_max_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief            This function performs a PKCS#1 v2.1 OAEP decryption
+    ///                   operation (RSAES-OAEP-DECRYPT).
+    ///
+    /// \note             The output buffer length \c output_max_len should be
+    ///                   as large as the size \p ctx->len of \p ctx->N, for
+    ///                   example, 128 Bytes if RSA-1024 is used, to be able to
+    ///                   hold an arbitrary decrypted message. If it is not
+    ///                   large enough to hold the decryption of the particular
+    ///                   ciphertext provided, the function returns
+    ///                   #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
+    ///
+    /// \param ctx        The initialized RSA context to use.
+    /// \param f_rng      The RNG function. This is used for blinding and is
+    ///                   mandatory.
+    /// \param p_rng      The RNG context to be passed to \p f_rng. This may be
+    ///                   \c NULL if \p f_rng doesn't need a context.
+    /// \param label      The buffer holding the custom label to use.
+    ///                   This must be a readable buffer of length \p label_len
+    ///                   Bytes. It may be \c NULL if \p label_len is \c 0.
+    /// \param label_len  The length of the label in Bytes.
+    /// \param olen       The address at which to store the length of
+    ///                   the plaintext. This must not be \c NULL.
+    /// \param input      The ciphertext buffer. This must be a readable buffer
+    ///                   of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                   for an 2048-bit RSA modulus.
+    /// \param output     The buffer used to hold the plaintext. This must
+    ///                   be a writable buffer of length \p output_max_len Bytes.
+    /// \param output_max_len The length in Bytes of the output buffer \p output.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_rsaes_oaep_decrypt(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        label: *const crate::c_types::c_uchar,
+        label_len: usize,
+        olen: *mut usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+        output_max_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs a private RSA operation to sign
+    ///                 a message digest using PKCS#1.
+    ///
+    ///                 It is the generic wrapper for performing a PKCS#1
+    ///                 signature.
+    ///
+    /// \note           The \p sig buffer must be as large as the size
+    ///                 of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
+    ///
+    /// \note           For PKCS#1 v2.1 encoding, see comments on
+    ///                 mbedtls_rsa_rsassa_pss_sign() for details on
+    ///                 \p md_alg and \p hash_id.
+    ///
+    /// \param ctx      The initialized RSA context to use.
+    /// \param f_rng    The RNG function to use. This is mandatory and
+    ///                 must not be \c NULL.
+    /// \param p_rng    The RNG context to be passed to \p f_rng. This may be \c NULL
+    ///                 if \p f_rng doesn't need a context argument.
+    /// \param md_alg   The message-digest algorithm used to hash the original data.
+    ///                 Use #MBEDTLS_MD_NONE for signing raw data.
+    /// \param hashlen  The length of the message digest or raw data in Bytes.
+    ///                 If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+    ///                 output length of the corresponding hash algorithm.
+    /// \param hash     The buffer holding the message digest or raw data.
+    ///                 This must be a readable buffer of at least \p hashlen Bytes.
+    /// \param sig      The buffer to hold the signature. This must be a writable
+    ///                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus. A buffer length of
+    ///                 #MBEDTLS_MPI_MAX_SIZE is always safe.
+    ///
+    /// \return         \c 0 if the signing operation was successful.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_pkcs1_sign(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        md_alg: mbedtls_md_type_t,
+        hashlen: crate::c_types::c_uint,
+        hash: *const crate::c_types::c_uchar,
+        sig: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs a PKCS#1 v1.5 signature
+    ///                 operation (RSASSA-PKCS1-v1_5-SIGN).
+    ///
+    /// \param ctx      The initialized RSA context to use.
+    /// \param f_rng    The RNG function. This is used for blinding and is
+    ///                 mandatory; see mbedtls_rsa_private() for more.
+    /// \param p_rng    The RNG context to be passed to \p f_rng. This may be \c NULL
+    ///                 if \p f_rng doesn't need a context argument.
+    /// \param md_alg   The message-digest algorithm used to hash the original data.
+    ///                 Use #MBEDTLS_MD_NONE for signing raw data.
+    /// \param hashlen  The length of the message digest or raw data in Bytes.
+    ///                 If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+    ///                 output length of the corresponding hash algorithm.
+    /// \param hash     The buffer holding the message digest or raw data.
+    ///                 This must be a readable buffer of at least \p hashlen Bytes.
+    /// \param sig      The buffer to hold the signature. This must be a writable
+    ///                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus. A buffer length of
+    ///                 #MBEDTLS_MPI_MAX_SIZE is always safe.
+    ///
+    /// \return         \c 0 if the signing operation was successful.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_rsassa_pkcs1_v15_sign(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        md_alg: mbedtls_md_type_t,
+        hashlen: crate::c_types::c_uint,
+        hash: *const crate::c_types::c_uchar,
+        sig: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs a PKCS#1 v2.1 PSS signature
+    ///                 operation (RSASSA-PSS-SIGN).
+    ///
+    /// \note           The \c hash_id set in \p ctx by calling
+    ///                 mbedtls_rsa_set_padding() selects the hash used for the
+    ///                 encoding operation and for the mask generation function
+    ///                 (MGF1). For more details on the encoding operation and the
+    ///                 mask generation function, consult <em>RFC-3447: Public-Key
+    ///                 Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography
+    ///                 Specifications</em>.
+    ///
+    /// \note           This function enforces that the provided salt length complies
+    ///                 with FIPS 186-4 §5.5 (e) and RFC 8017 (PKCS#1 v2.2) §9.1.1
+    ///                 step 3. The constraint is that the hash length plus the salt
+    ///                 length plus 2 bytes must be at most the key length. If this
+    ///                 constraint is not met, this function returns
+    ///                 #MBEDTLS_ERR_RSA_BAD_INPUT_DATA.
+    ///
+    /// \param ctx      The initialized RSA context to use.
+    /// \param f_rng    The RNG function. It is mandatory and must not be \c NULL.
+    /// \param p_rng    The RNG context to be passed to \p f_rng. This may be \c NULL
+    ///                 if \p f_rng doesn't need a context argument.
+    /// \param md_alg   The message-digest algorithm used to hash the original data.
+    ///                 Use #MBEDTLS_MD_NONE for signing raw data.
+    /// \param hashlen  The length of the message digest or raw data in Bytes.
+    ///                 If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+    ///                 output length of the corresponding hash algorithm.
+    /// \param hash     The buffer holding the message digest or raw data.
+    ///                 This must be a readable buffer of at least \p hashlen Bytes.
+    /// \param saltlen  The length of the salt that should be used.
+    ///                 If passed #MBEDTLS_RSA_SALT_LEN_ANY, the function will use
+    ///                 the largest possible salt length up to the hash length,
+    ///                 which is the largest permitted by some standards including
+    ///                 FIPS 186-4 §5.5.
+    /// \param sig      The buffer to hold the signature. This must be a writable
+    ///                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus. A buffer length of
+    ///                 #MBEDTLS_MPI_MAX_SIZE is always safe.
+    ///
+    /// \return         \c 0 if the signing operation was successful.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_rsassa_pss_sign_ext(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        md_alg: mbedtls_md_type_t,
+        hashlen: crate::c_types::c_uint,
+        hash: *const crate::c_types::c_uchar,
+        saltlen: crate::c_types::c_int,
+        sig: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs a PKCS#1 v2.1 PSS signature
+    ///                 operation (RSASSA-PSS-SIGN).
+    ///
+    /// \note           The \c hash_id set in \p ctx by calling
+    ///                 mbedtls_rsa_set_padding() selects the hash used for the
+    ///                 encoding operation and for the mask generation function
+    ///                 (MGF1). For more details on the encoding operation and the
+    ///                 mask generation function, consult <em>RFC-3447: Public-Key
+    ///                 Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography
+    ///                 Specifications</em>.
+    ///
+    /// \note           This function always uses the maximum possible salt size,
+    ///                 up to the length of the payload hash. This choice of salt
+    ///                 size complies with FIPS 186-4 §5.5 (e) and RFC 8017 (PKCS#1
+    ///                 v2.2) §9.1.1 step 3. Furthermore this function enforces a
+    ///                 minimum salt size which is the hash size minus 2 bytes. If
+    ///                 this minimum size is too large given the key size (the salt
+    ///                 size, plus the hash size, plus 2 bytes must be no more than
+    ///                 the key size in bytes), this function returns
+    ///                 #MBEDTLS_ERR_RSA_BAD_INPUT_DATA.
+    ///
+    /// \param ctx      The initialized RSA context to use.
+    /// \param f_rng    The RNG function. It is mandatory and must not be \c NULL.
+    /// \param p_rng    The RNG context to be passed to \p f_rng. This may be \c NULL
+    ///                 if \p f_rng doesn't need a context argument.
+    /// \param md_alg   The message-digest algorithm used to hash the original data.
+    ///                 Use #MBEDTLS_MD_NONE for signing raw data.
+    /// \param hashlen  The length of the message digest or raw data in Bytes.
+    ///                 If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+    ///                 output length of the corresponding hash algorithm.
+    /// \param hash     The buffer holding the message digest or raw data.
+    ///                 This must be a readable buffer of at least \p hashlen Bytes.
+    /// \param sig      The buffer to hold the signature. This must be a writable
+    ///                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus. A buffer length of
+    ///                 #MBEDTLS_MPI_MAX_SIZE is always safe.
+    ///
+    /// \return         \c 0 if the signing operation was successful.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_rsassa_pss_sign(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        md_alg: mbedtls_md_type_t,
+        hashlen: crate::c_types::c_uint,
+        hash: *const crate::c_types::c_uchar,
+        sig: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs a public RSA operation and checks
+    ///                 the message digest.
+    ///
+    ///                 This is the generic wrapper for performing a PKCS#1
+    ///                 verification.
+    ///
+    /// \note           For PKCS#1 v2.1 encoding, see comments on
+    ///                 mbedtls_rsa_rsassa_pss_verify() about \p md_alg and
+    ///                 \p hash_id.
+    ///
+    /// \param ctx      The initialized RSA public key context to use.
+    /// \param md_alg   The message-digest algorithm used to hash the original data.
+    ///                 Use #MBEDTLS_MD_NONE for signing raw data.
+    /// \param hashlen  The length of the message digest or raw data in Bytes.
+    ///                 If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+    ///                 output length of the corresponding hash algorithm.
+    /// \param hash     The buffer holding the message digest or raw data.
+    ///                 This must be a readable buffer of at least \p hashlen Bytes.
+    /// \param sig      The buffer holding the signature. This must be a readable
+    ///                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    ///
+    /// \return         \c 0 if the verify operation was successful.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_pkcs1_verify(
+        ctx: *mut mbedtls_rsa_context,
+        md_alg: mbedtls_md_type_t,
+        hashlen: crate::c_types::c_uint,
+        hash: *const crate::c_types::c_uchar,
+        sig: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs a PKCS#1 v1.5 verification
+    ///                 operation (RSASSA-PKCS1-v1_5-VERIFY).
+    ///
+    /// \param ctx      The initialized RSA public key context to use.
+    /// \param md_alg   The message-digest algorithm used to hash the original data.
+    ///                 Use #MBEDTLS_MD_NONE for signing raw data.
+    /// \param hashlen  The length of the message digest or raw data in Bytes.
+    ///                 If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+    ///                 output length of the corresponding hash algorithm.
+    /// \param hash     The buffer holding the message digest or raw data.
+    ///                 This must be a readable buffer of at least \p hashlen Bytes.
+    /// \param sig      The buffer holding the signature. This must be a readable
+    ///                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    ///
+    /// \return         \c 0 if the verify operation was successful.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_rsassa_pkcs1_v15_verify(
+        ctx: *mut mbedtls_rsa_context,
+        md_alg: mbedtls_md_type_t,
+        hashlen: crate::c_types::c_uint,
+        hash: *const crate::c_types::c_uchar,
+        sig: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs a PKCS#1 v2.1 PSS verification
+    ///                 operation (RSASSA-PSS-VERIFY).
+    ///
+    /// \note           The \c hash_id set in \p ctx by calling
+    ///                 mbedtls_rsa_set_padding() selects the hash used for the
+    ///                 encoding operation and for the mask generation function
+    ///                 (MGF1). For more details on the encoding operation and the
+    ///                 mask generation function, consult <em>RFC-3447: Public-Key
+    ///                 Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography
+    ///                 Specifications</em>. If the \c hash_id set in \p ctx by
+    ///                 mbedtls_rsa_set_padding() is #MBEDTLS_MD_NONE, the \p md_alg
+    ///                 parameter is used.
+    ///
+    /// \param ctx      The initialized RSA public key context to use.
+    /// \param md_alg   The message-digest algorithm used to hash the original data.
+    ///                 Use #MBEDTLS_MD_NONE for signing raw data.
+    /// \param hashlen  The length of the message digest or raw data in Bytes.
+    ///                 If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+    ///                 output length of the corresponding hash algorithm.
+    /// \param hash     The buffer holding the message digest or raw data.
+    ///                 This must be a readable buffer of at least \p hashlen Bytes.
+    /// \param sig      The buffer holding the signature. This must be a readable
+    ///                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    ///
+    /// \return         \c 0 if the verify operation was successful.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_rsassa_pss_verify(
+        ctx: *mut mbedtls_rsa_context,
+        md_alg: mbedtls_md_type_t,
+        hashlen: crate::c_types::c_uint,
+        hash: *const crate::c_types::c_uchar,
+        sig: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs a PKCS#1 v2.1 PSS verification
+    ///                 operation (RSASSA-PSS-VERIFY).
+    ///
+    /// \note           The \p sig buffer must be as large as the size
+    ///                 of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
+    ///
+    /// \note           The \c hash_id set in \p ctx by mbedtls_rsa_set_padding() is
+    ///                 ignored.
+    ///
+    /// \param ctx      The initialized RSA public key context to use.
+    /// \param md_alg   The message-digest algorithm used to hash the original data.
+    ///                 Use #MBEDTLS_MD_NONE for signing raw data.
+    /// \param hashlen  The length of the message digest or raw data in Bytes.
+    ///                 If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+    ///                 output length of the corresponding hash algorithm.
+    /// \param hash     The buffer holding the message digest or raw data.
+    ///                 This must be a readable buffer of at least \p hashlen Bytes.
+    /// \param mgf1_hash_id      The message digest algorithm used for the
+    ///                          verification operation and the mask generation
+    ///                          function (MGF1). For more details on the encoding
+    ///                          operation and the mask generation function, consult
+    ///                          <em>RFC-3447: Public-Key Cryptography Standards
+    ///                          (PKCS) #1 v2.1: RSA Cryptography
+    ///                          Specifications</em>.
+    /// \param expected_salt_len The length of the salt used in padding. Use
+    ///                          #MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length.
+    /// \param sig      The buffer holding the signature. This must be a readable
+    ///                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    ///
+    /// \return         \c 0 if the verify operation was successful.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_rsassa_pss_verify_ext(
+        ctx: *mut mbedtls_rsa_context,
+        md_alg: mbedtls_md_type_t,
+        hashlen: crate::c_types::c_uint,
+        hash: *const crate::c_types::c_uchar,
+        mgf1_hash_id: mbedtls_md_type_t,
+        expected_salt_len: crate::c_types::c_int,
+        sig: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function copies the components of an RSA context.
+    ///
+    /// \param dst      The destination context. This must be initialized.
+    /// \param src      The source context. This must be initialized.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure.
+    pub fn mbedtls_rsa_copy(
+        dst: *mut mbedtls_rsa_context,
+        src: *const mbedtls_rsa_context,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function frees the components of an RSA key.
+    ///
+    /// \param ctx      The RSA context to free. May be \c NULL, in which case
+    ///                 this function is a no-op. If it is not \c NULL, it must
+    ///                 point to an initialized RSA context.
+    pub fn mbedtls_rsa_free(ctx: *mut mbedtls_rsa_context);
+}
+extern "C" {
+    /// \brief          The RSA checkup routine.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_rsa_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+/// \brief           The ECDSA context structure.
+///
+/// \warning         Performing multiple operations concurrently on the same
+///                  ECDSA context is not supported; objects of this type
+///                  should not be shared between multiple threads.
+///
+/// \note            pk_wrap module assumes that "ecdsa_context" is identical
+///                  to "ecp_keypair" (see for example structure
+///                  "mbedtls_eckey_info" where ECDSA sign/verify functions
+///                  are used also for EC key)
+pub type mbedtls_ecdsa_context = mbedtls_ecp_keypair;
+pub type mbedtls_ecdsa_restart_ctx = crate::c_types::c_void;
+extern "C" {
+    /// \brief          This function checks whether a given group can be used
+    ///                 for ECDSA.
+    ///
+    /// \param gid      The ECP group ID to check.
+    ///
+    /// \return         \c 1 if the group can be used, \c 0 otherwise
+    pub fn mbedtls_ecdsa_can_do(gid: mbedtls_ecp_group_id) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function computes the ECDSA signature of a
+    ///                  previously-hashed message.
+    ///
+    /// \note            The deterministic version implemented in
+    ///                  mbedtls_ecdsa_sign_det_ext() is usually preferred.
+    ///
+    /// \note            If the bitlength of the message hash is larger than the
+    ///                  bitlength of the group order, then the hash is truncated
+    ///                  as defined in <em>Standards for Efficient Cryptography Group
+    ///                  (SECG): SEC1 Elliptic Curve Cryptography</em>, section
+    ///                  4.1.3, step 5.
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param grp       The context for the elliptic curve to use.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param r         The MPI context in which to store the first part
+    ///                  the signature. This must be initialized.
+    /// \param s         The MPI context in which to store the second part
+    ///                  the signature. This must be initialized.
+    /// \param d         The private signing key. This must be initialized.
+    /// \param buf       The content to be signed. This is usually the hash of
+    ///                  the original data to be signed. This must be a readable
+    ///                  buffer of length \p blen Bytes. It may be \c NULL if
+    ///                  \p blen is zero.
+    /// \param blen      The length of \p buf in Bytes.
+    /// \param f_rng     The RNG function. This must not be \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may be
+    ///                  \c NULL if \p f_rng doesn't need a context parameter.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX
+    ///                  or \c MBEDTLS_MPI_XXX error code on failure.
+    pub fn mbedtls_ecdsa_sign(
+        grp: *mut mbedtls_ecp_group,
+        r: *mut mbedtls_mpi,
+        s: *mut mbedtls_mpi,
+        d: *const mbedtls_mpi,
+        buf: *const crate::c_types::c_uchar,
+        blen: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function computes the ECDSA signature of a
+    ///                  previously-hashed message, deterministic version.
+    ///
+    ///                  For more information, see <em>RFC-6979: Deterministic
+    ///                  Usage of the Digital Signature Algorithm (DSA) and Elliptic
+    ///                  Curve Digital Signature Algorithm (ECDSA)</em>.
+    ///
+    /// \note            If the bitlength of the message hash is larger than the
+    ///                  bitlength of the group order, then the hash is truncated as
+    ///                  defined in <em>Standards for Efficient Cryptography Group
+    ///                  (SECG): SEC1 Elliptic Curve Cryptography</em>, section
+    ///                  4.1.3, step 5.
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param grp           The context for the elliptic curve to use.
+    ///                      This must be initialized and have group parameters
+    ///                      set, for example through mbedtls_ecp_group_load().
+    /// \param r             The MPI context in which to store the first part
+    ///                      the signature. This must be initialized.
+    /// \param s             The MPI context in which to store the second part
+    ///                      the signature. This must be initialized.
+    /// \param d             The private signing key. This must be initialized
+    ///                      and setup, for example through mbedtls_ecp_gen_privkey().
+    /// \param buf           The hashed content to be signed. This must be a readable
+    ///                      buffer of length \p blen Bytes. It may be \c NULL if
+    ///                      \p blen is zero.
+    /// \param blen          The length of \p buf in Bytes.
+    /// \param md_alg        The hash algorithm used to hash the original data.
+    /// \param f_rng_blind   The RNG function used for blinding. This must not be
+    ///                      \c NULL.
+    /// \param p_rng_blind   The RNG context to be passed to \p f_rng. This may be
+    ///                      \c NULL if \p f_rng doesn't need a context parameter.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
+    ///                  error code on failure.
+    pub fn mbedtls_ecdsa_sign_det_ext(
+        grp: *mut mbedtls_ecp_group,
+        r: *mut mbedtls_mpi,
+        s: *mut mbedtls_mpi,
+        d: *const mbedtls_mpi,
+        buf: *const crate::c_types::c_uchar,
+        blen: usize,
+        md_alg: mbedtls_md_type_t,
+        f_rng_blind: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng_blind: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function computes the ECDSA signature of a
+    ///                      previously-hashed message, in a restartable way.
+    ///
+    /// \note                The deterministic version implemented in
+    ///                      mbedtls_ecdsa_sign_det_restartable() is usually
+    ///                      preferred.
+    ///
+    /// \note                This function is like \c mbedtls_ecdsa_sign() but
+    ///                      it can return early and restart according to the
+    ///                      limit set with \c mbedtls_ecp_set_max_ops() to
+    ///                      reduce blocking.
+    ///
+    /// \note                If the bitlength of the message hash is larger
+    ///                      than the bitlength of the group order, then the
+    ///                      hash is truncated as defined in <em>Standards for
+    ///                      Efficient Cryptography Group (SECG): SEC1 Elliptic
+    ///                      Curve Cryptography</em>, section 4.1.3, step 5.
+    ///
+    /// \see                 ecp.h
+    ///
+    /// \param grp           The context for the elliptic curve to use.
+    ///                      This must be initialized and have group parameters
+    ///                      set, for example through mbedtls_ecp_group_load().
+    /// \param r             The MPI context in which to store the first part
+    ///                      the signature. This must be initialized.
+    /// \param s             The MPI context in which to store the second part
+    ///                      the signature. This must be initialized.
+    /// \param d             The private signing key. This must be initialized
+    ///                      and setup, for example through
+    ///                      mbedtls_ecp_gen_privkey().
+    /// \param buf           The hashed content to be signed. This must be a readable
+    ///                      buffer of length \p blen Bytes. It may be \c NULL if
+    ///                      \p blen is zero.
+    /// \param blen          The length of \p buf in Bytes.
+    /// \param f_rng         The RNG function. This must not be \c NULL.
+    /// \param p_rng         The RNG context to be passed to \p f_rng. This may be
+    ///                      \c NULL if \p f_rng doesn't need a context parameter.
+    /// \param f_rng_blind   The RNG function used for blinding. This must not be
+    ///                      \c NULL.
+    /// \param p_rng_blind   The RNG context to be passed to \p f_rng. This may be
+    ///                      \c NULL if \p f_rng doesn't need a context parameter.
+    /// \param rs_ctx        The restart context to use. This may be \c NULL
+    ///                      to disable restarting. If it is not \c NULL, it
+    ///                      must point to an initialized restart context.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                      operations was reached: see \c
+    ///                      mbedtls_ecp_set_max_ops().
+    /// \return              Another \c MBEDTLS_ERR_ECP_XXX, \c
+    ///                      MBEDTLS_ERR_MPI_XXX or \c MBEDTLS_ERR_ASN1_XXX
+    ///                      error code on failure.
+    pub fn mbedtls_ecdsa_sign_restartable(
+        grp: *mut mbedtls_ecp_group,
+        r: *mut mbedtls_mpi,
+        s: *mut mbedtls_mpi,
+        d: *const mbedtls_mpi,
+        buf: *const crate::c_types::c_uchar,
+        blen: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        f_rng_blind: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng_blind: *mut crate::c_types::c_void,
+        rs_ctx: *mut mbedtls_ecdsa_restart_ctx,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function computes the ECDSA signature of a
+    ///                      previously-hashed message, in a restartable way.
+    ///
+    /// \note                This function is like \c
+    ///                      mbedtls_ecdsa_sign_det_ext() but it can return
+    ///                      early and restart according to the limit set with
+    ///                      \c mbedtls_ecp_set_max_ops() to reduce blocking.
+    ///
+    /// \note                If the bitlength of the message hash is larger
+    ///                      than the bitlength of the group order, then the
+    ///                      hash is truncated as defined in <em>Standards for
+    ///                      Efficient Cryptography Group (SECG): SEC1 Elliptic
+    ///                      Curve Cryptography</em>, section 4.1.3, step 5.
+    ///
+    /// \see                 ecp.h
+    ///
+    /// \param grp           The context for the elliptic curve to use.
+    ///                      This must be initialized and have group parameters
+    ///                      set, for example through mbedtls_ecp_group_load().
+    /// \param r             The MPI context in which to store the first part
+    ///                      the signature. This must be initialized.
+    /// \param s             The MPI context in which to store the second part
+    ///                      the signature. This must be initialized.
+    /// \param d             The private signing key. This must be initialized
+    ///                      and setup, for example through
+    ///                      mbedtls_ecp_gen_privkey().
+    /// \param buf           The hashed content to be signed. This must be a readable
+    ///                      buffer of length \p blen Bytes. It may be \c NULL if
+    ///                      \p blen is zero.
+    /// \param blen          The length of \p buf in Bytes.
+    /// \param f_rng_blind   The RNG function used for blinding. This must not be
+    ///                      \c NULL.
+    /// \param p_rng_blind   The RNG context to be passed to \p f_rng. This may be
+    ///                      \c NULL if \p f_rng doesn't need a context parameter.
+    /// \param rs_ctx        The restart context to use. This may be \c NULL
+    ///                      to disable restarting. If it is not \c NULL, it
+    ///                      must point to an initialized restart context.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                      operations was reached: see \c
+    ///                      mbedtls_ecp_set_max_ops().
+    /// \return              Another \c MBEDTLS_ERR_ECP_XXX, \c
+    ///                      MBEDTLS_ERR_MPI_XXX or \c MBEDTLS_ERR_ASN1_XXX
+    ///                      error code on failure.
+    pub fn mbedtls_ecdsa_sign_det_restartable(
+        grp: *mut mbedtls_ecp_group,
+        r: *mut mbedtls_mpi,
+        s: *mut mbedtls_mpi,
+        d: *const mbedtls_mpi,
+        buf: *const crate::c_types::c_uchar,
+        blen: usize,
+        md_alg: mbedtls_md_type_t,
+        f_rng_blind: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng_blind: *mut crate::c_types::c_void,
+        rs_ctx: *mut mbedtls_ecdsa_restart_ctx,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function verifies the ECDSA signature of a
+    ///                  previously-hashed message.
+    ///
+    /// \note            If the bitlength of the message hash is larger than the
+    ///                  bitlength of the group order, then the hash is truncated as
+    ///                  defined in <em>Standards for Efficient Cryptography Group
+    ///                  (SECG): SEC1 Elliptic Curve Cryptography</em>, section
+    ///                  4.1.4, step 3.
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param grp       The ECP group to use.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param buf       The hashed content that was signed. This must be a readable
+    ///                  buffer of length \p blen Bytes. It may be \c NULL if
+    ///                  \p blen is zero.
+    /// \param blen      The length of \p buf in Bytes.
+    /// \param Q         The public key to use for verification. This must be
+    ///                  initialized and setup.
+    /// \param r         The first integer of the signature.
+    ///                  This must be initialized.
+    /// \param s         The second integer of the signature.
+    ///                  This must be initialized.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
+    ///                  error code on failure.
+    pub fn mbedtls_ecdsa_verify(
+        grp: *mut mbedtls_ecp_group,
+        buf: *const crate::c_types::c_uchar,
+        blen: usize,
+        Q: *const mbedtls_ecp_point,
+        r: *const mbedtls_mpi,
+        s: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function verifies the ECDSA signature of a
+    ///                  previously-hashed message, in a restartable manner
+    ///
+    /// \note            If the bitlength of the message hash is larger than the
+    ///                  bitlength of the group order, then the hash is truncated as
+    ///                  defined in <em>Standards for Efficient Cryptography Group
+    ///                  (SECG): SEC1 Elliptic Curve Cryptography</em>, section
+    ///                  4.1.4, step 3.
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param grp       The ECP group to use.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param buf       The hashed content that was signed. This must be a readable
+    ///                  buffer of length \p blen Bytes. It may be \c NULL if
+    ///                  \p blen is zero.
+    /// \param blen      The length of \p buf in Bytes.
+    /// \param Q         The public key to use for verification. This must be
+    ///                  initialized and setup.
+    /// \param r         The first integer of the signature.
+    ///                  This must be initialized.
+    /// \param s         The second integer of the signature.
+    ///                  This must be initialized.
+    /// \param rs_ctx    The restart context to use. This may be \c NULL to disable
+    ///                  restarting. If it is not \c NULL, it must point to an
+    ///                  initialized restart context.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                  operations was reached: see \c mbedtls_ecp_set_max_ops().
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
+    ///                  error code on failure.
+    pub fn mbedtls_ecdsa_verify_restartable(
+        grp: *mut mbedtls_ecp_group,
+        buf: *const crate::c_types::c_uchar,
+        blen: usize,
+        Q: *const mbedtls_ecp_point,
+        r: *const mbedtls_mpi,
+        s: *const mbedtls_mpi,
+        rs_ctx: *mut mbedtls_ecdsa_restart_ctx,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function computes the ECDSA signature and writes it
+    ///                  to a buffer, serialized as defined in <em>RFC-4492:
+    ///                  Elliptic Curve Cryptography (ECC) Cipher Suites for
+    ///                  Transport Layer Security (TLS)</em>.
+    ///
+    /// \warning         It is not thread-safe to use the same context in
+    ///                  multiple threads.
+    ///
+    /// \note            The deterministic version is used if
+    ///                  #MBEDTLS_ECDSA_DETERMINISTIC is defined. For more
+    ///                  information, see <em>RFC-6979: Deterministic Usage
+    ///                  of the Digital Signature Algorithm (DSA) and Elliptic
+    ///                  Curve Digital Signature Algorithm (ECDSA)</em>.
+    ///
+    /// \note            If the bitlength of the message hash is larger than the
+    ///                  bitlength of the group order, then the hash is truncated as
+    ///                  defined in <em>Standards for Efficient Cryptography Group
+    ///                  (SECG): SEC1 Elliptic Curve Cryptography</em>, section
+    ///                  4.1.3, step 5.
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param ctx       The ECDSA context to use. This must be initialized
+    ///                  and have a group and private key bound to it, for example
+    ///                  via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair().
+    /// \param md_alg    The message digest that was used to hash the message.
+    /// \param hash      The message hash to be signed. This must be a readable
+    ///                  buffer of length \p blen Bytes.
+    /// \param hlen      The length of the hash \p hash in Bytes.
+    /// \param sig       The buffer to which to write the signature. This must be a
+    ///                  writable buffer of length at least twice as large as the
+    ///                  size of the curve used, plus 9. For example, 73 Bytes if
+    ///                  a 256-bit curve is used. A buffer length of
+    ///                  #MBEDTLS_ECDSA_MAX_LEN is always safe.
+    /// \param sig_size  The size of the \p sig buffer in bytes.
+    /// \param slen      The address at which to store the actual length of
+    ///                  the signature written. Must not be \c NULL.
+    /// \param f_rng     The RNG function. This must not be \c NULL if
+    ///                  #MBEDTLS_ECDSA_DETERMINISTIC is unset. Otherwise,
+    ///                  it is used only for blinding and may be set to \c NULL, but
+    ///                  doing so is DEPRECATED.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may be
+    ///                  \c NULL if \p f_rng is \c NULL or doesn't use a context.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
+    ///                  \c MBEDTLS_ERR_ASN1_XXX error code on failure.
+    pub fn mbedtls_ecdsa_write_signature(
+        ctx: *mut mbedtls_ecdsa_context,
+        md_alg: mbedtls_md_type_t,
+        hash: *const crate::c_types::c_uchar,
+        hlen: usize,
+        sig: *mut crate::c_types::c_uchar,
+        sig_size: usize,
+        slen: *mut usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function computes the ECDSA signature and writes it
+    ///                  to a buffer, in a restartable way.
+    ///
+    /// \see             \c mbedtls_ecdsa_write_signature()
+    ///
+    /// \note            This function is like \c mbedtls_ecdsa_write_signature()
+    ///                  but it can return early and restart according to the limit
+    ///                  set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
+    ///
+    /// \param ctx       The ECDSA context to use. This must be initialized
+    ///                  and have a group and private key bound to it, for example
+    ///                  via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair().
+    /// \param md_alg    The message digest that was used to hash the message.
+    /// \param hash      The message hash to be signed. This must be a readable
+    ///                  buffer of length \p blen Bytes.
+    /// \param hlen      The length of the hash \p hash in Bytes.
+    /// \param sig       The buffer to which to write the signature. This must be a
+    ///                  writable buffer of length at least twice as large as the
+    ///                  size of the curve used, plus 9. For example, 73 Bytes if
+    ///                  a 256-bit curve is used. A buffer length of
+    ///                  #MBEDTLS_ECDSA_MAX_LEN is always safe.
+    /// \param sig_size  The size of the \p sig buffer in bytes.
+    /// \param slen      The address at which to store the actual length of
+    ///                  the signature written. Must not be \c NULL.
+    /// \param f_rng     The RNG function. This must not be \c NULL if
+    ///                  #MBEDTLS_ECDSA_DETERMINISTIC is unset. Otherwise,
+    ///                  it is unused and may be set to \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may be
+    ///                  \c NULL if \p f_rng is \c NULL or doesn't use a context.
+    /// \param rs_ctx    The restart context to use. This may be \c NULL to disable
+    ///                  restarting. If it is not \c NULL, it must point to an
+    ///                  initialized restart context.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                  operations was reached: see \c mbedtls_ecp_set_max_ops().
+    /// \return          Another \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
+    ///                  \c MBEDTLS_ERR_ASN1_XXX error code on failure.
+    pub fn mbedtls_ecdsa_write_signature_restartable(
+        ctx: *mut mbedtls_ecdsa_context,
+        md_alg: mbedtls_md_type_t,
+        hash: *const crate::c_types::c_uchar,
+        hlen: usize,
+        sig: *mut crate::c_types::c_uchar,
+        sig_size: usize,
+        slen: *mut usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        rs_ctx: *mut mbedtls_ecdsa_restart_ctx,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function reads and verifies an ECDSA signature.
+    ///
+    /// \note            If the bitlength of the message hash is larger than the
+    ///                  bitlength of the group order, then the hash is truncated as
+    ///                  defined in <em>Standards for Efficient Cryptography Group
+    ///                  (SECG): SEC1 Elliptic Curve Cryptography</em>, section
+    ///                  4.1.4, step 3.
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param ctx       The ECDSA context to use. This must be initialized
+    ///                  and have a group and public key bound to it.
+    /// \param hash      The message hash that was signed. This must be a readable
+    ///                  buffer of length \p size Bytes.
+    /// \param hlen      The size of the hash \p hash.
+    /// \param sig       The signature to read and verify. This must be a readable
+    ///                  buffer of length \p slen Bytes.
+    /// \param slen      The size of \p sig in Bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid.
+    /// \return          #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if there is a valid
+    ///                  signature in \p sig, but its length is less than \p siglen.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
+    ///                  error code on failure for any other reason.
+    pub fn mbedtls_ecdsa_read_signature(
+        ctx: *mut mbedtls_ecdsa_context,
+        hash: *const crate::c_types::c_uchar,
+        hlen: usize,
+        sig: *const crate::c_types::c_uchar,
+        slen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function reads and verifies an ECDSA signature,
+    ///                  in a restartable way.
+    ///
+    /// \see             \c mbedtls_ecdsa_read_signature()
+    ///
+    /// \note            This function is like \c mbedtls_ecdsa_read_signature()
+    ///                  but it can return early and restart according to the limit
+    ///                  set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
+    ///
+    /// \param ctx       The ECDSA context to use. This must be initialized
+    ///                  and have a group and public key bound to it.
+    /// \param hash      The message hash that was signed. This must be a readable
+    ///                  buffer of length \p size Bytes.
+    /// \param hlen      The size of the hash \p hash.
+    /// \param sig       The signature to read and verify. This must be a readable
+    ///                  buffer of length \p slen Bytes.
+    /// \param slen      The size of \p sig in Bytes.
+    /// \param rs_ctx    The restart context to use. This may be \c NULL to disable
+    ///                  restarting. If it is not \c NULL, it must point to an
+    ///                  initialized restart context.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid.
+    /// \return          #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if there is a valid
+    ///                  signature in \p sig, but its length is less than \p siglen.
+    /// \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                  operations was reached: see \c mbedtls_ecp_set_max_ops().
+    /// \return          Another \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
+    ///                  error code on failure for any other reason.
+    pub fn mbedtls_ecdsa_read_signature_restartable(
+        ctx: *mut mbedtls_ecdsa_context,
+        hash: *const crate::c_types::c_uchar,
+        hlen: usize,
+        sig: *const crate::c_types::c_uchar,
+        slen: usize,
+        rs_ctx: *mut mbedtls_ecdsa_restart_ctx,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function generates an ECDSA keypair on the given curve.
+    ///
+    /// \see            ecp.h
+    ///
+    /// \param ctx      The ECDSA context to store the keypair in.
+    ///                 This must be initialized.
+    /// \param gid      The elliptic curve to use. One of the various
+    ///                 \c MBEDTLS_ECP_DP_XXX macros depending on configuration.
+    /// \param f_rng    The RNG function to use. This must not be \c NULL.
+    /// \param p_rng    The RNG context to be passed to \p f_rng. This may be
+    ///                 \c NULL if \p f_rng doesn't need a context argument.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_ECP_XXX code on failure.
+    pub fn mbedtls_ecdsa_genkey(
+        ctx: *mut mbedtls_ecdsa_context,
+        gid: mbedtls_ecp_group_id,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function sets up an ECDSA context from an EC key pair.
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param ctx       The ECDSA context to setup. This must be initialized.
+    /// \param key       The EC key to use. This must be initialized and hold
+    ///                  a private-public key pair or a public key. In the former
+    ///                  case, the ECDSA context may be used for signature creation
+    ///                  and verification after this call. In the latter case, it
+    ///                  may be used for signature verification.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX code on failure.
+    pub fn mbedtls_ecdsa_from_keypair(
+        ctx: *mut mbedtls_ecdsa_context,
+        key: *const mbedtls_ecp_keypair,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function initializes an ECDSA context.
+    ///
+    /// \param ctx       The ECDSA context to initialize.
+    ///                  This must not be \c NULL.
+    pub fn mbedtls_ecdsa_init(ctx: *mut mbedtls_ecdsa_context);
+}
+extern "C" {
+    /// \brief           This function frees an ECDSA context.
+    ///
+    /// \param ctx       The ECDSA context to free. This may be \c NULL,
+    ///                  in which case this function does nothing. If it
+    ///                  is not \c NULL, it must be initialized.
+    pub fn mbedtls_ecdsa_free(ctx: *mut mbedtls_ecdsa_context);
+}
+pub const mbedtls_pk_type_t_MBEDTLS_PK_NONE: mbedtls_pk_type_t = 0;
+pub const mbedtls_pk_type_t_MBEDTLS_PK_RSA: mbedtls_pk_type_t = 1;
+pub const mbedtls_pk_type_t_MBEDTLS_PK_ECKEY: mbedtls_pk_type_t = 2;
+pub const mbedtls_pk_type_t_MBEDTLS_PK_ECKEY_DH: mbedtls_pk_type_t = 3;
+pub const mbedtls_pk_type_t_MBEDTLS_PK_ECDSA: mbedtls_pk_type_t = 4;
+pub const mbedtls_pk_type_t_MBEDTLS_PK_RSA_ALT: mbedtls_pk_type_t = 5;
+pub const mbedtls_pk_type_t_MBEDTLS_PK_RSASSA_PSS: mbedtls_pk_type_t = 6;
+pub const mbedtls_pk_type_t_MBEDTLS_PK_OPAQUE: mbedtls_pk_type_t = 7;
+/// \brief          Public key types
+pub type mbedtls_pk_type_t = crate::c_types::c_uint;
+/// \brief           Options for RSASSA-PSS signature verification.
+///                  See \c mbedtls_rsa_rsassa_pss_verify_ext()
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_pk_rsassa_pss_options {
+    /// The digest to use for MGF1 in PSS.
+    ///
+    /// \note When #MBEDTLS_USE_PSA_CRYPTO is enabled and #MBEDTLS_RSA_C is
+    ///       disabled, this must be equal to the \c md_alg argument passed
+    ///       to mbedtls_pk_verify_ext(). In a future version of the library,
+    ///       this constraint may apply whenever #MBEDTLS_USE_PSA_CRYPTO is
+    ///       enabled regardless of the status of #MBEDTLS_RSA_C.
+    pub mgf1_hash_id: mbedtls_md_type_t,
+    /// The expected length of the salt, in bytes. This may be
+    /// #MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length.
+    ///
+    /// \note When #MBEDTLS_USE_PSA_CRYPTO is enabled, only
+    ///       #MBEDTLS_RSA_SALT_LEN_ANY is valid. Any other value may be
+    ///       ignored (allowing any salt length).
+    pub expected_salt_len: crate::c_types::c_int,
+}
+pub const mbedtls_pk_debug_type_MBEDTLS_PK_DEBUG_NONE: mbedtls_pk_debug_type = 0;
+pub const mbedtls_pk_debug_type_MBEDTLS_PK_DEBUG_MPI: mbedtls_pk_debug_type = 1;
+pub const mbedtls_pk_debug_type_MBEDTLS_PK_DEBUG_ECP: mbedtls_pk_debug_type = 2;
+/// \brief           Types for interfacing with the debug module
+pub type mbedtls_pk_debug_type = crate::c_types::c_uint;
+/// \brief           Item to send to the debug module
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_pk_debug_item {
+    pub private_type: mbedtls_pk_debug_type,
+    pub private_name: *const crate::c_types::c_char,
+    pub private_value: *mut crate::c_types::c_void,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_pk_info_t {
+    _unused: [u8; 0],
+}
+/// \brief           Public key container
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_pk_context {
+    pub private_pk_info: *const mbedtls_pk_info_t,
+    pub private_pk_ctx: *mut crate::c_types::c_void,
+}
+pub type mbedtls_pk_restart_ctx = crate::c_types::c_void;
+/// \brief           Types for RSA-alt abstraction
+pub type mbedtls_pk_rsa_alt_decrypt_func = ::core::option::Option<
+    unsafe extern "C" fn(
+        ctx: *mut crate::c_types::c_void,
+        olen: *mut usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+        output_max_len: usize,
+    ) -> crate::c_types::c_int,
+>;
+pub type mbedtls_pk_rsa_alt_sign_func = ::core::option::Option<
+    unsafe extern "C" fn(
+        ctx: *mut crate::c_types::c_void,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        md_alg: mbedtls_md_type_t,
+        hashlen: crate::c_types::c_uint,
+        hash: *const crate::c_types::c_uchar,
+        sig: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int,
+>;
+pub type mbedtls_pk_rsa_alt_key_len_func =
+    ::core::option::Option<unsafe extern "C" fn(ctx: *mut crate::c_types::c_void) -> usize>;
+extern "C" {
+    /// \brief           Return information associated with the given PK type
+    ///
+    /// \param pk_type   PK type to search for.
+    ///
+    /// \return          The PK info associated with the type or NULL if not found.
+    pub fn mbedtls_pk_info_from_type(pk_type: mbedtls_pk_type_t) -> *const mbedtls_pk_info_t;
+}
+extern "C" {
+    /// \brief           Initialize a #mbedtls_pk_context (as NONE).
+    ///
+    /// \param ctx       The context to initialize.
+    ///                  This must not be \c NULL.
+    pub fn mbedtls_pk_init(ctx: *mut mbedtls_pk_context);
+}
+extern "C" {
+    /// \brief           Free the components of a #mbedtls_pk_context.
+    ///
+    /// \param ctx       The context to clear. It must have been initialized.
+    ///                  If this is \c NULL, this function does nothing.
+    ///
+    /// \note            For contexts that have been set up with
+    ///                  mbedtls_pk_setup_opaque(), this does not free the underlying
+    ///                  PSA key and you still need to call psa_destroy_key()
+    ///                  independently if you want to destroy that key.
+    pub fn mbedtls_pk_free(ctx: *mut mbedtls_pk_context);
+}
+extern "C" {
+    /// \brief           Initialize a PK context with the information given
+    ///                  and allocates the type-specific PK subcontext.
+    ///
+    /// \param ctx       Context to initialize. It must not have been set
+    ///                  up yet (type #MBEDTLS_PK_NONE).
+    /// \param info      Information to use
+    ///
+    /// \return          0 on success,
+    ///                  MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input,
+    ///                  MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure.
+    ///
+    /// \note            For contexts holding an RSA-alt key, use
+    ///                  \c mbedtls_pk_setup_rsa_alt() instead.
+    pub fn mbedtls_pk_setup(
+        ctx: *mut mbedtls_pk_context,
+        info: *const mbedtls_pk_info_t,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Initialize an RSA-alt context
+    ///
+    /// \param ctx       Context to initialize. It must not have been set
+    ///                  up yet (type #MBEDTLS_PK_NONE).
+    /// \param key       RSA key pointer
+    /// \param decrypt_func  Decryption function
+    /// \param sign_func     Signing function
+    /// \param key_len_func  Function returning key length in bytes
+    ///
+    /// \return          0 on success, or MBEDTLS_ERR_PK_BAD_INPUT_DATA if the
+    ///                  context wasn't already initialized as RSA_ALT.
+    ///
+    /// \note            This function replaces \c mbedtls_pk_setup() for RSA-alt.
+    pub fn mbedtls_pk_setup_rsa_alt(
+        ctx: *mut mbedtls_pk_context,
+        key: *mut crate::c_types::c_void,
+        decrypt_func: mbedtls_pk_rsa_alt_decrypt_func,
+        sign_func: mbedtls_pk_rsa_alt_sign_func,
+        key_len_func: mbedtls_pk_rsa_alt_key_len_func,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Get the size in bits of the underlying key
+    ///
+    /// \param ctx       The context to query. It must have been initialized.
+    ///
+    /// \return          Key size in bits, or 0 on error
+    pub fn mbedtls_pk_get_bitlen(ctx: *const mbedtls_pk_context) -> usize;
+}
+extern "C" {
+    /// \brief           Tell if a context can do the operation given by type
+    ///
+    /// \param ctx       The context to query. It must have been initialized.
+    /// \param type      The desired type.
+    ///
+    /// \return          1 if the context can do operations on the given type.
+    /// \return          0 if the context cannot do the operations on the given
+    ///                  type. This is always the case for a context that has
+    ///                  been initialized but not set up, or that has been
+    ///                  cleared with mbedtls_pk_free().
+    pub fn mbedtls_pk_can_do(
+        ctx: *const mbedtls_pk_context,
+        type_: mbedtls_pk_type_t,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Verify signature (including padding if relevant).
+    ///
+    /// \param ctx       The PK context to use. It must have been set up.
+    /// \param md_alg    Hash algorithm used.
+    ///                  This can be #MBEDTLS_MD_NONE if the signature algorithm
+    ///                  does not rely on a hash algorithm (non-deterministic
+    ///                  ECDSA, RSA PKCS#1 v1.5).
+    ///                  For PKCS#1 v1.5, if \p md_alg is #MBEDTLS_MD_NONE, then
+    ///                  \p hash is the DigestInfo structure used by RFC 8017
+    ///                  &sect;9.2 steps 3&ndash;6. If \p md_alg is a valid hash
+    ///                  algorithm then \p hash is the digest itself, and this
+    ///                  function calculates the DigestInfo encoding internally.
+    /// \param hash      Hash of the message to sign
+    /// \param hash_len  Hash length
+    /// \param sig       Signature to verify
+    /// \param sig_len   Signature length
+    ///
+    /// \return          0 on success (signature is valid),
+    ///                  #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid
+    ///                  signature in sig but its length is less than \p siglen,
+    ///                  or a specific error code.
+    ///
+    /// \note            For RSA keys, the default padding type is PKCS#1 v1.5.
+    ///                  Use \c mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, ... )
+    ///                  to verify RSASSA_PSS signatures.
+    pub fn mbedtls_pk_verify(
+        ctx: *mut mbedtls_pk_context,
+        md_alg: mbedtls_md_type_t,
+        hash: *const crate::c_types::c_uchar,
+        hash_len: usize,
+        sig: *const crate::c_types::c_uchar,
+        sig_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Restartable version of \c mbedtls_pk_verify()
+    ///
+    /// \note            Performs the same job as \c mbedtls_pk_verify(), but can
+    ///                  return early and restart according to the limit set with
+    ///                  \c mbedtls_ecp_set_max_ops() to reduce blocking for ECC
+    ///                  operations. For RSA, same as \c mbedtls_pk_verify().
+    ///
+    /// \param ctx       The PK context to use. It must have been set up.
+    /// \param md_alg    Hash algorithm used (see notes)
+    /// \param hash      Hash of the message to sign
+    /// \param hash_len  Hash length or 0 (see notes)
+    /// \param sig       Signature to verify
+    /// \param sig_len   Signature length
+    /// \param rs_ctx    Restart context (NULL to disable restart)
+    ///
+    /// \return          See \c mbedtls_pk_verify(), or
+    /// \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                  operations was reached: see \c mbedtls_ecp_set_max_ops().
+    pub fn mbedtls_pk_verify_restartable(
+        ctx: *mut mbedtls_pk_context,
+        md_alg: mbedtls_md_type_t,
+        hash: *const crate::c_types::c_uchar,
+        hash_len: usize,
+        sig: *const crate::c_types::c_uchar,
+        sig_len: usize,
+        rs_ctx: *mut mbedtls_pk_restart_ctx,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Verify signature, with options.
+    ///                  (Includes verification of the padding depending on type.)
+    ///
+    /// \param type      Signature type (inc. possible padding type) to verify
+    /// \param options   Pointer to type-specific options, or NULL
+    /// \param ctx       The PK context to use. It must have been set up.
+    /// \param md_alg    Hash algorithm used (see notes)
+    /// \param hash      Hash of the message to sign
+    /// \param hash_len  Hash length or 0 (see notes)
+    /// \param sig       Signature to verify
+    /// \param sig_len   Signature length
+    ///
+    /// \return          0 on success (signature is valid),
+    ///                  #MBEDTLS_ERR_PK_TYPE_MISMATCH if the PK context can't be
+    ///                  used for this type of signatures,
+    ///                  #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid
+    ///                  signature in sig but its length is less than \p siglen,
+    ///                  or a specific error code.
+    ///
+    /// \note            If hash_len is 0, then the length associated with md_alg
+    ///                  is used instead, or an error returned if it is invalid.
+    ///
+    /// \note            md_alg may be MBEDTLS_MD_NONE, only if hash_len != 0
+    ///
+    /// \note            If type is MBEDTLS_PK_RSASSA_PSS, then options must point
+    ///                  to a mbedtls_pk_rsassa_pss_options structure,
+    ///                  otherwise it must be NULL. Note that if
+    ///                  #MBEDTLS_USE_PSA_CRYPTO is defined, the salt length is not
+    ///                  verified as PSA_ALG_RSA_PSS_ANY_SALT is used.
+    pub fn mbedtls_pk_verify_ext(
+        type_: mbedtls_pk_type_t,
+        options: *const crate::c_types::c_void,
+        ctx: *mut mbedtls_pk_context,
+        md_alg: mbedtls_md_type_t,
+        hash: *const crate::c_types::c_uchar,
+        hash_len: usize,
+        sig: *const crate::c_types::c_uchar,
+        sig_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Make signature, including padding if relevant.
+    ///
+    /// \param ctx       The PK context to use. It must have been set up
+    ///                  with a private key.
+    /// \param md_alg    Hash algorithm used (see notes)
+    /// \param hash      Hash of the message to sign
+    /// \param hash_len  Hash length
+    /// \param sig       Place to write the signature.
+    ///                  It must have enough room for the signature.
+    ///                  #MBEDTLS_PK_SIGNATURE_MAX_SIZE is always enough.
+    ///                  You may use a smaller buffer if it is large enough
+    ///                  given the key type.
+    /// \param sig_size  The size of the \p sig buffer in bytes.
+    /// \param sig_len   On successful return,
+    ///                  the number of bytes written to \p sig.
+    /// \param f_rng     RNG function, must not be \c NULL.
+    /// \param p_rng     RNG parameter
+    ///
+    /// \return          0 on success, or a specific error code.
+    ///
+    /// \note            For RSA keys, the default padding type is PKCS#1 v1.5.
+    ///                  There is no interface in the PK module to make RSASSA-PSS
+    ///                  signatures yet.
+    ///
+    /// \note            For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0.
+    ///                  For ECDSA, md_alg may never be MBEDTLS_MD_NONE.
+    pub fn mbedtls_pk_sign(
+        ctx: *mut mbedtls_pk_context,
+        md_alg: mbedtls_md_type_t,
+        hash: *const crate::c_types::c_uchar,
+        hash_len: usize,
+        sig: *mut crate::c_types::c_uchar,
+        sig_size: usize,
+        sig_len: *mut usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Make signature given a signature type.
+    ///
+    /// \param pk_type   Signature type.
+    /// \param ctx       The PK context to use. It must have been set up
+    ///                  with a private key.
+    /// \param md_alg    Hash algorithm used (see notes)
+    /// \param hash      Hash of the message to sign
+    /// \param hash_len  Hash length
+    /// \param sig       Place to write the signature.
+    ///                  It must have enough room for the signature.
+    ///                  #MBEDTLS_PK_SIGNATURE_MAX_SIZE is always enough.
+    ///                  You may use a smaller buffer if it is large enough
+    ///                  given the key type.
+    /// \param sig_size  The size of the \p sig buffer in bytes.
+    /// \param sig_len   On successful return,
+    ///                  the number of bytes written to \p sig.
+    /// \param f_rng     RNG function, must not be \c NULL.
+    /// \param p_rng     RNG parameter
+    ///
+    /// \return          0 on success, or a specific error code.
+    ///
+    /// \note            When \p pk_type is #MBEDTLS_PK_RSASSA_PSS,
+    ///                  see #PSA_ALG_RSA_PSS for a description of PSS options used.
+    ///
+    /// \note            For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0.
+    ///                  For ECDSA, md_alg may never be MBEDTLS_MD_NONE.
+    pub fn mbedtls_pk_sign_ext(
+        pk_type: mbedtls_pk_type_t,
+        ctx: *mut mbedtls_pk_context,
+        md_alg: mbedtls_md_type_t,
+        hash: *const crate::c_types::c_uchar,
+        hash_len: usize,
+        sig: *mut crate::c_types::c_uchar,
+        sig_size: usize,
+        sig_len: *mut usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Restartable version of \c mbedtls_pk_sign()
+    ///
+    /// \note            Performs the same job as \c mbedtls_pk_sign(), but can
+    ///                  return early and restart according to the limit set with
+    ///                  \c mbedtls_ecp_set_max_ops() to reduce blocking for ECC
+    ///                  operations. For RSA, same as \c mbedtls_pk_sign().
+    ///
+    /// \param ctx       The PK context to use. It must have been set up
+    ///                  with a private key.
+    /// \param md_alg    Hash algorithm used (see notes for mbedtls_pk_sign())
+    /// \param hash      Hash of the message to sign
+    /// \param hash_len  Hash length
+    /// \param sig       Place to write the signature.
+    ///                  It must have enough room for the signature.
+    ///                  #MBEDTLS_PK_SIGNATURE_MAX_SIZE is always enough.
+    ///                  You may use a smaller buffer if it is large enough
+    ///                  given the key type.
+    /// \param sig_size  The size of the \p sig buffer in bytes.
+    /// \param sig_len   On successful return,
+    ///                  the number of bytes written to \p sig.
+    /// \param f_rng     RNG function, must not be \c NULL.
+    /// \param p_rng     RNG parameter
+    /// \param rs_ctx    Restart context (NULL to disable restart)
+    ///
+    /// \return          See \c mbedtls_pk_sign().
+    /// \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                  operations was reached: see \c mbedtls_ecp_set_max_ops().
+    pub fn mbedtls_pk_sign_restartable(
+        ctx: *mut mbedtls_pk_context,
+        md_alg: mbedtls_md_type_t,
+        hash: *const crate::c_types::c_uchar,
+        hash_len: usize,
+        sig: *mut crate::c_types::c_uchar,
+        sig_size: usize,
+        sig_len: *mut usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        rs_ctx: *mut mbedtls_pk_restart_ctx,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Decrypt message (including padding if relevant).
+    ///
+    /// \param ctx       The PK context to use. It must have been set up
+    ///                  with a private key.
+    /// \param input     Input to decrypt
+    /// \param ilen      Input size
+    /// \param output    Decrypted output
+    /// \param olen      Decrypted message length
+    /// \param osize     Size of the output buffer
+    /// \param f_rng     RNG function, must not be \c NULL.
+    /// \param p_rng     RNG parameter
+    ///
+    /// \note            For RSA keys, the default padding type is PKCS#1 v1.5.
+    ///
+    /// \return          0 on success, or a specific error code.
+    pub fn mbedtls_pk_decrypt(
+        ctx: *mut mbedtls_pk_context,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+        olen: *mut usize,
+        osize: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Encrypt message (including padding if relevant).
+    ///
+    /// \param ctx       The PK context to use. It must have been set up.
+    /// \param input     Message to encrypt
+    /// \param ilen      Message size
+    /// \param output    Encrypted output
+    /// \param olen      Encrypted output length
+    /// \param osize     Size of the output buffer
+    /// \param f_rng     RNG function, must not be \c NULL.
+    /// \param p_rng     RNG parameter
+    ///
+    /// \note            \p f_rng is used for padding generation.
+    ///
+    /// \note            For RSA keys, the default padding type is PKCS#1 v1.5.
+    ///
+    /// \return          0 on success, or a specific error code.
+    pub fn mbedtls_pk_encrypt(
+        ctx: *mut mbedtls_pk_context,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+        olen: *mut usize,
+        osize: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Check if a public-private pair of keys matches.
+    ///
+    /// \param pub       Context holding a public key.
+    /// \param prv       Context holding a private (and public) key.
+    /// \param f_rng     RNG function, must not be \c NULL.
+    /// \param p_rng     RNG parameter
+    ///
+    /// \return          \c 0 on success (keys were checked and match each other).
+    /// \return          #MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE if the keys could not
+    ///                  be checked - in that case they may or may not match.
+    /// \return          #MBEDTLS_ERR_PK_BAD_INPUT_DATA if a context is invalid.
+    /// \return          Another non-zero value if the keys do not match.
+    pub fn mbedtls_pk_check_pair(
+        pub_: *const mbedtls_pk_context,
+        prv: *const mbedtls_pk_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Export debug information
+    ///
+    /// \param ctx       The PK context to use. It must have been initialized.
+    /// \param items     Place to write debug items
+    ///
+    /// \return          0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA
+    pub fn mbedtls_pk_debug(
+        ctx: *const mbedtls_pk_context,
+        items: *mut mbedtls_pk_debug_item,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Access the type name
+    ///
+    /// \param ctx       The PK context to use. It must have been initialized.
+    ///
+    /// \return          Type name on success, or "invalid PK"
+    pub fn mbedtls_pk_get_name(ctx: *const mbedtls_pk_context) -> *const crate::c_types::c_char;
+}
+extern "C" {
+    /// \brief           Get the key type
+    ///
+    /// \param ctx       The PK context to use. It must have been initialized.
+    ///
+    /// \return          Type on success.
+    /// \return          #MBEDTLS_PK_NONE for a context that has not been set up.
+    pub fn mbedtls_pk_get_type(ctx: *const mbedtls_pk_context) -> mbedtls_pk_type_t;
+}
+extern "C" {
+    /// \ingroup pk_module */
+    ////**
+    /// \brief           Parse a private key in PEM or DER format
+    ///
+    /// \note            If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+    ///                  subsystem must have been initialized by calling
+    ///                  psa_crypto_init() before calling this function.
+    ///
+    /// \param ctx       The PK context to fill. It must have been initialized
+    ///                  but not set up.
+    /// \param key       Input buffer to parse.
+    ///                  The buffer must contain the input exactly, with no
+    ///                  extra trailing material. For PEM, the buffer must
+    ///                  contain a null-terminated string.
+    /// \param keylen    Size of \b key in bytes.
+    ///                  For PEM data, this includes the terminating null byte,
+    ///                  so \p keylen must be equal to `strlen(key) + 1`.
+    /// \param pwd       Optional password for decryption.
+    ///                  Pass \c NULL if expecting a non-encrypted key.
+    ///                  Pass a string of \p pwdlen bytes if expecting an encrypted
+    ///                  key; a non-encrypted key will also be accepted.
+    ///                  The empty password is not supported.
+    /// \param pwdlen    Size of the password in bytes.
+    ///                  Ignored if \p pwd is \c NULL.
+    /// \param f_rng     RNG function, must not be \c NULL. Used for blinding.
+    /// \param p_rng     RNG parameter
+    ///
+    /// \note            On entry, ctx must be empty, either freshly initialised
+    ///                  with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
+    ///                  specific key type, check the result with mbedtls_pk_can_do().
+    ///
+    /// \note            The key is also checked for correctness.
+    ///
+    /// \return          0 if successful, or a specific PK or PEM error code
+    pub fn mbedtls_pk_parse_key(
+        ctx: *mut mbedtls_pk_context,
+        key: *const crate::c_types::c_uchar,
+        keylen: usize,
+        pwd: *const crate::c_types::c_uchar,
+        pwdlen: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \ingroup pk_module */
+    ////**
+    /// \brief           Parse a public key in PEM or DER format
+    ///
+    /// \note            If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+    ///                  subsystem must have been initialized by calling
+    ///                  psa_crypto_init() before calling this function.
+    ///
+    /// \param ctx       The PK context to fill. It must have been initialized
+    ///                  but not set up.
+    /// \param key       Input buffer to parse.
+    ///                  The buffer must contain the input exactly, with no
+    ///                  extra trailing material. For PEM, the buffer must
+    ///                  contain a null-terminated string.
+    /// \param keylen    Size of \b key in bytes.
+    ///                  For PEM data, this includes the terminating null byte,
+    ///                  so \p keylen must be equal to `strlen(key) + 1`.
+    ///
+    /// \note            On entry, ctx must be empty, either freshly initialised
+    ///                  with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
+    ///                  specific key type, check the result with mbedtls_pk_can_do().
+    ///
+    /// \note            For compressed points, see #MBEDTLS_ECP_PF_COMPRESSED for
+    ///                  limitations.
+    ///
+    /// \note            The key is also checked for correctness.
+    ///
+    /// \return          0 if successful, or a specific PK or PEM error code
+    pub fn mbedtls_pk_parse_public_key(
+        ctx: *mut mbedtls_pk_context,
+        key: *const crate::c_types::c_uchar,
+        keylen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Write a private key to a PKCS#1 or SEC1 DER structure
+    ///                  Note: data is written at the end of the buffer! Use the
+    ///                        return value to determine where you should start
+    ///                        using the buffer
+    ///
+    /// \param ctx       PK context which must contain a valid private key.
+    /// \param buf       buffer to write to
+    /// \param size      size of the buffer
+    ///
+    /// \return          length of data written if successful, or a specific
+    ///                  error code
+    pub fn mbedtls_pk_write_key_der(
+        ctx: *const mbedtls_pk_context,
+        buf: *mut crate::c_types::c_uchar,
+        size: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Write a public key to a SubjectPublicKeyInfo DER structure
+    ///                  Note: data is written at the end of the buffer! Use the
+    ///                        return value to determine where you should start
+    ///                        using the buffer
+    ///
+    /// \param ctx       PK context which must contain a valid public or private key.
+    /// \param buf       buffer to write to
+    /// \param size      size of the buffer
+    ///
+    /// \return          length of data written if successful, or a specific
+    ///                  error code
+    pub fn mbedtls_pk_write_pubkey_der(
+        ctx: *const mbedtls_pk_context,
+        buf: *mut crate::c_types::c_uchar,
+        size: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Write a public key to a PEM string
+    ///
+    /// \param ctx       PK context which must contain a valid public or private key.
+    /// \param buf       Buffer to write to. The output includes a
+    ///                  terminating null byte.
+    /// \param size      Size of the buffer in bytes.
+    ///
+    /// \return          0 if successful, or a specific error code
+    pub fn mbedtls_pk_write_pubkey_pem(
+        ctx: *const mbedtls_pk_context,
+        buf: *mut crate::c_types::c_uchar,
+        size: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Write a private key to a PKCS#1 or SEC1 PEM string
+    ///
+    /// \param ctx       PK context which must contain a valid private key.
+    /// \param buf       Buffer to write to. The output includes a
+    ///                  terminating null byte.
+    /// \param size      Size of the buffer in bytes.
+    ///
+    /// \return          0 if successful, or a specific error code
+    pub fn mbedtls_pk_write_key_pem(
+        ctx: *const mbedtls_pk_context,
+        buf: *mut crate::c_types::c_uchar,
+        size: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Parse a SubjectPublicKeyInfo DER structure
+    ///
+    /// \param p         the position in the ASN.1 data
+    /// \param end       end of the buffer
+    /// \param pk        The PK context to fill. It must have been initialized
+    ///                  but not set up.
+    ///
+    /// \return          0 if successful, or a specific PK error code
+    pub fn mbedtls_pk_parse_subpubkey(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        pk: *mut mbedtls_pk_context,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Write a subjectPublicKey to ASN.1 data
+    ///                  Note: function works backwards in data buffer
+    ///
+    /// \param p         reference to current position pointer
+    /// \param start     start of the buffer (for bounds-checking)
+    /// \param key       PK context which must contain a valid public or private key.
+    ///
+    /// \return          the length written or a negative error code
+    pub fn mbedtls_pk_write_pubkey(
+        p: *mut *mut crate::c_types::c_uchar,
+        start: *mut crate::c_types::c_uchar,
+        key: *const mbedtls_pk_context,
+    ) -> crate::c_types::c_int;
+}
+///< Placeholder to mark the end of cipher ID lists.
+pub const mbedtls_cipher_id_t_MBEDTLS_CIPHER_ID_NONE: mbedtls_cipher_id_t = 0;
+///< The identity cipher, treated as a stream cipher.
+pub const mbedtls_cipher_id_t_MBEDTLS_CIPHER_ID_NULL: mbedtls_cipher_id_t = 1;
+///< The AES cipher.
+pub const mbedtls_cipher_id_t_MBEDTLS_CIPHER_ID_AES: mbedtls_cipher_id_t = 2;
+///< The DES cipher. \warning DES is considered weak.
+pub const mbedtls_cipher_id_t_MBEDTLS_CIPHER_ID_DES: mbedtls_cipher_id_t = 3;
+///< The Triple DES cipher. \warning 3DES is considered weak.
+pub const mbedtls_cipher_id_t_MBEDTLS_CIPHER_ID_3DES: mbedtls_cipher_id_t = 4;
+///< The Camellia cipher.
+pub const mbedtls_cipher_id_t_MBEDTLS_CIPHER_ID_CAMELLIA: mbedtls_cipher_id_t = 5;
+///< The Aria cipher.
+pub const mbedtls_cipher_id_t_MBEDTLS_CIPHER_ID_ARIA: mbedtls_cipher_id_t = 6;
+///< The ChaCha20 cipher.
+pub const mbedtls_cipher_id_t_MBEDTLS_CIPHER_ID_CHACHA20: mbedtls_cipher_id_t = 7;
+/// \brief     Supported cipher types.
+///
+/// \warning   DES/3DES are considered weak ciphers and their use
+///            constitutes a security risk. We recommend considering stronger
+///            ciphers instead.
+pub type mbedtls_cipher_id_t = crate::c_types::c_uint;
+///< Placeholder to mark the end of cipher-pair lists.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_NONE: mbedtls_cipher_type_t = 0;
+///< The identity stream cipher.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_NULL: mbedtls_cipher_type_t = 1;
+///< AES cipher with 128-bit ECB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_ECB: mbedtls_cipher_type_t = 2;
+///< AES cipher with 192-bit ECB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_ECB: mbedtls_cipher_type_t = 3;
+///< AES cipher with 256-bit ECB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_ECB: mbedtls_cipher_type_t = 4;
+///< AES cipher with 128-bit CBC mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_CBC: mbedtls_cipher_type_t = 5;
+///< AES cipher with 192-bit CBC mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_CBC: mbedtls_cipher_type_t = 6;
+///< AES cipher with 256-bit CBC mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_CBC: mbedtls_cipher_type_t = 7;
+///< AES cipher with 128-bit CFB128 mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_CFB128: mbedtls_cipher_type_t = 8;
+///< AES cipher with 192-bit CFB128 mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_CFB128: mbedtls_cipher_type_t = 9;
+///< AES cipher with 256-bit CFB128 mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_CFB128: mbedtls_cipher_type_t = 10;
+///< AES cipher with 128-bit CTR mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_CTR: mbedtls_cipher_type_t = 11;
+///< AES cipher with 192-bit CTR mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_CTR: mbedtls_cipher_type_t = 12;
+///< AES cipher with 256-bit CTR mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_CTR: mbedtls_cipher_type_t = 13;
+///< AES cipher with 128-bit GCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_GCM: mbedtls_cipher_type_t = 14;
+///< AES cipher with 192-bit GCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_GCM: mbedtls_cipher_type_t = 15;
+///< AES cipher with 256-bit GCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_GCM: mbedtls_cipher_type_t = 16;
+///< Camellia cipher with 128-bit ECB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_128_ECB: mbedtls_cipher_type_t = 17;
+///< Camellia cipher with 192-bit ECB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_192_ECB: mbedtls_cipher_type_t = 18;
+///< Camellia cipher with 256-bit ECB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_256_ECB: mbedtls_cipher_type_t = 19;
+///< Camellia cipher with 128-bit CBC mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_128_CBC: mbedtls_cipher_type_t = 20;
+///< Camellia cipher with 192-bit CBC mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_192_CBC: mbedtls_cipher_type_t = 21;
+///< Camellia cipher with 256-bit CBC mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_256_CBC: mbedtls_cipher_type_t = 22;
+///< Camellia cipher with 128-bit CFB128 mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_128_CFB128: mbedtls_cipher_type_t = 23;
+///< Camellia cipher with 192-bit CFB128 mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_192_CFB128: mbedtls_cipher_type_t = 24;
+///< Camellia cipher with 256-bit CFB128 mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_256_CFB128: mbedtls_cipher_type_t = 25;
+///< Camellia cipher with 128-bit CTR mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_128_CTR: mbedtls_cipher_type_t = 26;
+///< Camellia cipher with 192-bit CTR mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_192_CTR: mbedtls_cipher_type_t = 27;
+///< Camellia cipher with 256-bit CTR mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_256_CTR: mbedtls_cipher_type_t = 28;
+///< Camellia cipher with 128-bit GCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_128_GCM: mbedtls_cipher_type_t = 29;
+///< Camellia cipher with 192-bit GCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_192_GCM: mbedtls_cipher_type_t = 30;
+///< Camellia cipher with 256-bit GCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_256_GCM: mbedtls_cipher_type_t = 31;
+///< DES cipher with ECB mode. \warning DES is considered weak.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_DES_ECB: mbedtls_cipher_type_t = 32;
+///< DES cipher with CBC mode. \warning DES is considered weak.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_DES_CBC: mbedtls_cipher_type_t = 33;
+///< DES cipher with EDE ECB mode. \warning 3DES is considered weak.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_DES_EDE_ECB: mbedtls_cipher_type_t = 34;
+///< DES cipher with EDE CBC mode. \warning 3DES is considered weak.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_DES_EDE_CBC: mbedtls_cipher_type_t = 35;
+///< DES cipher with EDE3 ECB mode. \warning 3DES is considered weak.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_DES_EDE3_ECB: mbedtls_cipher_type_t = 36;
+///< DES cipher with EDE3 CBC mode. \warning 3DES is considered weak.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_DES_EDE3_CBC: mbedtls_cipher_type_t = 37;
+///< AES cipher with 128-bit CCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_CCM: mbedtls_cipher_type_t = 38;
+///< AES cipher with 192-bit CCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_CCM: mbedtls_cipher_type_t = 39;
+///< AES cipher with 256-bit CCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_CCM: mbedtls_cipher_type_t = 40;
+///< AES cipher with 128-bit CCM_STAR_NO_TAG mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG: mbedtls_cipher_type_t = 41;
+///< AES cipher with 192-bit CCM_STAR_NO_TAG mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG: mbedtls_cipher_type_t = 42;
+///< AES cipher with 256-bit CCM_STAR_NO_TAG mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG: mbedtls_cipher_type_t = 43;
+///< Camellia cipher with 128-bit CCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_128_CCM: mbedtls_cipher_type_t = 44;
+///< Camellia cipher with 192-bit CCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_192_CCM: mbedtls_cipher_type_t = 45;
+///< Camellia cipher with 256-bit CCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_256_CCM: mbedtls_cipher_type_t = 46;
+///< Camellia cipher with 128-bit CCM_STAR_NO_TAG mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG: mbedtls_cipher_type_t =
+    47;
+///< Camellia cipher with 192-bit CCM_STAR_NO_TAG mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG: mbedtls_cipher_type_t =
+    48;
+///< Camellia cipher with 256-bit CCM_STAR_NO_TAG mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG: mbedtls_cipher_type_t =
+    49;
+///< Aria cipher with 128-bit key and ECB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_128_ECB: mbedtls_cipher_type_t = 50;
+///< Aria cipher with 192-bit key and ECB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_192_ECB: mbedtls_cipher_type_t = 51;
+///< Aria cipher with 256-bit key and ECB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_256_ECB: mbedtls_cipher_type_t = 52;
+///< Aria cipher with 128-bit key and CBC mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_128_CBC: mbedtls_cipher_type_t = 53;
+///< Aria cipher with 192-bit key and CBC mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_192_CBC: mbedtls_cipher_type_t = 54;
+///< Aria cipher with 256-bit key and CBC mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_256_CBC: mbedtls_cipher_type_t = 55;
+///< Aria cipher with 128-bit key and CFB-128 mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_128_CFB128: mbedtls_cipher_type_t = 56;
+///< Aria cipher with 192-bit key and CFB-128 mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_192_CFB128: mbedtls_cipher_type_t = 57;
+///< Aria cipher with 256-bit key and CFB-128 mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_256_CFB128: mbedtls_cipher_type_t = 58;
+///< Aria cipher with 128-bit key and CTR mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_128_CTR: mbedtls_cipher_type_t = 59;
+///< Aria cipher with 192-bit key and CTR mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_192_CTR: mbedtls_cipher_type_t = 60;
+///< Aria cipher with 256-bit key and CTR mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_256_CTR: mbedtls_cipher_type_t = 61;
+///< Aria cipher with 128-bit key and GCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_128_GCM: mbedtls_cipher_type_t = 62;
+///< Aria cipher with 192-bit key and GCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_192_GCM: mbedtls_cipher_type_t = 63;
+///< Aria cipher with 256-bit key and GCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_256_GCM: mbedtls_cipher_type_t = 64;
+///< Aria cipher with 128-bit key and CCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_128_CCM: mbedtls_cipher_type_t = 65;
+///< Aria cipher with 192-bit key and CCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_192_CCM: mbedtls_cipher_type_t = 66;
+///< Aria cipher with 256-bit key and CCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_256_CCM: mbedtls_cipher_type_t = 67;
+///< Aria cipher with 128-bit key and CCM_STAR_NO_TAG mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG: mbedtls_cipher_type_t = 68;
+///< Aria cipher with 192-bit key and CCM_STAR_NO_TAG mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG: mbedtls_cipher_type_t = 69;
+///< Aria cipher with 256-bit key and CCM_STAR_NO_TAG mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG: mbedtls_cipher_type_t = 70;
+///< AES 128-bit cipher in OFB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_OFB: mbedtls_cipher_type_t = 71;
+///< AES 192-bit cipher in OFB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_OFB: mbedtls_cipher_type_t = 72;
+///< AES 256-bit cipher in OFB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_OFB: mbedtls_cipher_type_t = 73;
+///< AES 128-bit cipher in XTS block mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_XTS: mbedtls_cipher_type_t = 74;
+///< AES 256-bit cipher in XTS block mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_XTS: mbedtls_cipher_type_t = 75;
+///< ChaCha20 stream cipher.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CHACHA20: mbedtls_cipher_type_t = 76;
+///< ChaCha20-Poly1305 AEAD cipher.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CHACHA20_POLY1305: mbedtls_cipher_type_t = 77;
+///< AES cipher with 128-bit NIST KW mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_KW: mbedtls_cipher_type_t = 78;
+///< AES cipher with 192-bit NIST KW mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_KW: mbedtls_cipher_type_t = 79;
+///< AES cipher with 256-bit NIST KW mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_KW: mbedtls_cipher_type_t = 80;
+///< AES cipher with 128-bit NIST KWP mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_KWP: mbedtls_cipher_type_t = 81;
+///< AES cipher with 192-bit NIST KWP mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_KWP: mbedtls_cipher_type_t = 82;
+///< AES cipher with 256-bit NIST KWP mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_KWP: mbedtls_cipher_type_t = 83;
+/// \brief     Supported {cipher type, cipher mode} pairs.
+///
+/// \warning   DES/3DES are considered weak ciphers and their use
+///            constitutes a security risk. We recommend considering stronger
+///            ciphers instead.
+pub type mbedtls_cipher_type_t = crate::c_types::c_uint;
+///< None.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_NONE: mbedtls_cipher_mode_t = 0;
+///< The ECB cipher mode.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_ECB: mbedtls_cipher_mode_t = 1;
+///< The CBC cipher mode.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_CBC: mbedtls_cipher_mode_t = 2;
+///< The CFB cipher mode.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_CFB: mbedtls_cipher_mode_t = 3;
+///< The OFB cipher mode.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_OFB: mbedtls_cipher_mode_t = 4;
+///< The CTR cipher mode.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_CTR: mbedtls_cipher_mode_t = 5;
+///< The GCM cipher mode.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_GCM: mbedtls_cipher_mode_t = 6;
+///< The stream cipher mode.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_STREAM: mbedtls_cipher_mode_t = 7;
+///< The CCM cipher mode.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_CCM: mbedtls_cipher_mode_t = 8;
+///< The CCM*-no-tag cipher mode.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_CCM_STAR_NO_TAG: mbedtls_cipher_mode_t = 9;
+///< The XTS cipher mode.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_XTS: mbedtls_cipher_mode_t = 10;
+///< The ChaCha-Poly cipher mode.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_CHACHAPOLY: mbedtls_cipher_mode_t = 11;
+///< The SP800-38F KW mode
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_KW: mbedtls_cipher_mode_t = 12;
+///< The SP800-38F KWP mode
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_KWP: mbedtls_cipher_mode_t = 13;
+/// Supported cipher modes.
+pub type mbedtls_cipher_mode_t = crate::c_types::c_uint;
+///< PKCS7 padding (default).
+pub const mbedtls_cipher_padding_t_MBEDTLS_PADDING_PKCS7: mbedtls_cipher_padding_t = 0;
+///< ISO/IEC 7816-4 padding.
+pub const mbedtls_cipher_padding_t_MBEDTLS_PADDING_ONE_AND_ZEROS: mbedtls_cipher_padding_t = 1;
+///< ANSI X.923 padding.
+pub const mbedtls_cipher_padding_t_MBEDTLS_PADDING_ZEROS_AND_LEN: mbedtls_cipher_padding_t = 2;
+///< Zero padding (not reversible).
+pub const mbedtls_cipher_padding_t_MBEDTLS_PADDING_ZEROS: mbedtls_cipher_padding_t = 3;
+///< Never pad (full blocks only).
+pub const mbedtls_cipher_padding_t_MBEDTLS_PADDING_NONE: mbedtls_cipher_padding_t = 4;
+/// Supported cipher padding types.
+pub type mbedtls_cipher_padding_t = crate::c_types::c_uint;
+pub const mbedtls_operation_t_MBEDTLS_OPERATION_NONE: mbedtls_operation_t = -1;
+pub const mbedtls_operation_t_MBEDTLS_DECRYPT: mbedtls_operation_t = 0;
+pub const mbedtls_operation_t_MBEDTLS_ENCRYPT: mbedtls_operation_t = 1;
+/// Type of operation.
+pub type mbedtls_operation_t = crate::c_types::c_int;
+/// Undefined key length.
+pub const MBEDTLS_KEY_LENGTH_NONE: _bindgen_ty_1 = 0;
+/// Key length, in bits (including parity), for DES keys. \warning DES is considered weak.
+pub const MBEDTLS_KEY_LENGTH_DES: _bindgen_ty_1 = 64;
+/// Key length in bits, including parity, for DES in two-key EDE. \warning 3DES is considered weak.
+pub const MBEDTLS_KEY_LENGTH_DES_EDE: _bindgen_ty_1 = 128;
+/// Key length in bits, including parity, for DES in three-key EDE. \warning 3DES is considered weak.
+pub const MBEDTLS_KEY_LENGTH_DES_EDE3: _bindgen_ty_1 = 192;
+pub type _bindgen_ty_1 = crate::c_types::c_uint;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_cipher_base_t {
+    _unused: [u8; 0],
+}
+/// Cipher information. Allows calling cipher functions
+/// in a generic way.
+///
+/// \note        The library does not support custom cipher info structures,
+///              only built-in structures returned by the functions
+///              mbedtls_cipher_info_from_string(),
+///              mbedtls_cipher_info_from_type(),
+///              mbedtls_cipher_info_from_values(),
+///              mbedtls_cipher_info_from_psa().
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_cipher_info_t {
+    pub private_type: mbedtls_cipher_type_t,
+    pub private_mode: mbedtls_cipher_mode_t,
+    pub private_key_bitlen: crate::c_types::c_uint,
+    pub private_name: *const crate::c_types::c_char,
+    pub private_iv_size: crate::c_types::c_uint,
+    pub private_flags: crate::c_types::c_int,
+    pub private_block_size: crate::c_types::c_uint,
+    pub private_base: *const mbedtls_cipher_base_t,
+}
+/// Generic cipher context.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_cipher_context_t {
+    pub private_cipher_info: *const mbedtls_cipher_info_t,
+    pub private_key_bitlen: crate::c_types::c_int,
+    pub private_operation: mbedtls_operation_t,
+    pub private_add_padding: ::core::option::Option<
+        unsafe extern "C" fn(output: *mut crate::c_types::c_uchar, olen: usize, data_len: usize),
+    >,
+    pub private_get_padding: ::core::option::Option<
+        unsafe extern "C" fn(
+            input: *mut crate::c_types::c_uchar,
+            ilen: usize,
+            data_len: *mut usize,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_unprocessed_data: [crate::c_types::c_uchar; 16usize],
+    pub private_unprocessed_len: usize,
+    pub private_iv: [crate::c_types::c_uchar; 16usize],
+    pub private_iv_size: usize,
+    pub private_cipher_ctx: *mut crate::c_types::c_void,
+    pub private_cmac_ctx: *mut mbedtls_cmac_context_t,
+}
+extern "C" {
+    /// \brief This function retrieves the list of ciphers supported
+    ///        by the generic cipher module.
+    ///
+    ///        For any cipher identifier in the returned list, you can
+    ///        obtain the corresponding generic cipher information structure
+    ///        via mbedtls_cipher_info_from_type(), which can then be used
+    ///        to prepare a cipher context via mbedtls_cipher_setup().
+    ///
+    ///
+    /// \return      A statically-allocated array of cipher identifiers
+    ///              of type cipher_type_t. The last entry is zero.
+    pub fn mbedtls_cipher_list() -> *const crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function retrieves the cipher-information
+    ///                      structure associated with the given cipher name.
+    ///
+    /// \param cipher_name   Name of the cipher to search for. This must not be
+    ///                      \c NULL.
+    ///
+    /// \return              The cipher information structure associated with the
+    ///                      given \p cipher_name.
+    /// \return              \c NULL if the associated cipher information is not found.
+    pub fn mbedtls_cipher_info_from_string(
+        cipher_name: *const crate::c_types::c_char,
+    ) -> *const mbedtls_cipher_info_t;
+}
+extern "C" {
+    /// \brief               This function retrieves the cipher-information
+    ///                      structure associated with the given cipher type.
+    ///
+    /// \param cipher_type   Type of the cipher to search for.
+    ///
+    /// \return              The cipher information structure associated with the
+    ///                      given \p cipher_type.
+    /// \return              \c NULL if the associated cipher information is not found.
+    pub fn mbedtls_cipher_info_from_type(
+        cipher_type: mbedtls_cipher_type_t,
+    ) -> *const mbedtls_cipher_info_t;
+}
+extern "C" {
+    /// \brief               This function retrieves the cipher-information
+    ///                      structure associated with the given cipher ID,
+    ///                      key size and mode.
+    ///
+    /// \param cipher_id     The ID of the cipher to search for. For example,
+    ///                      #MBEDTLS_CIPHER_ID_AES.
+    /// \param key_bitlen    The length of the key in bits.
+    /// \param mode          The cipher mode. For example, #MBEDTLS_MODE_CBC.
+    ///
+    /// \return              The cipher information structure associated with the
+    ///                      given \p cipher_id.
+    /// \return              \c NULL if the associated cipher information is not found.
+    pub fn mbedtls_cipher_info_from_values(
+        cipher_id: mbedtls_cipher_id_t,
+        key_bitlen: crate::c_types::c_int,
+        mode: mbedtls_cipher_mode_t,
+    ) -> *const mbedtls_cipher_info_t;
+}
+extern "C" {
+    /// \brief               This function initializes a \p cipher_context as NONE.
+    ///
+    /// \param ctx           The context to be initialized. This must not be \c NULL.
+    pub fn mbedtls_cipher_init(ctx: *mut mbedtls_cipher_context_t);
+}
+extern "C" {
+    /// \brief               This function frees and clears the cipher-specific
+    ///                      context of \p ctx. Freeing \p ctx itself remains the
+    ///                      responsibility of the caller.
+    ///
+    /// \param ctx           The context to be freed. If this is \c NULL, the
+    ///                      function has no effect, otherwise this must point to an
+    ///                      initialized context.
+    pub fn mbedtls_cipher_free(ctx: *mut mbedtls_cipher_context_t);
+}
+extern "C" {
+    /// \brief               This function prepares a cipher context for
+    ///                      use with the given cipher primitive.
+    ///
+    /// \note                After calling this function, you should call
+    ///                      mbedtls_cipher_setkey() and, if the mode uses padding,
+    ///                      mbedtls_cipher_set_padding_mode(), then for each
+    ///                      message to encrypt or decrypt with this key, either:
+    ///                      - mbedtls_cipher_crypt() for one-shot processing with
+    ///                      non-AEAD modes;
+    ///                      - mbedtls_cipher_auth_encrypt_ext() or
+    ///                      mbedtls_cipher_auth_decrypt_ext() for one-shot
+    ///                      processing with AEAD modes or NIST_KW;
+    ///                      - for multi-part processing, see the documentation of
+    ///                      mbedtls_cipher_reset().
+    ///
+    /// \param ctx           The context to prepare. This must be initialized by
+    ///                      a call to mbedtls_cipher_init() first.
+    /// \param cipher_info   The cipher to use.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+    ///                      parameter-verification failure.
+    /// \return              #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
+    ///                      cipher-specific context fails.
+    pub fn mbedtls_cipher_setup(
+        ctx: *mut mbedtls_cipher_context_t,
+        cipher_info: *const mbedtls_cipher_info_t,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function sets the key to use with the given context.
+    ///
+    /// \param ctx           The generic cipher context. This must be initialized and
+    ///                      bound to a cipher information structure.
+    /// \param key           The key to use. This must be a readable buffer of at
+    ///                      least \p key_bitlen Bits.
+    /// \param key_bitlen    The key length to use, in Bits.
+    /// \param operation     The operation that the key will be used for:
+    ///                      #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+    ///                      parameter-verification failure.
+    /// \return              A cipher-specific error code on failure.
+    pub fn mbedtls_cipher_setkey(
+        ctx: *mut mbedtls_cipher_context_t,
+        key: *const crate::c_types::c_uchar,
+        key_bitlen: crate::c_types::c_int,
+        operation: mbedtls_operation_t,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function sets the padding mode, for cipher modes
+    ///                      that use padding.
+    ///
+    ///                      The default passing mode is PKCS7 padding.
+    ///
+    /// \param ctx           The generic cipher context. This must be initialized and
+    ///                      bound to a cipher information structure.
+    /// \param mode          The padding mode.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
+    ///                      if the selected padding mode is not supported.
+    /// \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode
+    ///                      does not support padding.
+    pub fn mbedtls_cipher_set_padding_mode(
+        ctx: *mut mbedtls_cipher_context_t,
+        mode: mbedtls_cipher_padding_t,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function sets the initialization vector (IV)
+    ///                  or nonce.
+    ///
+    /// \note            Some ciphers do not use IVs nor nonce. For these
+    ///                  ciphers, this function has no effect.
+    ///
+    /// \note            For #MBEDTLS_CIPHER_CHACHA20, the nonce length must
+    ///                  be 12, and the initial counter value is 0.
+    ///
+    /// \note            For #MBEDTLS_CIPHER_CHACHA20_POLY1305, the nonce length
+    ///                  must be 12.
+    ///
+    /// \param ctx       The generic cipher context. This must be initialized and
+    ///                  bound to a cipher information structure.
+    /// \param iv        The IV to use, or NONCE_COUNTER for CTR-mode ciphers. This
+    ///                  must be a readable buffer of at least \p iv_len Bytes.
+    /// \param iv_len    The IV length for ciphers with variable-size IV.
+    ///                  This parameter is discarded by ciphers with fixed-size IV.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+    ///                  parameter-verification failure.
+    pub fn mbedtls_cipher_set_iv(
+        ctx: *mut mbedtls_cipher_context_t,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief         This function resets the cipher state.
+    ///
+    /// \note          With non-AEAD ciphers, the order of calls for each message
+    ///                is as follows:
+    ///                1. mbedtls_cipher_set_iv() if the mode uses an IV/nonce.
+    ///                2. mbedtls_cipher_reset()
+    ///                3. mbedtls_cipher_update() one or more times
+    ///                4. mbedtls_cipher_finish()
+    ///                .
+    ///                This sequence can be repeated to encrypt or decrypt multiple
+    ///                messages with the same key.
+    ///
+    /// \note          With AEAD ciphers, the order of calls for each message
+    ///                is as follows:
+    ///                1. mbedtls_cipher_set_iv() if the mode uses an IV/nonce.
+    ///                2. mbedtls_cipher_reset()
+    ///                3. mbedtls_cipher_update_ad()
+    ///                4. mbedtls_cipher_update() one or more times
+    ///                5. mbedtls_cipher_finish()
+    ///                6. mbedtls_cipher_check_tag() (for decryption) or
+    ///                mbedtls_cipher_write_tag() (for encryption).
+    ///                .
+    ///                This sequence can be repeated to encrypt or decrypt multiple
+    ///                messages with the same key.
+    ///
+    /// \param ctx     The generic cipher context. This must be bound to a key.
+    ///
+    /// \return        \c 0 on success.
+    /// \return        #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+    ///                parameter-verification failure.
+    pub fn mbedtls_cipher_reset(ctx: *mut mbedtls_cipher_context_t) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function adds additional data for AEAD ciphers.
+    ///                      Currently supported with GCM and ChaCha20+Poly1305.
+    ///
+    /// \param ctx           The generic cipher context. This must be initialized.
+    /// \param ad            The additional data to use. This must be a readable
+    ///                      buffer of at least \p ad_len Bytes.
+    /// \param ad_len        The length of \p ad in Bytes.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              A specific error code on failure.
+    pub fn mbedtls_cipher_update_ad(
+        ctx: *mut mbedtls_cipher_context_t,
+        ad: *const crate::c_types::c_uchar,
+        ad_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               The generic cipher update function. It encrypts or
+    ///                      decrypts using the given cipher context. Writes as
+    ///                      many block-sized blocks of data as possible to output.
+    ///                      Any data that cannot be written immediately is either
+    ///                      added to the next block, or flushed when
+    ///                      mbedtls_cipher_finish() is called.
+    ///                      Exception: For MBEDTLS_MODE_ECB, expects a single block
+    ///                      in size. For example, 16 Bytes for AES.
+    ///
+    /// \param ctx           The generic cipher context. This must be initialized and
+    ///                      bound to a key.
+    /// \param input         The buffer holding the input data. This must be a
+    ///                      readable buffer of at least \p ilen Bytes.
+    /// \param ilen          The length of the input data.
+    /// \param output        The buffer for the output data. This must be able to
+    ///                      hold at least `ilen + block_size`. This must not be the
+    ///                      same buffer as \p input.
+    /// \param olen          The length of the output data, to be updated with the
+    ///                      actual number of Bytes written. This must not be
+    ///                      \c NULL.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+    ///                      parameter-verification failure.
+    /// \return              #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an
+    ///                      unsupported mode for a cipher.
+    /// \return              A cipher-specific error code on failure.
+    pub fn mbedtls_cipher_update(
+        ctx: *mut mbedtls_cipher_context_t,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+        olen: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               The generic cipher finalization function. If data still
+    ///                      needs to be flushed from an incomplete block, the data
+    ///                      contained in it is padded to the size of
+    ///                      the last block, and written to the \p output buffer.
+    ///
+    /// \param ctx           The generic cipher context. This must be initialized and
+    ///                      bound to a key.
+    /// \param output        The buffer to write data to. This needs to be a writable
+    ///                      buffer of at least \p block_size Bytes.
+    /// \param olen          The length of the data written to the \p output buffer.
+    ///                      This may not be \c NULL.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+    ///                      parameter-verification failure.
+    /// \return              #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED on decryption
+    ///                      expecting a full block but not receiving one.
+    /// \return              #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
+    ///                      while decrypting.
+    /// \return              A cipher-specific error code on failure.
+    pub fn mbedtls_cipher_finish(
+        ctx: *mut mbedtls_cipher_context_t,
+        output: *mut crate::c_types::c_uchar,
+        olen: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function writes a tag for AEAD ciphers.
+    ///                      Currently supported with GCM and ChaCha20+Poly1305.
+    ///                      This must be called after mbedtls_cipher_finish().
+    ///
+    /// \param ctx           The generic cipher context. This must be initialized,
+    ///                      bound to a key, and have just completed a cipher
+    ///                      operation through mbedtls_cipher_finish() the tag for
+    ///                      which should be written.
+    /// \param tag           The buffer to write the tag to. This must be a writable
+    ///                      buffer of at least \p tag_len Bytes.
+    /// \param tag_len       The length of the tag to write.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              A specific error code on failure.
+    pub fn mbedtls_cipher_write_tag(
+        ctx: *mut mbedtls_cipher_context_t,
+        tag: *mut crate::c_types::c_uchar,
+        tag_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function checks the tag for AEAD ciphers.
+    ///                      Currently supported with GCM and ChaCha20+Poly1305.
+    ///                      This must be called after mbedtls_cipher_finish().
+    ///
+    /// \param ctx           The generic cipher context. This must be initialized.
+    /// \param tag           The buffer holding the tag. This must be a readable
+    ///                      buffer of at least \p tag_len Bytes.
+    /// \param tag_len       The length of the tag to check.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              A specific error code on failure.
+    pub fn mbedtls_cipher_check_tag(
+        ctx: *mut mbedtls_cipher_context_t,
+        tag: *const crate::c_types::c_uchar,
+        tag_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               The generic all-in-one encryption/decryption function,
+    ///                      for all ciphers except AEAD constructs.
+    ///
+    /// \param ctx           The generic cipher context. This must be initialized.
+    /// \param iv            The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
+    ///                      This must be a readable buffer of at least \p iv_len
+    ///                      Bytes.
+    /// \param iv_len        The IV length for ciphers with variable-size IV.
+    ///                      This parameter is discarded by ciphers with fixed-size
+    ///                      IV.
+    /// \param input         The buffer holding the input data. This must be a
+    ///                      readable buffer of at least \p ilen Bytes.
+    /// \param ilen          The length of the input data in Bytes.
+    /// \param output        The buffer for the output data. This must be able to
+    ///                      hold at least `ilen + block_size`. This must not be the
+    ///                      same buffer as \p input.
+    /// \param olen          The length of the output data, to be updated with the
+    ///                      actual number of Bytes written. This must not be
+    ///                      \c NULL.
+    ///
+    /// \note                Some ciphers do not use IVs nor nonce. For these
+    ///                      ciphers, use \p iv = NULL and \p iv_len = 0.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+    ///                      parameter-verification failure.
+    /// \return              #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED on decryption
+    ///                      expecting a full block but not receiving one.
+    /// \return              #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
+    ///                      while decrypting.
+    /// \return              A cipher-specific error code on failure.
+    pub fn mbedtls_cipher_crypt(
+        ctx: *mut mbedtls_cipher_context_t,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+        olen: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               The authenticated encryption (AEAD/NIST_KW) function.
+    ///
+    /// \note                For AEAD modes, the tag will be appended to the
+    ///                      ciphertext, as recommended by RFC 5116.
+    ///                      (NIST_KW doesn't have a separate tag.)
+    ///
+    /// \param ctx           The generic cipher context. This must be initialized and
+    ///                      bound to a key, with an AEAD algorithm or NIST_KW.
+    /// \param iv            The nonce to use. This must be a readable buffer of
+    ///                      at least \p iv_len Bytes and may be \c NULL if \p
+    ///                      iv_len is \c 0.
+    /// \param iv_len        The length of the nonce. For AEAD ciphers, this must
+    ///                      satisfy the constraints imposed by the cipher used.
+    ///                      For NIST_KW, this must be \c 0.
+    /// \param ad            The additional data to authenticate. This must be a
+    ///                      readable buffer of at least \p ad_len Bytes, and may
+    ///                      be \c NULL is \p ad_len is \c 0.
+    /// \param ad_len        The length of \p ad. For NIST_KW, this must be \c 0.
+    /// \param input         The buffer holding the input data. This must be a
+    ///                      readable buffer of at least \p ilen Bytes, and may be
+    ///                      \c NULL if \p ilen is \c 0.
+    /// \param ilen          The length of the input data.
+    /// \param output        The buffer for the output data. This must be a
+    ///                      writable buffer of at least \p output_len Bytes, and
+    ///                      must not be \c NULL.
+    /// \param output_len    The length of the \p output buffer in Bytes. For AEAD
+    ///                      ciphers, this must be at least \p ilen + \p tag_len.
+    ///                      For NIST_KW, this must be at least \p ilen + 8
+    ///                      (rounded up to a multiple of 8 if KWP is used);
+    ///                      \p ilen + 15 is always a safe value.
+    /// \param olen          This will be filled with the actual number of Bytes
+    ///                      written to the \p output buffer. This must point to a
+    ///                      writable object of type \c size_t.
+    /// \param tag_len       The desired length of the authentication tag. For AEAD
+    ///                      ciphers, this must match the constraints imposed by
+    ///                      the cipher used, and in particular must not be \c 0.
+    ///                      For NIST_KW, this must be \c 0.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+    ///                      parameter-verification failure.
+    /// \return              A cipher-specific error code on failure.
+    pub fn mbedtls_cipher_auth_encrypt_ext(
+        ctx: *mut mbedtls_cipher_context_t,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+        ad: *const crate::c_types::c_uchar,
+        ad_len: usize,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+        output_len: usize,
+        olen: *mut usize,
+        tag_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               The authenticated encryption (AEAD/NIST_KW) function.
+    ///
+    /// \note                If the data is not authentic, then the output buffer
+    ///                      is zeroed out to prevent the unauthentic plaintext being
+    ///                      used, making this interface safer.
+    ///
+    /// \note                For AEAD modes, the tag must be appended to the
+    ///                      ciphertext, as recommended by RFC 5116.
+    ///                      (NIST_KW doesn't have a separate tag.)
+    ///
+    /// \param ctx           The generic cipher context. This must be initialized and
+    ///                      bound to a key, with an AEAD algorithm or NIST_KW.
+    /// \param iv            The nonce to use. This must be a readable buffer of
+    ///                      at least \p iv_len Bytes and may be \c NULL if \p
+    ///                      iv_len is \c 0.
+    /// \param iv_len        The length of the nonce. For AEAD ciphers, this must
+    ///                      satisfy the constraints imposed by the cipher used.
+    ///                      For NIST_KW, this must be \c 0.
+    /// \param ad            The additional data to authenticate. This must be a
+    ///                      readable buffer of at least \p ad_len Bytes, and may
+    ///                      be \c NULL is \p ad_len is \c 0.
+    /// \param ad_len        The length of \p ad. For NIST_KW, this must be \c 0.
+    /// \param input         The buffer holding the input data. This must be a
+    ///                      readable buffer of at least \p ilen Bytes, and may be
+    ///                      \c NULL if \p ilen is \c 0.
+    /// \param ilen          The length of the input data. For AEAD ciphers this
+    ///                      must be at least \p tag_len. For NIST_KW this must be
+    ///                      at least \c 8.
+    /// \param output        The buffer for the output data. This must be a
+    ///                      writable buffer of at least \p output_len Bytes, and
+    ///                      may be \c NULL if \p output_len is \c 0.
+    /// \param output_len    The length of the \p output buffer in Bytes. For AEAD
+    ///                      ciphers, this must be at least \p ilen - \p tag_len.
+    ///                      For NIST_KW, this must be at least \p ilen - 8.
+    /// \param olen          This will be filled with the actual number of Bytes
+    ///                      written to the \p output buffer. This must point to a
+    ///                      writable object of type \c size_t.
+    /// \param tag_len       The actual length of the authentication tag. For AEAD
+    ///                      ciphers, this must match the constraints imposed by
+    ///                      the cipher used, and in particular must not be \c 0.
+    ///                      For NIST_KW, this must be \c 0.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+    ///                      parameter-verification failure.
+    /// \return              #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic.
+    /// \return              A cipher-specific error code on failure.
+    pub fn mbedtls_cipher_auth_decrypt_ext(
+        ctx: *mut mbedtls_cipher_context_t,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+        ad: *const crate::c_types::c_uchar,
+        ad_len: usize,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+        output_len: usize,
+        olen: *mut usize,
+        tag_len: usize,
+    ) -> crate::c_types::c_int;
+}
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_NONE: mbedtls_key_exchange_type_t = 0;
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_RSA: mbedtls_key_exchange_type_t = 1;
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_DHE_RSA: mbedtls_key_exchange_type_t = 2;
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: mbedtls_key_exchange_type_t =
+    3;
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
+    mbedtls_key_exchange_type_t = 4;
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_PSK: mbedtls_key_exchange_type_t = 5;
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_DHE_PSK: mbedtls_key_exchange_type_t = 6;
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_RSA_PSK: mbedtls_key_exchange_type_t = 7;
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: mbedtls_key_exchange_type_t =
+    8;
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_ECDH_RSA: mbedtls_key_exchange_type_t =
+    9;
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: mbedtls_key_exchange_type_t =
+    10;
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_ECJPAKE: mbedtls_key_exchange_type_t =
+    11;
+pub type mbedtls_key_exchange_type_t = crate::c_types::c_uint;
+/// \brief   This structure is used for storing ciphersuite information
+///
+/// \note    members are defined using integral types instead of enums
+///          in order to pack structure and reduce memory usage by internal
+///          \c ciphersuite_definitions[]
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ssl_ciphersuite_t {
+    pub private_id: crate::c_types::c_int,
+    pub private_name: *const crate::c_types::c_char,
+    pub private_cipher: u8,
+    pub private_mac: u8,
+    pub private_key_exchange: u8,
+    pub private_flags: u8,
+    pub private_min_tls_version: u16,
+    pub private_max_tls_version: u16,
+}
+extern "C" {
+    pub fn mbedtls_ssl_list_ciphersuites() -> *const crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_ssl_ciphersuite_from_string(
+        ciphersuite_name: *const crate::c_types::c_char,
+    ) -> *const mbedtls_ssl_ciphersuite_t;
+}
+extern "C" {
+    pub fn mbedtls_ssl_ciphersuite_from_id(
+        ciphersuite_id: crate::c_types::c_int,
+    ) -> *const mbedtls_ssl_ciphersuite_t;
+}
+extern "C" {
+    pub fn mbedtls_ssl_get_ciphersuite_sig_pk_alg(
+        info: *const mbedtls_ssl_ciphersuite_t,
+    ) -> mbedtls_pk_type_t;
+}
+extern "C" {
+    pub fn mbedtls_ssl_get_ciphersuite_sig_alg(
+        info: *const mbedtls_ssl_ciphersuite_t,
+    ) -> mbedtls_pk_type_t;
+}
+extern "C" {
+    pub fn mbedtls_ssl_ciphersuite_uses_ec(
+        info: *const mbedtls_ssl_ciphersuite_t,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_ssl_ciphersuite_uses_psk(
+        info: *const mbedtls_ssl_ciphersuite_t,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(
+        info: *const mbedtls_ssl_ciphersuite_t,
+    ) -> usize;
+}
+/// The type of the context passed to mbedtls_psa_external_get_random().
+///
+/// Mbed TLS initializes the context to all-bits-zero before calling
+/// mbedtls_psa_external_get_random() for the first time.
+///
+/// The definition of this type in the Mbed TLS source code is for
+/// demonstration purposes. Implementers of mbedtls_psa_external_get_random()
+/// are expected to replace it with a custom definition.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_psa_external_random_context_t {
+    pub private_opaque: [usize; 2usize],
+}
+pub type psa_status_t = i32;
+/// \brief Encoding of a key type.
+///
+/// Values of this type are generally constructed by macros called
+/// `PSA_KEY_TYPE_xxx`.
+///
+/// \note Values of this type are encoded in the persistent key store.
+///       Any changes to existing values will require bumping the storage
+///       format version and providing a translation when reading the old
+///       format.
+pub type psa_key_type_t = u16;
+/// The type of PSA elliptic curve family identifiers.
+///
+/// Values of this type are generally constructed by macros called
+/// `PSA_ECC_FAMILY_xxx`.
+///
+/// The curve identifier is required to create an ECC key using the
+/// PSA_KEY_TYPE_ECC_KEY_PAIR() or PSA_KEY_TYPE_ECC_PUBLIC_KEY()
+/// macros.
+///
+/// Values defined by this standard will never be in the range 0x80-0xff.
+/// Vendors who define additional families must use an encoding in this range.
+///
+/// \note Values of this type are encoded in the persistent key store.
+///       Any changes to existing values will require bumping the storage
+///       format version and providing a translation when reading the old
+///       format.
+pub type psa_ecc_family_t = u8;
+/// The type of PSA Diffie-Hellman group family identifiers.
+///
+/// Values of this type are generally constructed by macros called
+/// `PSA_DH_FAMILY_xxx`.
+///
+/// The group identifier is required to create a Diffie-Hellman key using the
+/// PSA_KEY_TYPE_DH_KEY_PAIR() or PSA_KEY_TYPE_DH_PUBLIC_KEY()
+/// macros.
+///
+/// Values defined by this standard will never be in the range 0x80-0xff.
+/// Vendors who define additional families must use an encoding in this range.
+///
+/// \note Values of this type are encoded in the persistent key store.
+///       Any changes to existing values will require bumping the storage
+///       format version and providing a translation when reading the old
+///       format.
+pub type psa_dh_family_t = u8;
+/// \brief Encoding of a cryptographic algorithm.
+///
+/// Values of this type are generally constructed by macros called
+/// `PSA_ALG_xxx`.
+///
+/// For algorithms that can be applied to multiple key types, this type
+/// does not encode the key type. For example, for symmetric ciphers
+/// based on a block cipher, #psa_algorithm_t encodes the block cipher
+/// mode and the padding mode while the block cipher itself is encoded
+/// via #psa_key_type_t.
+///
+/// \note Values of this type are encoded in the persistent key store.
+///       Any changes to existing values will require bumping the storage
+///       format version and providing a translation when reading the old
+///       format.
+pub type psa_algorithm_t = u32;
+/// Encoding of key lifetimes.
+///
+/// The lifetime of a key indicates where it is stored and what system actions
+/// may create and destroy it.
+///
+/// Lifetime values have the following structure:
+/// - Bits 0-7 (#PSA_KEY_LIFETIME_GET_PERSISTENCE(\c lifetime)):
+///   persistence level. This value indicates what device management
+///   actions can cause it to be destroyed. In particular, it indicates
+///   whether the key is _volatile_ or _persistent_.
+///   See ::psa_key_persistence_t for more information.
+/// - Bits 8-31 (#PSA_KEY_LIFETIME_GET_LOCATION(\c lifetime)):
+///   location indicator. This value indicates which part of the system
+///   has access to the key material and can perform operations using the key.
+///   See ::psa_key_location_t for more information.
+///
+/// Volatile keys are automatically destroyed when the application instance
+/// terminates or on a power reset of the device. Persistent keys are
+/// preserved until the application explicitly destroys them or until an
+/// integration-specific device management event occurs (for example,
+/// a factory reset).
+///
+/// Persistent keys have a key identifier of type #mbedtls_svc_key_id_t.
+/// This identifier remains valid throughout the lifetime of the key,
+/// even if the application instance that created the key terminates.
+/// The application can call psa_open_key() to open a persistent key that
+/// it created previously.
+///
+/// The default lifetime of a key is #PSA_KEY_LIFETIME_VOLATILE. The lifetime
+/// #PSA_KEY_LIFETIME_PERSISTENT is supported if persistent storage is
+/// available. Other lifetime values may be supported depending on the
+/// library configuration.
+///
+/// Values of this type are generally constructed by macros called
+/// `PSA_KEY_LIFETIME_xxx`.
+///
+/// \note Values of this type are encoded in the persistent key store.
+///       Any changes to existing values will require bumping the storage
+///       format version and providing a translation when reading the old
+///       format.
+pub type psa_key_lifetime_t = u32;
+/// Encoding of key persistence levels.
+///
+/// What distinguishes different persistence levels is what device management
+/// events may cause keys to be destroyed. _Volatile_ keys are destroyed
+/// by a power reset. Persistent keys may be destroyed by events such as
+/// a transfer of ownership or a factory reset. What management events
+/// actually affect persistent keys at different levels is outside the
+/// scope of the PSA Cryptography specification.
+///
+/// The PSA Cryptography specification defines the following values of
+/// persistence levels:
+/// - \c 0 = #PSA_KEY_PERSISTENCE_VOLATILE: volatile key.
+///   A volatile key is automatically destroyed by the implementation when
+///   the application instance terminates. In particular, a volatile key
+///   is automatically destroyed on a power reset of the device.
+/// - \c 1 = #PSA_KEY_PERSISTENCE_DEFAULT:
+///   persistent key with a default lifetime.
+/// - \c 2-254: currently not supported by Mbed TLS.
+/// - \c 255 = #PSA_KEY_PERSISTENCE_READ_ONLY:
+///   read-only or write-once key.
+///   A key with this persistence level cannot be destroyed.
+///   Mbed TLS does not currently offer a way to create such keys, but
+///   integrations of Mbed TLS can use it for built-in keys that the
+///   application cannot modify (for example, a hardware unique key (HUK)).
+///
+/// \note Key persistence levels are 8-bit values. Key management
+///       interfaces operate on lifetimes (type ::psa_key_lifetime_t) which
+///       encode the persistence as the lower 8 bits of a 32-bit value.
+///
+/// \note Values of this type are encoded in the persistent key store.
+///       Any changes to existing values will require bumping the storage
+///       format version and providing a translation when reading the old
+///       format.
+pub type psa_key_persistence_t = u8;
+/// Encoding of key location indicators.
+///
+/// If an integration of Mbed TLS can make calls to external
+/// cryptoprocessors such as secure elements, the location of a key
+/// indicates which secure element performs the operations on the key.
+/// Depending on the design of the secure element, the key
+/// material may be stored either in the secure element, or
+/// in wrapped (encrypted) form alongside the key metadata in the
+/// primary local storage.
+///
+/// The PSA Cryptography API specification defines the following values of
+/// location indicators:
+/// - \c 0: primary local storage.
+///   This location is always available.
+///   The primary local storage is typically the same storage area that
+///   contains the key metadata.
+/// - \c 1: primary secure element.
+///   Integrations of Mbed TLS should support this value if there is a secure
+///   element attached to the operating environment.
+///   As a guideline, secure elements may provide higher resistance against
+///   side channel and physical attacks than the primary local storage, but may
+///   have restrictions on supported key types, sizes, policies and operations
+///   and may have different performance characteristics.
+/// - \c 2-0x7fffff: other locations defined by a PSA specification.
+///   The PSA Cryptography API does not currently assign any meaning to these
+///   locations, but future versions of that specification or other PSA
+///   specifications may do so.
+/// - \c 0x800000-0xffffff: vendor-defined locations.
+///   No PSA specification will assign a meaning to locations in this range.
+///
+/// \note Key location indicators are 24-bit values. Key management
+///       interfaces operate on lifetimes (type ::psa_key_lifetime_t) which
+///       encode the location as the upper 24 bits of a 32-bit value.
+///
+/// \note Values of this type are encoded in the persistent key store.
+///       Any changes to existing values will require bumping the storage
+///       format version and providing a translation when reading the old
+///       format.
+pub type psa_key_location_t = u32;
+/// Encoding of identifiers of persistent keys.
+///
+/// - Applications may freely choose key identifiers in the range
+///   #PSA_KEY_ID_USER_MIN to #PSA_KEY_ID_USER_MAX.
+/// - The implementation may define additional key identifiers in the range
+///   #PSA_KEY_ID_VENDOR_MIN to #PSA_KEY_ID_VENDOR_MAX.
+/// - 0 is reserved as an invalid key identifier.
+/// - Key identifiers outside these ranges are reserved for future use.
+///
+/// \note Values of this type are encoded in the persistent key store.
+///       Any changes to how values are allocated must require careful
+///       consideration to allow backward compatibility.
+pub type psa_key_id_t = u32;
+pub type mbedtls_svc_key_id_t = psa_key_id_t;
+/// \brief Encoding of permitted usage on a key.
+///
+/// Values of this type are generally constructed as bitwise-ors of macros
+/// called `PSA_KEY_USAGE_xxx`.
+///
+/// \note Values of this type are encoded in the persistent key store.
+///       Any changes to existing values will require bumping the storage
+///       format version and providing a translation when reading the old
+///       format.
+pub type psa_key_usage_t = u32;
+/// The type of a structure containing key attributes.
+///
+/// This is an opaque structure that can represent the metadata of a key
+/// object. Metadata that can be stored in attributes includes:
+/// - The location of the key in storage, indicated by its key identifier
+///   and its lifetime.
+/// - The key's policy, comprising usage flags and a specification of
+///   the permitted algorithm(s).
+/// - Information about the key itself: the key type and its size.
+/// - Additional implementation-defined attributes.
+///
+/// The actual key material is not considered an attribute of a key.
+/// Key attributes do not contain information that is generally considered
+/// highly confidential.
+///
+/// An attribute structure works like a simple data structure where each function
+/// `psa_set_key_xxx` sets a field and the corresponding function
+/// `psa_get_key_xxx` retrieves the value of the corresponding field.
+/// However, a future version of the library  may report values that are
+/// equivalent to the original one, but have a different encoding. Invalid
+/// values may be mapped to different, also invalid values.
+///
+/// An attribute structure may contain references to auxiliary resources,
+/// for example pointers to allocated memory or indirect references to
+/// pre-calculated values. In order to free such resources, the application
+/// must call psa_reset_key_attributes(). As an exception, calling
+/// psa_reset_key_attributes() on an attribute structure is optional if
+/// the structure has only been modified by the following functions
+/// since it was initialized or last reset with psa_reset_key_attributes():
+/// - psa_set_key_id()
+/// - psa_set_key_lifetime()
+/// - psa_set_key_type()
+/// - psa_set_key_bits()
+/// - psa_set_key_usage_flags()
+/// - psa_set_key_algorithm()
+///
+/// Before calling any function on a key attribute structure, the application
+/// must initialize it by any of the following means:
+/// - Set the structure to all-bits-zero, for example:
+///   \code
+///   psa_key_attributes_t attributes;
+///   memset(&attributes, 0, sizeof(attributes));
+///   \endcode
+/// - Initialize the structure to logical zero values, for example:
+///   \code
+///   psa_key_attributes_t attributes = {0};
+///   \endcode
+/// - Initialize the structure to the initializer #PSA_KEY_ATTRIBUTES_INIT,
+///   for example:
+///   \code
+///   psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+///   \endcode
+/// - Assign the result of the function psa_key_attributes_init()
+///   to the structure, for example:
+///   \code
+///   psa_key_attributes_t attributes;
+///   attributes = psa_key_attributes_init();
+///   \endcode
+///
+/// A freshly initialized attribute structure contains the following
+/// values:
+///
+/// - lifetime: #PSA_KEY_LIFETIME_VOLATILE.
+/// - key identifier: 0 (which is not a valid key identifier).
+/// - type: \c 0 (meaning that the type is unspecified).
+/// - key size: \c 0 (meaning that the size is unspecified).
+/// - usage flags: \c 0 (which allows no usage except exporting a public key).
+/// - algorithm: \c 0 (which allows no cryptographic usage, but allows
+///   exporting).
+///
+/// A typical sequence to create a key is as follows:
+/// -# Create and initialize an attribute structure.
+/// -# If the key is persistent, call psa_set_key_id().
+///    Also call psa_set_key_lifetime() to place the key in a non-default
+///    location.
+/// -# Set the key policy with psa_set_key_usage_flags() and
+///    psa_set_key_algorithm().
+/// -# Set the key type with psa_set_key_type().
+///    Skip this step if copying an existing key with psa_copy_key().
+/// -# When generating a random key with psa_generate_key() or deriving a key
+///    with psa_key_derivation_output_key(), set the desired key size with
+///    psa_set_key_bits().
+/// -# Call a key creation function: psa_import_key(), psa_generate_key(),
+///    psa_key_derivation_output_key() or psa_copy_key(). This function reads
+///    the attribute structure, creates a key with these attributes, and
+///    outputs a key identifier to the newly created key.
+/// -# The attribute structure is now no longer necessary.
+///    You may call psa_reset_key_attributes(), although this is optional
+///    with the workflow presented here because the attributes currently
+///    defined in this specification do not require any additional resources
+///    beyond the structure itself.
+///
+/// A typical sequence to query a key's attributes is as follows:
+/// -# Call psa_get_key_attributes().
+/// -# Call `psa_get_key_xxx` functions to retrieve the attribute(s) that
+///    you are interested in.
+/// -# Call psa_reset_key_attributes() to free any resources that may be
+///    used by the attribute structure.
+///
+/// Once a key has been created, it is impossible to change its attributes.
+pub type psa_key_attributes_t = psa_key_attributes_s;
+/// \brief Encoding of the step of a key derivation.
+///
+/// Values of this type are generally constructed by macros called
+/// `PSA_KEY_DERIVATION_INPUT_xxx`.
+pub type psa_key_derivation_step_t = u16;
+extern "C" {
+    /// \brief Library initialization.
+    ///
+    /// Applications must call this function before calling any other
+    /// function in this module.
+    ///
+    /// Applications may call this function more than once. Once a call
+    /// succeeds, subsequent calls are guaranteed to succeed.
+    ///
+    /// If the application calls other functions before calling psa_crypto_init(),
+    /// the behavior is undefined. Implementations are encouraged to either perform
+    /// the operation as if the library had been initialized or to return
+    /// #PSA_ERROR_BAD_STATE or some other applicable error. In particular,
+    /// implementations should not return a success status if the lack of
+    /// initialization may have security implications, for example due to improper
+    /// seeding of the random number generator.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    pub fn psa_crypto_init() -> psa_status_t;
+}
+extern "C" {
+    /// Retrieve the attributes of a key.
+    ///
+    /// This function first resets the attribute structure as with
+    /// psa_reset_key_attributes(). It then copies the attributes of
+    /// the given key into the given attribute structure.
+    ///
+    /// \note This function may allocate memory or other resources.
+    ///       Once you have called this function on an attribute structure,
+    ///       you must call psa_reset_key_attributes() to free these resources.
+    ///
+    /// \param[in] key               Identifier of the key to query.
+    /// \param[in,out] attributes    On success, the attributes of the key.
+    ///                              On failure, equivalent to a
+    ///                              freshly-initialized structure.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_get_key_attributes(
+        key: mbedtls_svc_key_id_t,
+        attributes: *mut psa_key_attributes_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Reset a key attribute structure to a freshly initialized state.
+    ///
+    /// You must initialize the attribute structure as described in the
+    /// documentation of the type #psa_key_attributes_t before calling this
+    /// function. Once the structure has been initialized, you may call this
+    /// function at any time.
+    ///
+    /// This function frees any auxiliary resources that the structure
+    /// may contain.
+    ///
+    /// \param[in,out] attributes    The attribute structure to reset.
+    pub fn psa_reset_key_attributes(attributes: *mut psa_key_attributes_t);
+}
+extern "C" {
+    /// Remove non-essential copies of key material from memory.
+    ///
+    /// If the key identifier designates a volatile key, this functions does not do
+    /// anything and returns successfully.
+    ///
+    /// If the key identifier designates a persistent key, then this function will
+    /// free all resources associated with the key in volatile memory. The key
+    /// data in persistent storage is not affected and the key can still be used.
+    ///
+    /// \param key Identifier of the key to purge.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         The key material will have been removed from memory if it is not
+    ///         currently required.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not a valid key identifier.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_purge_key(key: mbedtls_svc_key_id_t) -> psa_status_t;
+}
+extern "C" {
+    /// Make a copy of a key.
+    ///
+    /// Copy key material from one location to another.
+    ///
+    /// This function is primarily useful to copy a key from one location
+    /// to another, since it populates a key using the material from
+    /// another key which may have a different lifetime.
+    ///
+    /// This function may be used to share a key with a different party,
+    /// subject to implementation-defined restrictions on key sharing.
+    ///
+    /// The policy on the source key must have the usage flag
+    /// #PSA_KEY_USAGE_COPY set.
+    /// This flag is sufficient to permit the copy if the key has the lifetime
+    /// #PSA_KEY_LIFETIME_VOLATILE or #PSA_KEY_LIFETIME_PERSISTENT.
+    /// Some secure elements do not provide a way to copy a key without
+    /// making it extractable from the secure element. If a key is located
+    /// in such a secure element, then the key must have both usage flags
+    /// #PSA_KEY_USAGE_COPY and #PSA_KEY_USAGE_EXPORT in order to make
+    /// a copy of the key outside the secure element.
+    ///
+    /// The resulting key may only be used in a way that conforms to
+    /// both the policy of the original key and the policy specified in
+    /// the \p attributes parameter:
+    /// - The usage flags on the resulting key are the bitwise-and of the
+    ///   usage flags on the source policy and the usage flags in \p attributes.
+    /// - If both allow the same algorithm or wildcard-based
+    ///   algorithm policy, the resulting key has the same algorithm policy.
+    /// - If either of the policies allows an algorithm and the other policy
+    ///   allows a wildcard-based algorithm policy that includes this algorithm,
+    ///   the resulting key allows the same algorithm.
+    /// - If the policies do not allow any algorithm in common, this function
+    ///   fails with the status #PSA_ERROR_INVALID_ARGUMENT.
+    ///
+    /// The effect of this function on implementation-defined attributes is
+    /// implementation-defined.
+    ///
+    /// \param source_key        The key to copy. It must allow the usage
+    ///                          #PSA_KEY_USAGE_COPY. If a private or secret key is
+    ///                          being copied outside of a secure element it must
+    ///                          also allow #PSA_KEY_USAGE_EXPORT.
+    /// \param[in] attributes    The attributes for the new key.
+    ///                          They are used as follows:
+    ///                          - The key type and size may be 0. If either is
+    ///                            nonzero, it must match the corresponding
+    ///                            attribute of the source key.
+    ///                          - The key location (the lifetime and, for
+    ///                            persistent keys, the key identifier) is
+    ///                            used directly.
+    ///                          - The policy constraints (usage flags and
+    ///                            algorithm policy) are combined from
+    ///                            the source key and \p attributes so that
+    ///                            both sets of restrictions apply, as
+    ///                            described in the documentation of this function.
+    /// \param[out] target_key   On success, an identifier for the newly created
+    ///                          key. For persistent keys, this is the key
+    ///                          identifier defined in \p attributes.
+    ///                          \c 0 on failure.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_HANDLE
+    ///         \p source_key is invalid.
+    /// \retval #PSA_ERROR_ALREADY_EXISTS
+    ///         This is an attempt to create a persistent key, and there is
+    ///         already a persistent key with the given identifier.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The lifetime or identifier in \p attributes are invalid, or
+    ///         the policy constraints on the source and specified in
+    ///         \p attributes are incompatible, or
+    ///         \p attributes specifies a key type or key size
+    ///         which does not match the attributes of the source key.
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The source key does not have the #PSA_KEY_USAGE_COPY usage flag, or
+    ///         the source key is not exportable and its lifetime does not
+    ///         allow copying it to the target's lifetime.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_copy_key(
+        source_key: mbedtls_svc_key_id_t,
+        attributes: *const psa_key_attributes_t,
+        target_key: *mut mbedtls_svc_key_id_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Destroy a key.
+    ///
+    /// This function destroys a key from both volatile
+    /// memory and, if applicable, non-volatile storage. Implementations shall
+    /// make a best effort to ensure that the key material cannot be recovered.
+    ///
+    /// This function also erases any metadata such as policies and frees
+    /// resources associated with the key.
+    ///
+    /// If a key is currently in use in a multipart operation, then destroying the
+    /// key will cause the multipart operation to fail.
+    ///
+    /// \param key  Identifier of the key to erase. If this is \c 0, do nothing and
+    ///             return #PSA_SUCCESS.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         \p key was a valid identifier and the key material that it
+    ///         referred to has been erased. Alternatively, \p key is \c 0.
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The key cannot be erased because it is
+    ///         read-only, either due to a policy or due to physical restrictions.
+    /// \retval #PSA_ERROR_INVALID_HANDLE
+    ///         \p key is not a valid identifier nor \c 0.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE
+    ///         There was a failure in communication with the cryptoprocessor.
+    ///         The key material may still be present in the cryptoprocessor.
+    /// \retval #PSA_ERROR_DATA_INVALID
+    ///         This error is typically a result of either storage corruption on a
+    ///         cleartext storage backend, or an attempt to read data that was
+    ///         written by an incompatible version of the library.
+    /// \retval #PSA_ERROR_STORAGE_FAILURE
+    ///         The storage is corrupted. Implementations shall make a best effort
+    ///         to erase key material even in this stage, however applications
+    ///         should be aware that it may be impossible to guarantee that the
+    ///         key material is not recoverable in such cases.
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED
+    ///         An unexpected condition which is not a storage corruption or
+    ///         a communication failure occurred. The cryptoprocessor may have
+    ///         been compromised.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_destroy_key(key: mbedtls_svc_key_id_t) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Import a key in binary format.
+    ///
+    /// This function supports any output from psa_export_key(). Refer to the
+    /// documentation of psa_export_public_key() for the format of public keys
+    /// and to the documentation of psa_export_key() for the format for
+    /// other key types.
+    ///
+    /// The key data determines the key size. The attributes may optionally
+    /// specify a key size; in this case it must match the size determined
+    /// from the key data. A key size of 0 in \p attributes indicates that
+    /// the key size is solely determined by the key data.
+    ///
+    /// Implementations must reject an attempt to import a key of size 0.
+    ///
+    /// This specification supports a single format for each key type.
+    /// Implementations may support other formats as long as the standard
+    /// format is supported. Implementations that support other formats
+    /// should ensure that the formats are clearly unambiguous so as to
+    /// minimize the risk that an invalid input is accidentally interpreted
+    /// according to a different format.
+    ///
+    /// \param[in] attributes    The attributes for the new key.
+    ///                          The key size is always determined from the
+    ///                          \p data buffer.
+    ///                          If the key size in \p attributes is nonzero,
+    ///                          it must be equal to the size from \p data.
+    /// \param[out] key          On success, an identifier to the newly created key.
+    ///                          For persistent keys, this is the key identifier
+    ///                          defined in \p attributes.
+    ///                          \c 0 on failure.
+    /// \param[in] data    Buffer containing the key data. The content of this
+    ///                    buffer is interpreted according to the type declared
+    ///                    in \p attributes.
+    ///                    All implementations must support at least the format
+    ///                    described in the documentation
+    ///                    of psa_export_key() or psa_export_public_key() for
+    ///                    the chosen type. Implementations may allow other
+    ///                    formats, but should be conservative: implementations
+    ///                    should err on the side of rejecting content if it
+    ///                    may be erroneous (e.g. wrong type or truncated data).
+    /// \param data_length Size of the \p data buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    ///         If the key is persistent, the key material and the key's metadata
+    ///         have been saved to persistent storage.
+    /// \retval #PSA_ERROR_ALREADY_EXISTS
+    ///         This is an attempt to create a persistent key, and there is
+    ///         already a persistent key with the given identifier.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         The key type or key size is not supported, either by the
+    ///         implementation in general or in this particular persistent location.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The key attributes, as a whole, are invalid, or
+    ///         the key data is not correctly formatted, or
+    ///         the size in \p attributes is nonzero and does not match the size
+    ///         of the key data.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_import_key(
+        attributes: *const psa_key_attributes_t,
+        data: *const u8,
+        data_length: usize,
+        key: *mut mbedtls_svc_key_id_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Export a key in binary format.
+    ///
+    /// The output of this function can be passed to psa_import_key() to
+    /// create an equivalent object.
+    ///
+    /// If the implementation of psa_import_key() supports other formats
+    /// beyond the format specified here, the output from psa_export_key()
+    /// must use the representation specified here, not the original
+    /// representation.
+    ///
+    /// For standard key types, the output format is as follows:
+    ///
+    /// - For symmetric keys (including MAC keys), the format is the
+    ///   raw bytes of the key.
+    /// - For DES, the key data consists of 8 bytes. The parity bits must be
+    ///   correct.
+    /// - For Triple-DES, the format is the concatenation of the
+    ///   two or three DES keys.
+    /// - For RSA key pairs (#PSA_KEY_TYPE_RSA_KEY_PAIR), the format
+    ///   is the non-encrypted DER encoding of the representation defined by
+    ///   PKCS\#1 (RFC 8017) as `RSAPrivateKey`, version 0.
+    ///   ```
+    ///   RSAPrivateKey ::= SEQUENCE {
+    ///       version             INTEGER,  -- must be 0
+    ///       modulus             INTEGER,  -- n
+    ///       publicExponent      INTEGER,  -- e
+    ///       privateExponent     INTEGER,  -- d
+    ///       prime1              INTEGER,  -- p
+    ///       prime2              INTEGER,  -- q
+    ///       exponent1           INTEGER,  -- d mod (p-1)
+    ///       exponent2           INTEGER,  -- d mod (q-1)
+    ///       coefficient         INTEGER,  -- (inverse of q) mod p
+    ///   }
+    ///   ```
+    /// - For elliptic curve key pairs (key types for which
+    ///   #PSA_KEY_TYPE_IS_ECC_KEY_PAIR is true), the format is
+    ///   a representation of the private value as a `ceiling(m/8)`-byte string
+    ///   where `m` is the bit size associated with the curve, i.e. the bit size
+    ///   of the order of the curve's coordinate field. This byte string is
+    ///   in little-endian order for Montgomery curves (curve types
+    ///   `PSA_ECC_FAMILY_CURVEXXX`), and in big-endian order for Weierstrass
+    ///   curves (curve types `PSA_ECC_FAMILY_SECTXXX`, `PSA_ECC_FAMILY_SECPXXX`
+    ///   and `PSA_ECC_FAMILY_BRAINPOOL_PXXX`).
+    ///   For Weierstrass curves, this is the content of the `privateKey` field of
+    ///   the `ECPrivateKey` format defined by RFC 5915.  For Montgomery curves,
+    ///   the format is defined by RFC 7748, and output is masked according to §5.
+    ///   For twisted Edwards curves, the private key is as defined by RFC 8032
+    ///   (a 32-byte string for Edwards25519, a 57-byte string for Edwards448).
+    /// - For Diffie-Hellman key exchange key pairs (key types for which
+    ///   #PSA_KEY_TYPE_IS_DH_KEY_PAIR is true), the
+    ///   format is the representation of the private key `x` as a big-endian byte
+    ///   string. The length of the byte string is the private key size in bytes
+    ///   (leading zeroes are not stripped).
+    /// - For public keys (key types for which #PSA_KEY_TYPE_IS_PUBLIC_KEY is
+    ///   true), the format is the same as for psa_export_public_key().
+    ///
+    /// The policy on the key must have the usage flag #PSA_KEY_USAGE_EXPORT set.
+    ///
+    /// \param key               Identifier of the key to export. It must allow the
+    ///                          usage #PSA_KEY_USAGE_EXPORT, unless it is a public
+    ///                          key.
+    /// \param[out] data         Buffer where the key data is to be written.
+    /// \param data_size         Size of the \p data buffer in bytes.
+    /// \param[out] data_length  On success, the number of bytes
+    ///                          that make up the key data.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The key does not have the #PSA_KEY_USAGE_EXPORT flag.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p data buffer is too small. You can determine a
+    ///         sufficient buffer size by calling
+    ///         #PSA_EXPORT_KEY_OUTPUT_SIZE(\c type, \c bits)
+    ///         where \c type is the key type
+    ///         and \c bits is the key size in bits.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_export_key(
+        key: mbedtls_svc_key_id_t,
+        data: *mut u8,
+        data_size: usize,
+        data_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Export a public key or the public part of a key pair in binary format.
+    ///
+    /// The output of this function can be passed to psa_import_key() to
+    /// create an object that is equivalent to the public key.
+    ///
+    /// This specification supports a single format for each key type.
+    /// Implementations may support other formats as long as the standard
+    /// format is supported. Implementations that support other formats
+    /// should ensure that the formats are clearly unambiguous so as to
+    /// minimize the risk that an invalid input is accidentally interpreted
+    /// according to a different format.
+    ///
+    /// For standard key types, the output format is as follows:
+    /// - For RSA public keys (#PSA_KEY_TYPE_RSA_PUBLIC_KEY), the DER encoding of
+    ///   the representation defined by RFC 3279 &sect;2.3.1 as `RSAPublicKey`.
+    ///   ```
+    ///   RSAPublicKey ::= SEQUENCE {
+    ///      modulus            INTEGER,    -- n
+    ///      publicExponent     INTEGER  }  -- e
+    ///   ```
+    /// - For elliptic curve keys on a twisted Edwards curve (key types for which
+    ///   #PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY is true and #PSA_KEY_TYPE_ECC_GET_FAMILY
+    ///   returns #PSA_ECC_FAMILY_TWISTED_EDWARDS), the public key is as defined
+    ///   by RFC 8032
+    ///   (a 32-byte string for Edwards25519, a 57-byte string for Edwards448).
+    /// - For other elliptic curve public keys (key types for which
+    ///   #PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY is true), the format is the uncompressed
+    ///   representation defined by SEC1 &sect;2.3.3 as the content of an ECPoint.
+    ///   Let `m` be the bit size associated with the curve, i.e. the bit size of
+    ///   `q` for a curve over `F_q`. The representation consists of:
+    ///      - The byte 0x04;
+    ///      - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
+    ///      - `y_P` as a `ceiling(m/8)`-byte string, big-endian.
+    /// - For Diffie-Hellman key exchange public keys (key types for which
+    ///   #PSA_KEY_TYPE_IS_DH_PUBLIC_KEY is true),
+    ///   the format is the representation of the public key `y = g^x mod p` as a
+    ///   big-endian byte string. The length of the byte string is the length of the
+    ///   base prime `p` in bytes.
+    ///
+    /// Exporting a public key object or the public part of a key pair is
+    /// always permitted, regardless of the key's usage flags.
+    ///
+    /// \param key               Identifier of the key to export.
+    /// \param[out] data         Buffer where the key data is to be written.
+    /// \param data_size         Size of the \p data buffer in bytes.
+    /// \param[out] data_length  On success, the number of bytes
+    ///                          that make up the key data.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The key is neither a public key nor a key pair.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p data buffer is too small. You can determine a
+    ///         sufficient buffer size by calling
+    ///         #PSA_EXPORT_KEY_OUTPUT_SIZE(#PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(\c type), \c bits)
+    ///         where \c type is the key type
+    ///         and \c bits is the key size in bits.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_export_public_key(
+        key: mbedtls_svc_key_id_t,
+        data: *mut u8,
+        data_size: usize,
+        data_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Calculate the hash (digest) of a message.
+    ///
+    /// \note To verify the hash of a message against an
+    ///       expected value, use psa_hash_compare() instead.
+    ///
+    /// \param alg               The hash algorithm to compute (\c PSA_ALG_XXX value
+    ///                          such that #PSA_ALG_IS_HASH(\p alg) is true).
+    /// \param[in] input         Buffer containing the message to hash.
+    /// \param input_length      Size of the \p input buffer in bytes.
+    /// \param[out] hash         Buffer where the hash is to be written.
+    /// \param hash_size         Size of the \p hash buffer in bytes.
+    /// \param[out] hash_length  On success, the number of bytes
+    ///                          that make up the hash value. This is always
+    ///                          #PSA_HASH_LENGTH(\p alg).
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not a hash algorithm.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         \p hash_size is too small
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_hash_compute(
+        alg: psa_algorithm_t,
+        input: *const u8,
+        input_length: usize,
+        hash: *mut u8,
+        hash_size: usize,
+        hash_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Calculate the hash (digest) of a message and compare it with a
+    /// reference value.
+    ///
+    /// \param alg               The hash algorithm to compute (\c PSA_ALG_XXX value
+    ///                          such that #PSA_ALG_IS_HASH(\p alg) is true).
+    /// \param[in] input         Buffer containing the message to hash.
+    /// \param input_length      Size of the \p input buffer in bytes.
+    /// \param[out] hash         Buffer containing the expected hash value.
+    /// \param hash_length       Size of the \p hash buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         The expected hash is identical to the actual hash of the input.
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The hash of the message was calculated successfully, but it
+    ///         differs from the expected hash.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not a hash algorithm.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p input_length or \p hash_length do not match the hash size for \p alg
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_hash_compare(
+        alg: psa_algorithm_t,
+        input: *const u8,
+        input_length: usize,
+        hash: *const u8,
+        hash_length: usize,
+    ) -> psa_status_t;
+}
+/// The type of the state data structure for multipart hash operations.
+///
+/// Before calling any function on a hash operation object, the application must
+/// initialize it by any of the following means:
+/// - Set the structure to all-bits-zero, for example:
+///   \code
+///   psa_hash_operation_t operation;
+///   memset(&operation, 0, sizeof(operation));
+///   \endcode
+/// - Initialize the structure to logical zero values, for example:
+///   \code
+///   psa_hash_operation_t operation = {0};
+///   \endcode
+/// - Initialize the structure to the initializer #PSA_HASH_OPERATION_INIT,
+///   for example:
+///   \code
+///   psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
+///   \endcode
+/// - Assign the result of the function psa_hash_operation_init()
+///   to the structure, for example:
+///   \code
+///   psa_hash_operation_t operation;
+///   operation = psa_hash_operation_init();
+///   \endcode
+///
+/// This is an implementation-defined \c struct. Applications should not
+/// make any assumptions about the content of this structure.
+/// Implementation details can change in future versions without notice.
+pub type psa_hash_operation_t = psa_hash_operation_s;
+extern "C" {
+    /// Set up a multipart hash operation.
+    ///
+    /// The sequence of operations to calculate a hash (message digest)
+    /// is as follows:
+    /// -# Allocate an operation object which will be passed to all the functions
+    ///    listed here.
+    /// -# Initialize the operation object with one of the methods described in the
+    ///    documentation for #psa_hash_operation_t, e.g. #PSA_HASH_OPERATION_INIT.
+    /// -# Call psa_hash_setup() to specify the algorithm.
+    /// -# Call psa_hash_update() zero, one or more times, passing a fragment
+    ///    of the message each time. The hash that is calculated is the hash
+    ///    of the concatenation of these messages in order.
+    /// -# To calculate the hash, call psa_hash_finish().
+    ///    To compare the hash with an expected value, call psa_hash_verify().
+    ///
+    /// If an error occurs at any step after a call to psa_hash_setup(), the
+    /// operation will need to be reset by a call to psa_hash_abort(). The
+    /// application may call psa_hash_abort() at any time after the operation
+    /// has been initialized.
+    ///
+    /// After a successful call to psa_hash_setup(), the application must
+    /// eventually terminate the operation. The following events terminate an
+    /// operation:
+    /// - A successful call to psa_hash_finish() or psa_hash_verify().
+    /// - A call to psa_hash_abort().
+    ///
+    /// \param[in,out] operation The operation object to set up. It must have
+    ///                          been initialized as per the documentation for
+    ///                          #psa_hash_operation_t and not yet in use.
+    /// \param alg               The hash algorithm to compute (\c PSA_ALG_XXX value
+    ///                          such that #PSA_ALG_IS_HASH(\p alg) is true).
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not a supported hash algorithm.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p alg is not a hash algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be inactive), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_hash_setup(
+        operation: *mut psa_hash_operation_t,
+        alg: psa_algorithm_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Add a message fragment to a multipart hash operation.
+    ///
+    /// The application must call psa_hash_setup() before calling this function.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_hash_abort().
+    ///
+    /// \param[in,out] operation Active hash operation.
+    /// \param[in] input         Buffer containing the message fragment to hash.
+    /// \param input_length      Size of the \p input buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_hash_update(
+        operation: *mut psa_hash_operation_t,
+        input: *const u8,
+        input_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Finish the calculation of the hash of a message.
+    ///
+    /// The application must call psa_hash_setup() before calling this function.
+    /// This function calculates the hash of the message formed by concatenating
+    /// the inputs passed to preceding calls to psa_hash_update().
+    ///
+    /// When this function returns successfully, the operation becomes inactive.
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_hash_abort().
+    ///
+    /// \warning Applications should not call this function if they expect
+    ///          a specific value for the hash. Call psa_hash_verify() instead.
+    ///          Beware that comparing integrity or authenticity data such as
+    ///          hash values with a function such as \c memcmp is risky
+    ///          because the time taken by the comparison may leak information
+    ///          about the hashed data which could allow an attacker to guess
+    ///          a valid hash and thereby bypass security controls.
+    ///
+    /// \param[in,out] operation     Active hash operation.
+    /// \param[out] hash             Buffer where the hash is to be written.
+    /// \param hash_size             Size of the \p hash buffer in bytes.
+    /// \param[out] hash_length      On success, the number of bytes
+    ///                              that make up the hash value. This is always
+    ///                              #PSA_HASH_LENGTH(\c alg) where \c alg is the
+    ///                              hash algorithm that is calculated.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p hash buffer is too small. You can determine a
+    ///         sufficient buffer size by calling #PSA_HASH_LENGTH(\c alg)
+    ///         where \c alg is the hash algorithm that is calculated.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_hash_finish(
+        operation: *mut psa_hash_operation_t,
+        hash: *mut u8,
+        hash_size: usize,
+        hash_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Finish the calculation of the hash of a message and compare it with
+    /// an expected value.
+    ///
+    /// The application must call psa_hash_setup() before calling this function.
+    /// This function calculates the hash of the message formed by concatenating
+    /// the inputs passed to preceding calls to psa_hash_update(). It then
+    /// compares the calculated hash with the expected hash passed as a
+    /// parameter to this function.
+    ///
+    /// When this function returns successfully, the operation becomes inactive.
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_hash_abort().
+    ///
+    /// \note Implementations shall make the best effort to ensure that the
+    /// comparison between the actual hash and the expected hash is performed
+    /// in constant time.
+    ///
+    /// \param[in,out] operation     Active hash operation.
+    /// \param[in] hash              Buffer containing the expected hash value.
+    /// \param hash_length           Size of the \p hash buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         The expected hash is identical to the actual hash of the message.
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The hash of the message was calculated successfully, but it
+    ///         differs from the expected hash.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_hash_verify(
+        operation: *mut psa_hash_operation_t,
+        hash: *const u8,
+        hash_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Abort a hash operation.
+    ///
+    /// Aborting an operation frees all associated resources except for the
+    /// \p operation structure itself. Once aborted, the operation object
+    /// can be reused for another operation by calling
+    /// psa_hash_setup() again.
+    ///
+    /// You may call this function any time after the operation object has
+    /// been initialized by one of the methods described in #psa_hash_operation_t.
+    ///
+    /// In particular, calling psa_hash_abort() after the operation has been
+    /// terminated by a call to psa_hash_abort(), psa_hash_finish() or
+    /// psa_hash_verify() is safe and has no effect.
+    ///
+    /// \param[in,out] operation     Initialized hash operation.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_hash_abort(operation: *mut psa_hash_operation_t) -> psa_status_t;
+}
+extern "C" {
+    /// Clone a hash operation.
+    ///
+    /// This function copies the state of an ongoing hash operation to
+    /// a new operation object. In other words, this function is equivalent
+    /// to calling psa_hash_setup() on \p target_operation with the same
+    /// algorithm that \p source_operation was set up for, then
+    /// psa_hash_update() on \p target_operation with the same input that
+    /// that was passed to \p source_operation. After this function returns, the
+    /// two objects are independent, i.e. subsequent calls involving one of
+    /// the objects do not affect the other object.
+    ///
+    /// \param[in] source_operation      The active hash operation to clone.
+    /// \param[in,out] target_operation  The operation object to set up.
+    ///                                  It must be initialized but not active.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The \p source_operation state is not valid (it must be active), or
+    ///         the \p target_operation state is not valid (it must be inactive), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_hash_clone(
+        source_operation: *const psa_hash_operation_t,
+        target_operation: *mut psa_hash_operation_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Calculate the MAC (message authentication code) of a message.
+    ///
+    /// \note To verify the MAC of a message against an
+    ///       expected value, use psa_mac_verify() instead.
+    ///       Beware that comparing integrity or authenticity data such as
+    ///       MAC values with a function such as \c memcmp is risky
+    ///       because the time taken by the comparison may leak information
+    ///       about the MAC value which could allow an attacker to guess
+    ///       a valid MAC and thereby bypass security controls.
+    ///
+    /// \param key               Identifier of the key to use for the operation. It
+    ///                          must allow the usage PSA_KEY_USAGE_SIGN_MESSAGE.
+    /// \param alg               The MAC algorithm to compute (\c PSA_ALG_XXX value
+    ///                          such that #PSA_ALG_IS_MAC(\p alg) is true).
+    /// \param[in] input         Buffer containing the input message.
+    /// \param input_length      Size of the \p input buffer in bytes.
+    /// \param[out] mac          Buffer where the MAC value is to be written.
+    /// \param mac_size          Size of the \p mac buffer in bytes.
+    /// \param[out] mac_length   On success, the number of bytes
+    ///                          that make up the MAC value.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not compatible with \p alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not a MAC algorithm.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         \p mac_size is too small
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE
+    ///         The key could not be retrieved from storage.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_mac_compute(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        input: *const u8,
+        input_length: usize,
+        mac: *mut u8,
+        mac_size: usize,
+        mac_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Calculate the MAC of a message and compare it with a reference value.
+    ///
+    /// \param key               Identifier of the key to use for the operation. It
+    ///                          must allow the usage PSA_KEY_USAGE_VERIFY_MESSAGE.
+    /// \param alg               The MAC algorithm to compute (\c PSA_ALG_XXX value
+    ///                          such that #PSA_ALG_IS_MAC(\p alg) is true).
+    /// \param[in] input         Buffer containing the input message.
+    /// \param input_length      Size of the \p input buffer in bytes.
+    /// \param[out] mac          Buffer containing the expected MAC value.
+    /// \param mac_length        Size of the \p mac buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         The expected MAC is identical to the actual MAC of the input.
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The MAC of the message was calculated successfully, but it
+    ///         differs from the expected value.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not compatible with \p alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not a MAC algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE
+    ///         The key could not be retrieved from storage.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_mac_verify(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        input: *const u8,
+        input_length: usize,
+        mac: *const u8,
+        mac_length: usize,
+    ) -> psa_status_t;
+}
+/// The type of the state data structure for multipart MAC operations.
+///
+/// Before calling any function on a MAC operation object, the application must
+/// initialize it by any of the following means:
+/// - Set the structure to all-bits-zero, for example:
+///   \code
+///   psa_mac_operation_t operation;
+///   memset(&operation, 0, sizeof(operation));
+///   \endcode
+/// - Initialize the structure to logical zero values, for example:
+///   \code
+///   psa_mac_operation_t operation = {0};
+///   \endcode
+/// - Initialize the structure to the initializer #PSA_MAC_OPERATION_INIT,
+///   for example:
+///   \code
+///   psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+///   \endcode
+/// - Assign the result of the function psa_mac_operation_init()
+///   to the structure, for example:
+///   \code
+///   psa_mac_operation_t operation;
+///   operation = psa_mac_operation_init();
+///   \endcode
+///
+///
+/// This is an implementation-defined \c struct. Applications should not
+/// make any assumptions about the content of this structure.
+/// Implementation details can change in future versions without notice.
+pub type psa_mac_operation_t = psa_mac_operation_s;
+extern "C" {
+    /// Set up a multipart MAC calculation operation.
+    ///
+    /// This function sets up the calculation of the MAC
+    /// (message authentication code) of a byte string.
+    /// To verify the MAC of a message against an
+    /// expected value, use psa_mac_verify_setup() instead.
+    ///
+    /// The sequence of operations to calculate a MAC is as follows:
+    /// -# Allocate an operation object which will be passed to all the functions
+    ///    listed here.
+    /// -# Initialize the operation object with one of the methods described in the
+    ///    documentation for #psa_mac_operation_t, e.g. #PSA_MAC_OPERATION_INIT.
+    /// -# Call psa_mac_sign_setup() to specify the algorithm and key.
+    /// -# Call psa_mac_update() zero, one or more times, passing a fragment
+    ///    of the message each time. The MAC that is calculated is the MAC
+    ///    of the concatenation of these messages in order.
+    /// -# At the end of the message, call psa_mac_sign_finish() to finish
+    ///    calculating the MAC value and retrieve it.
+    ///
+    /// If an error occurs at any step after a call to psa_mac_sign_setup(), the
+    /// operation will need to be reset by a call to psa_mac_abort(). The
+    /// application may call psa_mac_abort() at any time after the operation
+    /// has been initialized.
+    ///
+    /// After a successful call to psa_mac_sign_setup(), the application must
+    /// eventually terminate the operation through one of the following methods:
+    /// - A successful call to psa_mac_sign_finish().
+    /// - A call to psa_mac_abort().
+    ///
+    /// \param[in,out] operation The operation object to set up. It must have
+    ///                          been initialized as per the documentation for
+    ///                          #psa_mac_operation_t and not yet in use.
+    /// \param key               Identifier of the key to use for the operation. It
+    ///                          must remain valid until the operation terminates.
+    ///                          It must allow the usage PSA_KEY_USAGE_SIGN_MESSAGE.
+    /// \param alg               The MAC algorithm to compute (\c PSA_ALG_XXX value
+    ///                          such that #PSA_ALG_IS_MAC(\p alg) is true).
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not compatible with \p alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not a MAC algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE
+    ///         The key could not be retrieved from storage.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be inactive), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_mac_sign_setup(
+        operation: *mut psa_mac_operation_t,
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Set up a multipart MAC verification operation.
+    ///
+    /// This function sets up the verification of the MAC
+    /// (message authentication code) of a byte string against an expected value.
+    ///
+    /// The sequence of operations to verify a MAC is as follows:
+    /// -# Allocate an operation object which will be passed to all the functions
+    ///    listed here.
+    /// -# Initialize the operation object with one of the methods described in the
+    ///    documentation for #psa_mac_operation_t, e.g. #PSA_MAC_OPERATION_INIT.
+    /// -# Call psa_mac_verify_setup() to specify the algorithm and key.
+    /// -# Call psa_mac_update() zero, one or more times, passing a fragment
+    ///    of the message each time. The MAC that is calculated is the MAC
+    ///    of the concatenation of these messages in order.
+    /// -# At the end of the message, call psa_mac_verify_finish() to finish
+    ///    calculating the actual MAC of the message and verify it against
+    ///    the expected value.
+    ///
+    /// If an error occurs at any step after a call to psa_mac_verify_setup(), the
+    /// operation will need to be reset by a call to psa_mac_abort(). The
+    /// application may call psa_mac_abort() at any time after the operation
+    /// has been initialized.
+    ///
+    /// After a successful call to psa_mac_verify_setup(), the application must
+    /// eventually terminate the operation through one of the following methods:
+    /// - A successful call to psa_mac_verify_finish().
+    /// - A call to psa_mac_abort().
+    ///
+    /// \param[in,out] operation The operation object to set up. It must have
+    ///                          been initialized as per the documentation for
+    ///                          #psa_mac_operation_t and not yet in use.
+    /// \param key               Identifier of the key to use for the operation. It
+    ///                          must remain valid until the operation terminates.
+    ///                          It must allow the usage
+    ///                          PSA_KEY_USAGE_VERIFY_MESSAGE.
+    /// \param alg               The MAC algorithm to compute (\c PSA_ALG_XXX value
+    ///                          such that #PSA_ALG_IS_MAC(\p alg) is true).
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \c key is not compatible with \c alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \c alg is not supported or is not a MAC algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE
+    ///         The key could not be retrieved from storage.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be inactive), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_mac_verify_setup(
+        operation: *mut psa_mac_operation_t,
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Add a message fragment to a multipart MAC operation.
+    ///
+    /// The application must call psa_mac_sign_setup() or psa_mac_verify_setup()
+    /// before calling this function.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_mac_abort().
+    ///
+    /// \param[in,out] operation Active MAC operation.
+    /// \param[in] input         Buffer containing the message fragment to add to
+    ///                          the MAC calculation.
+    /// \param input_length      Size of the \p input buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_mac_update(
+        operation: *mut psa_mac_operation_t,
+        input: *const u8,
+        input_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Finish the calculation of the MAC of a message.
+    ///
+    /// The application must call psa_mac_sign_setup() before calling this function.
+    /// This function calculates the MAC of the message formed by concatenating
+    /// the inputs passed to preceding calls to psa_mac_update().
+    ///
+    /// When this function returns successfully, the operation becomes inactive.
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_mac_abort().
+    ///
+    /// \warning Applications should not call this function if they expect
+    ///          a specific value for the MAC. Call psa_mac_verify_finish() instead.
+    ///          Beware that comparing integrity or authenticity data such as
+    ///          MAC values with a function such as \c memcmp is risky
+    ///          because the time taken by the comparison may leak information
+    ///          about the MAC value which could allow an attacker to guess
+    ///          a valid MAC and thereby bypass security controls.
+    ///
+    /// \param[in,out] operation Active MAC operation.
+    /// \param[out] mac          Buffer where the MAC value is to be written.
+    /// \param mac_size          Size of the \p mac buffer in bytes.
+    /// \param[out] mac_length   On success, the number of bytes
+    ///                          that make up the MAC value. This is always
+    ///                          #PSA_MAC_LENGTH(\c key_type, \c key_bits, \c alg)
+    ///                          where \c key_type and \c key_bits are the type and
+    ///                          bit-size respectively of the key and \c alg is the
+    ///                          MAC algorithm that is calculated.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p mac buffer is too small. You can determine a
+    ///         sufficient buffer size by calling PSA_MAC_LENGTH().
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be an active mac sign
+    ///         operation), or the library has not been previously initialized
+    ///         by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_mac_sign_finish(
+        operation: *mut psa_mac_operation_t,
+        mac: *mut u8,
+        mac_size: usize,
+        mac_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Finish the calculation of the MAC of a message and compare it with
+    /// an expected value.
+    ///
+    /// The application must call psa_mac_verify_setup() before calling this function.
+    /// This function calculates the MAC of the message formed by concatenating
+    /// the inputs passed to preceding calls to psa_mac_update(). It then
+    /// compares the calculated MAC with the expected MAC passed as a
+    /// parameter to this function.
+    ///
+    /// When this function returns successfully, the operation becomes inactive.
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_mac_abort().
+    ///
+    /// \note Implementations shall make the best effort to ensure that the
+    /// comparison between the actual MAC and the expected MAC is performed
+    /// in constant time.
+    ///
+    /// \param[in,out] operation Active MAC operation.
+    /// \param[in] mac           Buffer containing the expected MAC value.
+    /// \param mac_length        Size of the \p mac buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         The expected MAC is identical to the actual MAC of the message.
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The MAC of the message was calculated successfully, but it
+    ///         differs from the expected MAC.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be an active mac verify
+    ///         operation), or the library has not been previously initialized
+    ///         by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_mac_verify_finish(
+        operation: *mut psa_mac_operation_t,
+        mac: *const u8,
+        mac_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Abort a MAC operation.
+    ///
+    /// Aborting an operation frees all associated resources except for the
+    /// \p operation structure itself. Once aborted, the operation object
+    /// can be reused for another operation by calling
+    /// psa_mac_sign_setup() or psa_mac_verify_setup() again.
+    ///
+    /// You may call this function any time after the operation object has
+    /// been initialized by one of the methods described in #psa_mac_operation_t.
+    ///
+    /// In particular, calling psa_mac_abort() after the operation has been
+    /// terminated by a call to psa_mac_abort(), psa_mac_sign_finish() or
+    /// psa_mac_verify_finish() is safe and has no effect.
+    ///
+    /// \param[in,out] operation Initialized MAC operation.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_mac_abort(operation: *mut psa_mac_operation_t) -> psa_status_t;
+}
+extern "C" {
+    /// Encrypt a message using a symmetric cipher.
+    ///
+    /// This function encrypts a message with a random IV (initialization
+    /// vector). Use the multipart operation interface with a
+    /// #psa_cipher_operation_t object to provide other forms of IV.
+    ///
+    /// \param key                   Identifier of the key to use for the operation.
+    ///                              It must allow the usage #PSA_KEY_USAGE_ENCRYPT.
+    /// \param alg                   The cipher algorithm to compute
+    ///                              (\c PSA_ALG_XXX value such that
+    ///                              #PSA_ALG_IS_CIPHER(\p alg) is true).
+    /// \param[in] input             Buffer containing the message to encrypt.
+    /// \param input_length          Size of the \p input buffer in bytes.
+    /// \param[out] output           Buffer where the output is to be written.
+    ///                              The output contains the IV followed by
+    ///                              the ciphertext proper.
+    /// \param output_size           Size of the \p output buffer in bytes.
+    /// \param[out] output_length    On success, the number of bytes
+    ///                              that make up the output.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not compatible with \p alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not a cipher algorithm.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_cipher_encrypt(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        input: *const u8,
+        input_length: usize,
+        output: *mut u8,
+        output_size: usize,
+        output_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Decrypt a message using a symmetric cipher.
+    ///
+    /// This function decrypts a message encrypted with a symmetric cipher.
+    ///
+    /// \param key                   Identifier of the key to use for the operation.
+    ///                              It must remain valid until the operation
+    ///                              terminates. It must allow the usage
+    ///                              #PSA_KEY_USAGE_DECRYPT.
+    /// \param alg                   The cipher algorithm to compute
+    ///                              (\c PSA_ALG_XXX value such that
+    ///                              #PSA_ALG_IS_CIPHER(\p alg) is true).
+    /// \param[in] input             Buffer containing the message to decrypt.
+    ///                              This consists of the IV followed by the
+    ///                              ciphertext proper.
+    /// \param input_length          Size of the \p input buffer in bytes.
+    /// \param[out] output           Buffer where the plaintext is to be written.
+    /// \param output_size           Size of the \p output buffer in bytes.
+    /// \param[out] output_length    On success, the number of bytes
+    ///                              that make up the output.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not compatible with \p alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not a cipher algorithm.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_cipher_decrypt(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        input: *const u8,
+        input_length: usize,
+        output: *mut u8,
+        output_size: usize,
+        output_length: *mut usize,
+    ) -> psa_status_t;
+}
+/// The type of the state data structure for multipart cipher operations.
+///
+/// Before calling any function on a cipher operation object, the application
+/// must initialize it by any of the following means:
+/// - Set the structure to all-bits-zero, for example:
+///   \code
+///   psa_cipher_operation_t operation;
+///   memset(&operation, 0, sizeof(operation));
+///   \endcode
+/// - Initialize the structure to logical zero values, for example:
+///   \code
+///   psa_cipher_operation_t operation = {0};
+///   \endcode
+/// - Initialize the structure to the initializer #PSA_CIPHER_OPERATION_INIT,
+///   for example:
+///   \code
+///   psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+///   \endcode
+/// - Assign the result of the function psa_cipher_operation_init()
+///   to the structure, for example:
+///   \code
+///   psa_cipher_operation_t operation;
+///   operation = psa_cipher_operation_init();
+///   \endcode
+///
+/// This is an implementation-defined \c struct. Applications should not
+/// make any assumptions about the content of this structure.
+/// Implementation details can change in future versions without notice.
+pub type psa_cipher_operation_t = psa_cipher_operation_s;
+extern "C" {
+    /// Set the key for a multipart symmetric encryption operation.
+    ///
+    /// The sequence of operations to encrypt a message with a symmetric cipher
+    /// is as follows:
+    /// -# Allocate an operation object which will be passed to all the functions
+    ///    listed here.
+    /// -# Initialize the operation object with one of the methods described in the
+    ///    documentation for #psa_cipher_operation_t, e.g.
+    ///    #PSA_CIPHER_OPERATION_INIT.
+    /// -# Call psa_cipher_encrypt_setup() to specify the algorithm and key.
+    /// -# Call either psa_cipher_generate_iv() or psa_cipher_set_iv() to
+    ///    generate or set the IV (initialization vector). You should use
+    ///    psa_cipher_generate_iv() unless the protocol you are implementing
+    ///    requires a specific IV value.
+    /// -# Call psa_cipher_update() zero, one or more times, passing a fragment
+    ///    of the message each time.
+    /// -# Call psa_cipher_finish().
+    ///
+    /// If an error occurs at any step after a call to psa_cipher_encrypt_setup(),
+    /// the operation will need to be reset by a call to psa_cipher_abort(). The
+    /// application may call psa_cipher_abort() at any time after the operation
+    /// has been initialized.
+    ///
+    /// After a successful call to psa_cipher_encrypt_setup(), the application must
+    /// eventually terminate the operation. The following events terminate an
+    /// operation:
+    /// - A successful call to psa_cipher_finish().
+    /// - A call to psa_cipher_abort().
+    ///
+    /// \param[in,out] operation     The operation object to set up. It must have
+    ///                              been initialized as per the documentation for
+    ///                              #psa_cipher_operation_t and not yet in use.
+    /// \param key                   Identifier of the key to use for the operation.
+    ///                              It must remain valid until the operation
+    ///                              terminates. It must allow the usage
+    ///                              #PSA_KEY_USAGE_ENCRYPT.
+    /// \param alg                   The cipher algorithm to compute
+    ///                              (\c PSA_ALG_XXX value such that
+    ///                              #PSA_ALG_IS_CIPHER(\p alg) is true).
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not compatible with \p alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not a cipher algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be inactive), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_cipher_encrypt_setup(
+        operation: *mut psa_cipher_operation_t,
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Set the key for a multipart symmetric decryption operation.
+    ///
+    /// The sequence of operations to decrypt a message with a symmetric cipher
+    /// is as follows:
+    /// -# Allocate an operation object which will be passed to all the functions
+    ///    listed here.
+    /// -# Initialize the operation object with one of the methods described in the
+    ///    documentation for #psa_cipher_operation_t, e.g.
+    ///    #PSA_CIPHER_OPERATION_INIT.
+    /// -# Call psa_cipher_decrypt_setup() to specify the algorithm and key.
+    /// -# Call psa_cipher_set_iv() with the IV (initialization vector) for the
+    ///    decryption. If the IV is prepended to the ciphertext, you can call
+    ///    psa_cipher_update() on a buffer containing the IV followed by the
+    ///    beginning of the message.
+    /// -# Call psa_cipher_update() zero, one or more times, passing a fragment
+    ///    of the message each time.
+    /// -# Call psa_cipher_finish().
+    ///
+    /// If an error occurs at any step after a call to psa_cipher_decrypt_setup(),
+    /// the operation will need to be reset by a call to psa_cipher_abort(). The
+    /// application may call psa_cipher_abort() at any time after the operation
+    /// has been initialized.
+    ///
+    /// After a successful call to psa_cipher_decrypt_setup(), the application must
+    /// eventually terminate the operation. The following events terminate an
+    /// operation:
+    /// - A successful call to psa_cipher_finish().
+    /// - A call to psa_cipher_abort().
+    ///
+    /// \param[in,out] operation     The operation object to set up. It must have
+    ///                              been initialized as per the documentation for
+    ///                              #psa_cipher_operation_t and not yet in use.
+    /// \param key                   Identifier of the key to use for the operation.
+    ///                              It must remain valid until the operation
+    ///                              terminates. It must allow the usage
+    ///                              #PSA_KEY_USAGE_DECRYPT.
+    /// \param alg                   The cipher algorithm to compute
+    ///                              (\c PSA_ALG_XXX value such that
+    ///                              #PSA_ALG_IS_CIPHER(\p alg) is true).
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not compatible with \p alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not a cipher algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be inactive), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_cipher_decrypt_setup(
+        operation: *mut psa_cipher_operation_t,
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Generate an IV for a symmetric encryption operation.
+    ///
+    /// This function generates a random IV (initialization vector), nonce
+    /// or initial counter value for the encryption operation as appropriate
+    /// for the chosen algorithm, key type and key size.
+    ///
+    /// The application must call psa_cipher_encrypt_setup() before
+    /// calling this function.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_cipher_abort().
+    ///
+    /// \param[in,out] operation     Active cipher operation.
+    /// \param[out] iv               Buffer where the generated IV is to be written.
+    /// \param iv_size               Size of the \p iv buffer in bytes.
+    /// \param[out] iv_length        On success, the number of bytes of the
+    ///                              generated IV.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p iv buffer is too small.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active, with no IV set),
+    ///         or the library has not been previously initialized
+    ///         by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_cipher_generate_iv(
+        operation: *mut psa_cipher_operation_t,
+        iv: *mut u8,
+        iv_size: usize,
+        iv_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Set the IV for a symmetric encryption or decryption operation.
+    ///
+    /// This function sets the IV (initialization vector), nonce
+    /// or initial counter value for the encryption or decryption operation.
+    ///
+    /// The application must call psa_cipher_encrypt_setup() before
+    /// calling this function.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_cipher_abort().
+    ///
+    /// \note When encrypting, applications should use psa_cipher_generate_iv()
+    /// instead of this function, unless implementing a protocol that requires
+    /// a non-random IV.
+    ///
+    /// \param[in,out] operation     Active cipher operation.
+    /// \param[in] iv                Buffer containing the IV to use.
+    /// \param iv_length             Size of the IV in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The size of \p iv is not acceptable for the chosen algorithm,
+    ///         or the chosen algorithm does not use an IV.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be an active cipher
+    ///         encrypt operation, with no IV set), or the library has not been
+    ///         previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_cipher_set_iv(
+        operation: *mut psa_cipher_operation_t,
+        iv: *const u8,
+        iv_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Encrypt or decrypt a message fragment in an active cipher operation.
+    ///
+    /// Before calling this function, you must:
+    /// 1. Call either psa_cipher_encrypt_setup() or psa_cipher_decrypt_setup().
+    ///    The choice of setup function determines whether this function
+    ///    encrypts or decrypts its input.
+    /// 2. If the algorithm requires an IV, call psa_cipher_generate_iv()
+    ///    (recommended when encrypting) or psa_cipher_set_iv().
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_cipher_abort().
+    ///
+    /// \param[in,out] operation     Active cipher operation.
+    /// \param[in] input             Buffer containing the message fragment to
+    ///                              encrypt or decrypt.
+    /// \param input_length          Size of the \p input buffer in bytes.
+    /// \param[out] output           Buffer where the output is to be written.
+    /// \param output_size           Size of the \p output buffer in bytes.
+    /// \param[out] output_length    On success, the number of bytes
+    ///                              that make up the returned output.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p output buffer is too small.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active, with an IV set
+    ///         if required for the algorithm), or the library has not been
+    ///         previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_cipher_update(
+        operation: *mut psa_cipher_operation_t,
+        input: *const u8,
+        input_length: usize,
+        output: *mut u8,
+        output_size: usize,
+        output_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Finish encrypting or decrypting a message in a cipher operation.
+    ///
+    /// The application must call psa_cipher_encrypt_setup() or
+    /// psa_cipher_decrypt_setup() before calling this function. The choice
+    /// of setup function determines whether this function encrypts or
+    /// decrypts its input.
+    ///
+    /// This function finishes the encryption or decryption of the message
+    /// formed by concatenating the inputs passed to preceding calls to
+    /// psa_cipher_update().
+    ///
+    /// When this function returns successfully, the operation becomes inactive.
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_cipher_abort().
+    ///
+    /// \param[in,out] operation     Active cipher operation.
+    /// \param[out] output           Buffer where the output is to be written.
+    /// \param output_size           Size of the \p output buffer in bytes.
+    /// \param[out] output_length    On success, the number of bytes
+    ///                              that make up the returned output.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The total input size passed to this operation is not valid for
+    ///         this particular algorithm. For example, the algorithm is a based
+    ///         on block cipher and requires a whole number of blocks, but the
+    ///         total input size is not a multiple of the block size.
+    /// \retval #PSA_ERROR_INVALID_PADDING
+    ///         This is a decryption operation for an algorithm that includes
+    ///         padding, and the ciphertext does not contain valid padding.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p output buffer is too small.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active, with an IV set
+    ///         if required for the algorithm), or the library has not been
+    ///         previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_cipher_finish(
+        operation: *mut psa_cipher_operation_t,
+        output: *mut u8,
+        output_size: usize,
+        output_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Abort a cipher operation.
+    ///
+    /// Aborting an operation frees all associated resources except for the
+    /// \p operation structure itself. Once aborted, the operation object
+    /// can be reused for another operation by calling
+    /// psa_cipher_encrypt_setup() or psa_cipher_decrypt_setup() again.
+    ///
+    /// You may call this function any time after the operation object has
+    /// been initialized as described in #psa_cipher_operation_t.
+    ///
+    /// In particular, calling psa_cipher_abort() after the operation has been
+    /// terminated by a call to psa_cipher_abort() or psa_cipher_finish()
+    /// is safe and has no effect.
+    ///
+    /// \param[in,out] operation     Initialized cipher operation.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_cipher_abort(operation: *mut psa_cipher_operation_t) -> psa_status_t;
+}
+extern "C" {
+    /// Process an authenticated encryption operation.
+    ///
+    /// \param key                     Identifier of the key to use for the
+    ///                                operation. It must allow the usage
+    ///                                #PSA_KEY_USAGE_ENCRYPT.
+    /// \param alg                     The AEAD algorithm to compute
+    ///                                (\c PSA_ALG_XXX value such that
+    ///                                #PSA_ALG_IS_AEAD(\p alg) is true).
+    /// \param[in] nonce               Nonce or IV to use.
+    /// \param nonce_length            Size of the \p nonce buffer in bytes.
+    /// \param[in] additional_data     Additional data that will be authenticated
+    ///                                but not encrypted.
+    /// \param additional_data_length  Size of \p additional_data in bytes.
+    /// \param[in] plaintext           Data that will be authenticated and
+    ///                                encrypted.
+    /// \param plaintext_length        Size of \p plaintext in bytes.
+    /// \param[out] ciphertext         Output buffer for the authenticated and
+    ///                                encrypted data. The additional data is not
+    ///                                part of this output. For algorithms where the
+    ///                                encrypted data and the authentication tag
+    ///                                are defined as separate outputs, the
+    ///                                authentication tag is appended to the
+    ///                                encrypted data.
+    /// \param ciphertext_size         Size of the \p ciphertext buffer in bytes.
+    ///                                This must be appropriate for the selected
+    ///                                algorithm and key:
+    ///                                - A sufficient output size is
+    ///                                  #PSA_AEAD_ENCRYPT_OUTPUT_SIZE(\c key_type,
+    ///                                  \p alg, \p plaintext_length) where
+    ///                                  \c key_type is the type of \p key.
+    ///                                - #PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(\p
+    ///                                  plaintext_length) evaluates to the maximum
+    ///                                  ciphertext size of any supported AEAD
+    ///                                  encryption.
+    /// \param[out] ciphertext_length  On success, the size of the output
+    ///                                in the \p ciphertext buffer.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not compatible with \p alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not an AEAD algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         \p ciphertext_size is too small.
+    ///         #PSA_AEAD_ENCRYPT_OUTPUT_SIZE(\c key_type, \p alg,
+    ///         \p plaintext_length) or
+    ///         #PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(\p plaintext_length) can be used to
+    ///         determine the required buffer size.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_encrypt(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        nonce: *const u8,
+        nonce_length: usize,
+        additional_data: *const u8,
+        additional_data_length: usize,
+        plaintext: *const u8,
+        plaintext_length: usize,
+        ciphertext: *mut u8,
+        ciphertext_size: usize,
+        ciphertext_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Process an authenticated decryption operation.
+    ///
+    /// \param key                     Identifier of the key to use for the
+    ///                                operation. It must allow the usage
+    ///                                #PSA_KEY_USAGE_DECRYPT.
+    /// \param alg                     The AEAD algorithm to compute
+    ///                                (\c PSA_ALG_XXX value such that
+    ///                                #PSA_ALG_IS_AEAD(\p alg) is true).
+    /// \param[in] nonce               Nonce or IV to use.
+    /// \param nonce_length            Size of the \p nonce buffer in bytes.
+    /// \param[in] additional_data     Additional data that has been authenticated
+    ///                                but not encrypted.
+    /// \param additional_data_length  Size of \p additional_data in bytes.
+    /// \param[in] ciphertext          Data that has been authenticated and
+    ///                                encrypted. For algorithms where the
+    ///                                encrypted data and the authentication tag
+    ///                                are defined as separate inputs, the buffer
+    ///                                must contain the encrypted data followed
+    ///                                by the authentication tag.
+    /// \param ciphertext_length       Size of \p ciphertext in bytes.
+    /// \param[out] plaintext          Output buffer for the decrypted data.
+    /// \param plaintext_size          Size of the \p plaintext buffer in bytes.
+    ///                                This must be appropriate for the selected
+    ///                                algorithm and key:
+    ///                                - A sufficient output size is
+    ///                                  #PSA_AEAD_DECRYPT_OUTPUT_SIZE(\c key_type,
+    ///                                  \p alg, \p ciphertext_length) where
+    ///                                  \c key_type is the type of \p key.
+    ///                                - #PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(\p
+    ///                                  ciphertext_length) evaluates to the maximum
+    ///                                  plaintext size of any supported AEAD
+    ///                                  decryption.
+    /// \param[out] plaintext_length   On success, the size of the output
+    ///                                in the \p plaintext buffer.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The ciphertext is not authentic.
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not compatible with \p alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not an AEAD algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         \p plaintext_size is too small.
+    ///         #PSA_AEAD_DECRYPT_OUTPUT_SIZE(\c key_type, \p alg,
+    ///         \p ciphertext_length) or
+    ///         #PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(\p ciphertext_length) can be used
+    ///         to determine the required buffer size.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_decrypt(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        nonce: *const u8,
+        nonce_length: usize,
+        additional_data: *const u8,
+        additional_data_length: usize,
+        ciphertext: *const u8,
+        ciphertext_length: usize,
+        plaintext: *mut u8,
+        plaintext_size: usize,
+        plaintext_length: *mut usize,
+    ) -> psa_status_t;
+}
+/// The type of the state data structure for multipart AEAD operations.
+///
+/// Before calling any function on an AEAD operation object, the application
+/// must initialize it by any of the following means:
+/// - Set the structure to all-bits-zero, for example:
+///   \code
+///   psa_aead_operation_t operation;
+///   memset(&operation, 0, sizeof(operation));
+///   \endcode
+/// - Initialize the structure to logical zero values, for example:
+///   \code
+///   psa_aead_operation_t operation = {0};
+///   \endcode
+/// - Initialize the structure to the initializer #PSA_AEAD_OPERATION_INIT,
+///   for example:
+///   \code
+///   psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
+///   \endcode
+/// - Assign the result of the function psa_aead_operation_init()
+///   to the structure, for example:
+///   \code
+///   psa_aead_operation_t operation;
+///   operation = psa_aead_operation_init();
+///   \endcode
+///
+/// This is an implementation-defined \c struct. Applications should not
+/// make any assumptions about the content of this structure.
+/// Implementation details can change in future versions without notice.
+pub type psa_aead_operation_t = psa_aead_operation_s;
+extern "C" {
+    /// Set the key for a multipart authenticated encryption operation.
+    ///
+    /// The sequence of operations to encrypt a message with authentication
+    /// is as follows:
+    /// -# Allocate an operation object which will be passed to all the functions
+    ///    listed here.
+    /// -# Initialize the operation object with one of the methods described in the
+    ///    documentation for #psa_aead_operation_t, e.g.
+    ///    #PSA_AEAD_OPERATION_INIT.
+    /// -# Call psa_aead_encrypt_setup() to specify the algorithm and key.
+    /// -# If needed, call psa_aead_set_lengths() to specify the length of the
+    ///    inputs to the subsequent calls to psa_aead_update_ad() and
+    ///    psa_aead_update(). See the documentation of psa_aead_set_lengths()
+    ///    for details.
+    /// -# Call either psa_aead_generate_nonce() or psa_aead_set_nonce() to
+    ///    generate or set the nonce. You should use
+    ///    psa_aead_generate_nonce() unless the protocol you are implementing
+    ///    requires a specific nonce value.
+    /// -# Call psa_aead_update_ad() zero, one or more times, passing a fragment
+    ///    of the non-encrypted additional authenticated data each time.
+    /// -# Call psa_aead_update() zero, one or more times, passing a fragment
+    ///    of the message to encrypt each time.
+    /// -# Call psa_aead_finish().
+    ///
+    /// If an error occurs at any step after a call to psa_aead_encrypt_setup(),
+    /// the operation will need to be reset by a call to psa_aead_abort(). The
+    /// application may call psa_aead_abort() at any time after the operation
+    /// has been initialized.
+    ///
+    /// After a successful call to psa_aead_encrypt_setup(), the application must
+    /// eventually terminate the operation. The following events terminate an
+    /// operation:
+    /// - A successful call to psa_aead_finish().
+    /// - A call to psa_aead_abort().
+    ///
+    /// \param[in,out] operation     The operation object to set up. It must have
+    ///                              been initialized as per the documentation for
+    ///                              #psa_aead_operation_t and not yet in use.
+    /// \param key                   Identifier of the key to use for the operation.
+    ///                              It must remain valid until the operation
+    ///                              terminates. It must allow the usage
+    ///                              #PSA_KEY_USAGE_ENCRYPT.
+    /// \param alg                   The AEAD algorithm to compute
+    ///                              (\c PSA_ALG_XXX value such that
+    ///                              #PSA_ALG_IS_AEAD(\p alg) is true).
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be inactive), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not compatible with \p alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not an AEAD algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_encrypt_setup(
+        operation: *mut psa_aead_operation_t,
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Set the key for a multipart authenticated decryption operation.
+    ///
+    /// The sequence of operations to decrypt a message with authentication
+    /// is as follows:
+    /// -# Allocate an operation object which will be passed to all the functions
+    ///    listed here.
+    /// -# Initialize the operation object with one of the methods described in the
+    ///    documentation for #psa_aead_operation_t, e.g.
+    ///    #PSA_AEAD_OPERATION_INIT.
+    /// -# Call psa_aead_decrypt_setup() to specify the algorithm and key.
+    /// -# If needed, call psa_aead_set_lengths() to specify the length of the
+    ///    inputs to the subsequent calls to psa_aead_update_ad() and
+    ///    psa_aead_update(). See the documentation of psa_aead_set_lengths()
+    ///    for details.
+    /// -# Call psa_aead_set_nonce() with the nonce for the decryption.
+    /// -# Call psa_aead_update_ad() zero, one or more times, passing a fragment
+    ///    of the non-encrypted additional authenticated data each time.
+    /// -# Call psa_aead_update() zero, one or more times, passing a fragment
+    ///    of the ciphertext to decrypt each time.
+    /// -# Call psa_aead_verify().
+    ///
+    /// If an error occurs at any step after a call to psa_aead_decrypt_setup(),
+    /// the operation will need to be reset by a call to psa_aead_abort(). The
+    /// application may call psa_aead_abort() at any time after the operation
+    /// has been initialized.
+    ///
+    /// After a successful call to psa_aead_decrypt_setup(), the application must
+    /// eventually terminate the operation. The following events terminate an
+    /// operation:
+    /// - A successful call to psa_aead_verify().
+    /// - A call to psa_aead_abort().
+    ///
+    /// \param[in,out] operation     The operation object to set up. It must have
+    ///                              been initialized as per the documentation for
+    ///                              #psa_aead_operation_t and not yet in use.
+    /// \param key                   Identifier of the key to use for the operation.
+    ///                              It must remain valid until the operation
+    ///                              terminates. It must allow the usage
+    ///                              #PSA_KEY_USAGE_DECRYPT.
+    /// \param alg                   The AEAD algorithm to compute
+    ///                              (\c PSA_ALG_XXX value such that
+    ///                              #PSA_ALG_IS_AEAD(\p alg) is true).
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not compatible with \p alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not an AEAD algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be inactive), or the
+    ///         library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_decrypt_setup(
+        operation: *mut psa_aead_operation_t,
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Generate a random nonce for an authenticated encryption operation.
+    ///
+    /// This function generates a random nonce for the authenticated encryption
+    /// operation with an appropriate size for the chosen algorithm, key type
+    /// and key size.
+    ///
+    /// The application must call psa_aead_encrypt_setup() before
+    /// calling this function.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_aead_abort().
+    ///
+    /// \param[in,out] operation     Active AEAD operation.
+    /// \param[out] nonce            Buffer where the generated nonce is to be
+    ///                              written.
+    /// \param nonce_size            Size of the \p nonce buffer in bytes.
+    /// \param[out] nonce_length     On success, the number of bytes of the
+    ///                              generated nonce.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p nonce buffer is too small.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be an active aead encrypt
+    ///         operation, with no nonce set), or the library has not been
+    ///         previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_generate_nonce(
+        operation: *mut psa_aead_operation_t,
+        nonce: *mut u8,
+        nonce_size: usize,
+        nonce_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Set the nonce for an authenticated encryption or decryption operation.
+    ///
+    /// This function sets the nonce for the authenticated
+    /// encryption or decryption operation.
+    ///
+    /// The application must call psa_aead_encrypt_setup() or
+    /// psa_aead_decrypt_setup() before calling this function.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_aead_abort().
+    ///
+    /// \note When encrypting, applications should use psa_aead_generate_nonce()
+    /// instead of this function, unless implementing a protocol that requires
+    /// a non-random IV.
+    ///
+    /// \param[in,out] operation     Active AEAD operation.
+    /// \param[in] nonce             Buffer containing the nonce to use.
+    /// \param nonce_length          Size of the nonce in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The size of \p nonce is not acceptable for the chosen algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active, with no nonce
+    ///         set), or the library has not been previously initialized
+    ///         by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_set_nonce(
+        operation: *mut psa_aead_operation_t,
+        nonce: *const u8,
+        nonce_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Declare the lengths of the message and additional data for AEAD.
+    ///
+    /// The application must call this function before calling
+    /// psa_aead_update_ad() or psa_aead_update() if the algorithm for
+    /// the operation requires it. If the algorithm does not require it,
+    /// calling this function is optional, but if this function is called
+    /// then the implementation must enforce the lengths.
+    ///
+    /// You may call this function before or after setting the nonce with
+    /// psa_aead_set_nonce() or psa_aead_generate_nonce().
+    ///
+    /// - For #PSA_ALG_CCM, calling this function is required.
+    /// - For the other AEAD algorithms defined in this specification, calling
+    ///   this function is not required.
+    /// - For vendor-defined algorithm, refer to the vendor documentation.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_aead_abort().
+    ///
+    /// \param[in,out] operation     Active AEAD operation.
+    /// \param ad_length             Size of the non-encrypted additional
+    ///                              authenticated data in bytes.
+    /// \param plaintext_length      Size of the plaintext to encrypt in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         At least one of the lengths is not acceptable for the chosen
+    ///         algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active, and
+    ///         psa_aead_update_ad() and psa_aead_update() must not have been
+    ///         called yet), or the library has not been previously initialized
+    ///         by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_set_lengths(
+        operation: *mut psa_aead_operation_t,
+        ad_length: usize,
+        plaintext_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Pass additional data to an active AEAD operation.
+    ///
+    /// Additional data is authenticated, but not encrypted.
+    ///
+    /// You may call this function multiple times to pass successive fragments
+    /// of the additional data. You may not call this function after passing
+    /// data to encrypt or decrypt with psa_aead_update().
+    ///
+    /// Before calling this function, you must:
+    /// 1. Call either psa_aead_encrypt_setup() or psa_aead_decrypt_setup().
+    /// 2. Set the nonce with psa_aead_generate_nonce() or psa_aead_set_nonce().
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_aead_abort().
+    ///
+    /// \warning When decrypting, until psa_aead_verify() has returned #PSA_SUCCESS,
+    ///          there is no guarantee that the input is valid. Therefore, until
+    ///          you have called psa_aead_verify() and it has returned #PSA_SUCCESS,
+    ///          treat the input as untrusted and prepare to undo any action that
+    ///          depends on the input if psa_aead_verify() returns an error status.
+    ///
+    /// \param[in,out] operation     Active AEAD operation.
+    /// \param[in] input             Buffer containing the fragment of
+    ///                              additional data.
+    /// \param input_length          Size of the \p input buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The total input length overflows the additional data length that
+    ///         was previously specified with psa_aead_set_lengths().
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active, have a nonce
+    ///         set, have lengths set if required by the algorithm, and
+    ///         psa_aead_update() must not have been called yet), or the library
+    ///         has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_update_ad(
+        operation: *mut psa_aead_operation_t,
+        input: *const u8,
+        input_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Encrypt or decrypt a message fragment in an active AEAD operation.
+    ///
+    /// Before calling this function, you must:
+    /// 1. Call either psa_aead_encrypt_setup() or psa_aead_decrypt_setup().
+    ///    The choice of setup function determines whether this function
+    ///    encrypts or decrypts its input.
+    /// 2. Set the nonce with psa_aead_generate_nonce() or psa_aead_set_nonce().
+    /// 3. Call psa_aead_update_ad() to pass all the additional data.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_aead_abort().
+    ///
+    /// \warning When decrypting, until psa_aead_verify() has returned #PSA_SUCCESS,
+    ///          there is no guarantee that the input is valid. Therefore, until
+    ///          you have called psa_aead_verify() and it has returned #PSA_SUCCESS:
+    ///          - Do not use the output in any way other than storing it in a
+    ///            confidential location. If you take any action that depends
+    ///            on the tentative decrypted data, this action will need to be
+    ///            undone if the input turns out not to be valid. Furthermore,
+    ///            if an adversary can observe that this action took place
+    ///            (for example through timing), they may be able to use this
+    ///            fact as an oracle to decrypt any message encrypted with the
+    ///            same key.
+    ///          - In particular, do not copy the output anywhere but to a
+    ///            memory or storage space that you have exclusive access to.
+    ///
+    /// This function does not require the input to be aligned to any
+    /// particular block boundary. If the implementation can only process
+    /// a whole block at a time, it must consume all the input provided, but
+    /// it may delay the end of the corresponding output until a subsequent
+    /// call to psa_aead_update(), psa_aead_finish() or psa_aead_verify()
+    /// provides sufficient input. The amount of data that can be delayed
+    /// in this way is bounded by #PSA_AEAD_UPDATE_OUTPUT_SIZE.
+    ///
+    /// \param[in,out] operation     Active AEAD operation.
+    /// \param[in] input             Buffer containing the message fragment to
+    ///                              encrypt or decrypt.
+    /// \param input_length          Size of the \p input buffer in bytes.
+    /// \param[out] output           Buffer where the output is to be written.
+    /// \param output_size           Size of the \p output buffer in bytes.
+    ///                              This must be appropriate for the selected
+    ///                                algorithm and key:
+    ///                                - A sufficient output size is
+    ///                                  #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c key_type,
+    ///                                  \c alg, \p input_length) where
+    ///                                  \c key_type is the type of key and \c alg is
+    ///                                  the algorithm that were used to set up the
+    ///                                  operation.
+    ///                                - #PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(\p
+    ///                                  input_length) evaluates to the maximum
+    ///                                  output size of any supported AEAD
+    ///                                  algorithm.
+    /// \param[out] output_length    On success, the number of bytes
+    ///                              that make up the returned output.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p output buffer is too small.
+    ///         #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c key_type, \c alg, \p input_length) or
+    ///         #PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(\p input_length) can be used to
+    ///         determine the required buffer size.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The total length of input to psa_aead_update_ad() so far is
+    ///         less than the additional data length that was previously
+    ///         specified with psa_aead_set_lengths(), or
+    ///         the total input length overflows the plaintext length that
+    ///         was previously specified with psa_aead_set_lengths().
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active, have a nonce
+    ///         set, and have lengths set if required by the algorithm), or the
+    ///         library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_update(
+        operation: *mut psa_aead_operation_t,
+        input: *const u8,
+        input_length: usize,
+        output: *mut u8,
+        output_size: usize,
+        output_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Finish encrypting a message in an AEAD operation.
+    ///
+    /// The operation must have been set up with psa_aead_encrypt_setup().
+    ///
+    /// This function finishes the authentication of the additional data
+    /// formed by concatenating the inputs passed to preceding calls to
+    /// psa_aead_update_ad() with the plaintext formed by concatenating the
+    /// inputs passed to preceding calls to psa_aead_update().
+    ///
+    /// This function has two output buffers:
+    /// - \p ciphertext contains trailing ciphertext that was buffered from
+    ///   preceding calls to psa_aead_update().
+    /// - \p tag contains the authentication tag.
+    ///
+    /// When this function returns successfully, the operation becomes inactive.
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_aead_abort().
+    ///
+    /// \param[in,out] operation     Active AEAD operation.
+    /// \param[out] ciphertext       Buffer where the last part of the ciphertext
+    ///                              is to be written.
+    /// \param ciphertext_size       Size of the \p ciphertext buffer in bytes.
+    ///                              This must be appropriate for the selected
+    ///                              algorithm and key:
+    ///                              - A sufficient output size is
+    ///                                #PSA_AEAD_FINISH_OUTPUT_SIZE(\c key_type,
+    ///                                \c alg) where \c key_type is the type of key
+    ///                                and \c alg is the algorithm that were used to
+    ///                                set up the operation.
+    ///                              - #PSA_AEAD_FINISH_OUTPUT_MAX_SIZE evaluates to
+    ///                                the maximum output size of any supported AEAD
+    ///                                algorithm.
+    /// \param[out] ciphertext_length On success, the number of bytes of
+    ///                              returned ciphertext.
+    /// \param[out] tag              Buffer where the authentication tag is
+    ///                              to be written.
+    /// \param tag_size              Size of the \p tag buffer in bytes.
+    ///                              This must be appropriate for the selected
+    ///                              algorithm and key:
+    ///                              - The exact tag size is #PSA_AEAD_TAG_LENGTH(\c
+    ///                                key_type, \c key_bits, \c alg) where
+    ///                                \c key_type and \c key_bits are the type and
+    ///                                bit-size of the key, and \c alg is the
+    ///                                algorithm that were used in the call to
+    ///                                psa_aead_encrypt_setup().
+    ///                              - #PSA_AEAD_TAG_MAX_SIZE evaluates to the
+    ///                                maximum tag size of any supported AEAD
+    ///                                algorithm.
+    /// \param[out] tag_length       On success, the number of bytes
+    ///                              that make up the returned tag.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p ciphertext or \p tag buffer is too small.
+    ///         #PSA_AEAD_FINISH_OUTPUT_SIZE(\c key_type, \c alg) or
+    ///         #PSA_AEAD_FINISH_OUTPUT_MAX_SIZE can be used to determine the
+    ///         required \p ciphertext buffer size. #PSA_AEAD_TAG_LENGTH(\c key_type,
+    ///         \c key_bits, \c alg) or #PSA_AEAD_TAG_MAX_SIZE can be used to
+    ///         determine the required \p tag buffer size.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The total length of input to psa_aead_update_ad() so far is
+    ///         less than the additional data length that was previously
+    ///         specified with psa_aead_set_lengths(), or
+    ///         the total length of input to psa_aead_update() so far is
+    ///         less than the plaintext length that was previously
+    ///         specified with psa_aead_set_lengths().
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be an active encryption
+    ///         operation with a nonce set), or the library has not been previously
+    ///         initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_finish(
+        operation: *mut psa_aead_operation_t,
+        ciphertext: *mut u8,
+        ciphertext_size: usize,
+        ciphertext_length: *mut usize,
+        tag: *mut u8,
+        tag_size: usize,
+        tag_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Finish authenticating and decrypting a message in an AEAD operation.
+    ///
+    /// The operation must have been set up with psa_aead_decrypt_setup().
+    ///
+    /// This function finishes the authenticated decryption of the message
+    /// components:
+    ///
+    /// -  The additional data consisting of the concatenation of the inputs
+    ///    passed to preceding calls to psa_aead_update_ad().
+    /// -  The ciphertext consisting of the concatenation of the inputs passed to
+    ///    preceding calls to psa_aead_update().
+    /// -  The tag passed to this function call.
+    ///
+    /// If the authentication tag is correct, this function outputs any remaining
+    /// plaintext and reports success. If the authentication tag is not correct,
+    /// this function returns #PSA_ERROR_INVALID_SIGNATURE.
+    ///
+    /// When this function returns successfully, the operation becomes inactive.
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_aead_abort().
+    ///
+    /// \note Implementations shall make the best effort to ensure that the
+    /// comparison between the actual tag and the expected tag is performed
+    /// in constant time.
+    ///
+    /// \param[in,out] operation     Active AEAD operation.
+    /// \param[out] plaintext        Buffer where the last part of the plaintext
+    ///                              is to be written. This is the remaining data
+    ///                              from previous calls to psa_aead_update()
+    ///                              that could not be processed until the end
+    ///                              of the input.
+    /// \param plaintext_size        Size of the \p plaintext buffer in bytes.
+    ///                              This must be appropriate for the selected algorithm and key:
+    ///                              - A sufficient output size is
+    ///                                #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c key_type,
+    ///                                \c alg) where \c key_type is the type of key
+    ///                                and \c alg is the algorithm that were used to
+    ///                                set up the operation.
+    ///                              - #PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE evaluates to
+    ///                                the maximum output size of any supported AEAD
+    ///                                algorithm.
+    /// \param[out] plaintext_length On success, the number of bytes of
+    ///                              returned plaintext.
+    /// \param[in] tag               Buffer containing the authentication tag.
+    /// \param tag_length            Size of the \p tag buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The calculations were successful, but the authentication tag is
+    ///         not correct.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p plaintext buffer is too small.
+    ///         #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c key_type, \c alg) or
+    ///         #PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE can be used to determine the
+    ///         required buffer size.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The total length of input to psa_aead_update_ad() so far is
+    ///         less than the additional data length that was previously
+    ///         specified with psa_aead_set_lengths(), or
+    ///         the total length of input to psa_aead_update() so far is
+    ///         less than the plaintext length that was previously
+    ///         specified with psa_aead_set_lengths().
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be an active decryption
+    ///         operation with a nonce set), or the library has not been previously
+    ///         initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_verify(
+        operation: *mut psa_aead_operation_t,
+        plaintext: *mut u8,
+        plaintext_size: usize,
+        plaintext_length: *mut usize,
+        tag: *const u8,
+        tag_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Abort an AEAD operation.
+    ///
+    /// Aborting an operation frees all associated resources except for the
+    /// \p operation structure itself. Once aborted, the operation object
+    /// can be reused for another operation by calling
+    /// psa_aead_encrypt_setup() or psa_aead_decrypt_setup() again.
+    ///
+    /// You may call this function any time after the operation object has
+    /// been initialized as described in #psa_aead_operation_t.
+    ///
+    /// In particular, calling psa_aead_abort() after the operation has been
+    /// terminated by a call to psa_aead_abort(), psa_aead_finish() or
+    /// psa_aead_verify() is safe and has no effect.
+    ///
+    /// \param[in,out] operation     Initialized AEAD operation.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_abort(operation: *mut psa_aead_operation_t) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Sign a message with a private key. For hash-and-sign algorithms,
+    ///        this includes the hashing step.
+    ///
+    /// \note To perform a multi-part hash-and-sign signature algorithm, first use
+    ///       a multi-part hash operation and then pass the resulting hash to
+    ///       psa_sign_hash(). PSA_ALG_GET_HASH(\p alg) can be used to determine the
+    ///       hash algorithm to use.
+    ///
+    /// \param[in]  key              Identifier of the key to use for the operation.
+    ///                              It must be an asymmetric key pair. The key must
+    ///                              allow the usage #PSA_KEY_USAGE_SIGN_MESSAGE.
+    /// \param[in]  alg              An asymmetric signature algorithm (PSA_ALG_XXX
+    ///                              value such that #PSA_ALG_IS_SIGN_MESSAGE(\p alg)
+    ///                              is true), that is compatible with the type of
+    ///                              \p key.
+    /// \param[in]  input            The input message to sign.
+    /// \param[in]  input_length     Size of the \p input buffer in bytes.
+    /// \param[out] signature        Buffer where the signature is to be written.
+    /// \param[in]  signature_size   Size of the \p signature buffer in bytes. This
+    ///                              must be appropriate for the selected
+    ///                              algorithm and key:
+    ///                              - The required signature size is
+    ///                                #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
+    ///                                where \c key_type and \c key_bits are the type and
+    ///                                bit-size respectively of key.
+    ///                              - #PSA_SIGNATURE_MAX_SIZE evaluates to the
+    ///                                maximum signature size of any supported
+    ///                                signature algorithm.
+    /// \param[out] signature_length On success, the number of bytes that make up
+    ///                              the returned signature value.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The key does not have the #PSA_KEY_USAGE_SIGN_MESSAGE flag,
+    ///         or it does not permit the requested algorithm.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p signature buffer is too small. You can
+    ///         determine a sufficient buffer size by calling
+    ///         #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
+    ///         where \c key_type and \c key_bits are the type and bit-size
+    ///         respectively of \p key.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_sign_message(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        input: *const u8,
+        input_length: usize,
+        signature: *mut u8,
+        signature_size: usize,
+        signature_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Verify the signature of a message with a public key, using
+    ///         a hash-and-sign verification algorithm.
+    ///
+    /// \note To perform a multi-part hash-and-sign signature verification
+    ///       algorithm, first use a multi-part hash operation to hash the message
+    ///       and then pass the resulting hash to psa_verify_hash().
+    ///       PSA_ALG_GET_HASH(\p alg) can be used to determine the hash algorithm
+    ///       to use.
+    ///
+    /// \param[in]  key              Identifier of the key to use for the operation.
+    ///                              It must be a public key or an asymmetric key
+    ///                              pair. The key must allow the usage
+    ///                              #PSA_KEY_USAGE_VERIFY_MESSAGE.
+    /// \param[in]  alg              An asymmetric signature algorithm (PSA_ALG_XXX
+    ///                              value such that #PSA_ALG_IS_SIGN_MESSAGE(\p alg)
+    ///                              is true), that is compatible with the type of
+    ///                              \p key.
+    /// \param[in]  input            The message whose signature is to be verified.
+    /// \param[in]  input_length     Size of the \p input buffer in bytes.
+    /// \param[out] signature        Buffer containing the signature to verify.
+    /// \param[in]  signature_length Size of the \p signature buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The key does not have the #PSA_KEY_USAGE_SIGN_MESSAGE flag,
+    ///         or it does not permit the requested algorithm.
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The calculation was performed successfully, but the passed signature
+    ///         is not a valid signature.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_verify_message(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        input: *const u8,
+        input_length: usize,
+        signature: *const u8,
+        signature_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Sign a hash or short message with a private key.
+    ///
+    /// Note that to perform a hash-and-sign signature algorithm, you must
+    /// first calculate the hash by calling psa_hash_setup(), psa_hash_update()
+    /// and psa_hash_finish(), or alternatively by calling psa_hash_compute().
+    /// Then pass the resulting hash as the \p hash
+    /// parameter to this function. You can use #PSA_ALG_SIGN_GET_HASH(\p alg)
+    /// to determine the hash algorithm to use.
+    ///
+    /// \param key                   Identifier of the key to use for the operation.
+    ///                              It must be an asymmetric key pair. The key must
+    ///                              allow the usage #PSA_KEY_USAGE_SIGN_HASH.
+    /// \param alg                   A signature algorithm (PSA_ALG_XXX
+    ///                              value such that #PSA_ALG_IS_SIGN_HASH(\p alg)
+    ///                              is true), that is compatible with
+    ///                              the type of \p key.
+    /// \param[in] hash              The hash or message to sign.
+    /// \param hash_length           Size of the \p hash buffer in bytes.
+    /// \param[out] signature        Buffer where the signature is to be written.
+    /// \param signature_size        Size of the \p signature buffer in bytes.
+    /// \param[out] signature_length On success, the number of bytes
+    ///                              that make up the returned signature value.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p signature buffer is too small. You can
+    ///         determine a sufficient buffer size by calling
+    ///         #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
+    ///         where \c key_type and \c key_bits are the type and bit-size
+    ///         respectively of \p key.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_sign_hash(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        hash: *const u8,
+        hash_length: usize,
+        signature: *mut u8,
+        signature_size: usize,
+        signature_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Verify the signature of a hash or short message using a public key.
+    ///
+    /// Note that to perform a hash-and-sign signature algorithm, you must
+    /// first calculate the hash by calling psa_hash_setup(), psa_hash_update()
+    /// and psa_hash_finish(), or alternatively by calling psa_hash_compute().
+    /// Then pass the resulting hash as the \p hash
+    /// parameter to this function. You can use #PSA_ALG_SIGN_GET_HASH(\p alg)
+    /// to determine the hash algorithm to use.
+    ///
+    /// \param key               Identifier of the key to use for the operation. It
+    ///                          must be a public key or an asymmetric key pair. The
+    ///                          key must allow the usage
+    ///                          #PSA_KEY_USAGE_VERIFY_HASH.
+    /// \param alg               A signature algorithm (PSA_ALG_XXX
+    ///                          value such that #PSA_ALG_IS_SIGN_HASH(\p alg)
+    ///                          is true), that is compatible with
+    ///                          the type of \p key.
+    /// \param[in] hash          The hash or message whose signature is to be
+    ///                          verified.
+    /// \param hash_length       Size of the \p hash buffer in bytes.
+    /// \param[in] signature     Buffer containing the signature to verify.
+    /// \param signature_length  Size of the \p signature buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         The signature is valid.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The calculation was performed successfully, but the passed
+    ///         signature is not a valid signature.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_verify_hash(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        hash: *const u8,
+        hash_length: usize,
+        signature: *const u8,
+        signature_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Encrypt a short message with a public key.
+    ///
+    /// \param key                   Identifier of the key to use for the operation.
+    ///                              It must be a public key or an asymmetric key
+    ///                              pair. It must allow the usage
+    ///                              #PSA_KEY_USAGE_ENCRYPT.
+    /// \param alg                   An asymmetric encryption algorithm that is
+    ///                              compatible with the type of \p key.
+    /// \param[in] input             The message to encrypt.
+    /// \param input_length          Size of the \p input buffer in bytes.
+    /// \param[in] salt              A salt or label, if supported by the
+    ///                              encryption algorithm.
+    ///                              If the algorithm does not support a
+    ///                              salt, pass \c NULL.
+    ///                              If the algorithm supports an optional
+    ///                              salt and you do not want to pass a salt,
+    ///                              pass \c NULL.
+    ///
+    ///                              - For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is
+    ///                                supported.
+    /// \param salt_length           Size of the \p salt buffer in bytes.
+    ///                              If \p salt is \c NULL, pass 0.
+    /// \param[out] output           Buffer where the encrypted message is to
+    ///                              be written.
+    /// \param output_size           Size of the \p output buffer in bytes.
+    /// \param[out] output_length    On success, the number of bytes
+    ///                              that make up the returned output.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p output buffer is too small. You can
+    ///         determine a sufficient buffer size by calling
+    ///         #PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
+    ///         where \c key_type and \c key_bits are the type and bit-size
+    ///         respectively of \p key.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_asymmetric_encrypt(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        input: *const u8,
+        input_length: usize,
+        salt: *const u8,
+        salt_length: usize,
+        output: *mut u8,
+        output_size: usize,
+        output_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Decrypt a short message with a private key.
+    ///
+    /// \param key                   Identifier of the key to use for the operation.
+    ///                              It must be an asymmetric key pair. It must
+    ///                              allow the usage #PSA_KEY_USAGE_DECRYPT.
+    /// \param alg                   An asymmetric encryption algorithm that is
+    ///                              compatible with the type of \p key.
+    /// \param[in] input             The message to decrypt.
+    /// \param input_length          Size of the \p input buffer in bytes.
+    /// \param[in] salt              A salt or label, if supported by the
+    ///                              encryption algorithm.
+    ///                              If the algorithm does not support a
+    ///                              salt, pass \c NULL.
+    ///                              If the algorithm supports an optional
+    ///                              salt and you do not want to pass a salt,
+    ///                              pass \c NULL.
+    ///
+    ///                              - For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is
+    ///                                supported.
+    /// \param salt_length           Size of the \p salt buffer in bytes.
+    ///                              If \p salt is \c NULL, pass 0.
+    /// \param[out] output           Buffer where the decrypted message is to
+    ///                              be written.
+    /// \param output_size           Size of the \c output buffer in bytes.
+    /// \param[out] output_length    On success, the number of bytes
+    ///                              that make up the returned output.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p output buffer is too small. You can
+    ///         determine a sufficient buffer size by calling
+    ///         #PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
+    ///         where \c key_type and \c key_bits are the type and bit-size
+    ///         respectively of \p key.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+    /// \retval #PSA_ERROR_INVALID_PADDING \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_asymmetric_decrypt(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        input: *const u8,
+        input_length: usize,
+        salt: *const u8,
+        salt_length: usize,
+        output: *mut u8,
+        output_size: usize,
+        output_length: *mut usize,
+    ) -> psa_status_t;
+}
+/// The type of the state data structure for key derivation operations.
+///
+/// Before calling any function on a key derivation operation object, the
+/// application must initialize it by any of the following means:
+/// - Set the structure to all-bits-zero, for example:
+///   \code
+///   psa_key_derivation_operation_t operation;
+///   memset(&operation, 0, sizeof(operation));
+///   \endcode
+/// - Initialize the structure to logical zero values, for example:
+///   \code
+///   psa_key_derivation_operation_t operation = {0};
+///   \endcode
+/// - Initialize the structure to the initializer #PSA_KEY_DERIVATION_OPERATION_INIT,
+///   for example:
+///   \code
+///   psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+///   \endcode
+/// - Assign the result of the function psa_key_derivation_operation_init()
+///   to the structure, for example:
+///   \code
+///   psa_key_derivation_operation_t operation;
+///   operation = psa_key_derivation_operation_init();
+///   \endcode
+///
+/// This is an implementation-defined \c struct. Applications should not
+/// make any assumptions about the content of this structure.
+/// Implementation details can change in future versions without notice.
+pub type psa_key_derivation_operation_t = psa_key_derivation_s;
+extern "C" {
+    /// Set up a key derivation operation.
+    ///
+    /// A key derivation algorithm takes some inputs and uses them to generate
+    /// a byte stream in a deterministic way.
+    /// This byte stream can be used to produce keys and other
+    /// cryptographic material.
+    ///
+    /// To derive a key:
+    /// -# Start with an initialized object of type #psa_key_derivation_operation_t.
+    /// -# Call psa_key_derivation_setup() to select the algorithm.
+    /// -# Provide the inputs for the key derivation by calling
+    ///    psa_key_derivation_input_bytes() or psa_key_derivation_input_key()
+    ///    as appropriate. Which inputs are needed, in what order, and whether
+    ///    they may be keys and if so of what type depends on the algorithm.
+    /// -# Optionally set the operation's maximum capacity with
+    ///    psa_key_derivation_set_capacity(). You may do this before, in the middle
+    ///    of or after providing inputs. For some algorithms, this step is mandatory
+    ///    because the output depends on the maximum capacity.
+    /// -# To derive a key, call psa_key_derivation_output_key().
+    ///    To derive a byte string for a different purpose, call
+    ///    psa_key_derivation_output_bytes().
+    ///    Successive calls to these functions use successive output bytes
+    ///    calculated by the key derivation algorithm.
+    /// -# Clean up the key derivation operation object with
+    ///    psa_key_derivation_abort().
+    ///
+    /// If this function returns an error, the key derivation operation object is
+    /// not changed.
+    ///
+    /// If an error occurs at any step after a call to psa_key_derivation_setup(),
+    /// the operation will need to be reset by a call to psa_key_derivation_abort().
+    ///
+    /// Implementations must reject an attempt to derive a key of size 0.
+    ///
+    /// \param[in,out] operation       The key derivation operation object
+    ///                                to set up. It must
+    ///                                have been initialized but not set up yet.
+    /// \param alg                     The key derivation algorithm to compute
+    ///                                (\c PSA_ALG_XXX value such that
+    ///                                #PSA_ALG_IS_KEY_DERIVATION(\p alg) is true).
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \c alg is not a key derivation algorithm.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \c alg is not supported or is not a key derivation algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be inactive), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_setup(
+        operation: *mut psa_key_derivation_operation_t,
+        alg: psa_algorithm_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Retrieve the current capacity of a key derivation operation.
+    ///
+    /// The capacity of a key derivation is the maximum number of bytes that it can
+    /// return. When you get *N* bytes of output from a key derivation operation,
+    /// this reduces its capacity by *N*.
+    ///
+    /// \param[in] operation     The operation to query.
+    /// \param[out] capacity     On success, the capacity of the operation.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_get_capacity(
+        operation: *const psa_key_derivation_operation_t,
+        capacity: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Set the maximum capacity of a key derivation operation.
+    ///
+    /// The capacity of a key derivation operation is the maximum number of bytes
+    /// that the key derivation operation can return from this point onwards.
+    ///
+    /// \param[in,out] operation The key derivation operation object to modify.
+    /// \param capacity          The new capacity of the operation.
+    ///                          It must be less or equal to the operation's
+    ///                          current capacity.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p capacity is larger than the operation's current capacity.
+    ///         In this case, the operation object remains valid and its capacity
+    ///         remains unchanged.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active), or the
+    ///         library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_set_capacity(
+        operation: *mut psa_key_derivation_operation_t,
+        capacity: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Provide an input for key derivation or key agreement.
+    ///
+    /// Which inputs are required and in what order depends on the algorithm.
+    /// Refer to the documentation of each key derivation or key agreement
+    /// algorithm for information.
+    ///
+    /// This function passes direct inputs, which is usually correct for
+    /// non-secret inputs. To pass a secret input, which should be in a key
+    /// object, call psa_key_derivation_input_key() instead of this function.
+    /// Refer to the documentation of individual step types
+    /// (`PSA_KEY_DERIVATION_INPUT_xxx` values of type ::psa_key_derivation_step_t)
+    /// for more information.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_key_derivation_abort().
+    ///
+    /// \param[in,out] operation       The key derivation operation object to use.
+    ///                                It must have been set up with
+    ///                                psa_key_derivation_setup() and must not
+    ///                                have produced any output yet.
+    /// \param step                    Which step the input data is for.
+    /// \param[in] data                Input data to use.
+    /// \param data_length             Size of the \p data buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \c step is not compatible with the operation's algorithm, or
+    ///         \c step does not allow direct inputs.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid for this input \p step, or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_input_bytes(
+        operation: *mut psa_key_derivation_operation_t,
+        step: psa_key_derivation_step_t,
+        data: *const u8,
+        data_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Provide a numeric input for key derivation or key agreement.
+    ///
+    /// Which inputs are required and in what order depends on the algorithm.
+    /// However, when an algorithm requires a particular order, numeric inputs
+    /// usually come first as they tend to be configuration parameters.
+    /// Refer to the documentation of each key derivation or key agreement
+    /// algorithm for information.
+    ///
+    /// This function is used for inputs which are fixed-size non-negative
+    /// integers.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_key_derivation_abort().
+    ///
+    /// \param[in,out] operation       The key derivation operation object to use.
+    ///                                It must have been set up with
+    ///                                psa_key_derivation_setup() and must not
+    ///                                have produced any output yet.
+    /// \param step                    Which step the input data is for.
+    /// \param[in] value               The value of the numeric input.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \c step is not compatible with the operation's algorithm, or
+    ///         \c step does not allow numeric inputs.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid for this input \p step, or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_input_integer(
+        operation: *mut psa_key_derivation_operation_t,
+        step: psa_key_derivation_step_t,
+        value: u64,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Provide an input for key derivation in the form of a key.
+    ///
+    /// Which inputs are required and in what order depends on the algorithm.
+    /// Refer to the documentation of each key derivation or key agreement
+    /// algorithm for information.
+    ///
+    /// This function obtains input from a key object, which is usually correct for
+    /// secret inputs or for non-secret personalization strings kept in the key
+    /// store. To pass a non-secret parameter which is not in the key store,
+    /// call psa_key_derivation_input_bytes() instead of this function.
+    /// Refer to the documentation of individual step types
+    /// (`PSA_KEY_DERIVATION_INPUT_xxx` values of type ::psa_key_derivation_step_t)
+    /// for more information.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_key_derivation_abort().
+    ///
+    /// \param[in,out] operation       The key derivation operation object to use.
+    ///                                It must have been set up with
+    ///                                psa_key_derivation_setup() and must not
+    ///                                have produced any output yet.
+    /// \param step                    Which step the input data is for.
+    /// \param key                     Identifier of the key. It must have an
+    ///                                appropriate type for step and must allow the
+    ///                                usage #PSA_KEY_USAGE_DERIVE or
+    ///                                #PSA_KEY_USAGE_VERIFY_DERIVATION (see note)
+    ///                                and the algorithm used by the operation.
+    ///
+    /// \note Once all inputs steps are completed, the operations will allow:
+    /// - psa_key_derivation_output_bytes() if each input was either a direct input
+    ///   or  a key with #PSA_KEY_USAGE_DERIVE set;
+    /// - psa_key_derivation_output_key() if the input for step
+    ///   #PSA_KEY_DERIVATION_INPUT_SECRET or #PSA_KEY_DERIVATION_INPUT_PASSWORD
+    ///   was from a key slot with #PSA_KEY_USAGE_DERIVE and each other input was
+    ///   either a direct input or a key with #PSA_KEY_USAGE_DERIVE set;
+    /// - psa_key_derivation_verify_bytes() if each input was either a direct input
+    ///   or  a key with #PSA_KEY_USAGE_VERIFY_DERIVATION set;
+    /// - psa_key_derivation_verify_key() under the same conditions as
+    ///   psa_key_derivation_verify_bytes().
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The key allows neither #PSA_KEY_USAGE_DERIVE nor
+    ///         #PSA_KEY_USAGE_VERIFY_DERIVATION, or it doesn't allow this
+    ///         algorithm.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \c step is not compatible with the operation's algorithm, or
+    ///         \c step does not allow key inputs of the given type
+    ///         or does not allow key inputs at all.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid for this input \p step, or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_input_key(
+        operation: *mut psa_key_derivation_operation_t,
+        step: psa_key_derivation_step_t,
+        key: mbedtls_svc_key_id_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Perform a key agreement and use the shared secret as input to a key
+    /// derivation.
+    ///
+    /// A key agreement algorithm takes two inputs: a private key \p private_key
+    /// a public key \p peer_key.
+    /// The result of this function is passed as input to a key derivation.
+    /// The output of this key derivation can be extracted by reading from the
+    /// resulting operation to produce keys and other cryptographic material.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_key_derivation_abort().
+    ///
+    /// \param[in,out] operation       The key derivation operation object to use.
+    ///                                It must have been set up with
+    ///                                psa_key_derivation_setup() with a
+    ///                                key agreement and derivation algorithm
+    ///                                \c alg (\c PSA_ALG_XXX value such that
+    ///                                #PSA_ALG_IS_KEY_AGREEMENT(\c alg) is true
+    ///                                and #PSA_ALG_IS_RAW_KEY_AGREEMENT(\c alg)
+    ///                                is false).
+    ///                                The operation must be ready for an
+    ///                                input of the type given by \p step.
+    /// \param step                    Which step the input data is for.
+    /// \param private_key             Identifier of the private key to use. It must
+    ///                                allow the usage #PSA_KEY_USAGE_DERIVE.
+    /// \param[in] peer_key      Public key of the peer. The peer key must be in the
+    ///                          same format that psa_import_key() accepts for the
+    ///                          public key type corresponding to the type of
+    ///                          private_key. That is, this function performs the
+    ///                          equivalent of
+    ///                          #psa_import_key(...,
+    ///                          `peer_key`, `peer_key_length`) where
+    ///                          with key attributes indicating the public key
+    ///                          type corresponding to the type of `private_key`.
+    ///                          For example, for EC keys, this means that peer_key
+    ///                          is interpreted as a point on the curve that the
+    ///                          private key is on. The standard formats for public
+    ///                          keys are documented in the documentation of
+    ///                          psa_export_public_key().
+    /// \param peer_key_length         Size of \p peer_key in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \c private_key is not compatible with \c alg,
+    ///         or \p peer_key is not valid for \c alg or not compatible with
+    ///         \c private_key, or \c step does not allow an input resulting
+    ///         from a key agreement.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \c alg is not supported or is not a key derivation algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid for this key agreement \p step,
+    ///         or the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_key_agreement(
+        operation: *mut psa_key_derivation_operation_t,
+        step: psa_key_derivation_step_t,
+        private_key: mbedtls_svc_key_id_t,
+        peer_key: *const u8,
+        peer_key_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Read some data from a key derivation operation.
+    ///
+    /// This function calculates output bytes from a key derivation algorithm and
+    /// return those bytes.
+    /// If you view the key derivation's output as a stream of bytes, this
+    /// function destructively reads the requested number of bytes from the
+    /// stream.
+    /// The operation's capacity decreases by the number of bytes read.
+    ///
+    /// If this function returns an error status other than
+    /// #PSA_ERROR_INSUFFICIENT_DATA, the operation enters an error
+    /// state and must be aborted by calling psa_key_derivation_abort().
+    ///
+    /// \param[in,out] operation The key derivation operation object to read from.
+    /// \param[out] output       Buffer where the output will be written.
+    /// \param output_length     Number of bytes to output.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         One of the inputs was a key whose policy didn't allow
+    ///         #PSA_KEY_USAGE_DERIVE.
+    /// \retval #PSA_ERROR_INSUFFICIENT_DATA
+    ///                          The operation's capacity was less than
+    ///                          \p output_length bytes. Note that in this case,
+    ///                          no output is written to the output buffer.
+    ///                          The operation's capacity is set to 0, thus
+    ///                          subsequent calls to this function will not
+    ///                          succeed, even with a smaller output buffer.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active and completed
+    ///         all required input steps), or the library has not been previously
+    ///         initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_output_bytes(
+        operation: *mut psa_key_derivation_operation_t,
+        output: *mut u8,
+        output_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Derive a key from an ongoing key derivation operation.
+    ///
+    /// This function calculates output bytes from a key derivation algorithm
+    /// and uses those bytes to generate a key deterministically.
+    /// The key's location, usage policy, type and size are taken from
+    /// \p attributes.
+    ///
+    /// If you view the key derivation's output as a stream of bytes, this
+    /// function destructively reads as many bytes as required from the
+    /// stream.
+    /// The operation's capacity decreases by the number of bytes read.
+    ///
+    /// If this function returns an error status other than
+    /// #PSA_ERROR_INSUFFICIENT_DATA, the operation enters an error
+    /// state and must be aborted by calling psa_key_derivation_abort().
+    ///
+    /// How much output is produced and consumed from the operation, and how
+    /// the key is derived, depends on the key type and on the key size
+    /// (denoted \c bits below):
+    ///
+    /// - For key types for which the key is an arbitrary sequence of bytes
+    ///   of a given size, this function is functionally equivalent to
+    ///   calling #psa_key_derivation_output_bytes
+    ///   and passing the resulting output to #psa_import_key.
+    ///   However, this function has a security benefit:
+    ///   if the implementation provides an isolation boundary then
+    ///   the key material is not exposed outside the isolation boundary.
+    ///   As a consequence, for these key types, this function always consumes
+    ///   exactly (\c bits / 8) bytes from the operation.
+    ///   The following key types defined in this specification follow this scheme:
+    ///
+    ///     - #PSA_KEY_TYPE_AES;
+    ///     - #PSA_KEY_TYPE_ARIA;
+    ///     - #PSA_KEY_TYPE_CAMELLIA;
+    ///     - #PSA_KEY_TYPE_DERIVE;
+    ///     - #PSA_KEY_TYPE_HMAC;
+    ///     - #PSA_KEY_TYPE_PASSWORD_HASH.
+    ///
+    /// - For ECC keys on a Montgomery elliptic curve
+    ///   (#PSA_KEY_TYPE_ECC_KEY_PAIR(\c curve) where \c curve designates a
+    ///   Montgomery curve), this function always draws a byte string whose
+    ///   length is determined by the curve, and sets the mandatory bits
+    ///   accordingly. That is:
+    ///
+    ///     - Curve25519 (#PSA_ECC_FAMILY_MONTGOMERY, 255 bits): draw a 32-byte
+    ///       string and process it as specified in RFC 7748 &sect;5.
+    ///     - Curve448 (#PSA_ECC_FAMILY_MONTGOMERY, 448 bits): draw a 56-byte
+    ///       string and process it as specified in RFC 7748 &sect;5.
+    ///
+    /// - For key types for which the key is represented by a single sequence of
+    ///   \c bits bits with constraints as to which bit sequences are acceptable,
+    ///   this function draws a byte string of length (\c bits / 8) bytes rounded
+    ///   up to the nearest whole number of bytes. If the resulting byte string
+    ///   is acceptable, it becomes the key, otherwise the drawn bytes are discarded.
+    ///   This process is repeated until an acceptable byte string is drawn.
+    ///   The byte string drawn from the operation is interpreted as specified
+    ///   for the output produced by psa_export_key().
+    ///   The following key types defined in this specification follow this scheme:
+    ///
+    ///     - #PSA_KEY_TYPE_DES.
+    ///       Force-set the parity bits, but discard forbidden weak keys.
+    ///       For 2-key and 3-key triple-DES, the three keys are generated
+    ///       successively (for example, for 3-key triple-DES,
+    ///       if the first 8 bytes specify a weak key and the next 8 bytes do not,
+    ///       discard the first 8 bytes, use the next 8 bytes as the first key,
+    ///       and continue reading output from the operation to derive the other
+    ///       two keys).
+    ///     - Finite-field Diffie-Hellman keys (#PSA_KEY_TYPE_DH_KEY_PAIR(\c group)
+    ///       where \c group designates any Diffie-Hellman group) and
+    ///       ECC keys on a Weierstrass elliptic curve
+    ///       (#PSA_KEY_TYPE_ECC_KEY_PAIR(\c curve) where \c curve designates a
+    ///       Weierstrass curve).
+    ///       For these key types, interpret the byte string as integer
+    ///       in big-endian order. Discard it if it is not in the range
+    ///       [0, *N* - 2] where *N* is the boundary of the private key domain
+    ///       (the prime *p* for Diffie-Hellman, the subprime *q* for DSA,
+    ///       or the order of the curve's base point for ECC).
+    ///       Add 1 to the resulting integer and use this as the private key *x*.
+    ///       This method allows compliance to NIST standards, specifically
+    ///       the methods titled "key-pair generation by testing candidates"
+    ///       in NIST SP 800-56A &sect;5.6.1.1.4 for Diffie-Hellman,
+    ///       in FIPS 186-4 &sect;B.1.2 for DSA, and
+    ///       in NIST SP 800-56A &sect;5.6.1.2.2 or
+    ///       FIPS 186-4 &sect;B.4.2 for elliptic curve keys.
+    ///
+    /// - For other key types, including #PSA_KEY_TYPE_RSA_KEY_PAIR,
+    ///   the way in which the operation output is consumed is
+    ///   implementation-defined.
+    ///
+    /// In all cases, the data that is read is discarded from the operation.
+    /// The operation's capacity is decreased by the number of bytes read.
+    ///
+    /// For algorithms that take an input step #PSA_KEY_DERIVATION_INPUT_SECRET,
+    /// the input to that step must be provided with psa_key_derivation_input_key().
+    /// Future versions of this specification may include additional restrictions
+    /// on the derived key based on the attributes and strength of the secret key.
+    ///
+    /// \param[in] attributes    The attributes for the new key.
+    ///                          If the key type to be created is
+    ///                          #PSA_KEY_TYPE_PASSWORD_HASH then the algorithm in
+    ///                          the policy must be the same as in the current
+    ///                          operation.
+    /// \param[in,out] operation The key derivation operation object to read from.
+    /// \param[out] key          On success, an identifier for the newly created
+    ///                          key. For persistent keys, this is the key
+    ///                          identifier defined in \p attributes.
+    ///                          \c 0 on failure.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    ///         If the key is persistent, the key material and the key's metadata
+    ///         have been saved to persistent storage.
+    /// \retval #PSA_ERROR_ALREADY_EXISTS
+    ///         This is an attempt to create a persistent key, and there is
+    ///         already a persistent key with the given identifier.
+    /// \retval #PSA_ERROR_INSUFFICIENT_DATA
+    ///         There was not enough data to create the desired key.
+    ///         Note that in this case, no output is written to the output buffer.
+    ///         The operation's capacity is set to 0, thus subsequent calls to
+    ///         this function will not succeed, even with a smaller output buffer.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         The key type or key size is not supported, either by the
+    ///         implementation in general or in this particular location.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The provided key attributes are not valid for the operation.
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The #PSA_KEY_DERIVATION_INPUT_SECRET or
+    ///         #PSA_KEY_DERIVATION_INPUT_PASSWORD input was not provided through a
+    ///         key; or one of the inputs was a key whose policy didn't allow
+    ///         #PSA_KEY_USAGE_DERIVE.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active and completed
+    ///         all required input steps), or the library has not been previously
+    ///         initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_output_key(
+        attributes: *const psa_key_attributes_t,
+        operation: *mut psa_key_derivation_operation_t,
+        key: *mut mbedtls_svc_key_id_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Compare output data from a key derivation operation to an expected value.
+    ///
+    /// This function calculates output bytes from a key derivation algorithm and
+    /// compares those bytes to an expected value in constant time.
+    /// If you view the key derivation's output as a stream of bytes, this
+    /// function destructively reads the expected number of bytes from the
+    /// stream before comparing them.
+    /// The operation's capacity decreases by the number of bytes read.
+    ///
+    /// This is functionally equivalent to the following code:
+    /// \code
+    /// psa_key_derivation_output_bytes(operation, tmp, output_length);
+    /// if (memcmp(output, tmp, output_length) != 0)
+    ///     return PSA_ERROR_INVALID_SIGNATURE;
+    /// \endcode
+    /// except (1) it works even if the key's policy does not allow outputting the
+    /// bytes, and (2) the comparison will be done in constant time.
+    ///
+    /// If this function returns an error status other than
+    /// #PSA_ERROR_INSUFFICIENT_DATA or #PSA_ERROR_INVALID_SIGNATURE,
+    /// the operation enters an error state and must be aborted by calling
+    /// psa_key_derivation_abort().
+    ///
+    /// \param[in,out] operation The key derivation operation object to read from.
+    /// \param[in] expected_output Buffer containing the expected derivation output.
+    /// \param output_length     Length of the expected output; this is also the
+    ///                          number of bytes that will be read.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The output was read successfully, but it differs from the expected
+    ///         output.
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         One of the inputs was a key whose policy didn't allow
+    ///         #PSA_KEY_USAGE_VERIFY_DERIVATION.
+    /// \retval #PSA_ERROR_INSUFFICIENT_DATA
+    ///                          The operation's capacity was less than
+    ///                          \p output_length bytes. Note that in this case,
+    ///                          the operation's capacity is set to 0, thus
+    ///                          subsequent calls to this function will not
+    ///                          succeed, even with a smaller expected output.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active and completed
+    ///         all required input steps), or the library has not been previously
+    ///         initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_verify_bytes(
+        operation: *mut psa_key_derivation_operation_t,
+        expected_output: *const u8,
+        output_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Compare output data from a key derivation operation to an expected value
+    /// stored in a key object.
+    ///
+    /// This function calculates output bytes from a key derivation algorithm and
+    /// compares those bytes to an expected value, provided as key of type
+    /// #PSA_KEY_TYPE_PASSWORD_HASH.
+    /// If you view the key derivation's output as a stream of bytes, this
+    /// function destructively reads the number of bytes corresponding to the
+    /// length of the expected value from the stream before comparing them.
+    /// The operation's capacity decreases by the number of bytes read.
+    ///
+    /// This is functionally equivalent to exporting the key and calling
+    /// psa_key_derivation_verify_bytes() on the result, except that it
+    /// works even if the key cannot be exported.
+    ///
+    /// If this function returns an error status other than
+    /// #PSA_ERROR_INSUFFICIENT_DATA or #PSA_ERROR_INVALID_SIGNATURE,
+    /// the operation enters an error state and must be aborted by calling
+    /// psa_key_derivation_abort().
+    ///
+    /// \param[in,out] operation The key derivation operation object to read from.
+    /// \param[in] expected      A key of type #PSA_KEY_TYPE_PASSWORD_HASH
+    ///                          containing the expected output. Its policy must
+    ///                          include the #PSA_KEY_USAGE_VERIFY_DERIVATION flag
+    ///                          and the permitted algorithm must match the
+    ///                          operation. The value of this key was likely
+    ///                          computed by a previous call to
+    ///                          psa_key_derivation_output_key().
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The output was read successfully, but if differs from the expected
+    ///         output.
+    /// \retval #PSA_ERROR_INVALID_HANDLE
+    ///         The key passed as the expected value does not exist.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The key passed as the expected value has an invalid type.
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The key passed as the expected value does not allow this usage or
+    ///         this algorithm; or one of the inputs was a key whose policy didn't
+    ///         allow #PSA_KEY_USAGE_VERIFY_DERIVATION.
+    /// \retval #PSA_ERROR_INSUFFICIENT_DATA
+    ///                          The operation's capacity was less than
+    ///                          the length of the expected value. In this case,
+    ///                          the operation's capacity is set to 0, thus
+    ///                          subsequent calls to this function will not
+    ///                          succeed, even with a smaller expected output.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active and completed
+    ///         all required input steps), or the library has not been previously
+    ///         initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_verify_key(
+        operation: *mut psa_key_derivation_operation_t,
+        expected: psa_key_id_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Abort a key derivation operation.
+    ///
+    /// Aborting an operation frees all associated resources except for the \c
+    /// operation structure itself. Once aborted, the operation object can be reused
+    /// for another operation by calling psa_key_derivation_setup() again.
+    ///
+    /// This function may be called at any time after the operation
+    /// object has been initialized as described in #psa_key_derivation_operation_t.
+    ///
+    /// In particular, it is valid to call psa_key_derivation_abort() twice, or to
+    /// call psa_key_derivation_abort() on an operation that has not been set up.
+    ///
+    /// \param[in,out] operation    The operation to abort.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_abort(operation: *mut psa_key_derivation_operation_t)
+        -> psa_status_t;
+}
+extern "C" {
+    /// Perform a key agreement and return the raw shared secret.
+    ///
+    /// \warning The raw result of a key agreement algorithm such as finite-field
+    /// Diffie-Hellman or elliptic curve Diffie-Hellman has biases and should
+    /// not be used directly as key material. It should instead be passed as
+    /// input to a key derivation algorithm. To chain a key agreement with
+    /// a key derivation, use psa_key_derivation_key_agreement() and other
+    /// functions from the key derivation interface.
+    ///
+    /// \param alg                     The key agreement algorithm to compute
+    ///                                (\c PSA_ALG_XXX value such that
+    ///                                #PSA_ALG_IS_RAW_KEY_AGREEMENT(\p alg)
+    ///                                is true).
+    /// \param private_key             Identifier of the private key to use. It must
+    ///                                allow the usage #PSA_KEY_USAGE_DERIVE.
+    /// \param[in] peer_key            Public key of the peer. It must be
+    ///                                in the same format that psa_import_key()
+    ///                                accepts. The standard formats for public
+    ///                                keys are documented in the documentation
+    ///                                of psa_export_public_key().
+    /// \param peer_key_length         Size of \p peer_key in bytes.
+    /// \param[out] output             Buffer where the decrypted message is to
+    ///                                be written.
+    /// \param output_size             Size of the \c output buffer in bytes.
+    /// \param[out] output_length      On success, the number of bytes
+    ///                                that make up the returned output.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p alg is not a key agreement algorithm, or
+    ///         \p private_key is not compatible with \p alg,
+    ///         or \p peer_key is not valid for \p alg or not compatible with
+    ///         \p private_key.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         \p output_size is too small
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not a supported key agreement algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_raw_key_agreement(
+        alg: psa_algorithm_t,
+        private_key: mbedtls_svc_key_id_t,
+        peer_key: *const u8,
+        peer_key_length: usize,
+        output: *mut u8,
+        output_size: usize,
+        output_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Generate random bytes.
+    ///
+    /// \warning This function **can** fail! Callers MUST check the return status
+    ///          and MUST NOT use the content of the output buffer if the return
+    ///          status is not #PSA_SUCCESS.
+    ///
+    /// \note    To generate a key, use psa_generate_key() instead.
+    ///
+    /// \param[out] output       Output buffer for the generated data.
+    /// \param output_size       Number of bytes to generate and output.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_generate_random(output: *mut u8, output_size: usize) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Generate a key or key pair.
+    ///
+    /// The key is generated randomly.
+    /// Its location, usage policy, type and size are taken from \p attributes.
+    ///
+    /// Implementations must reject an attempt to generate a key of size 0.
+    ///
+    /// The following type-specific considerations apply:
+    /// - For RSA keys (#PSA_KEY_TYPE_RSA_KEY_PAIR),
+    ///   the public exponent is 65537.
+    ///   The modulus is a product of two probabilistic primes
+    ///   between 2^{n-1} and 2^n where n is the bit size specified in the
+    ///   attributes.
+    ///
+    /// \param[in] attributes    The attributes for the new key.
+    /// \param[out] key          On success, an identifier for the newly created
+    ///                          key. For persistent keys, this is the key
+    ///                          identifier defined in \p attributes.
+    ///                          \c 0 on failure.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    ///         If the key is persistent, the key material and the key's metadata
+    ///         have been saved to persistent storage.
+    /// \retval #PSA_ERROR_ALREADY_EXISTS
+    ///         This is an attempt to create a persistent key, and there is
+    ///         already a persistent key with the given identifier.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_generate_key(
+        attributes: *const psa_key_attributes_t,
+        key: *mut mbedtls_svc_key_id_t,
+    ) -> psa_status_t;
+}
+/// The type of the state data structure for interruptible hash
+///  signing operations.
+///
+/// Before calling any function on a sign hash operation object, the
+/// application must initialize it by any of the following means:
+/// - Set the structure to all-bits-zero, for example:
+///   \code
+///   psa_sign_hash_interruptible_operation_t operation;
+///   memset(&operation, 0, sizeof(operation));
+///   \endcode
+/// - Initialize the structure to logical zero values, for example:
+///   \code
+///   psa_sign_hash_interruptible_operation_t operation = {0};
+///   \endcode
+/// - Initialize the structure to the initializer
+///   #PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT, for example:
+///   \code
+///   psa_sign_hash_interruptible_operation_t operation =
+///   PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT;
+///   \endcode
+/// - Assign the result of the function
+///   psa_sign_hash_interruptible_operation_init() to the structure, for
+///   example:
+///   \code
+///   psa_sign_hash_interruptible_operation_t operation;
+///   operation = psa_sign_hash_interruptible_operation_init();
+///   \endcode
+///
+/// This is an implementation-defined \c struct. Applications should not
+/// make any assumptions about the content of this structure.
+/// Implementation details can change in future versions without notice.
+pub type psa_sign_hash_interruptible_operation_t = psa_sign_hash_interruptible_operation_s;
+/// The type of the state data structure for interruptible hash
+///  verification operations.
+///
+/// Before calling any function on a sign hash operation object, the
+/// application must initialize it by any of the following means:
+/// - Set the structure to all-bits-zero, for example:
+///   \code
+///   psa_verify_hash_interruptible_operation_t operation;
+///   memset(&operation, 0, sizeof(operation));
+///   \endcode
+/// - Initialize the structure to logical zero values, for example:
+///   \code
+///   psa_verify_hash_interruptible_operation_t operation = {0};
+///   \endcode
+/// - Initialize the structure to the initializer
+///   #PSA_VERIFY_HASH_INTERRUPTIBLE_OPERATION_INIT, for example:
+///   \code
+///   psa_verify_hash_interruptible_operation_t operation =
+///   PSA_VERIFY_HASH_INTERRUPTIBLE_OPERATION_INIT;
+///   \endcode
+/// - Assign the result of the function
+///   psa_verify_hash_interruptible_operation_init() to the structure, for
+///   example:
+///   \code
+///   psa_verify_hash_interruptible_operation_t operation;
+///   operation = psa_verify_hash_interruptible_operation_init();
+///   \endcode
+///
+/// This is an implementation-defined \c struct. Applications should not
+/// make any assumptions about the content of this structure.
+/// Implementation details can change in future versions without notice.
+pub type psa_verify_hash_interruptible_operation_t = psa_verify_hash_interruptible_operation_s;
+extern "C" {
+    /// \brief                       Set the maximum number of ops allowed to be
+    ///                              executed by an interruptible function in a
+    ///                              single call.
+    ///
+    /// \warning                     This is a beta API, and thus subject to change
+    ///                              at any point. It is not bound by the usual
+    ///                              interface stability promises.
+    ///
+    /// \note                        The time taken to execute a single op is
+    ///                              implementation specific and depends on
+    ///                              software, hardware, the algorithm, key type and
+    ///                              curve chosen. Even within a single operation,
+    ///                              successive ops can take differing amounts of
+    ///                              time. The only guarantee is that lower values
+    ///                              for \p max_ops means functions will block for a
+    ///                              lesser maximum amount of time. The functions
+    ///                              \c psa_sign_interruptible_get_num_ops() and
+    ///                              \c psa_verify_interruptible_get_num_ops() are
+    ///                              provided to help with tuning this value.
+    ///
+    /// \note                        This value defaults to
+    ///                              #PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED, which
+    ///                              means the whole operation will be done in one
+    ///                              go, regardless of the number of ops required.
+    ///
+    /// \note                        If more ops are needed to complete a
+    ///                              computation, #PSA_OPERATION_INCOMPLETE will be
+    ///                              returned by the function performing the
+    ///                              computation. It is then the caller's
+    ///                              responsibility to either call again with the
+    ///                              same operation context until it returns 0 or an
+    ///                              error code; or to call the relevant abort
+    ///                              function if the answer is no longer required.
+    ///
+    /// \note                        The interpretation of \p max_ops is also
+    ///                              implementation defined. On a hard real time
+    ///                              system, this can indicate a hard deadline, as a
+    ///                              real-time system needs a guarantee of not
+    ///                              spending more than X time, however care must be
+    ///                              taken in such an implementation to avoid the
+    ///                              situation whereby calls just return, not being
+    ///                              able to do any actual work within the allotted
+    ///                              time.  On a non-real-time system, the
+    ///                              implementation can be more relaxed, but again
+    ///                              whether this number should be interpreted as as
+    ///                              hard or soft limit or even whether a less than
+    ///                              or equals as regards to ops executed in a
+    ///                              single call is implementation defined.
+    ///
+    /// \note                        For keys in local storage when no accelerator
+    ///                              driver applies, please see also the
+    ///                              documentation for \c mbedtls_ecp_set_max_ops(),
+    ///                              which is the internal implementation in these
+    ///                              cases.
+    ///
+    /// \warning                     With implementations that interpret this number
+    ///                              as a hard limit, setting this number too small
+    ///                              may result in an infinite loop, whereby each
+    ///                              call results in immediate return with no ops
+    ///                              done (as there is not enough time to execute
+    ///                              any), and thus no result will ever be achieved.
+    ///
+    /// \note                        This only applies to functions whose
+    ///                              documentation mentions they may return
+    ///                              #PSA_OPERATION_INCOMPLETE.
+    ///
+    /// \param max_ops               The maximum number of ops to be executed in a
+    ///                              single call. This can be a number from 0 to
+    ///                              #PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED, where 0
+    ///                              is the least amount of work done per call.
+    pub fn psa_interruptible_set_max_ops(max_ops: u32);
+}
+extern "C" {
+    /// \brief                       Get the maximum number of ops allowed to be
+    ///                              executed by an interruptible function in a
+    ///                              single call. This will return the last
+    ///                              value set by
+    ///                              \c psa_interruptible_set_max_ops() or
+    ///                              #PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED if
+    ///                              that function has never been called.
+    ///
+    /// \warning                     This is a beta API, and thus subject to change
+    ///                              at any point. It is not bound by the usual
+    ///                              interface stability promises.
+    ///
+    /// \return                      Maximum number of ops allowed to be
+    ///                              executed by an interruptible function in a
+    ///                              single call.
+    pub fn psa_interruptible_get_max_ops() -> u32;
+}
+extern "C" {
+    /// \brief                       Get the number of ops that a hash signing
+    ///                              operation has taken so far. If the operation
+    ///                              has completed, then this will represent the
+    ///                              number of ops required for the entire
+    ///                              operation. After initialization or calling
+    ///                              \c psa_sign_hash_interruptible_abort() on
+    ///                              the operation, a value of 0 will be returned.
+    ///
+    /// \note                        This interface is guaranteed re-entrant and
+    ///                              thus may be called from driver code.
+    ///
+    /// \warning                     This is a beta API, and thus subject to change
+    ///                              at any point. It is not bound by the usual
+    ///                              interface stability promises.
+    ///
+    ///                              This is a helper provided to help you tune the
+    ///                              value passed to \c
+    ///                              psa_interruptible_set_max_ops().
+    ///
+    /// \param operation             The \c psa_sign_hash_interruptible_operation_t
+    ///                              to use. This must be initialized first.
+    ///
+    /// \return                      Number of ops that the operation has taken so
+    ///                              far.
+    pub fn psa_sign_hash_get_num_ops(
+        operation: *const psa_sign_hash_interruptible_operation_t,
+    ) -> u32;
+}
+extern "C" {
+    /// \brief                       Get the number of ops that a hash verification
+    ///                              operation has taken so far. If the operation
+    ///                              has completed, then this will represent the
+    ///                              number of ops required for the entire
+    ///                              operation. After initialization or calling \c
+    ///                              psa_verify_hash_interruptible_abort() on the
+    ///                              operation, a value of 0 will be returned.
+    ///
+    /// \warning                     This is a beta API, and thus subject to change
+    ///                              at any point. It is not bound by the usual
+    ///                              interface stability promises.
+    ///
+    ///                              This is a helper provided to help you tune the
+    ///                              value passed to \c
+    ///                              psa_interruptible_set_max_ops().
+    ///
+    /// \param operation             The \c
+    ///                              psa_verify_hash_interruptible_operation_t to
+    ///                              use. This must be initialized first.
+    ///
+    /// \return                      Number of ops that the operation has taken so
+    ///                              far.
+    pub fn psa_verify_hash_get_num_ops(
+        operation: *const psa_verify_hash_interruptible_operation_t,
+    ) -> u32;
+}
+extern "C" {
+    /// \brief                       Start signing a hash or short message with a
+    ///                              private key, in an interruptible manner.
+    ///
+    /// \see                         \c psa_sign_hash_complete()
+    ///
+    /// \warning                     This is a beta API, and thus subject to change
+    ///                              at any point. It is not bound by the usual
+    ///                              interface stability promises.
+    ///
+    /// \note                        This function combined with \c
+    ///                              psa_sign_hash_complete() is equivalent to
+    ///                              \c psa_sign_hash() but
+    ///                              \c psa_sign_hash_complete() can return early and
+    ///                              resume according to the limit set with \c
+    ///                              psa_interruptible_set_max_ops() to reduce the
+    ///                              maximum time spent in a function call.
+    ///
+    /// \note                        Users should call \c psa_sign_hash_complete()
+    ///                              repeatedly on the same context after a
+    ///                              successful call to this function until \c
+    ///                              psa_sign_hash_complete() either returns 0 or an
+    ///                              error. \c psa_sign_hash_complete() will return
+    ///                              #PSA_OPERATION_INCOMPLETE if there is more work
+    ///                              to do. Alternatively users can call
+    ///                              \c psa_sign_hash_abort() at any point if they no
+    ///                              longer want the result.
+    ///
+    /// \note                        If this function returns an error status, the
+    ///                              operation enters an error state and must be
+    ///                              aborted by calling \c psa_sign_hash_abort().
+    ///
+    /// \param[in, out] operation    The \c psa_sign_hash_interruptible_operation_t
+    ///                              to use. This must be initialized first.
+    ///
+    /// \param key                   Identifier of the key to use for the operation.
+    ///                              It must be an asymmetric key pair. The key must
+    ///                              allow the usage #PSA_KEY_USAGE_SIGN_HASH.
+    /// \param alg                   A signature algorithm (\c PSA_ALG_XXX
+    ///                              value such that #PSA_ALG_IS_SIGN_HASH(\p alg)
+    ///                              is true), that is compatible with
+    ///                              the type of \p key.
+    /// \param[in] hash              The hash or message to sign.
+    /// \param hash_length           Size of the \p hash buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         The operation started successfully - call \c psa_sign_hash_complete()
+    ///         with the same context to complete the operation
+    ///
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The key does not have the #PSA_KEY_USAGE_SIGN_HASH flag, or it does
+    ///         not permit the requested algorithm.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         An operation has previously been started on this context, and is
+    ///         still in progress.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_sign_hash_start(
+        operation: *mut psa_sign_hash_interruptible_operation_t,
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        hash: *const u8,
+        hash_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief                       Continue and eventually complete the action of
+    ///                              signing a hash or short message with a private
+    ///                              key, in an interruptible manner.
+    ///
+    /// \see                         \c psa_sign_hash_start()
+    ///
+    /// \warning                     This is a beta API, and thus subject to change
+    ///                              at any point. It is not bound by the usual
+    ///                              interface stability promises.
+    ///
+    /// \note                        This function combined with \c
+    ///                              psa_sign_hash_start() is equivalent to
+    ///                              \c psa_sign_hash() but this function can return
+    ///                              early and resume according to the limit set with
+    ///                              \c psa_interruptible_set_max_ops() to reduce the
+    ///                              maximum time spent in a function call.
+    ///
+    /// \note                        Users should call this function on the same
+    ///                              operation object repeatedly until it either
+    ///                              returns 0 or an error. This function will return
+    ///                              #PSA_OPERATION_INCOMPLETE if there is more work
+    ///                              to do. Alternatively users can call
+    ///                              \c psa_sign_hash_abort() at any point if they no
+    ///                              longer want the result.
+    ///
+    /// \note                        When this function returns successfully, the
+    ///                              operation becomes inactive. If this function
+    ///                              returns an error status, the operation enters an
+    ///                              error state and must be aborted by calling
+    ///                              \c psa_sign_hash_abort().
+    ///
+    /// \param[in, out] operation    The \c psa_sign_hash_interruptible_operation_t
+    ///                              to use. This must be initialized first, and have
+    ///                              had \c psa_sign_hash_start() called with it
+    ///                              first.
+    ///
+    /// \param[out] signature        Buffer where the signature is to be written.
+    /// \param signature_size        Size of the \p signature buffer in bytes. This
+    ///                              must be appropriate for the selected
+    ///                              algorithm and key:
+    ///                              - The required signature size is
+    ///                                #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c
+    ///                                key_bits, \c alg) where \c key_type and \c
+    ///                                key_bits are the type and bit-size
+    ///                                respectively of key.
+    ///                              - #PSA_SIGNATURE_MAX_SIZE evaluates to the
+    ///                                maximum signature size of any supported
+    ///                                signature algorithm.
+    /// \param[out] signature_length On success, the number of bytes that make up
+    ///                              the returned signature value.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Operation completed successfully
+    ///
+    /// \retval #PSA_OPERATION_INCOMPLETE
+    ///         Operation was interrupted due to the setting of \c
+    ///         psa_interruptible_set_max_ops(). There is still work to be done.
+    ///         Call this function again with the same operation object.
+    ///
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p signature buffer is too small. You can
+    ///         determine a sufficient buffer size by calling
+    ///         #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
+    ///         where \c key_type and \c key_bits are the type and bit-size
+    ///         respectively of \p key.
+    ///
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         An operation was not previously started on this context via
+    ///         \c psa_sign_hash_start().
+    ///
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has either not been previously initialized by
+    ///         psa_crypto_init() or you did not previously call
+    ///         psa_sign_hash_start() with this operation object. It is
+    ///         implementation-dependent whether a failure to initialize results in
+    ///         this error code.
+    pub fn psa_sign_hash_complete(
+        operation: *mut psa_sign_hash_interruptible_operation_t,
+        signature: *mut u8,
+        signature_size: usize,
+        signature_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief                       Abort a sign hash operation.
+    ///
+    /// \warning                     This is a beta API, and thus subject to change
+    ///                              at any point. It is not bound by the usual
+    ///                              interface stability promises.
+    ///
+    /// \note                        This function is the only function that clears
+    ///                              the number of ops completed as part of the
+    ///                              operation. Please ensure you copy this value via
+    ///                              \c psa_sign_hash_get_num_ops() if required
+    ///                              before calling.
+    ///
+    /// \note                        Aborting an operation frees all associated
+    ///                              resources except for the \p operation structure
+    ///                              itself. Once aborted, the operation object can
+    ///                              be reused for another operation by calling \c
+    ///                              psa_sign_hash_start() again.
+    ///
+    /// \note                        You may call this function any time after the
+    ///                              operation object has been initialized. In
+    ///                              particular, calling \c psa_sign_hash_abort()
+    ///                              after the operation has already been terminated
+    ///                              by a call to \c psa_sign_hash_abort() or
+    ///                              psa_sign_hash_complete() is safe.
+    ///
+    /// \param[in,out] operation     Initialized sign hash operation.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         The operation was aborted successfully.
+    ///
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_sign_hash_abort(
+        operation: *mut psa_sign_hash_interruptible_operation_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief                       Start reading and verifying a hash or short
+    ///                              message, in an interruptible manner.
+    ///
+    /// \see                         \c psa_verify_hash_complete()
+    ///
+    /// \warning                     This is a beta API, and thus subject to change
+    ///                              at any point. It is not bound by the usual
+    ///                              interface stability promises.
+    ///
+    /// \note                        This function combined with \c
+    ///                              psa_verify_hash_complete() is equivalent to
+    ///                              \c psa_verify_hash() but \c
+    ///                              psa_verify_hash_complete() can return early and
+    ///                              resume according to the limit set with \c
+    ///                              psa_interruptible_set_max_ops() to reduce the
+    ///                              maximum time spent in a function.
+    ///
+    /// \note                        Users should call \c psa_verify_hash_complete()
+    ///                              repeatedly on the same operation object after a
+    ///                              successful call to this function until \c
+    ///                              psa_verify_hash_complete() either returns 0 or
+    ///                              an error. \c psa_verify_hash_complete() will
+    ///                              return #PSA_OPERATION_INCOMPLETE if there is
+    ///                              more work to do. Alternatively users can call
+    ///                              \c psa_verify_hash_abort() at any point if they
+    ///                              no longer want the result.
+    ///
+    /// \note                        If this function returns an error status, the
+    ///                              operation enters an error state and must be
+    ///                              aborted by calling \c psa_verify_hash_abort().
+    ///
+    /// \param[in, out] operation    The \c psa_verify_hash_interruptible_operation_t
+    ///                              to use. This must be initialized first.
+    ///
+    /// \param key                   Identifier of the key to use for the operation.
+    ///                              The key must allow the usage
+    ///                              #PSA_KEY_USAGE_VERIFY_HASH.
+    /// \param alg                   A signature algorithm (\c PSA_ALG_XXX
+    ///                              value such that #PSA_ALG_IS_SIGN_HASH(\p alg)
+    ///                              is true), that is compatible with
+    ///                              the type of \p key.
+    /// \param[in] hash              The hash whose signature is to be verified.
+    /// \param hash_length           Size of the \p hash buffer in bytes.
+    /// \param[in] signature         Buffer containing the signature to verify.
+    /// \param signature_length      Size of the \p signature buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         The operation started successfully - please call \c
+    ///         psa_verify_hash_complete() with the same context to complete the
+    ///         operation.
+    ///
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         Another operation has already been started on this context, and is
+    ///         still in progress.
+    ///
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The key does not have the #PSA_KEY_USAGE_VERIFY_HASH flag, or it does
+    ///         not permit the requested algorithm.
+    ///
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_verify_hash_start(
+        operation: *mut psa_verify_hash_interruptible_operation_t,
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        hash: *const u8,
+        hash_length: usize,
+        signature: *const u8,
+        signature_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief                       Continue and eventually complete the action of
+    ///                              reading and verifying a hash or short message
+    ///                              signed with a private key, in an interruptible
+    ///                              manner.
+    ///
+    /// \see                         \c psa_verify_hash_start()
+    ///
+    /// \warning                     This is a beta API, and thus subject to change
+    ///                              at any point. It is not bound by the usual
+    ///                              interface stability promises.
+    ///
+    /// \note                        This function combined with \c
+    ///                              psa_verify_hash_start() is equivalent to
+    ///                              \c psa_verify_hash() but this function can
+    ///                              return early and resume according to the limit
+    ///                              set with \c psa_interruptible_set_max_ops() to
+    ///                              reduce the maximum time spent in a function
+    ///                              call.
+    ///
+    /// \note                        Users should call this function on the same
+    ///                              operation object repeatedly until it either
+    ///                              returns 0 or an error. This function will return
+    ///                              #PSA_OPERATION_INCOMPLETE if there is more work
+    ///                              to do. Alternatively users can call
+    ///                              \c psa_verify_hash_abort() at any point if they
+    ///                              no longer want the result.
+    ///
+    /// \note                        When this function returns successfully, the
+    ///                              operation becomes inactive. If this function
+    ///                              returns an error status, the operation enters an
+    ///                              error state and must be aborted by calling
+    ///                              \c psa_verify_hash_abort().
+    ///
+    /// \param[in, out] operation    The \c psa_verify_hash_interruptible_operation_t
+    ///                              to use. This must be initialized first, and have
+    ///                              had \c psa_verify_hash_start() called with it
+    ///                              first.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Operation completed successfully, and the passed signature is valid.
+    ///
+    /// \retval #PSA_OPERATION_INCOMPLETE
+    ///         Operation was interrupted due to the setting of \c
+    ///         psa_interruptible_set_max_ops(). There is still work to be done.
+    ///         Call this function again with the same operation object.
+    ///
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The calculation was performed successfully, but the passed
+    ///         signature is not a valid signature.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         An operation was not previously started on this context via
+    ///         \c psa_verify_hash_start().
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has either not been previously initialized by
+    ///         psa_crypto_init() or you did not previously call
+    ///         psa_verify_hash_start() on this object. It is
+    ///         implementation-dependent whether a failure to initialize results in
+    ///         this error code.
+    pub fn psa_verify_hash_complete(
+        operation: *mut psa_verify_hash_interruptible_operation_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief                     Abort a verify hash operation.
+    ///
+    /// \warning                   This is a beta API, and thus subject to change at
+    ///                            any point. It is not bound by the usual interface
+    ///                            stability promises.
+    ///
+    /// \note                      This function is the only function that clears the
+    ///                            number of ops completed as part of the operation.
+    ///                            Please ensure you copy this value via
+    ///                            \c psa_verify_hash_get_num_ops() if required
+    ///                            before calling.
+    ///
+    /// \note                      Aborting an operation frees all associated
+    ///                            resources except for the operation structure
+    ///                            itself. Once aborted, the operation object can be
+    ///                            reused for another operation by calling \c
+    ///                            psa_verify_hash_start() again.
+    ///
+    /// \note                      You may call this function any time after the
+    ///                            operation object has been initialized.
+    ///                            In particular, calling \c psa_verify_hash_abort()
+    ///                            after the operation has already been terminated by
+    ///                            a call to \c psa_verify_hash_abort() or
+    ///                            psa_verify_hash_complete() is safe.
+    ///
+    /// \param[in,out] operation   Initialized verify hash operation.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         The operation was aborted successfully.
+    ///
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_verify_hash_abort(
+        operation: *mut psa_verify_hash_interruptible_operation_t,
+    ) -> psa_status_t;
+}
+/// The CMAC context structure.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_cmac_context_t {
+    pub private_state: [crate::c_types::c_uchar; 16usize],
+    pub private_unprocessed_block: [crate::c_types::c_uchar; 16usize],
+    pub private_unprocessed_len: usize,
+}
+extern "C" {
+    /// \brief               This function starts a new CMAC computation
+    ///                      by setting the CMAC key, and preparing to authenticate
+    ///                      the input data.
+    ///                      It must be called with an initialized cipher context.
+    ///
+    ///                      Once this function has completed, data can be supplied
+    ///                      to the CMAC computation by calling
+    ///                      mbedtls_cipher_cmac_update().
+    ///
+    ///                      To start a CMAC computation using the same key as a previous
+    ///                      CMAC computation, use mbedtls_cipher_cmac_finish().
+    ///
+    /// \note                When the CMAC implementation is supplied by an alternate
+    ///                      implementation (through #MBEDTLS_CMAC_ALT), some ciphers
+    ///                      may not be supported by that implementation, and thus
+    ///                      return an error. Alternate implementations must support
+    ///                      AES-128 and AES-256, and may support AES-192 and 3DES.
+    ///
+    /// \param ctx           The cipher context used for the CMAC operation, initialized
+    ///                      as one of the following types: MBEDTLS_CIPHER_AES_128_ECB,
+    ///                      MBEDTLS_CIPHER_AES_192_ECB, MBEDTLS_CIPHER_AES_256_ECB,
+    ///                      or MBEDTLS_CIPHER_DES_EDE3_ECB.
+    /// \param key           The CMAC key.
+    /// \param keybits       The length of the CMAC key in bits.
+    ///                      Must be supported by the cipher.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              A cipher-specific error code on failure.
+    pub fn mbedtls_cipher_cmac_starts(
+        ctx: *mut mbedtls_cipher_context_t,
+        key: *const crate::c_types::c_uchar,
+        keybits: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function feeds an input buffer into an ongoing CMAC
+    ///                      computation.
+    ///
+    ///                      The CMAC computation must have previously been started
+    ///                      by calling mbedtls_cipher_cmac_starts() or
+    ///                      mbedtls_cipher_cmac_reset().
+    ///
+    ///                      Call this function as many times as needed to input the
+    ///                      data to be authenticated.
+    ///                      Once all of the required data has been input,
+    ///                      call mbedtls_cipher_cmac_finish() to obtain the result
+    ///                      of the CMAC operation.
+    ///
+    /// \param ctx           The cipher context used for the CMAC operation.
+    /// \param input         The buffer holding the input data.
+    /// \param ilen          The length of the input data.
+    ///
+    /// \return             \c 0 on success.
+    /// \return             #MBEDTLS_ERR_MD_BAD_INPUT_DATA
+    ///                     if parameter verification fails.
+    pub fn mbedtls_cipher_cmac_update(
+        ctx: *mut mbedtls_cipher_context_t,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function finishes an ongoing CMAC operation, and
+    ///                      writes the result to the output buffer.
+    ///
+    ///                      It should be followed either by
+    ///                      mbedtls_cipher_cmac_reset(), which starts another CMAC
+    ///                      operation with the same key, or mbedtls_cipher_free(),
+    ///                      which clears the cipher context.
+    ///
+    /// \param ctx           The cipher context used for the CMAC operation.
+    /// \param output        The output buffer for the CMAC checksum result.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_MD_BAD_INPUT_DATA
+    ///                      if parameter verification fails.
+    pub fn mbedtls_cipher_cmac_finish(
+        ctx: *mut mbedtls_cipher_context_t,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function starts a new CMAC operation with the same
+    ///                      key as the previous one.
+    ///
+    ///                      It should be called after finishing the previous CMAC
+    ///                      operation with mbedtls_cipher_cmac_finish().
+    ///                      After calling this function,
+    ///                      call mbedtls_cipher_cmac_update() to supply the new
+    ///                      CMAC operation with data.
+    ///
+    /// \param ctx           The cipher context used for the CMAC operation.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_MD_BAD_INPUT_DATA
+    ///                      if parameter verification fails.
+    pub fn mbedtls_cipher_cmac_reset(ctx: *mut mbedtls_cipher_context_t) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function calculates the full generic CMAC
+    ///                      on the input buffer with the provided key.
+    ///
+    ///                      The function allocates the context, performs the
+    ///                      calculation, and frees the context.
+    ///
+    ///                      The CMAC result is calculated as
+    ///                      output = generic CMAC(cmac key, input buffer).
+    ///
+    /// \note                When the CMAC implementation is supplied by an alternate
+    ///                      implementation (through #MBEDTLS_CMAC_ALT), some ciphers
+    ///                      may not be supported by that implementation, and thus
+    ///                      return an error. Alternate implementations must support
+    ///                      AES-128 and AES-256, and may support AES-192 and 3DES.
+    ///
+    /// \param cipher_info   The cipher information.
+    /// \param key           The CMAC key.
+    /// \param keylen        The length of the CMAC key in bits.
+    /// \param input         The buffer holding the input data.
+    /// \param ilen          The length of the input data.
+    /// \param output        The buffer for the generic CMAC result.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_MD_BAD_INPUT_DATA
+    ///                      if parameter verification fails.
+    pub fn mbedtls_cipher_cmac(
+        cipher_info: *const mbedtls_cipher_info_t,
+        key: *const crate::c_types::c_uchar,
+        keylen: usize,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function implements the AES-CMAC-PRF-128 pseudorandom
+    ///                  function, as defined in
+    ///                  <em>RFC-4615: The Advanced Encryption Standard-Cipher-based
+    ///                  Message Authentication Code-Pseudo-Random Function-128
+    ///                  (AES-CMAC-PRF-128) Algorithm for the Internet Key
+    ///                  Exchange Protocol (IKE).</em>
+    ///
+    /// \param key       The key to use.
+    /// \param key_len   The key length in Bytes.
+    /// \param input     The buffer holding the input data.
+    /// \param in_len    The length of the input data in Bytes.
+    /// \param output    The buffer holding the generated 16 Bytes of
+    ///                  pseudorandom output.
+    ///
+    /// \return          \c 0 on success.
+    pub fn mbedtls_aes_cmac_prf_128(
+        key: *const crate::c_types::c_uchar,
+        key_len: usize,
+        input: *const crate::c_types::c_uchar,
+        in_len: usize,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          The CMAC checkup routine.
+    ///
+    /// \note           In case the CMAC routines are provided by an alternative
+    ///                 implementation (i.e. #MBEDTLS_CMAC_ALT is defined), the
+    ///                 checkup routine will succeed even if the implementation does
+    ///                 not support the less widely used AES-192 or 3DES primitives.
+    ///                 The self-test requires at least AES-128 and AES-256 to be
+    ///                 supported by the underlying implementation.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_cmac_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+/// \brief          The GCM context structure.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_gcm_context {
+    pub private_cipher_ctx: mbedtls_cipher_context_t,
+    pub private_HL: [u64; 16usize],
+    pub private_HH: [u64; 16usize],
+    pub private_len: u64,
+    pub private_add_len: u64,
+    pub private_base_ectr: [crate::c_types::c_uchar; 16usize],
+    pub private_y: [crate::c_types::c_uchar; 16usize],
+    pub private_buf: [crate::c_types::c_uchar; 16usize],
+    pub private_mode: crate::c_types::c_int,
+}
+extern "C" {
+    /// \brief           This function initializes the specified GCM context,
+    ///                  to make references valid, and prepares the context
+    ///                  for mbedtls_gcm_setkey() or mbedtls_gcm_free().
+    ///
+    ///                  The function does not bind the GCM context to a particular
+    ///                  cipher, nor set the key. For this purpose, use
+    ///                  mbedtls_gcm_setkey().
+    ///
+    /// \param ctx       The GCM context to initialize. This must not be \c NULL.
+    pub fn mbedtls_gcm_init(ctx: *mut mbedtls_gcm_context);
+}
+extern "C" {
+    /// \brief           This function associates a GCM context with a
+    ///                  cipher algorithm and a key.
+    ///
+    /// \param ctx       The GCM context. This must be initialized.
+    /// \param cipher    The 128-bit block cipher to use.
+    /// \param key       The encryption key. This must be a readable buffer of at
+    ///                  least \p keybits bits.
+    /// \param keybits   The key size in bits. Valid options are:
+    ///                  <ul><li>128 bits</li>
+    ///                  <li>192 bits</li>
+    ///                  <li>256 bits</li></ul>
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A cipher-specific error code on failure.
+    pub fn mbedtls_gcm_setkey(
+        ctx: *mut mbedtls_gcm_context,
+        cipher: mbedtls_cipher_id_t,
+        key: *const crate::c_types::c_uchar,
+        keybits: crate::c_types::c_uint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function performs GCM encryption or decryption of a buffer.
+    ///
+    /// \note            For encryption, the output buffer can be the same as the
+    ///                  input buffer. For decryption, the output buffer cannot be
+    ///                  the same as input buffer. If the buffers overlap, the output
+    ///                  buffer must trail at least 8 Bytes behind the input buffer.
+    ///
+    /// \warning         When this function performs a decryption, it outputs the
+    ///                  authentication tag and does not verify that the data is
+    ///                  authentic. You should use this function to perform encryption
+    ///                  only. For decryption, use mbedtls_gcm_auth_decrypt() instead.
+    ///
+    /// \param ctx       The GCM context to use for encryption or decryption. This
+    ///                  must be initialized.
+    /// \param mode      The operation to perform:
+    ///                  - #MBEDTLS_GCM_ENCRYPT to perform authenticated encryption.
+    ///                    The ciphertext is written to \p output and the
+    ///                    authentication tag is written to \p tag.
+    ///                  - #MBEDTLS_GCM_DECRYPT to perform decryption.
+    ///                    The plaintext is written to \p output and the
+    ///                    authentication tag is written to \p tag.
+    ///                    Note that this mode is not recommended, because it does
+    ///                    not verify the authenticity of the data. For this reason,
+    ///                    you should use mbedtls_gcm_auth_decrypt() instead of
+    ///                    calling this function in decryption mode.
+    /// \param length    The length of the input data, which is equal to the length
+    ///                  of the output data.
+    /// \param iv        The initialization vector. This must be a readable buffer of
+    ///                  at least \p iv_len Bytes.
+    /// \param iv_len    The length of the IV.
+    /// \param add       The buffer holding the additional data. This must be of at
+    ///                  least that size in Bytes.
+    /// \param add_len   The length of the additional data.
+    /// \param input     The buffer holding the input data. If \p length is greater
+    ///                  than zero, this must be a readable buffer of at least that
+    ///                  size in Bytes.
+    /// \param output    The buffer for holding the output data. If \p length is greater
+    ///                  than zero, this must be a writable buffer of at least that
+    ///                  size in Bytes.
+    /// \param tag_len   The length of the tag to generate.
+    /// \param tag       The buffer for holding the tag. This must be a writable
+    ///                  buffer of at least \p tag_len Bytes.
+    ///
+    /// \return          \c 0 if the encryption or decryption was performed
+    ///                  successfully. Note that in #MBEDTLS_GCM_DECRYPT mode,
+    ///                  this does not indicate that the data is authentic.
+    /// \return          #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths or pointers are
+    ///                  not valid or a cipher-specific error code if the encryption
+    ///                  or decryption failed.
+    pub fn mbedtls_gcm_crypt_and_tag(
+        ctx: *mut mbedtls_gcm_context,
+        mode: crate::c_types::c_int,
+        length: usize,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+        add: *const crate::c_types::c_uchar,
+        add_len: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+        tag_len: usize,
+        tag: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function performs a GCM authenticated decryption of a
+    ///                  buffer.
+    ///
+    /// \note            For decryption, the output buffer cannot be the same as
+    ///                  input buffer. If the buffers overlap, the output buffer
+    ///                  must trail at least 8 Bytes behind the input buffer.
+    ///
+    /// \param ctx       The GCM context. This must be initialized.
+    /// \param length    The length of the ciphertext to decrypt, which is also
+    ///                  the length of the decrypted plaintext.
+    /// \param iv        The initialization vector. This must be a readable buffer
+    ///                  of at least \p iv_len Bytes.
+    /// \param iv_len    The length of the IV.
+    /// \param add       The buffer holding the additional data. This must be of at
+    ///                  least that size in Bytes.
+    /// \param add_len   The length of the additional data.
+    /// \param tag       The buffer holding the tag to verify. This must be a
+    ///                  readable buffer of at least \p tag_len Bytes.
+    /// \param tag_len   The length of the tag to verify.
+    /// \param input     The buffer holding the ciphertext. If \p length is greater
+    ///                  than zero, this must be a readable buffer of at least that
+    ///                  size.
+    /// \param output    The buffer for holding the decrypted plaintext. If \p length
+    ///                  is greater than zero, this must be a writable buffer of at
+    ///                  least that size.
+    ///
+    /// \return          \c 0 if successful and authenticated.
+    /// \return          #MBEDTLS_ERR_GCM_AUTH_FAILED if the tag does not match.
+    /// \return          #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths or pointers are
+    ///                  not valid or a cipher-specific error code if the decryption
+    ///                  failed.
+    pub fn mbedtls_gcm_auth_decrypt(
+        ctx: *mut mbedtls_gcm_context,
+        length: usize,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+        add: *const crate::c_types::c_uchar,
+        add_len: usize,
+        tag: *const crate::c_types::c_uchar,
+        tag_len: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function starts a GCM encryption or decryption
+    ///                  operation.
+    ///
+    /// \param ctx       The GCM context. This must be initialized.
+    /// \param mode      The operation to perform: #MBEDTLS_GCM_ENCRYPT or
+    ///                  #MBEDTLS_GCM_DECRYPT.
+    /// \param iv        The initialization vector. This must be a readable buffer of
+    ///                  at least \p iv_len Bytes.
+    /// \param iv_len    The length of the IV.
+    ///
+    /// \return          \c 0 on success.
+    pub fn mbedtls_gcm_starts(
+        ctx: *mut mbedtls_gcm_context,
+        mode: crate::c_types::c_int,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function feeds an input buffer as associated data
+    ///                  (authenticated but not encrypted data) in a GCM
+    ///                  encryption or decryption operation.
+    ///
+    ///                  Call this function after mbedtls_gcm_starts() to pass
+    ///                  the associated data. If the associated data is empty,
+    ///                  you do not need to call this function. You may not
+    ///                  call this function after calling mbedtls_cipher_update().
+    ///
+    /// \param ctx       The GCM context. This must have been started with
+    ///                  mbedtls_gcm_starts() and must not have yet received
+    ///                  any input with mbedtls_gcm_update().
+    /// \param add       The buffer holding the additional data, or \c NULL
+    ///                  if \p add_len is \c 0.
+    /// \param add_len   The length of the additional data. If \c 0,
+    ///                  \p add may be \c NULL.
+    ///
+    /// \return          \c 0 on success.
+    pub fn mbedtls_gcm_update_ad(
+        ctx: *mut mbedtls_gcm_context,
+        add: *const crate::c_types::c_uchar,
+        add_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function feeds an input buffer into an ongoing GCM
+    ///                  encryption or decryption operation.
+    ///
+    ///                  You may call this function zero, one or more times
+    ///                  to pass successive parts of the input: the plaintext to
+    ///                  encrypt, or the ciphertext (not including the tag) to
+    ///                  decrypt. After the last part of the input, call
+    ///                  mbedtls_gcm_finish().
+    ///
+    ///                  This function may produce output in one of the following
+    ///                  ways:
+    ///                  - Immediate output: the output length is always equal
+    ///                    to the input length.
+    ///                  - Buffered output: the output consists of a whole number
+    ///                    of 16-byte blocks. If the total input length so far
+    ///                    (not including associated data) is 16 \* *B* + *A*
+    ///                    with *A* < 16 then the total output length is 16 \* *B*.
+    ///
+    ///                  In particular:
+    ///                  - It is always correct to call this function with
+    ///                    \p output_size >= \p input_length + 15.
+    ///                  - If \p input_length is a multiple of 16 for all the calls
+    ///                    to this function during an operation, then it is
+    ///                    correct to use \p output_size = \p input_length.
+    ///
+    /// \note            For decryption, the output buffer cannot be the same as
+    ///                  input buffer. If the buffers overlap, the output buffer
+    ///                  must trail at least 8 Bytes behind the input buffer.
+    ///
+    /// \param ctx           The GCM context. This must be initialized.
+    /// \param input         The buffer holding the input data. If \p input_length
+    ///                      is greater than zero, this must be a readable buffer
+    ///                      of at least \p input_length bytes.
+    /// \param input_length  The length of the input data in bytes.
+    /// \param output        The buffer for the output data. If \p output_size
+    ///                      is greater than zero, this must be a writable buffer of
+    ///                      of at least \p output_size bytes.
+    /// \param output_size   The size of the output buffer in bytes.
+    ///                      See the function description regarding the output size.
+    /// \param output_length On success, \p *output_length contains the actual
+    ///                      length of the output written in \p output.
+    ///                      On failure, the content of \p *output_length is
+    ///                      unspecified.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_GCM_BAD_INPUT on failure:
+    ///                 total input length too long,
+    ///                 unsupported input/output buffer overlap detected,
+    ///                 or \p output_size too small.
+    pub fn mbedtls_gcm_update(
+        ctx: *mut mbedtls_gcm_context,
+        input: *const crate::c_types::c_uchar,
+        input_length: usize,
+        output: *mut crate::c_types::c_uchar,
+        output_size: usize,
+        output_length: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function finishes the GCM operation and generates
+    ///                  the authentication tag.
+    ///
+    ///                  It wraps up the GCM stream, and generates the
+    ///                  tag. The tag can have a maximum length of 16 Bytes.
+    ///
+    /// \param ctx       The GCM context. This must be initialized.
+    /// \param tag       The buffer for holding the tag. This must be a writable
+    ///                  buffer of at least \p tag_len Bytes.
+    /// \param tag_len   The length of the tag to generate. This must be at least
+    ///                  four.
+    /// \param output    The buffer for the final output.
+    ///                  If \p output_size is nonzero, this must be a writable
+    ///                  buffer of at least \p output_size bytes.
+    /// \param output_size  The size of the \p output buffer in bytes.
+    ///                  This must be large enough for the output that
+    ///                  mbedtls_gcm_update() has not produced. In particular:
+    ///                  - If mbedtls_gcm_update() produces immediate output,
+    ///                    or if the total input size is a multiple of \c 16,
+    ///                    then mbedtls_gcm_finish() never produces any output,
+    ///                    so \p output_size can be \c 0.
+    ///                  - \p output_size never needs to be more than \c 15.
+    /// \param output_length On success, \p *output_length contains the actual
+    ///                      length of the output written in \p output.
+    ///                      On failure, the content of \p *output_length is
+    ///                      unspecified.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_GCM_BAD_INPUT on failure:
+    ///                  invalid value of \p tag_len,
+    ///                  or \p output_size too small.
+    pub fn mbedtls_gcm_finish(
+        ctx: *mut mbedtls_gcm_context,
+        output: *mut crate::c_types::c_uchar,
+        output_size: usize,
+        output_length: *mut usize,
+        tag: *mut crate::c_types::c_uchar,
+        tag_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function clears a GCM context and the underlying
+    ///                  cipher sub-context.
+    ///
+    /// \param ctx       The GCM context to clear. If this is \c NULL, the call has
+    ///                  no effect. Otherwise, this must be initialized.
+    pub fn mbedtls_gcm_free(ctx: *mut mbedtls_gcm_context);
+}
+extern "C" {
+    /// \brief          The GCM checkup routine.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_gcm_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+/// \brief    The CCM context-type definition. The CCM context is passed
+///           to the APIs called.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ccm_context {
+    pub private_y: [crate::c_types::c_uchar; 16usize],
+    pub private_ctr: [crate::c_types::c_uchar; 16usize],
+    pub private_cipher_ctx: mbedtls_cipher_context_t,
+    pub private_plaintext_len: usize,
+    pub private_add_len: usize,
+    pub private_tag_len: usize,
+    pub private_processed: usize,
+    pub private_q: crate::c_types::c_uchar,
+    pub private_mode: crate::c_types::c_uchar,
+    pub private_state: crate::c_types::c_int,
+}
+extern "C" {
+    /// \brief           This function initializes the specified CCM context,
+    ///                  to make references valid, and prepare the context
+    ///                  for mbedtls_ccm_setkey() or mbedtls_ccm_free().
+    ///
+    /// \param ctx       The CCM context to initialize. This must not be \c NULL.
+    pub fn mbedtls_ccm_init(ctx: *mut mbedtls_ccm_context);
+}
+extern "C" {
+    /// \brief           This function initializes the CCM context set in the
+    ///                  \p ctx parameter and sets the encryption key.
+    ///
+    /// \param ctx       The CCM context to initialize. This must be an initialized
+    ///                  context.
+    /// \param cipher    The 128-bit block cipher to use.
+    /// \param key       The encryption key. This must not be \c NULL.
+    /// \param keybits   The key size in bits. This must be acceptable by the cipher.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A CCM or cipher-specific error code on failure.
+    pub fn mbedtls_ccm_setkey(
+        ctx: *mut mbedtls_ccm_context,
+        cipher: mbedtls_cipher_id_t,
+        key: *const crate::c_types::c_uchar,
+        keybits: crate::c_types::c_uint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief   This function releases and clears the specified CCM context
+    ///          and underlying cipher sub-context.
+    ///
+    /// \param ctx       The CCM context to clear. If this is \c NULL, the function
+    ///                  has no effect. Otherwise, this must be initialized.
+    pub fn mbedtls_ccm_free(ctx: *mut mbedtls_ccm_context);
+}
+extern "C" {
+    /// \brief           This function encrypts a buffer using CCM.
+    ///
+    /// \note            The tag is written to a separate buffer. To concatenate
+    ///                  the \p tag with the \p output, as done in <em>RFC-3610:
+    ///                  Counter with CBC-MAC (CCM)</em>, use
+    ///                  \p tag = \p output + \p length, and make sure that the
+    ///                  output buffer is at least \p length + \p tag_len wide.
+    ///
+    /// \param ctx       The CCM context to use for encryption. This must be
+    ///                  initialized and bound to a key.
+    /// \param length    The length of the input data in Bytes.
+    /// \param iv        The initialization vector (nonce). This must be a readable
+    ///                  buffer of at least \p iv_len Bytes.
+    /// \param iv_len    The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
+    ///                  or 13. The length L of the message length field is
+    ///                  15 - \p iv_len.
+    /// \param ad        The additional data field. If \p ad_len is greater than
+    ///                  zero, \p ad must be a readable buffer of at least that
+    ///                  length.
+    /// \param ad_len    The length of additional data in Bytes.
+    ///                  This must be less than `2^16 - 2^8`.
+    /// \param input     The buffer holding the input data. If \p length is greater
+    ///                  than zero, \p input must be a readable buffer of at least
+    ///                  that length.
+    /// \param output    The buffer holding the output data. If \p length is greater
+    ///                  than zero, \p output must be a writable buffer of at least
+    ///                  that length.
+    /// \param tag       The buffer holding the authentication field. This must be a
+    ///                  writable buffer of at least \p tag_len Bytes.
+    /// \param tag_len   The length of the authentication field to generate in Bytes:
+    ///                  4, 6, 8, 10, 12, 14 or 16.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A CCM or cipher-specific error code on failure.
+    pub fn mbedtls_ccm_encrypt_and_tag(
+        ctx: *mut mbedtls_ccm_context,
+        length: usize,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+        ad: *const crate::c_types::c_uchar,
+        ad_len: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+        tag: *mut crate::c_types::c_uchar,
+        tag_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function encrypts a buffer using CCM*.
+    ///
+    /// \note            The tag is written to a separate buffer. To concatenate
+    ///                  the \p tag with the \p output, as done in <em>RFC-3610:
+    ///                  Counter with CBC-MAC (CCM)</em>, use
+    ///                  \p tag = \p output + \p length, and make sure that the
+    ///                  output buffer is at least \p length + \p tag_len wide.
+    ///
+    /// \note            When using this function in a variable tag length context,
+    ///                  the tag length has to be encoded into the \p iv passed to
+    ///                  this function.
+    ///
+    /// \param ctx       The CCM context to use for encryption. This must be
+    ///                  initialized and bound to a key.
+    /// \param length    The length of the input data in Bytes.
+    ///                  For tag length = 0, input length is ignored.
+    /// \param iv        The initialization vector (nonce). This must be a readable
+    ///                  buffer of at least \p iv_len Bytes.
+    /// \param iv_len    The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
+    ///                  or 13. The length L of the message length field is
+    ///                  15 - \p iv_len.
+    /// \param ad        The additional data field. This must be a readable buffer of
+    ///                  at least \p ad_len Bytes.
+    /// \param ad_len    The length of additional data in Bytes.
+    ///                  This must be less than 2^16 - 2^8.
+    /// \param input     The buffer holding the input data. If \p length is greater
+    ///                  than zero, \p input must be a readable buffer of at least
+    ///                  that length.
+    /// \param output    The buffer holding the output data. If \p length is greater
+    ///                  than zero, \p output must be a writable buffer of at least
+    ///                  that length.
+    /// \param tag       The buffer holding the authentication field. This must be a
+    ///                  writable buffer of at least \p tag_len Bytes.
+    /// \param tag_len   The length of the authentication field to generate in Bytes:
+    ///                  0, 4, 6, 8, 10, 12, 14 or 16.
+    ///
+    /// \warning         Passing \c 0 as \p tag_len means that the message is no
+    ///                  longer authenticated.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A CCM or cipher-specific error code on failure.
+    pub fn mbedtls_ccm_star_encrypt_and_tag(
+        ctx: *mut mbedtls_ccm_context,
+        length: usize,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+        ad: *const crate::c_types::c_uchar,
+        ad_len: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+        tag: *mut crate::c_types::c_uchar,
+        tag_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function performs a CCM authenticated decryption of a
+    ///                  buffer.
+    ///
+    /// \param ctx       The CCM context to use for decryption. This must be
+    ///                  initialized and bound to a key.
+    /// \param length    The length of the input data in Bytes.
+    /// \param iv        The initialization vector (nonce). This must be a readable
+    ///                  buffer of at least \p iv_len Bytes.
+    /// \param iv_len    The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
+    ///                  or 13. The length L of the message length field is
+    ///                  15 - \p iv_len.
+    /// \param ad        The additional data field. This must be a readable buffer
+    ///                  of at least that \p ad_len Bytes..
+    /// \param ad_len    The length of additional data in Bytes.
+    ///                  This must be less than 2^16 - 2^8.
+    /// \param input     The buffer holding the input data. If \p length is greater
+    ///                  than zero, \p input must be a readable buffer of at least
+    ///                  that length.
+    /// \param output    The buffer holding the output data. If \p length is greater
+    ///                  than zero, \p output must be a writable buffer of at least
+    ///                  that length.
+    /// \param tag       The buffer holding the authentication field. This must be a
+    ///                  readable buffer of at least \p tag_len Bytes.
+    /// \param tag_len   The length of the authentication field to generate in Bytes:
+    ///                  4, 6, 8, 10, 12, 14 or 16.
+    ///
+    /// \return          \c 0 on success. This indicates that the message is authentic.
+    /// \return          #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match.
+    /// \return          A cipher-specific error code on calculation failure.
+    pub fn mbedtls_ccm_auth_decrypt(
+        ctx: *mut mbedtls_ccm_context,
+        length: usize,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+        ad: *const crate::c_types::c_uchar,
+        ad_len: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+        tag: *const crate::c_types::c_uchar,
+        tag_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function performs a CCM* authenticated decryption of a
+    ///                  buffer.
+    ///
+    /// \note            When using this function in a variable tag length context,
+    ///                  the tag length has to be decoded from \p iv and passed to
+    ///                  this function as \p tag_len. (\p tag needs to be adjusted
+    ///                  accordingly.)
+    ///
+    /// \param ctx       The CCM context to use for decryption. This must be
+    ///                  initialized and bound to a key.
+    /// \param length    The length of the input data in Bytes.
+    ///                  For tag length = 0, input length is ignored.
+    /// \param iv        The initialization vector (nonce). This must be a readable
+    ///                  buffer of at least \p iv_len Bytes.
+    /// \param iv_len    The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
+    ///                  or 13. The length L of the message length field is
+    ///                  15 - \p iv_len.
+    /// \param ad        The additional data field. This must be a readable buffer of
+    ///                  at least that \p ad_len Bytes.
+    /// \param ad_len    The length of additional data in Bytes.
+    ///                  This must be less than 2^16 - 2^8.
+    /// \param input     The buffer holding the input data. If \p length is greater
+    ///                  than zero, \p input must be a readable buffer of at least
+    ///                  that length.
+    /// \param output    The buffer holding the output data. If \p length is greater
+    ///                  than zero, \p output must be a writable buffer of at least
+    ///                  that length.
+    /// \param tag       The buffer holding the authentication field. This must be a
+    ///                  readable buffer of at least \p tag_len Bytes.
+    /// \param tag_len   The length of the authentication field in Bytes.
+    ///                  0, 4, 6, 8, 10, 12, 14 or 16.
+    ///
+    /// \warning         Passing \c 0 as \p tag_len means that the message is nos
+    ///                  longer authenticated.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match.
+    /// \return          A cipher-specific error code on calculation failure.
+    pub fn mbedtls_ccm_star_auth_decrypt(
+        ctx: *mut mbedtls_ccm_context,
+        length: usize,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+        ad: *const crate::c_types::c_uchar,
+        ad_len: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+        tag: *const crate::c_types::c_uchar,
+        tag_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function starts a CCM encryption or decryption
+    ///                  operation.
+    ///
+    ///                  This function and mbedtls_ccm_set_lengths() must be called
+    ///                  before calling mbedtls_ccm_update_ad() or
+    ///                  mbedtls_ccm_update(). This function can be called before
+    ///                  or after mbedtls_ccm_set_lengths().
+    ///
+    /// \note            This function is not implemented in Mbed TLS yet.
+    ///
+    /// \param ctx       The CCM context. This must be initialized.
+    /// \param mode      The operation to perform: #MBEDTLS_CCM_ENCRYPT or
+    ///                  #MBEDTLS_CCM_DECRYPT or #MBEDTLS_CCM_STAR_ENCRYPT or
+    ///                  #MBEDTLS_CCM_STAR_DECRYPT.
+    /// \param iv        The initialization vector. This must be a readable buffer
+    ///                  of at least \p iv_len Bytes.
+    /// \param iv_len    The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
+    ///                  or 13. The length L of the message length field is
+    ///                  15 - \p iv_len.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_CCM_BAD_INPUT on failure:
+    ///                  \p ctx is in an invalid state,
+    ///                  \p mode is invalid,
+    ///                  \p iv_len is invalid (lower than \c 7 or greater than
+    ///                  \c 13).
+    pub fn mbedtls_ccm_starts(
+        ctx: *mut mbedtls_ccm_context,
+        mode: crate::c_types::c_int,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function declares the lengths of the message
+    ///                  and additional data for a CCM encryption or decryption
+    ///                  operation.
+    ///
+    ///                  This function and mbedtls_ccm_starts() must be called
+    ///                  before calling mbedtls_ccm_update_ad() or
+    ///                  mbedtls_ccm_update(). This function can be called before
+    ///                  or after mbedtls_ccm_starts().
+    ///
+    /// \note            This function is not implemented in Mbed TLS yet.
+    ///
+    /// \param ctx       The CCM context. This must be initialized.
+    /// \param total_ad_len   The total length of additional data in bytes.
+    ///                       This must be less than `2^16 - 2^8`.
+    /// \param plaintext_len  The length in bytes of the plaintext to encrypt or
+    ///                       result of the decryption (thus not encompassing the
+    ///                       additional data that are not encrypted).
+    /// \param tag_len   The length of the tag to generate in Bytes:
+    ///                  4, 6, 8, 10, 12, 14 or 16.
+    ///                  For CCM*, zero is also valid.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_CCM_BAD_INPUT on failure:
+    ///                  \p ctx is in an invalid state,
+    ///                  \p total_ad_len is greater than \c 0xFF00.
+    pub fn mbedtls_ccm_set_lengths(
+        ctx: *mut mbedtls_ccm_context,
+        total_ad_len: usize,
+        plaintext_len: usize,
+        tag_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function feeds an input buffer as associated data
+    ///                  (authenticated but not encrypted data) in a CCM
+    ///                  encryption or decryption operation.
+    ///
+    ///                  You may call this function zero, one or more times
+    ///                  to pass successive parts of the additional data. The
+    ///                  lengths \p ad_len of the data parts should eventually add
+    ///                  up exactly to the total length of additional data
+    ///                  \c total_ad_len passed to mbedtls_ccm_set_lengths(). You
+    ///                  may not call this function after calling
+    ///                  mbedtls_ccm_update().
+    ///
+    /// \note            This function is not implemented in Mbed TLS yet.
+    ///
+    /// \param ctx       The CCM context. This must have been started with
+    ///                  mbedtls_ccm_starts(), the lengths of the message and
+    ///                  additional data must have been declared with
+    ///                  mbedtls_ccm_set_lengths() and this must not have yet
+    ///                  received any input with mbedtls_ccm_update().
+    /// \param ad        The buffer holding the additional data, or \c NULL
+    ///                  if \p ad_len is \c 0.
+    /// \param ad_len    The length of the additional data. If \c 0,
+    ///                  \p ad may be \c NULL.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_CCM_BAD_INPUT on failure:
+    ///                  \p ctx is in an invalid state,
+    ///                  total input length too long.
+    pub fn mbedtls_ccm_update_ad(
+        ctx: *mut mbedtls_ccm_context,
+        ad: *const crate::c_types::c_uchar,
+        ad_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function feeds an input buffer into an ongoing CCM
+    ///                  encryption or decryption operation.
+    ///
+    ///                  You may call this function zero, one or more times
+    ///                  to pass successive parts of the input: the plaintext to
+    ///                  encrypt, or the ciphertext (not including the tag) to
+    ///                  decrypt. After the last part of the input, call
+    ///                  mbedtls_ccm_finish(). The lengths \p input_len of the
+    ///                  data parts should eventually add up exactly to the
+    ///                  plaintext length \c plaintext_len passed to
+    ///                  mbedtls_ccm_set_lengths().
+    ///
+    ///                  This function may produce output in one of the following
+    ///                  ways:
+    ///                  - Immediate output: the output length is always equal
+    ///                    to the input length.
+    ///                  - Buffered output: except for the last part of input data,
+    ///                    the output consists of a whole number of 16-byte blocks.
+    ///                    If the total input length so far (not including
+    ///                    associated data) is 16 \* *B* + *A* with *A* < 16 then
+    ///                    the total output length is 16 \* *B*.
+    ///                    For the last part of input data, the output length is
+    ///                    equal to the input length plus the number of bytes (*A*)
+    ///                    buffered in the previous call to the function (if any).
+    ///                    The function uses the plaintext length
+    ///                    \c plaintext_len passed to mbedtls_ccm_set_lengths()
+    ///                    to detect the last part of input data.
+    ///
+    ///                  In particular:
+    ///                  - It is always correct to call this function with
+    ///                    \p output_size >= \p input_len + 15.
+    ///                  - If \p input_len is a multiple of 16 for all the calls
+    ///                    to this function during an operation (not necessary for
+    ///                    the last one) then it is correct to use \p output_size
+    ///                    =\p input_len.
+    ///
+    /// \note            This function is not implemented in Mbed TLS yet.
+    ///
+    /// \param ctx           The CCM context. This must have been started with
+    ///                      mbedtls_ccm_starts() and the lengths of the message and
+    ///                      additional data must have been declared with
+    ///                      mbedtls_ccm_set_lengths().
+    /// \param input         The buffer holding the input data. If \p input_len
+    ///                      is greater than zero, this must be a readable buffer
+    ///                      of at least \p input_len bytes.
+    /// \param input_len     The length of the input data in bytes.
+    /// \param output        The buffer for the output data. If \p output_size
+    ///                      is greater than zero, this must be a writable buffer of
+    ///                      at least \p output_size bytes.
+    /// \param output_size   The size of the output buffer in bytes.
+    ///                      See the function description regarding the output size.
+    /// \param output_len    On success, \p *output_len contains the actual
+    ///                      length of the output written in \p output.
+    ///                      On failure, the content of \p *output_len is
+    ///                      unspecified.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_CCM_BAD_INPUT on failure:
+    ///                 \p ctx is in an invalid state,
+    ///                 total input length too long,
+    ///                 or \p output_size too small.
+    pub fn mbedtls_ccm_update(
+        ctx: *mut mbedtls_ccm_context,
+        input: *const crate::c_types::c_uchar,
+        input_len: usize,
+        output: *mut crate::c_types::c_uchar,
+        output_size: usize,
+        output_len: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function finishes the CCM operation and generates
+    ///                  the authentication tag.
+    ///
+    ///                  It wraps up the CCM stream, and generates the
+    ///                  tag. The tag can have a maximum length of 16 Bytes.
+    ///
+    /// \note            This function is not implemented in Mbed TLS yet.
+    ///
+    /// \param ctx       The CCM context. This must have been started with
+    ///                  mbedtls_ccm_starts() and the lengths of the message and
+    ///                  additional data must have been declared with
+    ///                  mbedtls_ccm_set_lengths().
+    /// \param tag       The buffer for holding the tag. If \p tag_len is greater
+    ///                  than zero, this must be a writable buffer of at least \p
+    ///                  tag_len Bytes.
+    /// \param tag_len   The length of the tag. Must match the tag length passed to
+    ///                  mbedtls_ccm_set_lengths() function.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_CCM_BAD_INPUT on failure:
+    ///                  \p ctx is in an invalid state,
+    ///                  invalid value of \p tag_len,
+    ///                  the total amount of additional data passed to
+    ///                  mbedtls_ccm_update_ad() was lower than the total length of
+    ///                  additional data \c total_ad_len passed to
+    ///                  mbedtls_ccm_set_lengths(),
+    ///                  the total amount of input data passed to
+    ///                  mbedtls_ccm_update() was lower than the plaintext length
+    ///                  \c plaintext_len passed to mbedtls_ccm_set_lengths().
+    pub fn mbedtls_ccm_finish(
+        ctx: *mut mbedtls_ccm_context,
+        tag: *mut crate::c_types::c_uchar,
+        tag_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          The CCM checkup routine.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_ccm_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_poly1305_context {
+    pub private_r: [u32; 4usize],
+    pub private_s: [u32; 4usize],
+    pub private_acc: [u32; 5usize],
+    pub private_queue: [u8; 16usize],
+    pub private_queue_len: usize,
+}
+extern "C" {
+    /// \brief           This function initializes the specified Poly1305 context.
+    ///
+    ///                  It must be the first API called before using
+    ///                  the context.
+    ///
+    ///                  It is usually followed by a call to
+    ///                  \c mbedtls_poly1305_starts(), then one or more calls to
+    ///                  \c mbedtls_poly1305_update(), then one call to
+    ///                  \c mbedtls_poly1305_finish(), then finally
+    ///                  \c mbedtls_poly1305_free().
+    ///
+    /// \param ctx       The Poly1305 context to initialize. This must
+    ///                  not be \c NULL.
+    pub fn mbedtls_poly1305_init(ctx: *mut mbedtls_poly1305_context);
+}
+extern "C" {
+    /// \brief           This function releases and clears the specified
+    ///                  Poly1305 context.
+    ///
+    /// \param ctx       The Poly1305 context to clear. This may be \c NULL, in which
+    ///                  case this function is a no-op. If it is not \c NULL, it must
+    ///                  point to an initialized Poly1305 context.
+    pub fn mbedtls_poly1305_free(ctx: *mut mbedtls_poly1305_context);
+}
+extern "C" {
+    /// \brief           This function sets the one-time authentication key.
+    ///
+    /// \warning         The key must be unique and unpredictable for each
+    ///                  invocation of Poly1305.
+    ///
+    /// \param ctx       The Poly1305 context to which the key should be bound.
+    ///                  This must be initialized.
+    /// \param key       The buffer containing the \c 32 Byte (\c 256 Bit) key.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_poly1305_starts(
+        ctx: *mut mbedtls_poly1305_context,
+        key: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This functions feeds an input buffer into an ongoing
+    ///                  Poly1305 computation.
+    ///
+    ///                  It is called between \c mbedtls_cipher_poly1305_starts() and
+    ///                  \c mbedtls_cipher_poly1305_finish().
+    ///                  It can be called repeatedly to process a stream of data.
+    ///
+    /// \param ctx       The Poly1305 context to use for the Poly1305 operation.
+    ///                  This must be initialized and bound to a key.
+    /// \param ilen      The length of the input data in Bytes.
+    ///                  Any value is accepted.
+    /// \param input     The buffer holding the input data.
+    ///                  This pointer can be \c NULL if `ilen == 0`.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_poly1305_update(
+        ctx: *mut mbedtls_poly1305_context,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function generates the Poly1305 Message
+    ///                  Authentication Code (MAC).
+    ///
+    /// \param ctx       The Poly1305 context to use for the Poly1305 operation.
+    ///                  This must be initialized and bound to a key.
+    /// \param mac       The buffer to where the MAC is written. This must
+    ///                  be a writable buffer of length \c 16 Bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_poly1305_finish(
+        ctx: *mut mbedtls_poly1305_context,
+        mac: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function calculates the Poly1305 MAC of the input
+    ///                  buffer with the provided key.
+    ///
+    /// \warning         The key must be unique and unpredictable for each
+    ///                  invocation of Poly1305.
+    ///
+    /// \param key       The buffer containing the \c 32 Byte (\c 256 Bit) key.
+    /// \param ilen      The length of the input data in Bytes.
+    ///                  Any value is accepted.
+    /// \param input     The buffer holding the input data.
+    ///                  This pointer can be \c NULL if `ilen == 0`.
+    /// \param mac       The buffer to where the MAC is written. This must be
+    ///                  a writable buffer of length \c 16 Bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_poly1305_mac(
+        key: *const crate::c_types::c_uchar,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        mac: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           The Poly1305 checkup routine.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          \c 1 on failure.
+    pub fn mbedtls_poly1305_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+///< The mode value for performing encryption.
+pub const mbedtls_chachapoly_mode_t_MBEDTLS_CHACHAPOLY_ENCRYPT: mbedtls_chachapoly_mode_t = 0;
+///< The mode value for performing decryption.
+pub const mbedtls_chachapoly_mode_t_MBEDTLS_CHACHAPOLY_DECRYPT: mbedtls_chachapoly_mode_t = 1;
+pub type mbedtls_chachapoly_mode_t = crate::c_types::c_uint;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_chacha20_context {
+    pub private_state: [u32; 16usize],
+    pub private_keystream8: [u8; 64usize],
+    pub private_keystream_bytes_used: usize,
+}
+extern "C" {
+    /// \brief           This function initializes the specified ChaCha20 context.
+    ///
+    ///                  It must be the first API called before using
+    ///                  the context.
+    ///
+    ///                  It is usually followed by calls to
+    ///                  \c mbedtls_chacha20_setkey() and
+    ///                  \c mbedtls_chacha20_starts(), then one or more calls to
+    ///                  to \c mbedtls_chacha20_update(), and finally to
+    ///                  \c mbedtls_chacha20_free().
+    ///
+    /// \param ctx       The ChaCha20 context to initialize.
+    ///                  This must not be \c NULL.
+    pub fn mbedtls_chacha20_init(ctx: *mut mbedtls_chacha20_context);
+}
+extern "C" {
+    /// \brief           This function releases and clears the specified
+    ///                  ChaCha20 context.
+    ///
+    /// \param ctx       The ChaCha20 context to clear. This may be \c NULL,
+    ///                  in which case this function is a no-op. If it is not
+    ///                  \c NULL, it must point to an initialized context.
+    pub fn mbedtls_chacha20_free(ctx: *mut mbedtls_chacha20_context);
+}
+extern "C" {
+    /// \brief           This function sets the encryption/decryption key.
+    ///
+    /// \note            After using this function, you must also call
+    ///                  \c mbedtls_chacha20_starts() to set a nonce before you
+    ///                  start encrypting/decrypting data with
+    ///                  \c mbedtls_chacha_update().
+    ///
+    /// \param ctx       The ChaCha20 context to which the key should be bound.
+    ///                  It must be initialized.
+    /// \param key       The encryption/decryption key. This must be \c 32 Bytes
+    ///                  in length.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or key is NULL.
+    pub fn mbedtls_chacha20_setkey(
+        ctx: *mut mbedtls_chacha20_context,
+        key: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function sets the nonce and initial counter value.
+    ///
+    /// \note            A ChaCha20 context can be re-used with the same key by
+    ///                  calling this function to change the nonce.
+    ///
+    /// \warning         You must never use the same nonce twice with the same key.
+    ///                  This would void any confidentiality guarantees for the
+    ///                  messages encrypted with the same nonce and key.
+    ///
+    /// \param ctx       The ChaCha20 context to which the nonce should be bound.
+    ///                  It must be initialized and bound to a key.
+    /// \param nonce     The nonce. This must be \c 12 Bytes in size.
+    /// \param counter   The initial counter value. This is usually \c 0.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or nonce is
+    ///                  NULL.
+    pub fn mbedtls_chacha20_starts(
+        ctx: *mut mbedtls_chacha20_context,
+        nonce: *const crate::c_types::c_uchar,
+        counter: u32,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function encrypts or decrypts data.
+    ///
+    ///                  Since ChaCha20 is a stream cipher, the same operation is
+    ///                  used for encrypting and decrypting data.
+    ///
+    /// \note            The \p input and \p output pointers must either be equal or
+    ///                  point to non-overlapping buffers.
+    ///
+    /// \note            \c mbedtls_chacha20_setkey() and
+    ///                  \c mbedtls_chacha20_starts() must be called at least once
+    ///                  to setup the context before this function can be called.
+    ///
+    /// \note            This function can be called multiple times in a row in
+    ///                  order to encrypt of decrypt data piecewise with the same
+    ///                  key and nonce.
+    ///
+    /// \param ctx       The ChaCha20 context to use for encryption or decryption.
+    ///                  It must be initialized and bound to a key and nonce.
+    /// \param size      The length of the input data in Bytes.
+    /// \param input     The buffer holding the input data.
+    ///                  This pointer can be \c NULL if `size == 0`.
+    /// \param output    The buffer holding the output data.
+    ///                  This must be able to hold \p size Bytes.
+    ///                  This pointer can be \c NULL if `size == 0`.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_chacha20_update(
+        ctx: *mut mbedtls_chacha20_context,
+        size: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function encrypts or decrypts data with ChaCha20 and
+    ///                  the given key and nonce.
+    ///
+    ///                  Since ChaCha20 is a stream cipher, the same operation is
+    ///                  used for encrypting and decrypting data.
+    ///
+    /// \warning         You must never use the same (key, nonce) pair more than
+    ///                  once. This would void any confidentiality guarantees for
+    ///                  the messages encrypted with the same nonce and key.
+    ///
+    /// \note            The \p input and \p output pointers must either be equal or
+    ///                  point to non-overlapping buffers.
+    ///
+    /// \param key       The encryption/decryption key.
+    ///                  This must be \c 32 Bytes in length.
+    /// \param nonce     The nonce. This must be \c 12 Bytes in size.
+    /// \param counter   The initial counter value. This is usually \c 0.
+    /// \param size      The length of the input data in Bytes.
+    /// \param input     The buffer holding the input data.
+    ///                  This pointer can be \c NULL if `size == 0`.
+    /// \param output    The buffer holding the output data.
+    ///                  This must be able to hold \p size Bytes.
+    ///                  This pointer can be \c NULL if `size == 0`.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_chacha20_crypt(
+        key: *const crate::c_types::c_uchar,
+        nonce: *const crate::c_types::c_uchar,
+        counter: u32,
+        size: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           The ChaCha20 checkup routine.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          \c 1 on failure.
+    pub fn mbedtls_chacha20_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_chachapoly_context {
+    pub private_chacha20_ctx: mbedtls_chacha20_context,
+    pub private_poly1305_ctx: mbedtls_poly1305_context,
+    pub private_aad_len: u64,
+    pub private_ciphertext_len: u64,
+    pub private_state: crate::c_types::c_int,
+    pub private_mode: mbedtls_chachapoly_mode_t,
+}
+extern "C" {
+    /// \brief           This function initializes the specified ChaCha20-Poly1305 context.
+    ///
+    ///                  It must be the first API called before using
+    ///                  the context. It must be followed by a call to
+    ///                  \c mbedtls_chachapoly_setkey() before any operation can be
+    ///                  done, and to \c mbedtls_chachapoly_free() once all
+    ///                  operations with that context have been finished.
+    ///
+    ///                  In order to encrypt or decrypt full messages at once, for
+    ///                  each message you should make a single call to
+    ///                  \c mbedtls_chachapoly_crypt_and_tag() or
+    ///                  \c mbedtls_chachapoly_auth_decrypt().
+    ///
+    ///                  In order to encrypt messages piecewise, for each
+    ///                  message you should make a call to
+    ///                  \c mbedtls_chachapoly_starts(), then 0 or more calls to
+    ///                  \c mbedtls_chachapoly_update_aad(), then 0 or more calls to
+    ///                  \c mbedtls_chachapoly_update(), then one call to
+    ///                  \c mbedtls_chachapoly_finish().
+    ///
+    /// \warning         Decryption with the piecewise API is discouraged! Always
+    ///                  use \c mbedtls_chachapoly_auth_decrypt() when possible!
+    ///
+    ///                  If however this is not possible because the data is too
+    ///                  large to fit in memory, you need to:
+    ///
+    ///                  - call \c mbedtls_chachapoly_starts() and (if needed)
+    ///                  \c mbedtls_chachapoly_update_aad() as above,
+    ///                  - call \c mbedtls_chachapoly_update() multiple times and
+    ///                  ensure its output (the plaintext) is NOT used in any other
+    ///                  way than placing it in temporary storage at this point,
+    ///                  - call \c mbedtls_chachapoly_finish() to compute the
+    ///                  authentication tag and compared it in constant time to the
+    ///                  tag received with the ciphertext.
+    ///
+    ///                  If the tags are not equal, you must immediately discard
+    ///                  all previous outputs of \c mbedtls_chachapoly_update(),
+    ///                  otherwise you can now safely use the plaintext.
+    ///
+    /// \param ctx       The ChachaPoly context to initialize. Must not be \c NULL.
+    pub fn mbedtls_chachapoly_init(ctx: *mut mbedtls_chachapoly_context);
+}
+extern "C" {
+    /// \brief           This function releases and clears the specified
+    ///                  ChaCha20-Poly1305 context.
+    ///
+    /// \param ctx       The ChachaPoly context to clear. This may be \c NULL, in which
+    ///                  case this function is a no-op.
+    pub fn mbedtls_chachapoly_free(ctx: *mut mbedtls_chachapoly_context);
+}
+extern "C" {
+    /// \brief           This function sets the ChaCha20-Poly1305
+    ///                  symmetric encryption key.
+    ///
+    /// \param ctx       The ChaCha20-Poly1305 context to which the key should be
+    ///                  bound. This must be initialized.
+    /// \param key       The \c 256 Bit (\c 32 Bytes) key.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_chachapoly_setkey(
+        ctx: *mut mbedtls_chachapoly_context,
+        key: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function starts a ChaCha20-Poly1305 encryption or
+    ///                  decryption operation.
+    ///
+    /// \warning         You must never use the same nonce twice with the same key.
+    ///                  This would void any confidentiality and authenticity
+    ///                  guarantees for the messages encrypted with the same nonce
+    ///                  and key.
+    ///
+    /// \note            If the context is being used for AAD only (no data to
+    ///                  encrypt or decrypt) then \p mode can be set to any value.
+    ///
+    /// \warning         Decryption with the piecewise API is discouraged, see the
+    ///                  warning on \c mbedtls_chachapoly_init().
+    ///
+    /// \param ctx       The ChaCha20-Poly1305 context. This must be initialized
+    ///                  and bound to a key.
+    /// \param nonce     The nonce/IV to use for the message.
+    ///                  This must be a readable buffer of length \c 12 Bytes.
+    /// \param mode      The operation to perform: #MBEDTLS_CHACHAPOLY_ENCRYPT or
+    ///                  #MBEDTLS_CHACHAPOLY_DECRYPT (discouraged, see warning).
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_chachapoly_starts(
+        ctx: *mut mbedtls_chachapoly_context,
+        nonce: *const crate::c_types::c_uchar,
+        mode: mbedtls_chachapoly_mode_t,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function feeds additional data to be authenticated
+    ///                  into an ongoing ChaCha20-Poly1305 operation.
+    ///
+    ///                  The Additional Authenticated Data (AAD), also called
+    ///                  Associated Data (AD) is only authenticated but not
+    ///                  encrypted nor included in the encrypted output. It is
+    ///                  usually transmitted separately from the ciphertext or
+    ///                  computed locally by each party.
+    ///
+    /// \note            This function is called before data is encrypted/decrypted.
+    ///                  I.e. call this function to process the AAD before calling
+    ///                  \c mbedtls_chachapoly_update().
+    ///
+    ///                  You may call this function multiple times to process
+    ///                  an arbitrary amount of AAD. It is permitted to call
+    ///                  this function 0 times, if no AAD is used.
+    ///
+    ///                  This function cannot be called any more if data has
+    ///                  been processed by \c mbedtls_chachapoly_update(),
+    ///                  or if the context has been finished.
+    ///
+    /// \warning         Decryption with the piecewise API is discouraged, see the
+    ///                  warning on \c mbedtls_chachapoly_init().
+    ///
+    /// \param ctx       The ChaCha20-Poly1305 context. This must be initialized
+    ///                  and bound to a key.
+    /// \param aad_len   The length in Bytes of the AAD. The length has no
+    ///                  restrictions.
+    /// \param aad       Buffer containing the AAD.
+    ///                  This pointer can be \c NULL if `aad_len == 0`.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
+    ///                  if \p ctx or \p aad are NULL.
+    /// \return          #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE
+    ///                  if the operations has not been started or has been
+    ///                  finished, or if the AAD has been finished.
+    pub fn mbedtls_chachapoly_update_aad(
+        ctx: *mut mbedtls_chachapoly_context,
+        aad: *const crate::c_types::c_uchar,
+        aad_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Thus function feeds data to be encrypted or decrypted
+    ///                  into an on-going ChaCha20-Poly1305
+    ///                  operation.
+    ///
+    ///                  The direction (encryption or decryption) depends on the
+    ///                  mode that was given when calling
+    ///                  \c mbedtls_chachapoly_starts().
+    ///
+    ///                  You may call this function multiple times to process
+    ///                  an arbitrary amount of data. It is permitted to call
+    ///                  this function 0 times, if no data is to be encrypted
+    ///                  or decrypted.
+    ///
+    /// \warning         Decryption with the piecewise API is discouraged, see the
+    ///                  warning on \c mbedtls_chachapoly_init().
+    ///
+    /// \param ctx       The ChaCha20-Poly1305 context to use. This must be initialized.
+    /// \param len       The length (in bytes) of the data to encrypt or decrypt.
+    /// \param input     The buffer containing the data to encrypt or decrypt.
+    ///                  This pointer can be \c NULL if `len == 0`.
+    /// \param output    The buffer to where the encrypted or decrypted data is
+    ///                  written. This must be able to hold \p len bytes.
+    ///                  This pointer can be \c NULL if `len == 0`.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE
+    ///                  if the operation has not been started or has been
+    ///                  finished.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_chachapoly_update(
+        ctx: *mut mbedtls_chachapoly_context,
+        len: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function finished the ChaCha20-Poly1305 operation and
+    ///                  generates the MAC (authentication tag).
+    ///
+    /// \param ctx       The ChaCha20-Poly1305 context to use. This must be initialized.
+    /// \param mac       The buffer to where the 128-bit (16 bytes) MAC is written.
+    ///
+    /// \warning         Decryption with the piecewise API is discouraged, see the
+    ///                  warning on \c mbedtls_chachapoly_init().
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE
+    ///                  if the operation has not been started or has been
+    ///                  finished.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_chachapoly_finish(
+        ctx: *mut mbedtls_chachapoly_context,
+        mac: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function performs a complete ChaCha20-Poly1305
+    ///                  authenticated encryption with the previously-set key.
+    ///
+    /// \note            Before using this function, you must set the key with
+    ///                  \c mbedtls_chachapoly_setkey().
+    ///
+    /// \warning         You must never use the same nonce twice with the same key.
+    ///                  This would void any confidentiality and authenticity
+    ///                  guarantees for the messages encrypted with the same nonce
+    ///                  and key.
+    ///
+    /// \param ctx       The ChaCha20-Poly1305 context to use (holds the key).
+    ///                  This must be initialized.
+    /// \param length    The length (in bytes) of the data to encrypt or decrypt.
+    /// \param nonce     The 96-bit (12 bytes) nonce/IV to use.
+    /// \param aad       The buffer containing the additional authenticated
+    ///                  data (AAD). This pointer can be \c NULL if `aad_len == 0`.
+    /// \param aad_len   The length (in bytes) of the AAD data to process.
+    /// \param input     The buffer containing the data to encrypt or decrypt.
+    ///                  This pointer can be \c NULL if `ilen == 0`.
+    /// \param output    The buffer to where the encrypted or decrypted data
+    ///                  is written. This pointer can be \c NULL if `ilen == 0`.
+    /// \param tag       The buffer to where the computed 128-bit (16 bytes) MAC
+    ///                  is written. This must not be \c NULL.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_chachapoly_encrypt_and_tag(
+        ctx: *mut mbedtls_chachapoly_context,
+        length: usize,
+        nonce: *const crate::c_types::c_uchar,
+        aad: *const crate::c_types::c_uchar,
+        aad_len: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+        tag: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function performs a complete ChaCha20-Poly1305
+    ///                  authenticated decryption with the previously-set key.
+    ///
+    /// \note            Before using this function, you must set the key with
+    ///                  \c mbedtls_chachapoly_setkey().
+    ///
+    /// \param ctx       The ChaCha20-Poly1305 context to use (holds the key).
+    /// \param length    The length (in Bytes) of the data to decrypt.
+    /// \param nonce     The \c 96 Bit (\c 12 bytes) nonce/IV to use.
+    /// \param aad       The buffer containing the additional authenticated data (AAD).
+    ///                  This pointer can be \c NULL if `aad_len == 0`.
+    /// \param aad_len   The length (in bytes) of the AAD data to process.
+    /// \param tag       The buffer holding the authentication tag.
+    ///                  This must be a readable buffer of length \c 16 Bytes.
+    /// \param input     The buffer containing the data to decrypt.
+    ///                  This pointer can be \c NULL if `ilen == 0`.
+    /// \param output    The buffer to where the decrypted data is written.
+    ///                  This pointer can be \c NULL if `ilen == 0`.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED
+    ///                  if the data was not authentic.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_chachapoly_auth_decrypt(
+        ctx: *mut mbedtls_chachapoly_context,
+        length: usize,
+        nonce: *const crate::c_types::c_uchar,
+        aad: *const crate::c_types::c_uchar,
+        aad_len: usize,
+        tag: *const crate::c_types::c_uchar,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           The ChaCha20-Poly1305 checkup routine.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          \c 1 on failure.
+    pub fn mbedtls_chachapoly_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+pub const psa_encrypt_or_decrypt_t_PSA_CRYPTO_DRIVER_DECRYPT: psa_encrypt_or_decrypt_t = 0;
+pub const psa_encrypt_or_decrypt_t_PSA_CRYPTO_DRIVER_ENCRYPT: psa_encrypt_or_decrypt_t = 1;
+/// For encrypt-decrypt functions, whether the operation is an encryption
+/// or a decryption.
+pub type psa_encrypt_or_decrypt_t = crate::c_types::c_uint;
+/// \brief          MD5 context structure
+///
+/// \warning        MD5 is considered a weak message digest and its use
+///                 constitutes a security risk. We recommend considering
+///                 stronger message digests instead.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_md5_context {
+    pub private_total: [u32; 2usize],
+    pub private_state: [u32; 4usize],
+    pub private_buffer: [crate::c_types::c_uchar; 64usize],
+}
+extern "C" {
+    /// \brief          Initialize MD5 context
+    ///
+    /// \param ctx      MD5 context to be initialized
+    ///
+    /// \warning        MD5 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    pub fn mbedtls_md5_init(ctx: *mut mbedtls_md5_context);
+}
+extern "C" {
+    /// \brief          Clear MD5 context
+    ///
+    /// \param ctx      MD5 context to be cleared
+    ///
+    /// \warning        MD5 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    pub fn mbedtls_md5_free(ctx: *mut mbedtls_md5_context);
+}
+extern "C" {
+    /// \brief          Clone (the state of) an MD5 context
+    ///
+    /// \param dst      The destination context
+    /// \param src      The context to be cloned
+    ///
+    /// \warning        MD5 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    pub fn mbedtls_md5_clone(dst: *mut mbedtls_md5_context, src: *const mbedtls_md5_context);
+}
+extern "C" {
+    /// \brief          MD5 context setup
+    ///
+    /// \param ctx      context to be initialized
+    ///
+    /// \return         0 if successful
+    ///
+    /// \warning        MD5 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    pub fn mbedtls_md5_starts(ctx: *mut mbedtls_md5_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          MD5 process buffer
+    ///
+    /// \param ctx      MD5 context
+    /// \param input    buffer holding the data
+    /// \param ilen     length of the input data
+    ///
+    /// \return         0 if successful
+    ///
+    /// \warning        MD5 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    pub fn mbedtls_md5_update(
+        ctx: *mut mbedtls_md5_context,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          MD5 final digest
+    ///
+    /// \param ctx      MD5 context
+    /// \param output   MD5 checksum result
+    ///
+    /// \return         0 if successful
+    ///
+    /// \warning        MD5 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    pub fn mbedtls_md5_finish(
+        ctx: *mut mbedtls_md5_context,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          MD5 process data block (internal use only)
+    ///
+    /// \param ctx      MD5 context
+    /// \param data     buffer holding one block of data
+    ///
+    /// \return         0 if successful
+    ///
+    /// \warning        MD5 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    pub fn mbedtls_internal_md5_process(
+        ctx: *mut mbedtls_md5_context,
+        data: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Output = MD5( input buffer )
+    ///
+    /// \param input    buffer holding the data
+    /// \param ilen     length of the input data
+    /// \param output   MD5 checksum result
+    ///
+    /// \return         0 if successful
+    ///
+    /// \warning        MD5 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    pub fn mbedtls_md5(
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Checkup routine
+    ///
+    /// \return         0 if successful, or 1 if the test failed
+    ///
+    /// \warning        MD5 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    pub fn mbedtls_md5_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+/// \brief          RIPEMD-160 context structure
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ripemd160_context {
+    pub private_total: [u32; 2usize],
+    pub private_state: [u32; 5usize],
+    pub private_buffer: [crate::c_types::c_uchar; 64usize],
+}
+extern "C" {
+    /// \brief          Initialize RIPEMD-160 context
+    ///
+    /// \param ctx      RIPEMD-160 context to be initialized
+    pub fn mbedtls_ripemd160_init(ctx: *mut mbedtls_ripemd160_context);
+}
+extern "C" {
+    /// \brief          Clear RIPEMD-160 context
+    ///
+    /// \param ctx      RIPEMD-160 context to be cleared
+    pub fn mbedtls_ripemd160_free(ctx: *mut mbedtls_ripemd160_context);
+}
+extern "C" {
+    /// \brief          Clone (the state of) a RIPEMD-160 context
+    ///
+    /// \param dst      The destination context
+    /// \param src      The context to be cloned
+    pub fn mbedtls_ripemd160_clone(
+        dst: *mut mbedtls_ripemd160_context,
+        src: *const mbedtls_ripemd160_context,
+    );
+}
+extern "C" {
+    /// \brief          RIPEMD-160 context setup
+    ///
+    /// \param ctx      context to be initialized
+    ///
+    /// \return         0 if successful
+    pub fn mbedtls_ripemd160_starts(ctx: *mut mbedtls_ripemd160_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          RIPEMD-160 process buffer
+    ///
+    /// \param ctx      RIPEMD-160 context
+    /// \param input    buffer holding the data
+    /// \param ilen     length of the input data
+    ///
+    /// \return         0 if successful
+    pub fn mbedtls_ripemd160_update(
+        ctx: *mut mbedtls_ripemd160_context,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          RIPEMD-160 final digest
+    ///
+    /// \param ctx      RIPEMD-160 context
+    /// \param output   RIPEMD-160 checksum result
+    ///
+    /// \return         0 if successful
+    pub fn mbedtls_ripemd160_finish(
+        ctx: *mut mbedtls_ripemd160_context,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          RIPEMD-160 process data block (internal use only)
+    ///
+    /// \param ctx      RIPEMD-160 context
+    /// \param data     buffer holding one block of data
+    ///
+    /// \return         0 if successful
+    pub fn mbedtls_internal_ripemd160_process(
+        ctx: *mut mbedtls_ripemd160_context,
+        data: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Output = RIPEMD-160( input buffer )
+    ///
+    /// \param input    buffer holding the data
+    /// \param ilen     length of the input data
+    /// \param output   RIPEMD-160 checksum result
+    ///
+    /// \return         0 if successful
+    pub fn mbedtls_ripemd160(
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Checkup routine
+    ///
+    /// \return         0 if successful, or 1 if the test failed
+    pub fn mbedtls_ripemd160_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+/// \brief          The SHA-1 context structure.
+///
+/// \warning        SHA-1 is considered a weak message digest and its use
+///                 constitutes a security risk. We recommend considering
+///                 stronger message digests instead.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_sha1_context {
+    pub private_total: [u32; 2usize],
+    pub private_state: [u32; 5usize],
+    pub private_buffer: [crate::c_types::c_uchar; 64usize],
+}
+extern "C" {
+    /// \brief          This function initializes a SHA-1 context.
+    ///
+    /// \warning        SHA-1 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    ///
+    /// \param ctx      The SHA-1 context to initialize.
+    ///                 This must not be \c NULL.
+    pub fn mbedtls_sha1_init(ctx: *mut mbedtls_sha1_context);
+}
+extern "C" {
+    /// \brief          This function clears a SHA-1 context.
+    ///
+    /// \warning        SHA-1 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    ///
+    /// \param ctx      The SHA-1 context to clear. This may be \c NULL,
+    ///                 in which case this function does nothing. If it is
+    ///                 not \c NULL, it must point to an initialized
+    ///                 SHA-1 context.
+    pub fn mbedtls_sha1_free(ctx: *mut mbedtls_sha1_context);
+}
+extern "C" {
+    /// \brief          This function clones the state of a SHA-1 context.
+    ///
+    /// \warning        SHA-1 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    ///
+    /// \param dst      The SHA-1 context to clone to. This must be initialized.
+    /// \param src      The SHA-1 context to clone from. This must be initialized.
+    pub fn mbedtls_sha1_clone(dst: *mut mbedtls_sha1_context, src: *const mbedtls_sha1_context);
+}
+extern "C" {
+    /// \brief          This function starts a SHA-1 checksum calculation.
+    ///
+    /// \warning        SHA-1 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    ///
+    /// \param ctx      The SHA-1 context to initialize. This must be initialized.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha1_starts(ctx: *mut mbedtls_sha1_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function feeds an input buffer into an ongoing SHA-1
+    ///                 checksum calculation.
+    ///
+    /// \warning        SHA-1 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    ///
+    /// \param ctx      The SHA-1 context. This must be initialized
+    ///                 and have a hash operation started.
+    /// \param input    The buffer holding the input data.
+    ///                 This must be a readable buffer of length \p ilen Bytes.
+    /// \param ilen     The length of the input data \p input in Bytes.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha1_update(
+        ctx: *mut mbedtls_sha1_context,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function finishes the SHA-1 operation, and writes
+    ///                 the result to the output buffer.
+    ///
+    /// \warning        SHA-1 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    ///
+    /// \param ctx      The SHA-1 context to use. This must be initialized and
+    ///                 have a hash operation started.
+    /// \param output   The SHA-1 checksum result. This must be a writable
+    ///                 buffer of length \c 20 Bytes.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha1_finish(
+        ctx: *mut mbedtls_sha1_context,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          SHA-1 process data block (internal use only).
+    ///
+    /// \warning        SHA-1 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    ///
+    /// \param ctx      The SHA-1 context to use. This must be initialized.
+    /// \param data     The data block being processed. This must be a
+    ///                 readable buffer of length \c 64 Bytes.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_internal_sha1_process(
+        ctx: *mut mbedtls_sha1_context,
+        data: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function calculates the SHA-1 checksum of a buffer.
+    ///
+    ///                 The function allocates the context, performs the
+    ///                 calculation, and frees the context.
+    ///
+    ///                 The SHA-1 result is calculated as
+    ///                 output = SHA-1(input buffer).
+    ///
+    /// \warning        SHA-1 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    ///
+    /// \param input    The buffer holding the input data.
+    ///                 This must be a readable buffer of length \p ilen Bytes.
+    /// \param ilen     The length of the input data \p input in Bytes.
+    /// \param output   The SHA-1 checksum result.
+    ///                 This must be a writable buffer of length \c 20 Bytes.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha1(
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          The SHA-1 checkup routine.
+    ///
+    /// \warning        SHA-1 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_sha1_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+/// \brief          The SHA-256 context structure.
+///
+///                 The structure is used both for SHA-256 and for SHA-224
+///                 checksum calculations. The choice between these two is
+///                 made in the call to mbedtls_sha256_starts().
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_sha256_context {
+    pub private_total: [u32; 2usize],
+    pub private_state: [u32; 8usize],
+    pub private_buffer: [crate::c_types::c_uchar; 64usize],
+    pub private_is224: crate::c_types::c_int,
+}
+extern "C" {
+    /// \brief          This function initializes a SHA-256 context.
+    ///
+    /// \param ctx      The SHA-256 context to initialize. This must not be \c NULL.
+    pub fn mbedtls_sha256_init(ctx: *mut mbedtls_sha256_context);
+}
+extern "C" {
+    /// \brief          This function clears a SHA-256 context.
+    ///
+    /// \param ctx      The SHA-256 context to clear. This may be \c NULL, in which
+    ///                 case this function returns immediately. If it is not \c NULL,
+    ///                 it must point to an initialized SHA-256 context.
+    pub fn mbedtls_sha256_free(ctx: *mut mbedtls_sha256_context);
+}
+extern "C" {
+    /// \brief          This function clones the state of a SHA-256 context.
+    ///
+    /// \param dst      The destination context. This must be initialized.
+    /// \param src      The context to clone. This must be initialized.
+    pub fn mbedtls_sha256_clone(
+        dst: *mut mbedtls_sha256_context,
+        src: *const mbedtls_sha256_context,
+    );
+}
+extern "C" {
+    /// \brief          This function starts a SHA-224 or SHA-256 checksum
+    ///                 calculation.
+    ///
+    /// \param ctx      The context to use. This must be initialized.
+    /// \param is224    This determines which function to use. This must be
+    ///                 either \c 0 for SHA-256, or \c 1 for SHA-224.
+    ///
+    /// \note           is224 must be defined accordingly to the enabled
+    ///                 MBEDTLS_SHA224_C/MBEDTLS_SHA256_C symbols otherwise the
+    ///                 function will return #MBEDTLS_ERR_SHA512_BAD_INPUT_DATA.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha256_starts(
+        ctx: *mut mbedtls_sha256_context,
+        is224: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function feeds an input buffer into an ongoing
+    ///                 SHA-256 checksum calculation.
+    ///
+    /// \param ctx      The SHA-256 context. This must be initialized
+    ///                 and have a hash operation started.
+    /// \param input    The buffer holding the data. This must be a readable
+    ///                 buffer of length \p ilen Bytes.
+    /// \param ilen     The length of the input data in Bytes.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha256_update(
+        ctx: *mut mbedtls_sha256_context,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function finishes the SHA-256 operation, and writes
+    ///                 the result to the output buffer.
+    ///
+    /// \param ctx      The SHA-256 context. This must be initialized
+    ///                 and have a hash operation started.
+    /// \param output   The SHA-224 or SHA-256 checksum result.
+    ///                 This must be a writable buffer of length \c 32 bytes
+    ///                 for SHA-256, \c 28 bytes for SHA-224.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha256_finish(
+        ctx: *mut mbedtls_sha256_context,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function processes a single data block within
+    ///                 the ongoing SHA-256 computation. This function is for
+    ///                 internal use only.
+    ///
+    /// \param ctx      The SHA-256 context. This must be initialized.
+    /// \param data     The buffer holding one block of data. This must
+    ///                 be a readable buffer of length \c 64 Bytes.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_internal_sha256_process(
+        ctx: *mut mbedtls_sha256_context,
+        data: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function calculates the SHA-224 or SHA-256
+    ///                 checksum of a buffer.
+    ///
+    ///                 The function allocates the context, performs the
+    ///                 calculation, and frees the context.
+    ///
+    ///                 The SHA-256 result is calculated as
+    ///                 output = SHA-256(input buffer).
+    ///
+    /// \param input    The buffer holding the data. This must be a readable
+    ///                 buffer of length \p ilen Bytes.
+    /// \param ilen     The length of the input data in Bytes.
+    /// \param output   The SHA-224 or SHA-256 checksum result.
+    ///                 This must be a writable buffer of length \c 32 bytes
+    ///                 for SHA-256, \c 28 bytes for SHA-224.
+    /// \param is224    Determines which function to use. This must be
+    ///                 either \c 0 for SHA-256, or \c 1 for SHA-224.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha256(
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+        is224: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          The SHA-224 checkup routine.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_sha224_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          The SHA-256 checkup routine.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_sha256_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+/// \brief          The SHA-512 context structure.
+///
+///                 The structure is used both for SHA-384 and for SHA-512
+///                 checksum calculations. The choice between these two is
+///                 made in the call to mbedtls_sha512_starts().
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_sha512_context {
+    pub private_total: [u64; 2usize],
+    pub private_state: [u64; 8usize],
+    pub private_buffer: [crate::c_types::c_uchar; 128usize],
+    pub private_is384: crate::c_types::c_int,
+}
+extern "C" {
+    /// \brief          This function initializes a SHA-512 context.
+    ///
+    /// \param ctx      The SHA-512 context to initialize. This must
+    ///                 not be \c NULL.
+    pub fn mbedtls_sha512_init(ctx: *mut mbedtls_sha512_context);
+}
+extern "C" {
+    /// \brief          This function clears a SHA-512 context.
+    ///
+    /// \param ctx      The SHA-512 context to clear. This may be \c NULL,
+    ///                 in which case this function does nothing. If it
+    ///                 is not \c NULL, it must point to an initialized
+    ///                 SHA-512 context.
+    pub fn mbedtls_sha512_free(ctx: *mut mbedtls_sha512_context);
+}
+extern "C" {
+    /// \brief          This function clones the state of a SHA-512 context.
+    ///
+    /// \param dst      The destination context. This must be initialized.
+    /// \param src      The context to clone. This must be initialized.
+    pub fn mbedtls_sha512_clone(
+        dst: *mut mbedtls_sha512_context,
+        src: *const mbedtls_sha512_context,
+    );
+}
+extern "C" {
+    /// \brief          This function starts a SHA-384 or SHA-512 checksum
+    ///                 calculation.
+    ///
+    /// \param ctx      The SHA-512 context to use. This must be initialized.
+    /// \param is384    Determines which function to use. This must be
+    ///                 either \c 0 for SHA-512, or \c 1 for SHA-384.
+    ///
+    /// \note           is384 must be defined accordingly to the enabled
+    ///                 MBEDTLS_SHA384_C/MBEDTLS_SHA512_C symbols otherwise the
+    ///                 function will return #MBEDTLS_ERR_SHA512_BAD_INPUT_DATA.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha512_starts(
+        ctx: *mut mbedtls_sha512_context,
+        is384: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function feeds an input buffer into an ongoing
+    ///                 SHA-512 checksum calculation.
+    ///
+    /// \param ctx      The SHA-512 context. This must be initialized
+    ///                 and have a hash operation started.
+    /// \param input    The buffer holding the input data. This must
+    ///                 be a readable buffer of length \p ilen Bytes.
+    /// \param ilen     The length of the input data in Bytes.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha512_update(
+        ctx: *mut mbedtls_sha512_context,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function finishes the SHA-512 operation, and writes
+    ///                 the result to the output buffer.
+    ///
+    /// \param ctx      The SHA-512 context. This must be initialized
+    ///                 and have a hash operation started.
+    /// \param output   The SHA-384 or SHA-512 checksum result.
+    ///                 This must be a writable buffer of length \c 64 bytes
+    ///                 for SHA-512, \c 48 bytes for SHA-384.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha512_finish(
+        ctx: *mut mbedtls_sha512_context,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function processes a single data block within
+    ///                 the ongoing SHA-512 computation.
+    ///                 This function is for internal use only.
+    ///
+    /// \param ctx      The SHA-512 context. This must be initialized.
+    /// \param data     The buffer holding one block of data. This
+    ///                 must be a readable buffer of length \c 128 Bytes.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_internal_sha512_process(
+        ctx: *mut mbedtls_sha512_context,
+        data: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function calculates the SHA-512 or SHA-384
+    ///                 checksum of a buffer.
+    ///
+    ///                 The function allocates the context, performs the
+    ///                 calculation, and frees the context.
+    ///
+    ///                 The SHA-512 result is calculated as
+    ///                 output = SHA-512(input buffer).
+    ///
+    /// \param input    The buffer holding the input data. This must be
+    ///                 a readable buffer of length \p ilen Bytes.
+    /// \param ilen     The length of the input data in Bytes.
+    /// \param output   The SHA-384 or SHA-512 checksum result.
+    ///                 This must be a writable buffer of length \c 64 bytes
+    ///                 for SHA-512, \c 48 bytes for SHA-384.
+    /// \param is384    Determines which function to use. This must be either
+    ///                 \c 0 for SHA-512, or \c 1 for SHA-384.
+    ///
+    /// \note           is384 must be defined accordingly with the supported
+    ///                 symbols in the config file. If:
+    ///                 - is384 is 0, but \c MBEDTLS_SHA384_C is not defined, or
+    ///                 - is384 is 1, but \c MBEDTLS_SHA512_C is not defined
+    ///                 then the function will return
+    ///                 #MBEDTLS_ERR_SHA512_BAD_INPUT_DATA.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha512(
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+        is384: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          The SHA-384 checkup routine.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_sha384_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          The SHA-512 checkup routine.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_sha512_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_psa_hash_operation_t {
+    pub private_alg: psa_algorithm_t,
+    pub private_ctx: mbedtls_psa_hash_operation_t__bindgen_ty_1,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union mbedtls_psa_hash_operation_t__bindgen_ty_1 {
+    pub dummy: crate::c_types::c_uint,
+    pub md5: mbedtls_md5_context,
+    pub ripemd160: mbedtls_ripemd160_context,
+    pub sha1: mbedtls_sha1_context,
+    pub sha256: mbedtls_sha256_context,
+    pub sha512: mbedtls_sha512_context,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_psa_cipher_operation_t {
+    pub private_alg: psa_algorithm_t,
+    pub private_iv_length: u8,
+    pub private_block_length: u8,
+    pub private_ctx: mbedtls_psa_cipher_operation_t__bindgen_ty_1,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union mbedtls_psa_cipher_operation_t__bindgen_ty_1 {
+    pub private_dummy: crate::c_types::c_uint,
+    pub private_cipher: mbedtls_cipher_context_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union psa_driver_hash_context_t {
+    pub dummy: crate::c_types::c_uint,
+    pub mbedtls_ctx: mbedtls_psa_hash_operation_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union psa_driver_cipher_context_t {
+    pub dummy: crate::c_types::c_uint,
+    pub mbedtls_ctx: mbedtls_psa_cipher_operation_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_hash_operation_s {
+    pub private_id: crate::c_types::c_uint,
+    pub private_ctx: psa_driver_hash_context_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_cipher_operation_s {
+    pub private_id: crate::c_types::c_uint,
+    pub _bitfield_align_1: [u8; 0],
+    pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>,
+    pub private_default_iv_length: u8,
+    pub private_ctx: psa_driver_cipher_context_t,
+}
+impl psa_cipher_operation_s {
+    #[inline]
+    pub fn private_iv_required(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_iv_required(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(0usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn private_iv_set(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_iv_set(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(1usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn new_bitfield_1(
+        private_iv_required: crate::c_types::c_uint,
+        private_iv_set: crate::c_types::c_uint,
+    ) -> __BindgenBitfieldUnit<[u8; 1usize]> {
+        let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default();
+        __bindgen_bitfield_unit.set(0usize, 1u8, {
+            let private_iv_required: u32 = unsafe { ::core::mem::transmute(private_iv_required) };
+            private_iv_required as u64
+        });
+        __bindgen_bitfield_unit.set(1usize, 1u8, {
+            let private_iv_set: u32 = unsafe { ::core::mem::transmute(private_iv_set) };
+            private_iv_set as u64
+        });
+        __bindgen_bitfield_unit
+    }
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_psa_hmac_operation_t {
+    pub private_alg: psa_algorithm_t,
+    /// The hash context.
+    pub hash_ctx: psa_hash_operation_s,
+    pub private_opad: [u8; 128usize],
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_psa_mac_operation_t {
+    pub private_alg: psa_algorithm_t,
+    pub private_ctx: mbedtls_psa_mac_operation_t__bindgen_ty_1,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union mbedtls_psa_mac_operation_t__bindgen_ty_1 {
+    pub private_dummy: crate::c_types::c_uint,
+    pub private_hmac: mbedtls_psa_hmac_operation_t,
+    pub private_cmac: mbedtls_cipher_context_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_psa_aead_operation_t {
+    pub private_alg: psa_algorithm_t,
+    pub private_key_type: psa_key_type_t,
+    pub _bitfield_align_1: [u8; 0],
+    pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>,
+    pub private_tag_length: u8,
+    pub ctx: mbedtls_psa_aead_operation_t__bindgen_ty_1,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union mbedtls_psa_aead_operation_t__bindgen_ty_1 {
+    pub dummy: crate::c_types::c_uint,
+    pub private_ccm: mbedtls_ccm_context,
+    pub private_gcm: mbedtls_gcm_context,
+    pub private_chachapoly: mbedtls_chachapoly_context,
+}
+impl mbedtls_psa_aead_operation_t {
+    #[inline]
+    pub fn private_is_encrypt(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_is_encrypt(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(0usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn new_bitfield_1(
+        private_is_encrypt: crate::c_types::c_uint,
+    ) -> __BindgenBitfieldUnit<[u8; 1usize]> {
+        let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default();
+        __bindgen_bitfield_unit.set(0usize, 1u8, {
+            let private_is_encrypt: u32 = unsafe { ::core::mem::transmute(private_is_encrypt) };
+            private_is_encrypt as u64
+        });
+        __bindgen_bitfield_unit
+    }
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_psa_sign_hash_interruptible_operation_t {
+    pub private_dummy: crate::c_types::c_uint,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_psa_verify_hash_interruptible_operation_t {
+    pub private_dummy: crate::c_types::c_uint,
+}
+///< Client
+pub const mbedtls_ecjpake_role_MBEDTLS_ECJPAKE_CLIENT: mbedtls_ecjpake_role = 0;
+///< Server
+pub const mbedtls_ecjpake_role_MBEDTLS_ECJPAKE_SERVER: mbedtls_ecjpake_role = 1;
+/// Roles in the EC J-PAKE exchange
+pub type mbedtls_ecjpake_role = crate::c_types::c_uint;
+/// EC J-PAKE context structure.
+///
+/// J-PAKE is a symmetric protocol, except for the identifiers used in
+/// Zero-Knowledge Proofs, and the serialization of the second message
+/// (KeyExchange) as defined by the Thread spec.
+///
+/// In order to benefit from this symmetry, we choose a different naming
+/// convention from the Thread v1.0 spec. Correspondence is indicated in the
+/// description as a pair C: client name, S: server name
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ecjpake_context {
+    pub private_md_type: mbedtls_md_type_t,
+    pub private_grp: mbedtls_ecp_group,
+    pub private_role: mbedtls_ecjpake_role,
+    pub private_point_format: crate::c_types::c_int,
+    pub private_Xm1: mbedtls_ecp_point,
+    pub private_Xm2: mbedtls_ecp_point,
+    pub private_Xp1: mbedtls_ecp_point,
+    pub private_Xp2: mbedtls_ecp_point,
+    pub private_Xp: mbedtls_ecp_point,
+    pub private_xm1: mbedtls_mpi,
+    pub private_xm2: mbedtls_mpi,
+    pub private_s: mbedtls_mpi,
+}
+extern "C" {
+    /// \brief           Initialize an ECJPAKE context.
+    ///
+    /// \param ctx       The ECJPAKE context to initialize.
+    ///                  This must not be \c NULL.
+    pub fn mbedtls_ecjpake_init(ctx: *mut mbedtls_ecjpake_context);
+}
+extern "C" {
+    /// \brief           Set up an ECJPAKE context for use.
+    ///
+    /// \note            Currently the only values for hash/curve allowed by the
+    ///                  standard are #MBEDTLS_MD_SHA256/#MBEDTLS_ECP_DP_SECP256R1.
+    ///
+    /// \param ctx       The ECJPAKE context to set up. This must be initialized.
+    /// \param role      The role of the caller. This must be either
+    ///                  #MBEDTLS_ECJPAKE_CLIENT or #MBEDTLS_ECJPAKE_SERVER.
+    /// \param hash      The identifier of the hash function to use,
+    ///                  for example #MBEDTLS_MD_SHA256.
+    /// \param curve     The identifier of the elliptic curve to use,
+    ///                  for example #MBEDTLS_ECP_DP_SECP256R1.
+    /// \param secret    The pre-shared secret (passphrase). This must be
+    ///                  a readable not empty buffer of length \p len Bytes. It need
+    ///                  only be valid for the duration of this call.
+    /// \param len       The length of the pre-shared secret \p secret.
+    ///
+    /// \return          \c 0 if successful.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_ecjpake_setup(
+        ctx: *mut mbedtls_ecjpake_context,
+        role: mbedtls_ecjpake_role,
+        hash: mbedtls_md_type_t,
+        curve: mbedtls_ecp_group_id,
+        secret: *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               Set the point format for future reads and writes.
+    ///
+    /// \param ctx           The ECJPAKE context to configure.
+    /// \param point_format  The point format to use:
+    ///                      #MBEDTLS_ECP_PF_UNCOMPRESSED (default)
+    ///                      or #MBEDTLS_ECP_PF_COMPRESSED.
+    ///
+    /// \return              \c 0 if successful.
+    /// \return              #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if \p point_format
+    ///                      is invalid.
+    pub fn mbedtls_ecjpake_set_point_format(
+        ctx: *mut mbedtls_ecjpake_context,
+        point_format: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Check if an ECJPAKE context is ready for use.
+    ///
+    /// \param ctx       The ECJPAKE context to check. This must be
+    ///                  initialized.
+    ///
+    /// \return          \c 0 if the context is ready for use.
+    /// \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA otherwise.
+    pub fn mbedtls_ecjpake_check(ctx: *const mbedtls_ecjpake_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Generate and write the first round message
+    ///                  (TLS: contents of the Client/ServerHello extension,
+    ///                  excluding extension type and length bytes).
+    ///
+    /// \param ctx       The ECJPAKE context to use. This must be
+    ///                  initialized and set up.
+    /// \param buf       The buffer to write the contents to. This must be a
+    ///                  writable buffer of length \p len Bytes.
+    /// \param len       The length of \p buf in Bytes.
+    /// \param olen      The address at which to store the total number
+    ///                  of Bytes written to \p buf. This must not be \c NULL.
+    /// \param f_rng     The RNG function to use. This must not be \c NULL.
+    /// \param p_rng     The RNG parameter to be passed to \p f_rng. This
+    ///                  may be \c NULL if \p f_rng doesn't use a context.
+    ///
+    /// \return          \c 0 if successful.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_ecjpake_write_round_one(
+        ctx: *mut mbedtls_ecjpake_context,
+        buf: *mut crate::c_types::c_uchar,
+        len: usize,
+        olen: *mut usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Read and process the first round message
+    ///                  (TLS: contents of the Client/ServerHello extension,
+    ///                  excluding extension type and length bytes).
+    ///
+    /// \param ctx       The ECJPAKE context to use. This must be initialized
+    ///                  and set up.
+    /// \param buf       The buffer holding the first round message. This must
+    ///                  be a readable buffer of length \p len Bytes.
+    /// \param len       The length in Bytes of \p buf.
+    ///
+    /// \return          \c 0 if successful.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_ecjpake_read_round_one(
+        ctx: *mut mbedtls_ecjpake_context,
+        buf: *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Generate and write the second round message
+    ///                  (TLS: contents of the Client/ServerKeyExchange).
+    ///
+    /// \param ctx       The ECJPAKE context to use. This must be initialized,
+    ///                  set up, and already have performed round one.
+    /// \param buf       The buffer to write the round two contents to.
+    ///                  This must be a writable buffer of length \p len Bytes.
+    /// \param len       The size of \p buf in Bytes.
+    /// \param olen      The address at which to store the total number of Bytes
+    ///                  written to \p buf. This must not be \c NULL.
+    /// \param f_rng     The RNG function to use. This must not be \c NULL.
+    /// \param p_rng     The RNG parameter to be passed to \p f_rng. This
+    ///                  may be \c NULL if \p f_rng doesn't use a context.
+    ///
+    /// \return          \c 0 if successful.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_ecjpake_write_round_two(
+        ctx: *mut mbedtls_ecjpake_context,
+        buf: *mut crate::c_types::c_uchar,
+        len: usize,
+        olen: *mut usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Read and process the second round message
+    ///                  (TLS: contents of the Client/ServerKeyExchange).
+    ///
+    /// \param ctx       The ECJPAKE context to use. This must be initialized
+    ///                  and set up and already have performed round one.
+    /// \param buf       The buffer holding the second round message. This must
+    ///                  be a readable buffer of length \p len Bytes.
+    /// \param len       The length in Bytes of \p buf.
+    ///
+    /// \return          \c 0 if successful.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_ecjpake_read_round_two(
+        ctx: *mut mbedtls_ecjpake_context,
+        buf: *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Derive the shared secret
+    ///                  (TLS: Pre-Master Secret).
+    ///
+    /// \param ctx       The ECJPAKE context to use. This must be initialized,
+    ///                  set up and have performed both round one and two.
+    /// \param buf       The buffer to write the derived secret to. This must
+    ///                  be a writable buffer of length \p len Bytes.
+    /// \param len       The length of \p buf in Bytes.
+    /// \param olen      The address at which to store the total number of Bytes
+    ///                  written to \p buf. This must not be \c NULL.
+    /// \param f_rng     The RNG function to use. This must not be \c NULL.
+    /// \param p_rng     The RNG parameter to be passed to \p f_rng. This
+    ///                  may be \c NULL if \p f_rng doesn't use a context.
+    ///
+    /// \return          \c 0 if successful.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_ecjpake_derive_secret(
+        ctx: *mut mbedtls_ecjpake_context,
+        buf: *mut crate::c_types::c_uchar,
+        len: usize,
+        olen: *mut usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Write the shared key material to be passed to a Key
+    ///                  Derivation Function as described in RFC8236.
+    ///
+    /// \param ctx       The ECJPAKE context to use. This must be initialized,
+    ///                  set up and have performed both round one and two.
+    /// \param buf       The buffer to write the derived secret to. This must
+    ///                  be a writable buffer of length \p len Bytes.
+    /// \param len       The length of \p buf in Bytes.
+    /// \param olen      The address at which to store the total number of bytes
+    ///                  written to \p buf. This must not be \c NULL.
+    /// \param f_rng     The RNG function to use. This must not be \c NULL.
+    /// \param p_rng     The RNG parameter to be passed to \p f_rng. This
+    ///                  may be \c NULL if \p f_rng doesn't use a context.
+    ///
+    /// \return          \c 0 if successful.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_ecjpake_write_shared_key(
+        ctx: *mut mbedtls_ecjpake_context,
+        buf: *mut crate::c_types::c_uchar,
+        len: usize,
+        olen: *mut usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This clears an ECJPAKE context and frees any
+    ///                  embedded data structure.
+    ///
+    /// \param ctx       The ECJPAKE context to free. This may be \c NULL,
+    ///                  in which case this function does nothing. If it is not
+    ///                  \c NULL, it must point to an initialized ECJPAKE context.
+    pub fn mbedtls_ecjpake_free(ctx: *mut mbedtls_ecjpake_context);
+}
+extern "C" {
+    /// \brief          Checkup routine
+    ///
+    /// \return         0 if successful, or 1 if a test failed
+    pub fn mbedtls_ecjpake_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_psa_pake_operation_t {
+    pub private_alg: psa_algorithm_t,
+    pub private_password: *mut u8,
+    pub private_password_len: usize,
+    pub private_role: u8,
+    pub private_buffer: [u8; 336usize],
+    pub private_buffer_length: usize,
+    pub private_buffer_offset: usize,
+    pub private_ctx: mbedtls_psa_pake_operation_t__bindgen_ty_1,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union mbedtls_psa_pake_operation_t__bindgen_ty_1 {
+    pub private_dummy: crate::c_types::c_uint,
+    pub private_jpake: mbedtls_ecjpake_context,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union psa_driver_mac_context_t {
+    pub dummy: crate::c_types::c_uint,
+    pub mbedtls_ctx: mbedtls_psa_mac_operation_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union psa_driver_aead_context_t {
+    pub dummy: crate::c_types::c_uint,
+    pub mbedtls_ctx: mbedtls_psa_aead_operation_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union psa_driver_sign_hash_interruptible_context_t {
+    pub dummy: crate::c_types::c_uint,
+    pub mbedtls_ctx: mbedtls_psa_sign_hash_interruptible_operation_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union psa_driver_verify_hash_interruptible_context_t {
+    pub dummy: crate::c_types::c_uint,
+    pub mbedtls_ctx: mbedtls_psa_verify_hash_interruptible_operation_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union psa_driver_pake_context_t {
+    pub dummy: crate::c_types::c_uint,
+    pub mbedtls_ctx: mbedtls_psa_pake_operation_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_mac_operation_s {
+    pub private_id: crate::c_types::c_uint,
+    pub private_mac_size: u8,
+    pub _bitfield_align_1: [u8; 0],
+    pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>,
+    pub private_ctx: psa_driver_mac_context_t,
+}
+impl psa_mac_operation_s {
+    #[inline]
+    pub fn private_is_sign(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_is_sign(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(0usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn new_bitfield_1(
+        private_is_sign: crate::c_types::c_uint,
+    ) -> __BindgenBitfieldUnit<[u8; 1usize]> {
+        let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default();
+        __bindgen_bitfield_unit.set(0usize, 1u8, {
+            let private_is_sign: u32 = unsafe { ::core::mem::transmute(private_is_sign) };
+            private_is_sign as u64
+        });
+        __bindgen_bitfield_unit
+    }
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_aead_operation_s {
+    pub private_id: crate::c_types::c_uint,
+    pub private_alg: psa_algorithm_t,
+    pub private_key_type: psa_key_type_t,
+    pub private_ad_remaining: usize,
+    pub private_body_remaining: usize,
+    pub _bitfield_align_1: [u8; 0],
+    pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>,
+    pub private_ctx: psa_driver_aead_context_t,
+}
+impl psa_aead_operation_s {
+    #[inline]
+    pub fn private_nonce_set(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_nonce_set(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(0usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn private_lengths_set(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_lengths_set(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(1usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn private_ad_started(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_ad_started(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(2usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn private_body_started(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_body_started(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(3usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn private_is_encrypt(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_is_encrypt(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(4usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn new_bitfield_1(
+        private_nonce_set: crate::c_types::c_uint,
+        private_lengths_set: crate::c_types::c_uint,
+        private_ad_started: crate::c_types::c_uint,
+        private_body_started: crate::c_types::c_uint,
+        private_is_encrypt: crate::c_types::c_uint,
+    ) -> __BindgenBitfieldUnit<[u8; 1usize]> {
+        let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default();
+        __bindgen_bitfield_unit.set(0usize, 1u8, {
+            let private_nonce_set: u32 = unsafe { ::core::mem::transmute(private_nonce_set) };
+            private_nonce_set as u64
+        });
+        __bindgen_bitfield_unit.set(1usize, 1u8, {
+            let private_lengths_set: u32 = unsafe { ::core::mem::transmute(private_lengths_set) };
+            private_lengths_set as u64
+        });
+        __bindgen_bitfield_unit.set(2usize, 1u8, {
+            let private_ad_started: u32 = unsafe { ::core::mem::transmute(private_ad_started) };
+            private_ad_started as u64
+        });
+        __bindgen_bitfield_unit.set(3usize, 1u8, {
+            let private_body_started: u32 = unsafe { ::core::mem::transmute(private_body_started) };
+            private_body_started as u64
+        });
+        __bindgen_bitfield_unit.set(4usize, 1u8, {
+            let private_is_encrypt: u32 = unsafe { ::core::mem::transmute(private_is_encrypt) };
+            private_is_encrypt as u64
+        });
+        __bindgen_bitfield_unit
+    }
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_hkdf_key_derivation_t {
+    pub private_info: *mut u8,
+    pub private_info_length: usize,
+    pub private_offset_in_block: u8,
+    pub private_block_number: u8,
+    pub _bitfield_align_1: [u8; 0],
+    pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>,
+    pub private_output_block: [u8; 64usize],
+    pub private_prk: [u8; 64usize],
+    pub private_hmac: psa_mac_operation_s,
+}
+impl psa_hkdf_key_derivation_t {
+    #[inline]
+    pub fn private_state(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 2u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_state(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(0usize, 2u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn private_info_set(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_info_set(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(2usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn new_bitfield_1(
+        private_state: crate::c_types::c_uint,
+        private_info_set: crate::c_types::c_uint,
+    ) -> __BindgenBitfieldUnit<[u8; 1usize]> {
+        let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default();
+        __bindgen_bitfield_unit.set(0usize, 2u8, {
+            let private_state: u32 = unsafe { ::core::mem::transmute(private_state) };
+            private_state as u64
+        });
+        __bindgen_bitfield_unit.set(2usize, 1u8, {
+            let private_info_set: u32 = unsafe { ::core::mem::transmute(private_info_set) };
+            private_info_set as u64
+        });
+        __bindgen_bitfield_unit
+    }
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_tls12_ecjpake_to_pms_t {
+    pub private_data: [u8; 32usize],
+}
+pub const psa_tls12_prf_key_derivation_state_t_PSA_TLS12_PRF_STATE_INIT:
+    psa_tls12_prf_key_derivation_state_t = 0;
+pub const psa_tls12_prf_key_derivation_state_t_PSA_TLS12_PRF_STATE_SEED_SET:
+    psa_tls12_prf_key_derivation_state_t = 1;
+pub const psa_tls12_prf_key_derivation_state_t_PSA_TLS12_PRF_STATE_OTHER_KEY_SET:
+    psa_tls12_prf_key_derivation_state_t = 2;
+pub const psa_tls12_prf_key_derivation_state_t_PSA_TLS12_PRF_STATE_KEY_SET:
+    psa_tls12_prf_key_derivation_state_t = 3;
+pub const psa_tls12_prf_key_derivation_state_t_PSA_TLS12_PRF_STATE_LABEL_SET:
+    psa_tls12_prf_key_derivation_state_t = 4;
+pub const psa_tls12_prf_key_derivation_state_t_PSA_TLS12_PRF_STATE_OUTPUT:
+    psa_tls12_prf_key_derivation_state_t = 5;
+pub type psa_tls12_prf_key_derivation_state_t = crate::c_types::c_uint;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_tls12_prf_key_derivation_s {
+    pub private_left_in_block: u8,
+    pub private_block_number: u8,
+    pub private_state: psa_tls12_prf_key_derivation_state_t,
+    pub private_secret: *mut u8,
+    pub private_secret_length: usize,
+    pub private_seed: *mut u8,
+    pub private_seed_length: usize,
+    pub private_label: *mut u8,
+    pub private_label_length: usize,
+    pub private_other_secret: *mut u8,
+    pub private_other_secret_length: usize,
+    pub private_Ai: [u8; 64usize],
+    pub private_output_block: [u8; 64usize],
+}
+pub type psa_tls12_prf_key_derivation_t = psa_tls12_prf_key_derivation_s;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_key_derivation_s {
+    pub private_alg: psa_algorithm_t,
+    pub _bitfield_align_1: [u8; 0],
+    pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>,
+    pub private_capacity: usize,
+    pub private_ctx: psa_key_derivation_s__bindgen_ty_1,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union psa_key_derivation_s__bindgen_ty_1 {
+    pub private_dummy: u8,
+    pub private_hkdf: psa_hkdf_key_derivation_t,
+    pub private_tls12_prf: psa_tls12_prf_key_derivation_t,
+    pub private_tls12_ecjpake_to_pms: psa_tls12_ecjpake_to_pms_t,
+}
+impl psa_key_derivation_s {
+    #[inline]
+    pub fn private_can_output_key(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_can_output_key(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(0usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn new_bitfield_1(
+        private_can_output_key: crate::c_types::c_uint,
+    ) -> __BindgenBitfieldUnit<[u8; 1usize]> {
+        let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default();
+        __bindgen_bitfield_unit.set(0usize, 1u8, {
+            let private_can_output_key: u32 =
+                unsafe { ::core::mem::transmute(private_can_output_key) };
+            private_can_output_key as u64
+        });
+        __bindgen_bitfield_unit
+    }
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_key_policy_s {
+    pub private_usage: psa_key_usage_t,
+    pub private_alg: psa_algorithm_t,
+    pub private_alg2: psa_algorithm_t,
+}
+pub type psa_key_policy_t = psa_key_policy_s;
+pub type psa_key_bits_t = u16;
+/// A mask of flags that can be stored in key attributes.
+///
+/// This type is also used internally to store flags in slots. Internal
+/// flags are defined in library/psa_crypto_core.h. Internal flags may have
+/// the same value as external flags if they are properly handled during
+/// key creation and in psa_get_key_attributes.
+pub type psa_key_attributes_flag_t = u16;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_core_key_attributes_t {
+    pub private_type: psa_key_type_t,
+    pub private_bits: psa_key_bits_t,
+    pub private_lifetime: psa_key_lifetime_t,
+    pub private_id: mbedtls_svc_key_id_t,
+    pub private_policy: psa_key_policy_t,
+    pub private_flags: psa_key_attributes_flag_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_key_attributes_s {
+    pub private_core: psa_core_key_attributes_t,
+    pub private_domain_parameters: *mut crate::c_types::c_void,
+    pub private_domain_parameters_size: usize,
+}
+extern "C" {
+    /// \brief Set domain parameters for a key.
+    ///
+    /// Some key types require additional domain parameters in addition to
+    /// the key type identifier and the key size. Use this function instead
+    /// of psa_set_key_type() when you need to specify domain parameters.
+    ///
+    /// The format for the required domain parameters varies based on the key type.
+    ///
+    /// - For RSA keys (#PSA_KEY_TYPE_RSA_PUBLIC_KEY or #PSA_KEY_TYPE_RSA_KEY_PAIR),
+    ///   the domain parameter data consists of the public exponent,
+    ///   represented as a big-endian integer with no leading zeros.
+    ///   This information is used when generating an RSA key pair.
+    ///   When importing a key, the public exponent is read from the imported
+    ///   key data and the exponent recorded in the attribute structure is ignored.
+    ///   As an exception, the public exponent 65537 is represented by an empty
+    ///   byte string.
+    /// - For DSA keys (#PSA_KEY_TYPE_DSA_PUBLIC_KEY or #PSA_KEY_TYPE_DSA_KEY_PAIR),
+    ///   the `Dss-Params` format as defined by RFC 3279 &sect;2.3.2.
+    ///   ```
+    ///   Dss-Params ::= SEQUENCE  {
+    ///      p       INTEGER,
+    ///      q       INTEGER,
+    ///      g       INTEGER
+    ///   }
+    ///   ```
+    /// - For Diffie-Hellman key exchange keys
+    ///   (#PSA_KEY_TYPE_DH_PUBLIC_KEY(#PSA_DH_FAMILY_CUSTOM) or
+    ///   #PSA_KEY_TYPE_DH_KEY_PAIR(#PSA_DH_FAMILY_CUSTOM)), the
+    ///   `DomainParameters` format as defined by RFC 3279 &sect;2.3.3.
+    ///   ```
+    ///   DomainParameters ::= SEQUENCE {
+    ///      p               INTEGER,                    -- odd prime, p=jq +1
+    ///      g               INTEGER,                    -- generator, g
+    ///      q               INTEGER,                    -- factor of p-1
+    ///      j               INTEGER OPTIONAL,           -- subgroup factor
+    ///      validationParams ValidationParams OPTIONAL
+    ///   }
+    ///   ValidationParams ::= SEQUENCE {
+    ///      seed            BIT STRING,
+    ///      pgenCounter     INTEGER
+    ///   }
+    ///   ```
+    ///
+    /// \note This function may allocate memory or other resources.
+    ///       Once you have called this function on an attribute structure,
+    ///       you must call psa_reset_key_attributes() to free these resources.
+    ///
+    /// \note This is an experimental extension to the interface. It may change
+    ///       in future versions of the library.
+    ///
+    /// \param[in,out] attributes    Attribute structure where the specified domain
+    ///                              parameters will be stored.
+    ///                              If this function fails, the content of
+    ///                              \p attributes is not modified.
+    /// \param type                  Key type (a \c PSA_KEY_TYPE_XXX value).
+    /// \param[in] data              Buffer containing the key domain parameters.
+    ///                              The content of this buffer is interpreted
+    ///                              according to \p type as described above.
+    /// \param data_length           Size of the \p data buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    pub fn psa_set_key_domain_parameters(
+        attributes: *mut psa_key_attributes_t,
+        type_: psa_key_type_t,
+        data: *const u8,
+        data_length: usize,
+    ) -> psa_status_t;
+}
+/// \brief The context for PSA interruptible hash signing.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_sign_hash_interruptible_operation_s {
+    pub private_id: crate::c_types::c_uint,
+    pub private_ctx: psa_driver_sign_hash_interruptible_context_t,
+    pub _bitfield_align_1: [u8; 0],
+    pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>,
+    pub private_num_ops: u32,
+}
+impl psa_sign_hash_interruptible_operation_s {
+    #[inline]
+    pub fn private_error_occurred(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_error_occurred(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(0usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn new_bitfield_1(
+        private_error_occurred: crate::c_types::c_uint,
+    ) -> __BindgenBitfieldUnit<[u8; 1usize]> {
+        let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default();
+        __bindgen_bitfield_unit.set(0usize, 1u8, {
+            let private_error_occurred: u32 =
+                unsafe { ::core::mem::transmute(private_error_occurred) };
+            private_error_occurred as u64
+        });
+        __bindgen_bitfield_unit
+    }
+}
+/// \brief The context for PSA interruptible hash verification.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_verify_hash_interruptible_operation_s {
+    pub private_id: crate::c_types::c_uint,
+    pub private_ctx: psa_driver_verify_hash_interruptible_context_t,
+    pub _bitfield_align_1: [u8; 0],
+    pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>,
+    pub private_num_ops: u32,
+}
+impl psa_verify_hash_interruptible_operation_s {
+    #[inline]
+    pub fn private_error_occurred(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_error_occurred(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(0usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn new_bitfield_1(
+        private_error_occurred: crate::c_types::c_uint,
+    ) -> __BindgenBitfieldUnit<[u8; 1usize]> {
+        let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default();
+        __bindgen_bitfield_unit.set(0usize, 1u8, {
+            let private_error_occurred: u32 =
+                unsafe { ::core::mem::transmute(private_error_occurred) };
+            private_error_occurred as u64
+        });
+        __bindgen_bitfield_unit
+    }
+}
+pub type psa_key_handle_t = mbedtls_svc_key_id_t;
+extern "C" {
+    /// Open a handle to an existing persistent key.
+    ///
+    /// Open a handle to a persistent key. A key is persistent if it was created
+    /// with a lifetime other than #PSA_KEY_LIFETIME_VOLATILE. A persistent key
+    /// always has a nonzero key identifier, set with psa_set_key_id() when
+    /// creating the key. Implementations may provide additional pre-provisioned
+    /// keys that can be opened with psa_open_key(). Such keys have an application
+    /// key identifier in the vendor range, as documented in the description of
+    /// #psa_key_id_t.
+    ///
+    /// The application must eventually close the handle with psa_close_key() or
+    /// psa_destroy_key() to release associated resources. If the application dies
+    /// without calling one of these functions, the implementation should perform
+    /// the equivalent of a call to psa_close_key().
+    ///
+    /// Some implementations permit an application to open the same key multiple
+    /// times. If this is successful, each call to psa_open_key() will return a
+    /// different key handle.
+    ///
+    /// \note This API is not part of the PSA Cryptography API Release 1.0.0
+    /// specification. It was defined in the 1.0 Beta 3 version of the
+    /// specification but was removed in the 1.0.0 released version. This API is
+    /// kept for the time being to not break applications relying on it. It is not
+    /// deprecated yet but will be in the near future.
+    ///
+    /// \note Applications that rely on opening a key multiple times will not be
+    /// portable to implementations that only permit a single key handle to be
+    /// opened. See also :ref:\`key-handles\`.
+    ///
+    ///
+    /// \param key           The persistent identifier of the key.
+    /// \param[out] handle   On success, a handle to the key.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success. The application can now use the value of `*handle`
+    ///         to access the key.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+    ///         The implementation does not have sufficient resources to open the
+    ///         key. This can be due to reaching an implementation limit on the
+    ///         number of open keys, the number of open key handles, or available
+    ///         memory.
+    /// \retval #PSA_ERROR_DOES_NOT_EXIST
+    ///         There is no persistent key with key identifier \p key.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not a valid persistent key identifier.
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The specified key exists, but the application does not have the
+    ///         permission to access it. Note that this specification does not
+    ///         define any way to create such a key, but it may be possible
+    ///         through implementation-specific means.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_open_key(key: mbedtls_svc_key_id_t, handle: *mut psa_key_handle_t) -> psa_status_t;
+}
+extern "C" {
+    /// Close a key handle.
+    ///
+    /// If the handle designates a volatile key, this will destroy the key material
+    /// and free all associated resources, just like psa_destroy_key().
+    ///
+    /// If this is the last open handle to a persistent key, then closing the handle
+    /// will free all resources associated with the key in volatile memory. The key
+    /// data in persistent storage is not affected and can be opened again later
+    /// with a call to psa_open_key().
+    ///
+    /// Closing the key handle makes the handle invalid, and the key handle
+    /// must not be used again by the application.
+    ///
+    /// \note This API is not part of the PSA Cryptography API Release 1.0.0
+    /// specification. It was defined in the 1.0 Beta 3 version of the
+    /// specification but was removed in the 1.0.0 released version. This API is
+    /// kept for the time being to not break applications relying on it. It is not
+    /// deprecated yet but will be in the near future.
+    ///
+    /// \note If the key handle was used to set up an active
+    /// :ref:\`multipart operation <multipart-operations>\`, then closing the
+    /// key handle can cause the multipart operation to fail. Applications should
+    /// maintain the key handle until after the multipart operation has finished.
+    ///
+    /// \param handle        The key handle to close.
+    ///                      If this is \c 0, do nothing and return \c PSA_SUCCESS.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         \p handle was a valid handle or \c 0. It is now closed.
+    /// \retval #PSA_ERROR_INVALID_HANDLE
+    ///         \p handle is not a valid handle nor \c 0.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_close_key(handle: psa_key_handle_t) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Library deinitialization.
+    ///
+    /// This function clears all data associated with the PSA layer,
+    /// including the whole key store.
+    ///
+    /// This is an Mbed TLS extension.
+    pub fn mbedtls_psa_crypto_free();
+}
+/// \brief Statistics about
+/// resource consumption related to the PSA keystore.
+///
+/// \note The content of this structure is not part of the stable API and ABI
+///       of Mbed Crypto and may change arbitrarily from version to version.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_psa_stats_s {
+    pub private_volatile_slots: usize,
+    pub private_persistent_slots: usize,
+    pub private_external_slots: usize,
+    pub private_half_filled_slots: usize,
+    pub private_cache_slots: usize,
+    pub private_empty_slots: usize,
+    pub private_locked_slots: usize,
+    pub private_max_open_internal_key_id: psa_key_id_t,
+    pub private_max_open_external_key_id: psa_key_id_t,
+}
+/// \brief Statistics about
+/// resource consumption related to the PSA keystore.
+///
+/// \note The content of this structure is not part of the stable API and ABI
+///       of Mbed Crypto and may change arbitrarily from version to version.
+pub type mbedtls_psa_stats_t = mbedtls_psa_stats_s;
+extern "C" {
+    /// \brief Get statistics about
+    /// resource consumption related to the PSA keystore.
+    ///
+    /// \note When Mbed Crypto is built as part of a service, with isolation
+    ///       between the application and the keystore, the service may or
+    ///       may not expose this function.
+    pub fn mbedtls_psa_get_stats(stats: *mut mbedtls_psa_stats_t);
+}
+extern "C" {
+    /// \brief Inject an initial entropy seed for the random generator into
+    ///        secure storage.
+    ///
+    /// This function injects data to be used as a seed for the random generator
+    /// used by the PSA Crypto implementation. On devices that lack a trusted
+    /// entropy source (preferably a hardware random number generator),
+    /// the Mbed PSA Crypto implementation uses this value to seed its
+    /// random generator.
+    ///
+    /// On devices without a trusted entropy source, this function must be
+    /// called exactly once in the lifetime of the device. On devices with
+    /// a trusted entropy source, calling this function is optional.
+    /// In all cases, this function may only be called before calling any
+    /// other function in the PSA Crypto API, including psa_crypto_init().
+    ///
+    /// When this function returns successfully, it populates a file in
+    /// persistent storage. Once the file has been created, this function
+    /// can no longer succeed.
+    ///
+    /// If any error occurs, this function does not change the system state.
+    /// You can call this function again after correcting the reason for the
+    /// error if possible.
+    ///
+    /// \warning This function **can** fail! Callers MUST check the return status.
+    ///
+    /// \warning If you use this function, you should use it as part of a
+    ///          factory provisioning process. The value of the injected seed
+    ///          is critical to the security of the device. It must be
+    ///          *secret*, *unpredictable* and (statistically) *unique per device*.
+    ///          You should be generate it randomly using a cryptographically
+    ///          secure random generator seeded from trusted entropy sources.
+    ///          You should transmit it securely to the device and ensure
+    ///          that its value is not leaked or stored anywhere beyond the
+    ///          needs of transmitting it from the point of generation to
+    ///          the call of this function, and erase all copies of the value
+    ///          once this function returns.
+    ///
+    /// This is an Mbed TLS extension.
+    ///
+    /// \note This function is only available on the following platforms:
+    /// * If the compile-time option MBEDTLS_PSA_INJECT_ENTROPY is enabled.
+    ///   Note that you must provide compatible implementations of
+    ///   mbedtls_nv_seed_read and mbedtls_nv_seed_write.
+    /// * In a client-server integration of PSA Cryptography, on the client side,
+    ///   if the server supports this feature.
+    /// \param[in] seed          Buffer containing the seed value to inject.
+    /// \param[in] seed_size     Size of the \p seed buffer.
+    ///                          The size of the seed in bytes must be greater
+    ///                          or equal to both #MBEDTLS_ENTROPY_BLOCK_SIZE
+    ///                          and the value of \c MBEDTLS_ENTROPY_MIN_PLATFORM
+    ///                          in `library/entropy_poll.h` in the Mbed TLS source
+    ///                          code.
+    ///                          It must be less or equal to
+    ///                          #MBEDTLS_ENTROPY_MAX_SEED_SIZE.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         The seed value was injected successfully. The random generator
+    ///         of the PSA Crypto implementation is now ready for use.
+    ///         You may now call psa_crypto_init() and use the PSA Crypto
+    ///         implementation.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p seed_size is out of range.
+    /// \retval #PSA_ERROR_STORAGE_FAILURE
+    ///         There was a failure reading or writing from storage.
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The library has already been initialized. It is no longer
+    ///         possible to call this function.
+    pub fn mbedtls_psa_inject_entropy(seed: *const u8, seed_size: usize) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Get domain parameters for a key.
+    ///
+    /// Get the domain parameters for a key with this function, if any. The format
+    /// of the domain parameters written to \p data is specified in the
+    /// documentation for psa_set_key_domain_parameters().
+    ///
+    /// \note This is an experimental extension to the interface. It may change
+    ///       in future versions of the library.
+    ///
+    /// \param[in] attributes        The key attribute structure to query.
+    /// \param[out] data             On success, the key domain parameters.
+    /// \param data_size             Size of the \p data buffer in bytes.
+    ///                              The buffer is guaranteed to be large
+    ///                              enough if its size in bytes is at least
+    ///                              the value given by
+    ///                              PSA_KEY_DOMAIN_PARAMETERS_SIZE().
+    /// \param[out] data_length      On success, the number of bytes
+    ///                              that make up the key domain parameters data.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL \emptydescription
+    pub fn psa_get_key_domain_parameters(
+        attributes: *const psa_key_attributes_t,
+        data: *mut u8,
+        data_size: usize,
+        data_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Convert an ECC curve identifier from the PSA encoding to Mbed TLS.
+    ///
+    /// \note This function is provided solely for the convenience of
+    ///       Mbed TLS and may be removed at any time without notice.
+    ///
+    /// \param curve         A PSA elliptic curve identifier
+    ///                      (`PSA_ECC_FAMILY_xxx`).
+    /// \param bits          The bit-length of a private key on \p curve.
+    /// \param bits_is_sloppy If true, \p bits may be the bit-length rounded up
+    ///                      to the nearest multiple of 8. This allows the caller
+    ///                      to infer the exact curve from the length of a key
+    ///                      which is supplied as a byte string.
+    ///
+    /// \return              The corresponding Mbed TLS elliptic curve identifier
+    ///                      (`MBEDTLS_ECP_DP_xxx`).
+    /// \return              #MBEDTLS_ECP_DP_NONE if \c curve is not recognized.
+    /// \return              #MBEDTLS_ECP_DP_NONE if \p bits is not
+    ///                      correct for \p curve.
+    pub fn mbedtls_ecc_group_of_psa(
+        curve: psa_ecc_family_t,
+        bits: usize,
+        bits_is_sloppy: crate::c_types::c_int,
+    ) -> mbedtls_ecp_group_id;
+}
+extern "C" {
+    /// External random generator function, implemented by the platform.
+    ///
+    /// When the compile-time option #MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled,
+    /// this function replaces Mbed TLS's entropy and DRBG modules for all
+    /// random generation triggered via PSA crypto interfaces.
+    ///
+    /// \note This random generator must deliver random numbers with cryptographic
+    ///       quality and high performance. It must supply unpredictable numbers
+    ///       with a uniform distribution. The implementation of this function
+    ///       is responsible for ensuring that the random generator is seeded
+    ///       with sufficient entropy. If you have a hardware TRNG which is slow
+    ///       or delivers non-uniform output, declare it as an entropy source
+    ///       with mbedtls_entropy_add_source() instead of enabling this option.
+    ///
+    /// \param[in,out] context       Pointer to the random generator context.
+    ///                              This is all-bits-zero on the first call
+    ///                              and preserved between successive calls.
+    /// \param[out] output           Output buffer. On success, this buffer
+    ///                              contains random data with a uniform
+    ///                              distribution.
+    /// \param output_size           The size of the \p output buffer in bytes.
+    /// \param[out] output_length    On success, set this value to \p output_size.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success. The output buffer contains \p output_size bytes of
+    ///         cryptographic-quality random data, and \c *output_length is
+    ///         set to \p output_size.
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
+    ///         The random generator requires extra entropy and there is no
+    ///         way to obtain entropy under current environment conditions.
+    ///         This error should not happen under normal circumstances since
+    ///         this function is responsible for obtaining as much entropy as
+    ///         it needs. However implementations of this function may return
+    ///         #PSA_ERROR_INSUFFICIENT_ENTROPY if there is no way to obtain
+    ///         entropy without blocking indefinitely.
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE
+    ///         A failure of the random generator hardware that isn't covered
+    ///         by #PSA_ERROR_INSUFFICIENT_ENTROPY.
+    pub fn mbedtls_psa_external_get_random(
+        context: *mut mbedtls_psa_external_random_context_t,
+        output: *mut u8,
+        output_size: usize,
+        output_length: *mut usize,
+    ) -> psa_status_t;
+}
+/// A slot number identifying a key in a driver.
+///
+/// Values of this type are used to identify built-in keys.
+pub type psa_drv_slot_number_t = u64;
+/// \brief Encoding of the application role of PAKE
+///
+/// Encodes the application's role in the algorithm is being executed. For more
+/// information see the documentation of individual \c PSA_PAKE_ROLE_XXX
+/// constants.
+pub type psa_pake_role_t = u8;
+/// Encoding of input and output indicators for PAKE.
+///
+/// Some PAKE algorithms need to exchange more data than just a single key share.
+/// This type is for encoding additional input and output data for such
+/// algorithms.
+pub type psa_pake_step_t = u8;
+/// Encoding of the type of the PAKE's primitive.
+///
+/// Values defined by this standard will never be in the range 0x80-0xff.
+/// Vendors who define additional types must use an encoding in this range.
+///
+/// For more information see the documentation of individual
+/// \c PSA_PAKE_PRIMITIVE_TYPE_XXX constants.
+pub type psa_pake_primitive_type_t = u8;
+/// \brief Encoding of the family of the primitive associated with the PAKE.
+///
+/// For more information see the documentation of individual
+/// \c PSA_PAKE_PRIMITIVE_TYPE_XXX constants.
+pub type psa_pake_family_t = u8;
+/// \brief Encoding of the primitive associated with the PAKE.
+///
+/// For more information see the documentation of the #PSA_PAKE_PRIMITIVE macro.
+pub type psa_pake_primitive_t = u32;
+/// The type of the data structure for PAKE cipher suites.
+///
+/// This is an implementation-defined \c struct. Applications should not
+/// make any assumptions about the content of this structure.
+/// Implementation details can change in future versions without notice.
+pub type psa_pake_cipher_suite_t = psa_pake_cipher_suite_s;
+/// The type of the state data structure for PAKE operations.
+///
+/// Before calling any function on a PAKE operation object, the application
+/// must initialize it by any of the following means:
+/// - Set the structure to all-bits-zero, for example:
+///   \code
+///   psa_pake_operation_t operation;
+///   memset(&operation, 0, sizeof(operation));
+///   \endcode
+/// - Initialize the structure to logical zero values, for example:
+///   \code
+///   psa_pake_operation_t operation = {0};
+///   \endcode
+/// - Initialize the structure to the initializer #PSA_PAKE_OPERATION_INIT,
+///   for example:
+///   \code
+///   psa_pake_operation_t operation = PSA_PAKE_OPERATION_INIT;
+///   \endcode
+/// - Assign the result of the function psa_pake_operation_init()
+///   to the structure, for example:
+///   \code
+///   psa_pake_operation_t operation;
+///   operation = psa_pake_operation_init();
+///   \endcode
+///
+/// This is an implementation-defined \c struct. Applications should not
+/// make any assumptions about the content of this structure.
+/// Implementation details can change in future versions without notice.
+pub type psa_pake_operation_t = psa_pake_operation_s;
+/// The type of input values for PAKE operations.
+pub type psa_crypto_driver_pake_inputs_t = psa_crypto_driver_pake_inputs_s;
+/// The type of computation stage for J-PAKE operations.
+pub type psa_jpake_computation_stage_t = psa_jpake_computation_stage_s;
+extern "C" {
+    /// Get the length of the password in bytes from given inputs.
+    ///
+    /// \param[in]  inputs           Operation inputs.
+    /// \param[out] password_len     Password length.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         Password hasn't been set yet.
+    pub fn psa_crypto_driver_pake_get_password_len(
+        inputs: *const psa_crypto_driver_pake_inputs_t,
+        password_len: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Get the password from given inputs.
+    ///
+    /// \param[in]  inputs           Operation inputs.
+    /// \param[out] buffer           Return buffer for password.
+    /// \param      buffer_size      Size of the return buffer in bytes.
+    /// \param[out] buffer_length    Actual size of the password in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         Password hasn't been set yet.
+    pub fn psa_crypto_driver_pake_get_password(
+        inputs: *const psa_crypto_driver_pake_inputs_t,
+        buffer: *mut u8,
+        buffer_size: usize,
+        buffer_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Get the role from given inputs.
+    ///
+    /// \param[in]  inputs           Operation inputs.
+    /// \param[out] role             Return buffer for role.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         Role hasn't been set yet.
+    pub fn psa_crypto_driver_pake_get_role(
+        inputs: *const psa_crypto_driver_pake_inputs_t,
+        role: *mut psa_pake_role_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Get the length of the user id in bytes from given inputs.
+    ///
+    /// \param[in]  inputs           Operation inputs.
+    /// \param[out] user_len         User id length.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         User id hasn't been set yet.
+    pub fn psa_crypto_driver_pake_get_user_len(
+        inputs: *const psa_crypto_driver_pake_inputs_t,
+        user_len: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Get the length of the peer id in bytes from given inputs.
+    ///
+    /// \param[in]  inputs           Operation inputs.
+    /// \param[out] peer_len         Peer id length.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         Peer id hasn't been set yet.
+    pub fn psa_crypto_driver_pake_get_peer_len(
+        inputs: *const psa_crypto_driver_pake_inputs_t,
+        peer_len: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Get the user id from given inputs.
+    ///
+    /// \param[in]  inputs           Operation inputs.
+    /// \param[out] user_id          User id.
+    /// \param      user_id_size     Size of \p user_id in bytes.
+    /// \param[out] user_id_len      Size of the user id in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         User id hasn't been set yet.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p user_id is too small.
+    pub fn psa_crypto_driver_pake_get_user(
+        inputs: *const psa_crypto_driver_pake_inputs_t,
+        user_id: *mut u8,
+        user_id_size: usize,
+        user_id_len: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Get the peer id from given inputs.
+    ///
+    /// \param[in]  inputs           Operation inputs.
+    /// \param[out] peer_id          Peer id.
+    /// \param      peer_id_size     Size of \p peer_id in bytes.
+    /// \param[out] peer_id_length   Size of the peer id in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         Peer id hasn't been set yet.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p peer_id is too small.
+    pub fn psa_crypto_driver_pake_get_peer(
+        inputs: *const psa_crypto_driver_pake_inputs_t,
+        peer_id: *mut u8,
+        peer_id_size: usize,
+        peer_id_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Get the cipher suite from given inputs.
+    ///
+    /// \param[in]  inputs           Operation inputs.
+    /// \param[out] cipher_suite     Return buffer for role.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         Cipher_suite hasn't been set yet.
+    pub fn psa_crypto_driver_pake_get_cipher_suite(
+        inputs: *const psa_crypto_driver_pake_inputs_t,
+        cipher_suite: *mut psa_pake_cipher_suite_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Set the session information for a password-authenticated key exchange.
+    ///
+    /// The sequence of operations to set up a password-authenticated key exchange
+    /// is as follows:
+    /// -# Allocate an operation object which will be passed to all the functions
+    ///    listed here.
+    /// -# Initialize the operation object with one of the methods described in the
+    ///    documentation for #psa_pake_operation_t, e.g.
+    ///    #PSA_PAKE_OPERATION_INIT.
+    /// -# Call psa_pake_setup() to specify the cipher suite.
+    /// -# Call \c psa_pake_set_xxx() functions on the operation to complete the
+    ///    setup. The exact sequence of \c psa_pake_set_xxx() functions that needs
+    ///    to be called depends on the algorithm in use.
+    ///
+    /// Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX`
+    /// values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true)
+    /// for more information.
+    ///
+    /// A typical sequence of calls to perform a password-authenticated key
+    /// exchange:
+    /// -# Call psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...) to get the
+    ///    key share that needs to be sent to the peer.
+    /// -# Call psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...) to provide
+    ///    the key share that was received from the peer.
+    /// -# Depending on the algorithm additional calls to psa_pake_output() and
+    ///    psa_pake_input() might be necessary.
+    /// -# Call psa_pake_get_implicit_key() for accessing the shared secret.
+    ///
+    /// Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX`
+    /// values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true)
+    /// for more information.
+    ///
+    /// If an error occurs at any step after a call to psa_pake_setup(),
+    /// the operation will need to be reset by a call to psa_pake_abort(). The
+    /// application may call psa_pake_abort() at any time after the operation
+    /// has been initialized.
+    ///
+    /// After a successful call to psa_pake_setup(), the application must
+    /// eventually terminate the operation. The following events terminate an
+    /// operation:
+    /// - A call to psa_pake_abort().
+    /// - A successful call to psa_pake_get_implicit_key().
+    ///
+    /// \param[in,out] operation     The operation object to set up. It must have
+    ///                              been initialized but not set up yet.
+    /// \param[in] cipher_suite      The cipher suite to use. (A cipher suite fully
+    ///                              characterizes a PAKE algorithm and determines
+    ///                              the algorithm as well.)
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The algorithm in \p cipher_suite is not a PAKE algorithm, or the
+    ///         PAKE primitive in \p cipher_suite is not compatible with the
+    ///         PAKE algorithm, or the hash algorithm in \p cipher_suite is invalid
+    ///         or not compatible with the PAKE algorithm and primitive.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         The algorithm in \p cipher_suite is not a supported PAKE algorithm,
+    ///         or the PAKE primitive in \p cipher_suite is not supported or not
+    ///         compatible with the PAKE algorithm, or the hash algorithm in
+    ///         \p cipher_suite is not supported or not compatible with the PAKE
+    ///         algorithm and primitive.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid, or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_pake_setup(
+        operation: *mut psa_pake_operation_t,
+        cipher_suite: *const psa_pake_cipher_suite_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Set the password for a password-authenticated key exchange from key ID.
+    ///
+    /// Call this function when the password, or a value derived from the password,
+    /// is already present in the key store.
+    ///
+    /// \param[in,out] operation     The operation object to set the password for. It
+    ///                              must have been set up by psa_pake_setup() and
+    ///                              not yet in use (neither psa_pake_output() nor
+    ///                              psa_pake_input() has been called yet). It must
+    ///                              be on operation for which the password hasn't
+    ///                              been set yet (psa_pake_set_password_key()
+    ///                              hasn't been called yet).
+    /// \param password              Identifier of the key holding the password or a
+    ///                              value derived from the password (eg. by a
+    ///                              memory-hard function).  It must remain valid
+    ///                              until the operation terminates. It must be of
+    ///                              type #PSA_KEY_TYPE_PASSWORD or
+    ///                              #PSA_KEY_TYPE_PASSWORD_HASH. It has to allow
+    ///                              the usage #PSA_KEY_USAGE_DERIVE.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE
+    ///         \p password is not a valid key identifier.
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The key does not have the #PSA_KEY_USAGE_DERIVE flag, or it does not
+    ///         permit the \p operation's algorithm.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The key type for \p password is not #PSA_KEY_TYPE_PASSWORD or
+    ///         #PSA_KEY_TYPE_PASSWORD_HASH, or \p password is not compatible with
+    ///         the \p operation's cipher suite.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         The key type or key size of \p password is not supported with the
+    ///         \p operation's cipher suite.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must have been set up.), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_pake_set_password_key(
+        operation: *mut psa_pake_operation_t,
+        password: mbedtls_svc_key_id_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Set the user ID for a password-authenticated key exchange.
+    ///
+    /// Call this function to set the user ID. For PAKE algorithms that associate a
+    /// user identifier with each side of the session you need to call
+    /// psa_pake_set_peer() as well. For PAKE algorithms that associate a single
+    /// user identifier with the session, call psa_pake_set_user() only.
+    ///
+    /// Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX`
+    /// values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true)
+    /// for more information.
+    ///
+    /// \param[in,out] operation     The operation object to set the user ID for. It
+    ///                              must have been set up by psa_pake_setup() and
+    ///                              not yet in use (neither psa_pake_output() nor
+    ///                              psa_pake_input() has been called yet). It must
+    ///                              be on operation for which the user ID hasn't
+    ///                              been set (psa_pake_set_user() hasn't been
+    ///                              called yet).
+    /// \param[in] user_id           The user ID to authenticate with.
+    ///                              (temporary limitation: "client" or "server" only)
+    /// \param user_id_len           Size of the \p user_id buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p user_id is not valid for the \p operation's algorithm and cipher
+    ///         suite.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         The value of \p user_id is not supported by the implementation.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid, or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_pake_set_user(
+        operation: *mut psa_pake_operation_t,
+        user_id: *const u8,
+        user_id_len: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Set the peer ID for a password-authenticated key exchange.
+    ///
+    /// Call this function in addition to psa_pake_set_user() for PAKE algorithms
+    /// that associate a user identifier with each side of the session. For PAKE
+    /// algorithms that associate a single user identifier with the session, call
+    /// psa_pake_set_user() only.
+    ///
+    /// Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX`
+    /// values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true)
+    /// for more information.
+    ///
+    /// \param[in,out] operation     The operation object to set the peer ID for. It
+    ///                              must have been set up by psa_pake_setup() and
+    ///                              not yet in use (neither psa_pake_output() nor
+    ///                              psa_pake_input() has been called yet). It must
+    ///                              be on operation for which the peer ID hasn't
+    ///                              been set (psa_pake_set_peer() hasn't been
+    ///                              called yet).
+    /// \param[in] peer_id           The peer's ID to authenticate.
+    ///                              (temporary limitation: "client" or "server" only)
+    /// \param peer_id_len           Size of the \p peer_id buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p user_id is not valid for the \p operation's algorithm and cipher
+    ///         suite.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         The algorithm doesn't associate a second identity with the session.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         Calling psa_pake_set_peer() is invalid with the \p operation's
+    ///         algorithm, the operation state is not valid, or the library has not
+    ///         been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_pake_set_peer(
+        operation: *mut psa_pake_operation_t,
+        peer_id: *const u8,
+        peer_id_len: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Set the application role for a password-authenticated key exchange.
+    ///
+    /// Not all PAKE algorithms need to differentiate the communicating entities.
+    /// It is optional to call this function for PAKEs that don't require a role
+    /// to be specified. For such PAKEs the application role parameter is ignored,
+    /// or #PSA_PAKE_ROLE_NONE can be passed as \c role.
+    ///
+    /// Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX`
+    /// values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true)
+    /// for more information.
+    ///
+    /// \param[in,out] operation     The operation object to specify the
+    ///                              application's role for. It must have been set up
+    ///                              by psa_pake_setup() and not yet in use (neither
+    ///                              psa_pake_output() nor psa_pake_input() has been
+    ///                              called yet). It must be on operation for which
+    ///                              the application's role hasn't been specified
+    ///                              (psa_pake_set_role() hasn't been called yet).
+    /// \param role                  A value of type ::psa_pake_role_t indicating the
+    ///                              application's role in the PAKE the algorithm
+    ///                              that is being set up. For more information see
+    ///                              the documentation of \c PSA_PAKE_ROLE_XXX
+    ///                              constants.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The \p role is not a valid PAKE role in the \p operation’s algorithm.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         The \p role for this algorithm is not supported or is not valid.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid, or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_pake_set_role(
+        operation: *mut psa_pake_operation_t,
+        role: psa_pake_role_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Get output for a step of a password-authenticated key exchange.
+    ///
+    /// Depending on the algorithm being executed, you might need to call this
+    /// function several times or you might not need to call this at all.
+    ///
+    /// The exact sequence of calls to perform a password-authenticated key
+    /// exchange depends on the algorithm in use.  Refer to the documentation of
+    /// individual PAKE algorithm types (`PSA_ALG_XXX` values of type
+    /// ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more
+    /// information.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_pake_abort().
+    ///
+    /// \param[in,out] operation    Active PAKE operation.
+    /// \param step                 The step of the algorithm for which the output is
+    ///                             requested.
+    /// \param[out] output          Buffer where the output is to be written in the
+    ///                             format appropriate for this \p step. Refer to
+    ///                             the documentation of the individual
+    ///                             \c PSA_PAKE_STEP_XXX constants for more
+    ///                             information.
+    /// \param output_size          Size of the \p output buffer in bytes. This must
+    ///                             be at least #PSA_PAKE_OUTPUT_SIZE(\p alg, \p
+    ///                             primitive, \p step) where \p alg and
+    ///                             \p primitive are the PAKE algorithm and primitive
+    ///                             in the operation's cipher suite, and \p step is
+    ///                             the output step.
+    ///
+    /// \param[out] output_length   On success, the number of bytes of the returned
+    ///                             output.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p output buffer is too small.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p step is not compatible with the operation's algorithm.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p step is not supported with the operation's algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active, and fully set
+    ///         up, and this call must conform to the algorithm's requirements
+    ///         for ordering of input and output steps), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_pake_output(
+        operation: *mut psa_pake_operation_t,
+        step: psa_pake_step_t,
+        output: *mut u8,
+        output_size: usize,
+        output_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Provide input for a step of a password-authenticated key exchange.
+    ///
+    /// Depending on the algorithm being executed, you might need to call this
+    /// function several times or you might not need to call this at all.
+    ///
+    /// The exact sequence of calls to perform a password-authenticated key
+    /// exchange depends on the algorithm in use.  Refer to the documentation of
+    /// individual PAKE algorithm types (`PSA_ALG_XXX` values of type
+    /// ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more
+    /// information.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_pake_abort().
+    ///
+    /// \param[in,out] operation    Active PAKE operation.
+    /// \param step                 The step for which the input is provided.
+    /// \param[in] input            Buffer containing the input in the format
+    ///                             appropriate for this \p step. Refer to the
+    ///                             documentation of the individual
+    ///                             \c PSA_PAKE_STEP_XXX constants for more
+    ///                             information.
+    /// \param input_length         Size of the \p input buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The verification fails for a #PSA_PAKE_STEP_ZK_PROOF input step.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p is not compatible with the \p operation’s algorithm, or the
+    ///         \p input is not valid for the \p operation's algorithm, cipher suite
+    ///         or \p step.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p step p is not supported with the \p operation's algorithm, or the
+    ///         \p input is not supported for the \p operation's algorithm, cipher
+    ///         suite or \p step.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active, and fully set
+    ///         up, and this call must conform to the algorithm's requirements
+    ///         for ordering of input and output steps), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_pake_input(
+        operation: *mut psa_pake_operation_t,
+        step: psa_pake_step_t,
+        input: *const u8,
+        input_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Get implicitly confirmed shared secret from a PAKE.
+    ///
+    /// At this point there is a cryptographic guarantee that only the authenticated
+    /// party who used the same password is able to compute the key. But there is no
+    /// guarantee that the peer is the party it claims to be and was able to do so.
+    ///
+    /// That is, the authentication is only implicit. Since the peer is not
+    /// authenticated yet, no action should be taken yet that assumes that the peer
+    /// is who it claims to be. For example, do not access restricted files on the
+    /// peer's behalf until an explicit authentication has succeeded.
+    ///
+    /// This function can be called after the key exchange phase of the operation
+    /// has completed. It imports the shared secret output of the PAKE into the
+    /// provided derivation operation. The input step
+    /// #PSA_KEY_DERIVATION_INPUT_SECRET is used when placing the shared key
+    /// material in the key derivation operation.
+    ///
+    /// The exact sequence of calls to perform a password-authenticated key
+    /// exchange depends on the algorithm in use.  Refer to the documentation of
+    /// individual PAKE algorithm types (`PSA_ALG_XXX` values of type
+    /// ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more
+    /// information.
+    ///
+    /// When this function returns successfully, \p operation becomes inactive.
+    /// If this function returns an error status, both \p operation
+    /// and \p key_derivation operations enter an error state and must be aborted by
+    /// calling psa_pake_abort() and psa_key_derivation_abort() respectively.
+    ///
+    /// \param[in,out] operation    Active PAKE operation.
+    /// \param[out] output          A key derivation operation that is ready
+    ///                             for an input step of type
+    ///                             #PSA_KEY_DERIVATION_INPUT_SECRET.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         #PSA_KEY_DERIVATION_INPUT_SECRET is not compatible with the
+    ///         algorithm in the \p output key derivation operation.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         Input from a PAKE is not supported by the algorithm in the \p output
+    ///         key derivation operation.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The PAKE operation state is not valid (it must be active, but beyond
+    ///         that validity is specific to the algorithm), or
+    ///         the library has not been previously initialized by psa_crypto_init(),
+    ///         or the state of \p output is not valid for
+    ///         the #PSA_KEY_DERIVATION_INPUT_SECRET step. This can happen if the
+    ///         step is out of order or the application has done this step already
+    ///         and it may not be repeated.
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_pake_get_implicit_key(
+        operation: *mut psa_pake_operation_t,
+        output: *mut psa_key_derivation_operation_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Abort a PAKE operation.
+    ///
+    /// Aborting an operation frees all associated resources except for the \c
+    /// operation structure itself. Once aborted, the operation object can be reused
+    /// for another operation by calling psa_pake_setup() again.
+    ///
+    /// This function may be called at any time after the operation
+    /// object has been initialized as described in #psa_pake_operation_t.
+    ///
+    /// In particular, calling psa_pake_abort() after the operation has been
+    /// terminated by a call to psa_pake_abort() or psa_pake_get_implicit_key()
+    /// is safe and has no effect.
+    ///
+    /// \param[in,out] operation    The operation to abort.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_pake_abort(operation: *mut psa_pake_operation_t) -> psa_status_t;
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_pake_cipher_suite_s {
+    pub algorithm: psa_algorithm_t,
+    pub type_: psa_pake_primitive_type_t,
+    pub family: psa_pake_family_t,
+    pub bits: u16,
+    pub hash: psa_algorithm_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_crypto_driver_pake_inputs_s {
+    pub private_password: *mut u8,
+    pub private_password_len: usize,
+    pub private_role: psa_pake_role_t,
+    pub private_user: *mut u8,
+    pub private_user_len: usize,
+    pub private_peer: *mut u8,
+    pub private_peer_len: usize,
+    pub private_attributes: psa_key_attributes_t,
+    pub private_cipher_suite: psa_pake_cipher_suite_t,
+}
+pub const psa_jpake_step_PSA_PAKE_STEP_INVALID: psa_jpake_step = 0;
+pub const psa_jpake_step_PSA_PAKE_STEP_X1_X2: psa_jpake_step = 1;
+pub const psa_jpake_step_PSA_PAKE_STEP_X2S: psa_jpake_step = 2;
+pub const psa_jpake_step_PSA_PAKE_STEP_DERIVE: psa_jpake_step = 3;
+pub type psa_jpake_step = crate::c_types::c_uint;
+pub use self::psa_jpake_step as psa_jpake_step_t;
+pub const psa_jpake_state_PSA_PAKE_STATE_INVALID: psa_jpake_state = 0;
+pub const psa_jpake_state_PSA_PAKE_STATE_SETUP: psa_jpake_state = 1;
+pub const psa_jpake_state_PSA_PAKE_STATE_READY: psa_jpake_state = 2;
+pub const psa_jpake_state_PSA_PAKE_OUTPUT_X1_X2: psa_jpake_state = 3;
+pub const psa_jpake_state_PSA_PAKE_OUTPUT_X2S: psa_jpake_state = 4;
+pub const psa_jpake_state_PSA_PAKE_INPUT_X1_X2: psa_jpake_state = 5;
+pub const psa_jpake_state_PSA_PAKE_INPUT_X4S: psa_jpake_state = 6;
+pub type psa_jpake_state = crate::c_types::c_uint;
+pub use self::psa_jpake_state as psa_jpake_state_t;
+pub const psa_jpake_sequence_PSA_PAKE_SEQ_INVALID: psa_jpake_sequence = 0;
+pub const psa_jpake_sequence_PSA_PAKE_X1_STEP_KEY_SHARE: psa_jpake_sequence = 1;
+pub const psa_jpake_sequence_PSA_PAKE_X1_STEP_ZK_PUBLIC: psa_jpake_sequence = 2;
+pub const psa_jpake_sequence_PSA_PAKE_X1_STEP_ZK_PROOF: psa_jpake_sequence = 3;
+pub const psa_jpake_sequence_PSA_PAKE_X2_STEP_KEY_SHARE: psa_jpake_sequence = 4;
+pub const psa_jpake_sequence_PSA_PAKE_X2_STEP_ZK_PUBLIC: psa_jpake_sequence = 5;
+pub const psa_jpake_sequence_PSA_PAKE_X2_STEP_ZK_PROOF: psa_jpake_sequence = 6;
+pub const psa_jpake_sequence_PSA_PAKE_SEQ_END: psa_jpake_sequence = 7;
+pub type psa_jpake_sequence = crate::c_types::c_uint;
+pub use self::psa_jpake_sequence as psa_jpake_sequence_t;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_STEP_INVALID: psa_crypto_driver_pake_step = 0;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X1_STEP_KEY_SHARE: psa_crypto_driver_pake_step = 1;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X1_STEP_ZK_PUBLIC: psa_crypto_driver_pake_step = 2;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X1_STEP_ZK_PROOF: psa_crypto_driver_pake_step = 3;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X2_STEP_KEY_SHARE: psa_crypto_driver_pake_step = 4;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X2_STEP_ZK_PUBLIC: psa_crypto_driver_pake_step = 5;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X2_STEP_ZK_PROOF: psa_crypto_driver_pake_step = 6;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X2S_STEP_KEY_SHARE: psa_crypto_driver_pake_step = 7;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X2S_STEP_ZK_PUBLIC: psa_crypto_driver_pake_step = 8;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X2S_STEP_ZK_PROOF: psa_crypto_driver_pake_step = 9;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X4S_STEP_KEY_SHARE: psa_crypto_driver_pake_step =
+    10;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X4S_STEP_ZK_PUBLIC: psa_crypto_driver_pake_step =
+    11;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X4S_STEP_ZK_PROOF: psa_crypto_driver_pake_step = 12;
+pub type psa_crypto_driver_pake_step = crate::c_types::c_uint;
+pub use self::psa_crypto_driver_pake_step as psa_crypto_driver_pake_step_t;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_jpake_computation_stage_s {
+    pub private_state: psa_jpake_state_t,
+    pub private_sequence: psa_jpake_sequence_t,
+    pub private_input_step: psa_jpake_step_t,
+    pub private_output_step: psa_jpake_step_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_pake_operation_s {
+    pub private_id: crate::c_types::c_uint,
+    pub private_alg: psa_algorithm_t,
+    pub private_stage: u8,
+    pub private_computation_stage: psa_pake_operation_s__bindgen_ty_1,
+    pub private_data: psa_pake_operation_s__bindgen_ty_2,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union psa_pake_operation_s__bindgen_ty_1 {
+    pub private_dummy: u8,
+    pub private_jpake: psa_jpake_computation_stage_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union psa_pake_operation_s__bindgen_ty_2 {
+    pub private_ctx: psa_driver_pake_context_t,
+    pub private_inputs: psa_crypto_driver_pake_inputs_t,
+}
+/// Type-length-value structure that allows for ASN1 using DER.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_asn1_buf {
+    ///< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING.
+    pub tag: crate::c_types::c_int,
+    ///< ASN1 length, in octets.
+    pub len: usize,
+    ///< ASN1 data, e.g. in ASCII.
+    pub p: *mut crate::c_types::c_uchar,
+}
+/// Container for ASN1 bit strings.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_asn1_bitstring {
+    ///< ASN1 length, in octets.
+    pub len: usize,
+    ///< Number of unused bits at the end of the string
+    pub unused_bits: crate::c_types::c_uchar,
+    ///< Raw ASN1 data for the bit string
+    pub p: *mut crate::c_types::c_uchar,
+}
+/// Container for a sequence of ASN.1 items
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_asn1_sequence {
+    ///< Buffer containing the given ASN.1 item.
+    pub buf: mbedtls_asn1_buf,
+    /// The next entry in the sequence.
+    ///
+    /// The details of memory management for sequences are not documented and
+    /// may change in future versions. Set this field to \p NULL when
+    /// initializing a structure, and do not modify it except via Mbed TLS
+    /// library functions.
+    pub next: *mut mbedtls_asn1_sequence,
+}
+/// Container for a sequence or list of 'named' ASN.1 data items
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_asn1_named_data {
+    ///< The object identifier.
+    pub oid: mbedtls_asn1_buf,
+    ///< The named value.
+    pub val: mbedtls_asn1_buf,
+    /// The next entry in the sequence.
+    ///
+    /// The details of memory management for named data sequences are not
+    /// documented and may change in future versions. Set this field to \p NULL
+    /// when initializing a structure, and do not modify it except via Mbed TLS
+    /// library functions.
+    pub next: *mut mbedtls_asn1_named_data,
+    pub private_next_merged: crate::c_types::c_uchar,
+}
+extern "C" {
+    /// \brief       Get the length of an ASN.1 element.
+    ///              Updates the pointer to immediately behind the length.
+    ///
+    /// \param p     On entry, \c *p points to the first byte of the length,
+    ///              i.e. immediately after the tag.
+    ///              On successful completion, \c *p points to the first byte
+    ///              after the length, i.e. the first byte of the content.
+    ///              On error, the value of \c *p is undefined.
+    /// \param end   End of data.
+    /// \param len   On successful completion, \c *len contains the length
+    ///              read from the ASN.1 input.
+    ///
+    /// \return      0 if successful.
+    /// \return      #MBEDTLS_ERR_ASN1_OUT_OF_DATA if the ASN.1 element
+    ///              would end beyond \p end.
+    /// \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparsable.
+    pub fn mbedtls_asn1_get_len(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        len: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       Get the tag and length of the element.
+    ///              Check for the requested tag.
+    ///              Updates the pointer to immediately behind the tag and length.
+    ///
+    /// \param p     On entry, \c *p points to the start of the ASN.1 element.
+    ///              On successful completion, \c *p points to the first byte
+    ///              after the length, i.e. the first byte of the content.
+    ///              On error, the value of \c *p is undefined.
+    /// \param end   End of data.
+    /// \param len   On successful completion, \c *len contains the length
+    ///              read from the ASN.1 input.
+    /// \param tag   The expected tag.
+    ///
+    /// \return      0 if successful.
+    /// \return      #MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if the data does not start
+    ///              with the requested tag.
+    /// \return      #MBEDTLS_ERR_ASN1_OUT_OF_DATA if the ASN.1 element
+    ///              would end beyond \p end.
+    /// \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparsable.
+    pub fn mbedtls_asn1_get_tag(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        len: *mut usize,
+        tag: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       Retrieve a boolean ASN.1 tag and its value.
+    ///              Updates the pointer to immediately behind the full tag.
+    ///
+    /// \param p     On entry, \c *p points to the start of the ASN.1 element.
+    ///              On successful completion, \c *p points to the first byte
+    ///              beyond the ASN.1 element.
+    ///              On error, the value of \c *p is undefined.
+    /// \param end   End of data.
+    /// \param val   On success, the parsed value (\c 0 or \c 1).
+    ///
+    /// \return      0 if successful.
+    /// \return      An ASN.1 error code if the input does not start with
+    ///              a valid ASN.1 BOOLEAN.
+    pub fn mbedtls_asn1_get_bool(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        val: *mut crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       Retrieve an integer ASN.1 tag and its value.
+    ///              Updates the pointer to immediately behind the full tag.
+    ///
+    /// \param p     On entry, \c *p points to the start of the ASN.1 element.
+    ///              On successful completion, \c *p points to the first byte
+    ///              beyond the ASN.1 element.
+    ///              On error, the value of \c *p is undefined.
+    /// \param end   End of data.
+    /// \param val   On success, the parsed value.
+    ///
+    /// \return      0 if successful.
+    /// \return      An ASN.1 error code if the input does not start with
+    ///              a valid ASN.1 INTEGER.
+    /// \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does
+    ///              not fit in an \c int.
+    pub fn mbedtls_asn1_get_int(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        val: *mut crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       Retrieve an enumerated ASN.1 tag and its value.
+    ///              Updates the pointer to immediately behind the full tag.
+    ///
+    /// \param p     On entry, \c *p points to the start of the ASN.1 element.
+    ///              On successful completion, \c *p points to the first byte
+    ///              beyond the ASN.1 element.
+    ///              On error, the value of \c *p is undefined.
+    /// \param end   End of data.
+    /// \param val   On success, the parsed value.
+    ///
+    /// \return      0 if successful.
+    /// \return      An ASN.1 error code if the input does not start with
+    ///              a valid ASN.1 ENUMERATED.
+    /// \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does
+    ///              not fit in an \c int.
+    pub fn mbedtls_asn1_get_enum(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        val: *mut crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       Retrieve a bitstring ASN.1 tag and its value.
+    ///              Updates the pointer to immediately behind the full tag.
+    ///
+    /// \param p     On entry, \c *p points to the start of the ASN.1 element.
+    ///              On successful completion, \c *p is equal to \p end.
+    ///              On error, the value of \c *p is undefined.
+    /// \param end   End of data.
+    /// \param bs    On success, ::mbedtls_asn1_bitstring information about
+    ///              the parsed value.
+    ///
+    /// \return      0 if successful.
+    /// \return      #MBEDTLS_ERR_ASN1_LENGTH_MISMATCH if the input contains
+    ///              extra data after a valid BIT STRING.
+    /// \return      An ASN.1 error code if the input does not start with
+    ///              a valid ASN.1 BIT STRING.
+    pub fn mbedtls_asn1_get_bitstring(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        bs: *mut mbedtls_asn1_bitstring,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       Retrieve a bitstring ASN.1 tag without unused bits and its
+    ///              value.
+    ///              Updates the pointer to the beginning of the bit/octet string.
+    ///
+    /// \param p     On entry, \c *p points to the start of the ASN.1 element.
+    ///              On successful completion, \c *p points to the first byte
+    ///              of the content of the BIT STRING.
+    ///              On error, the value of \c *p is undefined.
+    /// \param end   End of data.
+    /// \param len   On success, \c *len is the length of the content in bytes.
+    ///
+    /// \return      0 if successful.
+    /// \return      #MBEDTLS_ERR_ASN1_INVALID_DATA if the input starts with
+    ///              a valid BIT STRING with a nonzero number of unused bits.
+    /// \return      An ASN.1 error code if the input does not start with
+    ///              a valid ASN.1 BIT STRING.
+    pub fn mbedtls_asn1_get_bitstring_null(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        len: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       Parses and splits an ASN.1 "SEQUENCE OF <tag>".
+    ///              Updates the pointer to immediately behind the full sequence tag.
+    ///
+    /// This function allocates memory for the sequence elements. You can free
+    /// the allocated memory with mbedtls_asn1_sequence_free().
+    ///
+    /// \note        On error, this function may return a partial list in \p cur.
+    ///              You must set `cur->next = NULL` before calling this function!
+    ///              Otherwise it is impossible to distinguish a previously non-null
+    ///              pointer from a pointer to an object allocated by this function.
+    ///
+    /// \note        If the sequence is empty, this function does not modify
+    ///              \c *cur. If the sequence is valid and non-empty, this
+    ///              function sets `cur->buf.tag` to \p tag. This allows
+    ///              callers to distinguish between an empty sequence and
+    ///              a one-element sequence.
+    ///
+    /// \param p     On entry, \c *p points to the start of the ASN.1 element.
+    ///              On successful completion, \c *p is equal to \p end.
+    ///              On error, the value of \c *p is undefined.
+    /// \param end   End of data.
+    /// \param cur   A ::mbedtls_asn1_sequence which this function fills.
+    ///              When this function returns, \c *cur is the head of a linked
+    ///              list. Each node in this list is allocated with
+    ///              mbedtls_calloc() apart from \p cur itself, and should
+    ///              therefore be freed with mbedtls_free().
+    ///              The list describes the content of the sequence.
+    ///              The head of the list (i.e. \c *cur itself) describes the
+    ///              first element, `*cur->next` describes the second element, etc.
+    ///              For each element, `buf.tag == tag`, `buf.len` is the length
+    ///              of the content of the content of the element, and `buf.p`
+    ///              points to the first byte of the content (i.e. immediately
+    ///              past the length of the element).
+    ///              Note that list elements may be allocated even on error.
+    /// \param tag   Each element of the sequence must have this tag.
+    ///
+    /// \return      0 if successful.
+    /// \return      #MBEDTLS_ERR_ASN1_LENGTH_MISMATCH if the input contains
+    ///              extra data after a valid SEQUENCE OF \p tag.
+    /// \return      #MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if the input starts with
+    ///              an ASN.1 SEQUENCE in which an element has a tag that
+    ///              is different from \p tag.
+    /// \return      #MBEDTLS_ERR_ASN1_ALLOC_FAILED if a memory allocation failed.
+    /// \return      An ASN.1 error code if the input does not start with
+    ///              a valid ASN.1 SEQUENCE.
+    pub fn mbedtls_asn1_get_sequence_of(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        cur: *mut mbedtls_asn1_sequence,
+        tag: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Free a heap-allocated linked list presentation of
+    ///                 an ASN.1 sequence, including the first element.
+    ///
+    /// There are two common ways to manage the memory used for the representation
+    /// of a parsed ASN.1 sequence:
+    /// - Allocate a head node `mbedtls_asn1_sequence *head` with mbedtls_calloc().
+    ///   Pass this node as the `cur` argument to mbedtls_asn1_get_sequence_of().
+    ///   When you have finished processing the sequence,
+    ///   call mbedtls_asn1_sequence_free() on `head`.
+    /// - Allocate a head node `mbedtls_asn1_sequence *head` in any manner,
+    ///   for example on the stack. Make sure that `head->next == NULL`.
+    ///   Pass `head` as the `cur` argument to mbedtls_asn1_get_sequence_of().
+    ///   When you have finished processing the sequence,
+    ///   call mbedtls_asn1_sequence_free() on `head->cur`,
+    ///   then free `head` itself in the appropriate manner.
+    ///
+    /// \param seq      The address of the first sequence component. This may
+    ///                 be \c NULL, in which case this functions returns
+    ///                 immediately.
+    pub fn mbedtls_asn1_sequence_free(seq: *mut mbedtls_asn1_sequence);
+}
+extern "C" {
+    /// \brief                Traverse an ASN.1 SEQUENCE container and
+    ///                       call a callback for each entry.
+    ///
+    /// This function checks that the input is a SEQUENCE of elements that
+    /// each have a "must" tag, and calls a callback function on the elements
+    /// that have a "may" tag.
+    ///
+    /// For example, to validate that the input is a SEQUENCE of `tag1` and call
+    /// `cb` on each element, use
+    /// ```
+    /// mbedtls_asn1_traverse_sequence_of(&p, end, 0xff, tag1, 0, 0, cb, ctx);
+    /// ```
+    ///
+    /// To validate that the input is a SEQUENCE of ANY and call `cb` on
+    /// each element, use
+    /// ```
+    /// mbedtls_asn1_traverse_sequence_of(&p, end, 0, 0, 0, 0, cb, ctx);
+    /// ```
+    ///
+    /// To validate that the input is a SEQUENCE of CHOICE {NULL, OCTET STRING}
+    /// and call `cb` on each element that is an OCTET STRING, use
+    /// ```
+    /// mbedtls_asn1_traverse_sequence_of(&p, end, 0xfe, 0x04, 0xff, 0x04, cb, ctx);
+    /// ```
+    ///
+    /// The callback is called on the elements with a "may" tag from left to
+    /// right. If the input is not a valid SEQUENCE of elements with a "must" tag,
+    /// the callback is called on the elements up to the leftmost point where
+    /// the input is invalid.
+    ///
+    /// \warning              This function is still experimental and may change
+    ///                       at any time.
+    ///
+    /// \param p              The address of the pointer to the beginning of
+    ///                       the ASN.1 SEQUENCE header. This is updated to
+    ///                       point to the end of the ASN.1 SEQUENCE container
+    ///                       on a successful invocation.
+    /// \param end            The end of the ASN.1 SEQUENCE container.
+    /// \param tag_must_mask  A mask to be applied to the ASN.1 tags found within
+    ///                       the SEQUENCE before comparing to \p tag_must_value.
+    /// \param tag_must_val   The required value of each ASN.1 tag found in the
+    ///                       SEQUENCE, after masking with \p tag_must_mask.
+    ///                       Mismatching tags lead to an error.
+    ///                       For example, a value of \c 0 for both \p tag_must_mask
+    ///                       and \p tag_must_val means that every tag is allowed,
+    ///                       while a value of \c 0xFF for \p tag_must_mask means
+    ///                       that \p tag_must_val is the only allowed tag.
+    /// \param tag_may_mask   A mask to be applied to the ASN.1 tags found within
+    ///                       the SEQUENCE before comparing to \p tag_may_value.
+    /// \param tag_may_val    The desired value of each ASN.1 tag found in the
+    ///                       SEQUENCE, after masking with \p tag_may_mask.
+    ///                       Mismatching tags will be silently ignored.
+    ///                       For example, a value of \c 0 for \p tag_may_mask and
+    ///                       \p tag_may_val means that any tag will be considered,
+    ///                       while a value of \c 0xFF for \p tag_may_mask means
+    ///                       that all tags with value different from \p tag_may_val
+    ///                       will be ignored.
+    /// \param cb             The callback to trigger for each component
+    ///                       in the ASN.1 SEQUENCE that matches \p tag_may_val.
+    ///                       The callback function is called with the following
+    ///                       parameters:
+    ///                       - \p ctx.
+    ///                       - The tag of the current element.
+    ///                       - A pointer to the start of the current element's
+    ///                         content inside the input.
+    ///                       - The length of the content of the current element.
+    ///                       If the callback returns a non-zero value,
+    ///                       the function stops immediately,
+    ///                       forwarding the callback's return value.
+    /// \param ctx            The context to be passed to the callback \p cb.
+    ///
+    /// \return               \c 0 if successful the entire ASN.1 SEQUENCE
+    ///                       was traversed without parsing or callback errors.
+    /// \return               #MBEDTLS_ERR_ASN1_LENGTH_MISMATCH if the input
+    ///                       contains extra data after a valid SEQUENCE
+    ///                       of elements with an accepted tag.
+    /// \return               #MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if the input starts
+    ///                       with an ASN.1 SEQUENCE in which an element has a tag
+    ///                       that is not accepted.
+    /// \return               An ASN.1 error code if the input does not start with
+    ///                       a valid ASN.1 SEQUENCE.
+    /// \return               A non-zero error code forwarded from the callback
+    ///                       \p cb in case the latter returns a non-zero value.
+    pub fn mbedtls_asn1_traverse_sequence_of(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        tag_must_mask: crate::c_types::c_uchar,
+        tag_must_val: crate::c_types::c_uchar,
+        tag_may_mask: crate::c_types::c_uchar,
+        tag_may_val: crate::c_types::c_uchar,
+        cb: ::core::option::Option<
+            unsafe extern "C" fn(
+                ctx: *mut crate::c_types::c_void,
+                tag: crate::c_types::c_int,
+                start: *mut crate::c_types::c_uchar,
+                len: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        ctx: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       Retrieve an integer ASN.1 tag and its value.
+    ///              Updates the pointer to immediately behind the full tag.
+    ///
+    /// \param p     On entry, \c *p points to the start of the ASN.1 element.
+    ///              On successful completion, \c *p points to the first byte
+    ///              beyond the ASN.1 element.
+    ///              On error, the value of \c *p is undefined.
+    /// \param end   End of data.
+    /// \param X     On success, the parsed value.
+    ///
+    /// \return      0 if successful.
+    /// \return      An ASN.1 error code if the input does not start with
+    ///              a valid ASN.1 INTEGER.
+    /// \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does
+    ///              not fit in an \c int.
+    /// \return      An MPI error code if the parsed value is too large.
+    pub fn mbedtls_asn1_get_mpi(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        X: *mut mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       Retrieve an AlgorithmIdentifier ASN.1 sequence.
+    ///              Updates the pointer to immediately behind the full
+    ///              AlgorithmIdentifier.
+    ///
+    /// \param p     On entry, \c *p points to the start of the ASN.1 element.
+    ///              On successful completion, \c *p points to the first byte
+    ///              beyond the AlgorithmIdentifier element.
+    ///              On error, the value of \c *p is undefined.
+    /// \param end   End of data.
+    /// \param alg   The buffer to receive the OID.
+    /// \param params The buffer to receive the parameters.
+    ///              This is zeroized if there are no parameters.
+    ///
+    /// \return      0 if successful or a specific ASN.1 or MPI error code.
+    pub fn mbedtls_asn1_get_alg(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        alg: *mut mbedtls_asn1_buf,
+        params: *mut mbedtls_asn1_buf,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       Retrieve an AlgorithmIdentifier ASN.1 sequence with NULL or no
+    ///              params.
+    ///              Updates the pointer to immediately behind the full
+    ///              AlgorithmIdentifier.
+    ///
+    /// \param p     On entry, \c *p points to the start of the ASN.1 element.
+    ///              On successful completion, \c *p points to the first byte
+    ///              beyond the AlgorithmIdentifier element.
+    ///              On error, the value of \c *p is undefined.
+    /// \param end   End of data.
+    /// \param alg   The buffer to receive the OID.
+    ///
+    /// \return      0 if successful or a specific ASN.1 or MPI error code.
+    pub fn mbedtls_asn1_get_alg_null(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        alg: *mut mbedtls_asn1_buf,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       Find a specific named_data entry in a sequence or list based on
+    ///              the OID.
+    ///
+    /// \param list  The list to seek through
+    /// \param oid   The OID to look for
+    /// \param len   Size of the OID
+    ///
+    /// \return      NULL if not found, or a pointer to the existing entry.
+    pub fn mbedtls_asn1_find_named_data(
+        list: *const mbedtls_asn1_named_data,
+        oid: *const crate::c_types::c_char,
+        len: usize,
+    ) -> *const mbedtls_asn1_named_data;
+}
+extern "C" {
+    /// \brief       Free a mbedtls_asn1_named_data entry
+    ///
+    /// \deprecated  This function is deprecated and will be removed in a
+    ///              future version of the library.
+    ///              Please use mbedtls_asn1_free_named_data_list()
+    ///              or mbedtls_asn1_free_named_data_list_shallow().
+    ///
+    /// \param entry The named data entry to free.
+    ///              This function calls mbedtls_free() on
+    ///              `entry->oid.p` and `entry->val.p`.
+    pub fn mbedtls_asn1_free_named_data(entry: *mut mbedtls_asn1_named_data);
+}
+extern "C" {
+    /// \brief       Free all entries in a mbedtls_asn1_named_data list.
+    ///
+    /// \param head  Pointer to the head of the list of named data entries to free.
+    ///              This function calls mbedtls_free() on
+    ///              `entry->oid.p` and `entry->val.p` and then on `entry`
+    ///              for each list entry, and sets \c *head to \c NULL.
+    pub fn mbedtls_asn1_free_named_data_list(head: *mut *mut mbedtls_asn1_named_data);
+}
+extern "C" {
+    /// \brief       Free all shallow entries in a mbedtls_asn1_named_data list,
+    ///              but do not free internal pointer targets.
+    ///
+    /// \param name  Head of the list of named data entries to free.
+    ///              This function calls mbedtls_free() on each list element.
+    pub fn mbedtls_asn1_free_named_data_list_shallow(name: *mut mbedtls_asn1_named_data);
+}
+/// Type-length-value structure that allows for ASN1 using DER.
+pub type mbedtls_x509_buf = mbedtls_asn1_buf;
+/// Container for ASN1 bit strings.
+pub type mbedtls_x509_bitstring = mbedtls_asn1_bitstring;
+/// Container for ASN1 named information objects.
+/// It allows for Relative Distinguished Names (e.g. cn=localhost,ou=code,etc.).
+pub type mbedtls_x509_name = mbedtls_asn1_named_data;
+/// Container for a sequence of ASN.1 items
+pub type mbedtls_x509_sequence = mbedtls_asn1_sequence;
+/// Container for date and time (precision in seconds).
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_x509_time {
+    ///< Date.
+    pub year: crate::c_types::c_int,
+    ///< Date.
+    pub mon: crate::c_types::c_int,
+    ///< Date.
+    pub day: crate::c_types::c_int,
+    ///< Time.
+    pub hour: crate::c_types::c_int,
+    ///< Time.
+    pub min: crate::c_types::c_int,
+    ///< Time.
+    pub sec: crate::c_types::c_int,
+}
+/// From RFC 5280 section 4.2.1.6:
+/// OtherName ::= SEQUENCE {
+///      type-id    OBJECT IDENTIFIER,
+///      value      [0] EXPLICIT ANY DEFINED BY type-id }
+///
+/// Future versions of the library may add new fields to this structure or
+/// to its embedded union and structure.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_x509_san_other_name {
+    ///< The type id.
+    pub type_id: mbedtls_x509_buf,
+    pub value: mbedtls_x509_san_other_name__bindgen_ty_1,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union mbedtls_x509_san_other_name__bindgen_ty_1 {
+    pub hardware_module_name: mbedtls_x509_san_other_name__bindgen_ty_1__bindgen_ty_1,
+}
+/// From RFC 4108 section 5:
+/// HardwareModuleName ::= SEQUENCE {
+///                         hwType OBJECT IDENTIFIER,
+///                         hwSerialNum OCTET STRING }
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_x509_san_other_name__bindgen_ty_1__bindgen_ty_1 {
+    ///< The object identifier.
+    pub oid: mbedtls_x509_buf,
+    ///< The named value.
+    pub val: mbedtls_x509_buf,
+}
+/// A structure for holding the parsed Subject Alternative Name,
+/// according to type.
+///
+/// Future versions of the library may add new fields to this structure or
+/// to its embedded union and structure.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_x509_subject_alternative_name {
+    ///< The SAN type, value of MBEDTLS_X509_SAN_XXX.
+    pub type_: crate::c_types::c_int,
+    ///< A union of the supported SAN types
+    pub san: mbedtls_x509_subject_alternative_name__bindgen_ty_1,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union mbedtls_x509_subject_alternative_name__bindgen_ty_1 {
+    ///< The otherName supported type.
+    pub other_name: mbedtls_x509_san_other_name,
+    ///< The buffer for the unconstructed types. Only rfc822Name, dnsName and uniformResourceIdentifier are currently supported
+    pub unstructured_name: mbedtls_x509_buf,
+}
+extern "C" {
+    /// \brief          Store the certificate DN in printable form into buf;
+    ///                 no more than size characters will be written.
+    ///
+    /// \param buf      Buffer to write to
+    /// \param size     Maximum size of buffer
+    /// \param dn       The X509 name to represent
+    ///
+    /// \return         The length of the string written (not including the
+    ///                 terminated nul byte), or a negative error code.
+    pub fn mbedtls_x509_dn_gets(
+        buf: *mut crate::c_types::c_char,
+        size: usize,
+        dn: *const mbedtls_x509_name,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Store the certificate serial in printable form into buf;
+    ///                 no more than size characters will be written.
+    ///
+    /// \param buf      Buffer to write to
+    /// \param size     Maximum size of buffer
+    /// \param serial   The X509 serial to represent
+    ///
+    /// \return         The length of the string written (not including the
+    ///                 terminated nul byte), or a negative error code.
+    pub fn mbedtls_x509_serial_gets(
+        buf: *mut crate::c_types::c_char,
+        size: usize,
+        serial: *const mbedtls_x509_buf,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Check a given mbedtls_x509_time against the system time
+    ///                 and tell if it's in the past.
+    ///
+    /// \note           Intended usage is "if( is_past( valid_to ) ) ERROR".
+    ///                 Hence the return value of 1 if on internal errors.
+    ///
+    /// \param to       mbedtls_x509_time to check
+    ///
+    /// \return         1 if the given time is in the past or an error occurred,
+    ///                 0 otherwise.
+    pub fn mbedtls_x509_time_is_past(to: *const mbedtls_x509_time) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Check a given mbedtls_x509_time against the system time
+    ///                 and tell if it's in the future.
+    ///
+    /// \note           Intended usage is "if( is_future( valid_from ) ) ERROR".
+    ///                 Hence the return value of 1 if on internal errors.
+    ///
+    /// \param from     mbedtls_x509_time to check
+    ///
+    /// \return         1 if the given time is in the future or an error occurred,
+    ///                 0 otherwise.
+    pub fn mbedtls_x509_time_is_future(from: *const mbedtls_x509_time) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function parses an item in the SubjectAlternativeNames
+    ///                 extension.
+    ///
+    /// \param san_buf  The buffer holding the raw data item of the subject
+    ///                 alternative name.
+    /// \param san      The target structure to populate with the parsed presentation
+    ///                 of the subject alternative name encoded in \p san_raw.
+    ///
+    /// \note           Supported GeneralName types, as defined in RFC 5280:
+    ///                 "rfc822Name", "dnsName", "uniformResourceIdentifier" and "hardware_module_name"
+    ///                 of type "otherName", as defined in RFC 4108.
+    ///
+    /// \note           This function should be called on a single raw data of
+    ///                 subject alternative name. For example, after successful
+    ///                 certificate parsing, one must iterate on every item in the
+    ///                 \p crt->subject_alt_names sequence, and pass it to
+    ///                 this function.
+    ///
+    /// \warning        The target structure contains pointers to the raw data of the
+    ///                 parsed certificate, and its lifetime is restricted by the
+    ///                 lifetime of the certificate.
+    ///
+    /// \return         \c 0 on success
+    /// \return         #MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE for an unsupported
+    ///                 SAN type.
+    /// \return         Another negative value for any other failure.
+    pub fn mbedtls_x509_parse_subject_alt_name(
+        san_buf: *const mbedtls_x509_buf,
+        san: *mut mbedtls_x509_subject_alternative_name,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \} addtogroup x509_module
+    pub fn mbedtls_x509_get_name(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        cur: *mut mbedtls_x509_name,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_get_alg_null(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        alg: *mut mbedtls_x509_buf,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_get_alg(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        alg: *mut mbedtls_x509_buf,
+        params: *mut mbedtls_x509_buf,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_get_rsassa_pss_params(
+        params: *const mbedtls_x509_buf,
+        md_alg: *mut mbedtls_md_type_t,
+        mgf_md: *mut mbedtls_md_type_t,
+        salt_len: *mut crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_get_sig(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        sig: *mut mbedtls_x509_buf,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_get_sig_alg(
+        sig_oid: *const mbedtls_x509_buf,
+        sig_params: *const mbedtls_x509_buf,
+        md_alg: *mut mbedtls_md_type_t,
+        pk_alg: *mut mbedtls_pk_type_t,
+        sig_opts: *mut *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_get_time(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        t: *mut mbedtls_x509_time,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_get_serial(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        serial: *mut mbedtls_x509_buf,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_get_ext(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        ext: *mut mbedtls_x509_buf,
+        tag: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_sig_alg_gets(
+        buf: *mut crate::c_types::c_char,
+        size: usize,
+        sig_oid: *const mbedtls_x509_buf,
+        pk_alg: mbedtls_pk_type_t,
+        md_alg: mbedtls_md_type_t,
+        sig_opts: *const crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_key_size_helper(
+        buf: *mut crate::c_types::c_char,
+        buf_size: usize,
+        name: *const crate::c_types::c_char,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_string_to_names(
+        head: *mut *mut mbedtls_asn1_named_data,
+        name: *const crate::c_types::c_char,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_set_extension(
+        head: *mut *mut mbedtls_asn1_named_data,
+        oid: *const crate::c_types::c_char,
+        oid_len: usize,
+        critical: crate::c_types::c_int,
+        val: *const crate::c_types::c_uchar,
+        val_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_write_extensions(
+        p: *mut *mut crate::c_types::c_uchar,
+        start: *mut crate::c_types::c_uchar,
+        first: *mut mbedtls_asn1_named_data,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_write_names(
+        p: *mut *mut crate::c_types::c_uchar,
+        start: *mut crate::c_types::c_uchar,
+        first: *mut mbedtls_asn1_named_data,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_write_sig(
+        p: *mut *mut crate::c_types::c_uchar,
+        start: *mut crate::c_types::c_uchar,
+        oid: *const crate::c_types::c_char,
+        oid_len: usize,
+        sig: *mut crate::c_types::c_uchar,
+        size: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_get_ns_cert_type(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        ns_cert_type: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_get_key_usage(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        key_usage: *mut crate::c_types::c_uint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_get_subject_alt_name(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        subject_alt_name: *mut mbedtls_x509_sequence,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_info_subject_alt_name(
+        buf: *mut *mut crate::c_types::c_char,
+        size: *mut usize,
+        subject_alt_name: *const mbedtls_x509_sequence,
+        prefix: *const crate::c_types::c_char,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_info_cert_type(
+        buf: *mut *mut crate::c_types::c_char,
+        size: *mut usize,
+        ns_cert_type: crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_info_key_usage(
+        buf: *mut *mut crate::c_types::c_char,
+        size: *mut usize,
+        key_usage: crate::c_types::c_uint,
+    ) -> crate::c_types::c_int;
+}
+/// Certificate revocation list entry.
+/// Contains the CA-specific serial numbers and revocation dates.
+///
+/// Some fields of this structure are publicly readable. Do not modify
+/// them except via Mbed TLS library functions: the effect of modifying
+/// those fields or the data that those fields points to is unspecified.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_x509_crl_entry {
+    /// Direct access to the whole entry inside the containing buffer.
+    pub raw: mbedtls_x509_buf,
+    /// The serial number of the revoked certificate.
+    pub serial: mbedtls_x509_buf,
+    /// The revocation date of this entry.
+    pub revocation_date: mbedtls_x509_time,
+    /// Direct access to the list of CRL entry extensions
+    /// (an ASN.1 constructed sequence).
+    ///
+    /// If there are no extensions, `entry_ext.len == 0` and
+    /// `entry_ext.p == NULL`.
+    pub entry_ext: mbedtls_x509_buf,
+    /// Next element in the linked list of entries.
+    /// \p NULL indicates the end of the list.
+    /// Do not modify this field directly.
+    pub next: *mut mbedtls_x509_crl_entry,
+}
+/// Certificate revocation list structure.
+/// Every CRL may have multiple entries.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_x509_crl {
+    ///< The raw certificate data (DER).
+    pub raw: mbedtls_x509_buf,
+    ///< The raw certificate body (DER). The part that is To Be Signed.
+    pub tbs: mbedtls_x509_buf,
+    ///< CRL version (1=v1, 2=v2)
+    pub version: crate::c_types::c_int,
+    ///< CRL signature type identifier
+    pub sig_oid: mbedtls_x509_buf,
+    ///< The raw issuer data (DER).
+    pub issuer_raw: mbedtls_x509_buf,
+    ///< The parsed issuer data (named information object).
+    pub issuer: mbedtls_x509_name,
+    pub this_update: mbedtls_x509_time,
+    pub next_update: mbedtls_x509_time,
+    ///< The CRL entries containing the certificate revocation times for this CA.
+    pub entry: mbedtls_x509_crl_entry,
+    pub crl_ext: mbedtls_x509_buf,
+    pub private_sig_oid2: mbedtls_x509_buf,
+    pub private_sig: mbedtls_x509_buf,
+    pub private_sig_md: mbedtls_md_type_t,
+    pub private_sig_pk: mbedtls_pk_type_t,
+    pub private_sig_opts: *mut crate::c_types::c_void,
+    /// Next element in the linked list of CRL.
+    /// \p NULL indicates the end of the list.
+    /// Do not modify this field directly.
+    pub next: *mut mbedtls_x509_crl,
+}
+extern "C" {
+    /// \brief          Parse a DER-encoded CRL and append it to the chained list
+    ///
+    /// \note           If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+    ///                 subsystem must have been initialized by calling
+    ///                 psa_crypto_init() before calling this function.
+    ///
+    /// \param chain    points to the start of the chain
+    /// \param buf      buffer holding the CRL data in DER format
+    /// \param buflen   size of the buffer
+    ///                 (including the terminating null byte for PEM data)
+    ///
+    /// \return         0 if successful, or a specific X509 or PEM error code
+    pub fn mbedtls_x509_crl_parse_der(
+        chain: *mut mbedtls_x509_crl,
+        buf: *const crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Parse one or more CRLs and append them to the chained list
+    ///
+    /// \note           Multiple CRLs are accepted only if using PEM format
+    ///
+    /// \note           If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+    ///                 subsystem must have been initialized by calling
+    ///                 psa_crypto_init() before calling this function.
+    ///
+    /// \param chain    points to the start of the chain
+    /// \param buf      buffer holding the CRL data in PEM or DER format
+    /// \param buflen   size of the buffer
+    ///                 (including the terminating null byte for PEM data)
+    ///
+    /// \return         0 if successful, or a specific X509 or PEM error code
+    pub fn mbedtls_x509_crl_parse(
+        chain: *mut mbedtls_x509_crl,
+        buf: *const crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Returns an informational string about the CRL.
+    ///
+    /// \param buf      Buffer to write to
+    /// \param size     Maximum size of buffer
+    /// \param prefix   A line prefix
+    /// \param crl      The X509 CRL to represent
+    ///
+    /// \return         The length of the string written (not including the
+    ///                 terminated nul byte), or a negative error code.
+    pub fn mbedtls_x509_crl_info(
+        buf: *mut crate::c_types::c_char,
+        size: usize,
+        prefix: *const crate::c_types::c_char,
+        crl: *const mbedtls_x509_crl,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Initialize a CRL (chain)
+    ///
+    /// \param crl      CRL chain to initialize
+    pub fn mbedtls_x509_crl_init(crl: *mut mbedtls_x509_crl);
+}
+extern "C" {
+    /// \brief          Unallocate all CRL data
+    ///
+    /// \param crl      CRL chain to free
+    pub fn mbedtls_x509_crl_free(crl: *mut mbedtls_x509_crl);
+}
+/// Container for an X.509 certificate. The certificate may be chained.
+///
+/// Some fields of this structure are publicly readable. Do not modify
+/// them except via Mbed TLS library functions: the effect of modifying
+/// those fields or the data that those fields points to is unspecified.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_x509_crt {
+    pub private_own_buffer: crate::c_types::c_int,
+    ///< The raw certificate data (DER).
+    pub raw: mbedtls_x509_buf,
+    ///< The raw certificate body (DER). The part that is To Be Signed.
+    pub tbs: mbedtls_x509_buf,
+    ///< The X.509 version. (1=v1, 2=v2, 3=v3)
+    pub version: crate::c_types::c_int,
+    ///< Unique id for certificate issued by a specific CA.
+    pub serial: mbedtls_x509_buf,
+    ///< Signature algorithm, e.g. sha1RSA
+    pub sig_oid: mbedtls_x509_buf,
+    ///< The raw issuer data (DER). Used for quick comparison.
+    pub issuer_raw: mbedtls_x509_buf,
+    ///< The raw subject data (DER). Used for quick comparison.
+    pub subject_raw: mbedtls_x509_buf,
+    ///< The parsed issuer data (named information object).
+    pub issuer: mbedtls_x509_name,
+    ///< The parsed subject data (named information object).
+    pub subject: mbedtls_x509_name,
+    ///< Start time of certificate validity.
+    pub valid_from: mbedtls_x509_time,
+    ///< End time of certificate validity.
+    pub valid_to: mbedtls_x509_time,
+    pub pk_raw: mbedtls_x509_buf,
+    ///< Container for the public key context.
+    pub pk: mbedtls_pk_context,
+    ///< Optional X.509 v2/v3 issuer unique identifier.
+    pub issuer_id: mbedtls_x509_buf,
+    ///< Optional X.509 v2/v3 subject unique identifier.
+    pub subject_id: mbedtls_x509_buf,
+    ///< Optional X.509 v3 extensions.
+    pub v3_ext: mbedtls_x509_buf,
+    ///< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName, uniformResourceIdentifier and OtherName are listed).
+    pub subject_alt_names: mbedtls_x509_sequence,
+    ///< Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed).
+    pub certificate_policies: mbedtls_x509_sequence,
+    pub private_ext_types: crate::c_types::c_int,
+    pub private_ca_istrue: crate::c_types::c_int,
+    pub private_max_pathlen: crate::c_types::c_int,
+    pub private_key_usage: crate::c_types::c_uint,
+    ///< Optional list of extended key usage OIDs.
+    pub ext_key_usage: mbedtls_x509_sequence,
+    pub private_ns_cert_type: crate::c_types::c_uchar,
+    pub private_sig: mbedtls_x509_buf,
+    pub private_sig_md: mbedtls_md_type_t,
+    pub private_sig_pk: mbedtls_pk_type_t,
+    pub private_sig_opts: *mut crate::c_types::c_void,
+    /// Next certificate in the linked list that constitutes the CA chain.
+    /// \p NULL indicates the end of the list.
+    /// Do not modify this field directly.
+    pub next: *mut mbedtls_x509_crt,
+}
+/// Security profile for certificate verification.
+///
+/// All lists are bitfields, built by ORing flags from MBEDTLS_X509_ID_FLAG().
+///
+/// The fields of this structure are part of the public API and can be
+/// manipulated directly by applications. Future versions of the library may
+/// add extra fields or reorder existing fields.
+///
+/// You can create custom profiles by starting from a copy of
+/// an existing profile, such as mbedtls_x509_crt_profile_default or
+/// mbedtls_x509_ctr_profile_none and then tune it to your needs.
+///
+/// For example to allow SHA-224 in addition to the default:
+///
+///  mbedtls_x509_crt_profile my_profile = mbedtls_x509_crt_profile_default;
+///  my_profile.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 );
+///
+/// Or to allow only RSA-3072+ with SHA-256:
+///
+///  mbedtls_x509_crt_profile my_profile = mbedtls_x509_crt_profile_none;
+///  my_profile.allowed_mds = MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 );
+///  my_profile.allowed_pks = MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_RSA );
+///  my_profile.rsa_min_bitlen = 3072;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_x509_crt_profile {
+    ///< MDs for signatures
+    pub allowed_mds: u32,
+    ///< PK algs for public keys;
+    ///   this applies to all certificates
+    ///   in the provided chain.
+    pub allowed_pks: u32,
+    ///< Elliptic curves for ECDSA
+    pub allowed_curves: u32,
+    ///< Minimum size for RSA keys
+    pub rsa_min_bitlen: u32,
+}
+/// Container for writing a certificate (CRT)
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_x509write_cert {
+    pub private_version: crate::c_types::c_int,
+    pub private_serial: [crate::c_types::c_uchar; 20usize],
+    pub private_serial_len: usize,
+    pub private_subject_key: *mut mbedtls_pk_context,
+    pub private_issuer_key: *mut mbedtls_pk_context,
+    pub private_subject: *mut mbedtls_asn1_named_data,
+    pub private_issuer: *mut mbedtls_asn1_named_data,
+    pub private_md_alg: mbedtls_md_type_t,
+    pub private_not_before: [crate::c_types::c_char; 16usize],
+    pub private_not_after: [crate::c_types::c_char; 16usize],
+    pub private_extensions: *mut mbedtls_asn1_named_data,
+}
+/// Item in a verification chain: cert and flags for it
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_x509_crt_verify_chain_item {
+    pub private_crt: *mut mbedtls_x509_crt,
+    pub private_flags: u32,
+}
+/// Verification chain as built by \c mbedtls_crt_verify_chain()
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_x509_crt_verify_chain {
+    pub private_items: [mbedtls_x509_crt_verify_chain_item; 10usize],
+    pub private_len: crate::c_types::c_uint,
+}
+pub type mbedtls_x509_crt_restart_ctx = crate::c_types::c_void;
+extern "C" {
+    /// Default security profile. Should provide a good balance between security
+    /// and compatibility with current deployments.
+    ///
+    /// This profile permits:
+    /// - SHA2 hashes with at least 256 bits: SHA-256, SHA-384, SHA-512.
+    /// - Elliptic curves with 255 bits and above except secp256k1.
+    /// - RSA with 2048 bits and above.
+    ///
+    /// New minor versions of Mbed TLS may extend this profile, for example if
+    /// new algorithms are added to the library. New minor versions of Mbed TLS will
+    /// not reduce this profile unless serious security concerns require it.
+    pub static mbedtls_x509_crt_profile_default: mbedtls_x509_crt_profile;
+}
+extern "C" {
+    /// Expected next default profile. Recommended for new deployments.
+    /// Currently targets a 128-bit security level, except for allowing RSA-2048.
+    /// This profile may change at any time.
+    pub static mbedtls_x509_crt_profile_next: mbedtls_x509_crt_profile;
+}
+extern "C" {
+    /// NSA Suite B profile.
+    pub static mbedtls_x509_crt_profile_suiteb: mbedtls_x509_crt_profile;
+}
+extern "C" {
+    /// Empty profile that allows nothing. Useful as a basis for constructing
+    /// custom profiles.
+    pub static mbedtls_x509_crt_profile_none: mbedtls_x509_crt_profile;
+}
+extern "C" {
+    /// \brief          Parse a single DER formatted certificate and add it
+    ///                 to the end of the provided chained list.
+    ///
+    /// \note           If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+    ///                 subsystem must have been initialized by calling
+    ///                 psa_crypto_init() before calling this function.
+    ///
+    /// \param chain    The pointer to the start of the CRT chain to attach to.
+    ///                 When parsing the first CRT in a chain, this should point
+    ///                 to an instance of ::mbedtls_x509_crt initialized through
+    ///                 mbedtls_x509_crt_init().
+    /// \param buf      The buffer holding the DER encoded certificate.
+    /// \param buflen   The size in Bytes of \p buf.
+    ///
+    /// \note           This function makes an internal copy of the CRT buffer
+    ///                 \p buf. In particular, \p buf may be destroyed or reused
+    ///                 after this call returns. To avoid duplicating the CRT
+    ///                 buffer (at the cost of stricter lifetime constraints),
+    ///                 use mbedtls_x509_crt_parse_der_nocopy() instead.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_x509_crt_parse_der(
+        chain: *mut mbedtls_x509_crt,
+        buf: *const crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+/// \brief          The type of certificate extension callbacks.
+///
+///                 Callbacks of this type are passed to and used by the
+///                 mbedtls_x509_crt_parse_der_with_ext_cb() routine when
+///                 it encounters either an unsupported extension or a
+///                 "certificate policies" extension containing any
+///                 unsupported certificate policies.
+///                 Future versions of the library may invoke the callback
+///                 in other cases, if and when the need arises.
+///
+/// \param p_ctx    An opaque context passed to the callback.
+/// \param crt      The certificate being parsed.
+/// \param oid      The OID of the extension.
+/// \param critical Whether the extension is critical.
+/// \param p        Pointer to the start of the extension value
+///                 (the content of the OCTET STRING).
+/// \param end      End of extension value.
+///
+/// \note           The callback must fail and return a negative error code
+///                 if it can not parse or does not support the extension.
+///                 When the callback fails to parse a critical extension
+///                 mbedtls_x509_crt_parse_der_with_ext_cb() also fails.
+///                 When the callback fails to parse a non critical extension
+///                 mbedtls_x509_crt_parse_der_with_ext_cb() simply skips
+///                 the extension and continues parsing.
+///
+/// \return         \c 0 on success.
+/// \return         A negative error code on failure.
+pub type mbedtls_x509_crt_ext_cb_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        p_ctx: *mut crate::c_types::c_void,
+        crt: *const mbedtls_x509_crt,
+        oid: *const mbedtls_x509_buf,
+        critical: crate::c_types::c_int,
+        p: *const crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int,
+>;
+extern "C" {
+    /// \brief            Parse a single DER formatted certificate and add it
+    ///                   to the end of the provided chained list.
+    ///
+    /// \note             If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+    ///                   subsystem must have been initialized by calling
+    ///                   psa_crypto_init() before calling this function.
+    ///
+    /// \param chain      The pointer to the start of the CRT chain to attach to.
+    ///                   When parsing the first CRT in a chain, this should point
+    ///                   to an instance of ::mbedtls_x509_crt initialized through
+    ///                   mbedtls_x509_crt_init().
+    /// \param buf        The buffer holding the DER encoded certificate.
+    /// \param buflen     The size in Bytes of \p buf.
+    /// \param make_copy  When not zero this function makes an internal copy of the
+    ///                   CRT buffer \p buf. In particular, \p buf may be destroyed
+    ///                   or reused after this call returns.
+    ///                   When zero this function avoids duplicating the CRT buffer
+    ///                   by taking temporary ownership thereof until the CRT
+    ///                   is destroyed (like mbedtls_x509_crt_parse_der_nocopy())
+    /// \param cb         A callback invoked for every unsupported certificate
+    ///                   extension.
+    /// \param p_ctx      An opaque context passed to the callback.
+    ///
+    /// \note             This call is functionally equivalent to
+    ///                   mbedtls_x509_crt_parse_der(), and/or
+    ///                   mbedtls_x509_crt_parse_der_nocopy()
+    ///                   but it calls the callback with every unsupported
+    ///                   certificate extension and additionally the
+    ///                   "certificate policies" extension if it contains any
+    ///                   unsupported certificate policies.
+    ///                   The callback must return a negative error code if it
+    ///                   does not know how to handle such an extension.
+    ///                   When the callback fails to parse a critical extension
+    ///                   mbedtls_x509_crt_parse_der_with_ext_cb() also fails.
+    ///                   When the callback fails to parse a non critical extension
+    ///                   mbedtls_x509_crt_parse_der_with_ext_cb() simply skips
+    ///                   the extension and continues parsing.
+    ///                   Future versions of the library may invoke the callback
+    ///                   in other cases, if and when the need arises.
+    ///
+    /// \return           \c 0 if successful.
+    /// \return           A negative error code on failure.
+    pub fn mbedtls_x509_crt_parse_der_with_ext_cb(
+        chain: *mut mbedtls_x509_crt,
+        buf: *const crate::c_types::c_uchar,
+        buflen: usize,
+        make_copy: crate::c_types::c_int,
+        cb: mbedtls_x509_crt_ext_cb_t,
+        p_ctx: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Parse a single DER formatted certificate and add it
+    ///                 to the end of the provided chained list. This is a
+    ///                 variant of mbedtls_x509_crt_parse_der() which takes
+    ///                 temporary ownership of the CRT buffer until the CRT
+    ///                 is destroyed.
+    ///
+    /// \note           If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+    ///                 subsystem must have been initialized by calling
+    ///                 psa_crypto_init() before calling this function.
+    ///
+    /// \param chain    The pointer to the start of the CRT chain to attach to.
+    ///                 When parsing the first CRT in a chain, this should point
+    ///                 to an instance of ::mbedtls_x509_crt initialized through
+    ///                 mbedtls_x509_crt_init().
+    /// \param buf      The address of the readable buffer holding the DER encoded
+    ///                 certificate to use. On success, this buffer must be
+    ///                 retained and not be changed for the lifetime of the
+    ///                 CRT chain \p chain, that is, until \p chain is destroyed
+    ///                 through a call to mbedtls_x509_crt_free().
+    /// \param buflen   The size in Bytes of \p buf.
+    ///
+    /// \note           This call is functionally equivalent to
+    ///                 mbedtls_x509_crt_parse_der(), but it avoids creating a
+    ///                 copy of the input buffer at the cost of stronger lifetime
+    ///                 constraints. This is useful in constrained environments
+    ///                 where duplication of the CRT cannot be tolerated.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_x509_crt_parse_der_nocopy(
+        chain: *mut mbedtls_x509_crt,
+        buf: *const crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Parse one DER-encoded or one or more concatenated PEM-encoded
+    ///                 certificates and add them to the chained list.
+    ///
+    ///                 For CRTs in PEM encoding, the function parses permissively:
+    ///                 if at least one certificate can be parsed, the function
+    ///                 returns the number of certificates for which parsing failed
+    ///                 (hence \c 0 if all certificates were parsed successfully).
+    ///                 If no certificate could be parsed, the function returns
+    ///                 the first (negative) error encountered during parsing.
+    ///
+    ///                 PEM encoded certificates may be interleaved by other data
+    ///                 such as human readable descriptions of their content, as
+    ///                 long as the certificates are enclosed in the PEM specific
+    ///                 '-----{BEGIN/END} CERTIFICATE-----' delimiters.
+    ///
+    /// \note           If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+    ///                 subsystem must have been initialized by calling
+    ///                 psa_crypto_init() before calling this function.
+    ///
+    /// \param chain    The chain to which to add the parsed certificates.
+    /// \param buf      The buffer holding the certificate data in PEM or DER format.
+    ///                 For certificates in PEM encoding, this may be a concatenation
+    ///                 of multiple certificates; for DER encoding, the buffer must
+    ///                 comprise exactly one certificate.
+    /// \param buflen   The size of \p buf, including the terminating \c NULL byte
+    ///                 in case of PEM encoded data.
+    ///
+    /// \return         \c 0 if all certificates were parsed successfully.
+    /// \return         The (positive) number of certificates that couldn't
+    ///                 be parsed if parsing was partly successful (see above).
+    /// \return         A negative X509 or PEM error code otherwise.
+    pub fn mbedtls_x509_crt_parse(
+        chain: *mut mbedtls_x509_crt,
+        buf: *const crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Returns an informational string about the
+    ///                 certificate.
+    ///
+    /// \param buf      Buffer to write to
+    /// \param size     Maximum size of buffer
+    /// \param prefix   A line prefix
+    /// \param crt      The X509 certificate to represent
+    ///
+    /// \return         The length of the string written (not including the
+    ///                 terminated nul byte), or a negative error code.
+    pub fn mbedtls_x509_crt_info(
+        buf: *mut crate::c_types::c_char,
+        size: usize,
+        prefix: *const crate::c_types::c_char,
+        crt: *const mbedtls_x509_crt,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Returns an informational string about the
+    ///                 verification status of a certificate.
+    ///
+    /// \param buf      Buffer to write to
+    /// \param size     Maximum size of buffer
+    /// \param prefix   A line prefix
+    /// \param flags    Verification flags created by mbedtls_x509_crt_verify()
+    ///
+    /// \return         The length of the string written (not including the
+    ///                 terminated nul byte), or a negative error code.
+    pub fn mbedtls_x509_crt_verify_info(
+        buf: *mut crate::c_types::c_char,
+        size: usize,
+        prefix: *const crate::c_types::c_char,
+        flags: u32,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Verify a chain of certificates.
+    ///
+    ///                 The verify callback is a user-supplied callback that
+    ///                 can clear / modify / add flags for a certificate. If set,
+    ///                 the verification callback is called for each
+    ///                 certificate in the chain (from the trust-ca down to the
+    ///                 presented crt). The parameters for the callback are:
+    ///                 (void *parameter, mbedtls_x509_crt *crt, int certificate_depth,
+    ///                 int *flags). With the flags representing current flags for
+    ///                 that specific certificate and the certificate depth from
+    ///                 the bottom (Peer cert depth = 0).
+    ///
+    ///                 All flags left after returning from the callback
+    ///                 are also returned to the application. The function should
+    ///                 return 0 for anything (including invalid certificates)
+    ///                 other than fatal error, as a non-zero return code
+    ///                 immediately aborts the verification process. For fatal
+    ///                 errors, a specific error code should be used (different
+    ///                 from MBEDTLS_ERR_X509_CERT_VERIFY_FAILED which should not
+    ///                 be returned at this point), or MBEDTLS_ERR_X509_FATAL_ERROR
+    ///                 can be used if no better code is available.
+    ///
+    /// \note           In case verification failed, the results can be displayed
+    ///                 using \c mbedtls_x509_crt_verify_info()
+    ///
+    /// \note           Same as \c mbedtls_x509_crt_verify_with_profile() with the
+    ///                 default security profile.
+    ///
+    /// \note           It is your responsibility to provide up-to-date CRLs for
+    ///                 all trusted CAs. If no CRL is provided for the CA that was
+    ///                 used to sign the certificate, CRL verification is skipped
+    ///                 silently, that is *without* setting any flag.
+    ///
+    /// \note           The \c trust_ca list can contain two types of certificates:
+    ///                 (1) those of trusted root CAs, so that certificates
+    ///                 chaining up to those CAs will be trusted, and (2)
+    ///                 self-signed end-entity certificates to be trusted (for
+    ///                 specific peers you know) - in that case, the self-signed
+    ///                 certificate doesn't need to have the CA bit set.
+    ///
+    /// \param crt      The certificate chain to be verified.
+    /// \param trust_ca The list of trusted CAs.
+    /// \param ca_crl   The list of CRLs for trusted CAs.
+    /// \param cn       The expected Common Name. This will be checked to be
+    ///                 present in the certificate's subjectAltNames extension or,
+    ///                 if this extension is absent, as a CN component in its
+    ///                 Subject name. Currently only DNS names are supported. This
+    ///                 may be \c NULL if the CN need not be verified.
+    /// \param flags    The address at which to store the result of the verification.
+    ///                 If the verification couldn't be completed, the flag value is
+    ///                 set to (uint32_t) -1.
+    /// \param f_vrfy   The verification callback to use. See the documentation
+    ///                 of mbedtls_x509_crt_verify() for more information.
+    /// \param p_vrfy   The context to be passed to \p f_vrfy.
+    ///
+    /// \return         \c 0 if the chain is valid with respect to the
+    ///                 passed CN, CAs, CRLs and security profile.
+    /// \return         #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the
+    ///                 certificate chain verification failed. In this case,
+    ///                 \c *flags will have one or more
+    ///                 \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX
+    ///                 flags set.
+    /// \return         Another negative error code in case of a fatal error
+    ///                 encountered during the verification process.
+    pub fn mbedtls_x509_crt_verify(
+        crt: *mut mbedtls_x509_crt,
+        trust_ca: *mut mbedtls_x509_crt,
+        ca_crl: *mut mbedtls_x509_crl,
+        cn: *const crate::c_types::c_char,
+        flags: *mut u32,
+        f_vrfy: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut mbedtls_x509_crt,
+                arg3: crate::c_types::c_int,
+                arg4: *mut u32,
+            ) -> crate::c_types::c_int,
+        >,
+        p_vrfy: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Verify a chain of certificates with respect to
+    ///                 a configurable security profile.
+    ///
+    /// \note           Same as \c mbedtls_x509_crt_verify(), but with explicit
+    ///                 security profile.
+    ///
+    /// \note           The restrictions on keys (RSA minimum size, allowed curves
+    ///                 for ECDSA) apply to all certificates: trusted root,
+    ///                 intermediate CAs if any, and end entity certificate.
+    ///
+    /// \param crt      The certificate chain to be verified.
+    /// \param trust_ca The list of trusted CAs.
+    /// \param ca_crl   The list of CRLs for trusted CAs.
+    /// \param profile  The security profile to use for the verification.
+    /// \param cn       The expected Common Name. This may be \c NULL if the
+    ///                 CN need not be verified.
+    /// \param flags    The address at which to store the result of the verification.
+    ///                 If the verification couldn't be completed, the flag value is
+    ///                 set to (uint32_t) -1.
+    /// \param f_vrfy   The verification callback to use. See the documentation
+    ///                 of mbedtls_x509_crt_verify() for more information.
+    /// \param p_vrfy   The context to be passed to \p f_vrfy.
+    ///
+    /// \return         \c 0 if the chain is valid with respect to the
+    ///                 passed CN, CAs, CRLs and security profile.
+    /// \return         #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the
+    ///                 certificate chain verification failed. In this case,
+    ///                 \c *flags will have one or more
+    ///                 \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX
+    ///                 flags set.
+    /// \return         Another negative error code in case of a fatal error
+    ///                 encountered during the verification process.
+    pub fn mbedtls_x509_crt_verify_with_profile(
+        crt: *mut mbedtls_x509_crt,
+        trust_ca: *mut mbedtls_x509_crt,
+        ca_crl: *mut mbedtls_x509_crl,
+        profile: *const mbedtls_x509_crt_profile,
+        cn: *const crate::c_types::c_char,
+        flags: *mut u32,
+        f_vrfy: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut mbedtls_x509_crt,
+                arg3: crate::c_types::c_int,
+                arg4: *mut u32,
+            ) -> crate::c_types::c_int,
+        >,
+        p_vrfy: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Restartable version of \c mbedtls_crt_verify_with_profile()
+    ///
+    /// \note           Performs the same job as \c mbedtls_crt_verify_with_profile()
+    ///                 but can return early and restart according to the limit
+    ///                 set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
+    ///
+    /// \param crt      The certificate chain to be verified.
+    /// \param trust_ca The list of trusted CAs.
+    /// \param ca_crl   The list of CRLs for trusted CAs.
+    /// \param profile  The security profile to use for the verification.
+    /// \param cn       The expected Common Name. This may be \c NULL if the
+    ///                 CN need not be verified.
+    /// \param flags    The address at which to store the result of the verification.
+    ///                 If the verification couldn't be completed, the flag value is
+    ///                 set to (uint32_t) -1.
+    /// \param f_vrfy   The verification callback to use. See the documentation
+    ///                 of mbedtls_x509_crt_verify() for more information.
+    /// \param p_vrfy   The context to be passed to \p f_vrfy.
+    /// \param rs_ctx   The restart context to use. This may be set to \c NULL
+    ///                 to disable restartable ECC.
+    ///
+    /// \return         See \c mbedtls_crt_verify_with_profile(), or
+    /// \return         #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                 operations was reached: see \c mbedtls_ecp_set_max_ops().
+    pub fn mbedtls_x509_crt_verify_restartable(
+        crt: *mut mbedtls_x509_crt,
+        trust_ca: *mut mbedtls_x509_crt,
+        ca_crl: *mut mbedtls_x509_crl,
+        profile: *const mbedtls_x509_crt_profile,
+        cn: *const crate::c_types::c_char,
+        flags: *mut u32,
+        f_vrfy: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut mbedtls_x509_crt,
+                arg3: crate::c_types::c_int,
+                arg4: *mut u32,
+            ) -> crate::c_types::c_int,
+        >,
+        p_vrfy: *mut crate::c_types::c_void,
+        rs_ctx: *mut mbedtls_x509_crt_restart_ctx,
+    ) -> crate::c_types::c_int;
+}
+/// \brief               The type of trusted certificate callbacks.
+///
+///                      Callbacks of this type are passed to and used by the CRT
+///                      verification routine mbedtls_x509_crt_verify_with_ca_cb()
+///                      when looking for trusted signers of a given certificate.
+///
+///                      On success, the callback returns a list of trusted
+///                      certificates to be considered as potential signers
+///                      for the input certificate.
+///
+/// \param p_ctx         An opaque context passed to the callback.
+/// \param child         The certificate for which to search a potential signer.
+///                      This will point to a readable certificate.
+/// \param candidate_cas The address at which to store the address of the first
+///                      entry in the generated linked list of candidate signers.
+///                      This will not be \c NULL.
+///
+/// \note                The callback must only return a non-zero value on a
+///                      fatal error. If, in contrast, the search for a potential
+///                      signer completes without a single candidate, the
+///                      callback must return \c 0 and set \c *candidate_cas
+///                      to \c NULL.
+///
+/// \return              \c 0 on success. In this case, \c *candidate_cas points
+///                      to a heap-allocated linked list of instances of
+///                      ::mbedtls_x509_crt, and ownership of this list is passed
+///                      to the caller.
+/// \return              A negative error code on failure.
+pub type mbedtls_x509_crt_ca_cb_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        p_ctx: *mut crate::c_types::c_void,
+        child: *const mbedtls_x509_crt,
+        candidate_cas: *mut *mut mbedtls_x509_crt,
+    ) -> crate::c_types::c_int,
+>;
+extern "C" {
+    /// \brief          Check usage of certificate against keyUsage extension.
+    ///
+    /// \param crt      Leaf certificate used.
+    /// \param usage    Intended usage(s) (eg MBEDTLS_X509_KU_KEY_ENCIPHERMENT
+    ///                 before using the certificate to perform an RSA key
+    ///                 exchange).
+    ///
+    /// \note           Except for decipherOnly and encipherOnly, a bit set in the
+    ///                 usage argument means this bit MUST be set in the
+    ///                 certificate. For decipherOnly and encipherOnly, it means
+    ///                 that bit MAY be set.
+    ///
+    /// \return         0 is these uses of the certificate are allowed,
+    ///                 MBEDTLS_ERR_X509_BAD_INPUT_DATA if the keyUsage extension
+    ///                 is present but does not match the usage argument.
+    ///
+    /// \note           You should only call this function on leaf certificates, on
+    ///                 (intermediate) CAs the keyUsage extension is automatically
+    ///                 checked by \c mbedtls_x509_crt_verify().
+    pub fn mbedtls_x509_crt_check_key_usage(
+        crt: *const mbedtls_x509_crt,
+        usage: crate::c_types::c_uint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Check usage of certificate against extendedKeyUsage.
+    ///
+    /// \param crt       Leaf certificate used.
+    /// \param usage_oid Intended usage (eg MBEDTLS_OID_SERVER_AUTH or
+    ///                  MBEDTLS_OID_CLIENT_AUTH).
+    /// \param usage_len Length of usage_oid (eg given by MBEDTLS_OID_SIZE()).
+    ///
+    /// \return          0 if this use of the certificate is allowed,
+    ///                  MBEDTLS_ERR_X509_BAD_INPUT_DATA if not.
+    ///
+    /// \note            Usually only makes sense on leaf certificates.
+    pub fn mbedtls_x509_crt_check_extended_key_usage(
+        crt: *const mbedtls_x509_crt,
+        usage_oid: *const crate::c_types::c_char,
+        usage_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Verify the certificate revocation status
+    ///
+    /// \param crt      a certificate to be verified
+    /// \param crl      the CRL to verify against
+    ///
+    /// \return         1 if the certificate is revoked, 0 otherwise
+    pub fn mbedtls_x509_crt_is_revoked(
+        crt: *const mbedtls_x509_crt,
+        crl: *const mbedtls_x509_crl,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Initialize a certificate (chain)
+    ///
+    /// \param crt      Certificate chain to initialize
+    pub fn mbedtls_x509_crt_init(crt: *mut mbedtls_x509_crt);
+}
+extern "C" {
+    /// \brief          Unallocate all certificate data
+    ///
+    /// \param crt      Certificate chain to free
+    pub fn mbedtls_x509_crt_free(crt: *mut mbedtls_x509_crt);
+}
+extern "C" {
+    /// \brief           Initialize a CRT writing context
+    ///
+    /// \param ctx       CRT context to initialize
+    pub fn mbedtls_x509write_crt_init(ctx: *mut mbedtls_x509write_cert);
+}
+extern "C" {
+    /// \brief           Set the version for a Certificate
+    ///                  Default: MBEDTLS_X509_CRT_VERSION_3
+    ///
+    /// \param ctx       CRT context to use
+    /// \param version   version to set (MBEDTLS_X509_CRT_VERSION_1, MBEDTLS_X509_CRT_VERSION_2 or
+    ///                                  MBEDTLS_X509_CRT_VERSION_3)
+    pub fn mbedtls_x509write_crt_set_version(
+        ctx: *mut mbedtls_x509write_cert,
+        version: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief           Set the serial number for a Certificate.
+    ///
+    /// \deprecated      This function is deprecated and will be removed in a
+    ///                  future version of the library. Please use
+    ///                  mbedtls_x509write_crt_set_serial_raw() instead.
+    ///
+    /// \note            Even though the MBEDTLS_BIGNUM_C guard looks redundant since
+    ///                  X509 depends on PK and PK depends on BIGNUM, this emphasizes
+    ///                  a direct dependency between X509 and BIGNUM which is going
+    ///                  to be deprecated in the future.
+    ///
+    /// \param ctx       CRT context to use
+    /// \param serial    serial number to set
+    ///
+    /// \return          0 if successful
+    pub fn mbedtls_x509write_crt_set_serial(
+        ctx: *mut mbedtls_x509write_cert,
+        serial: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Set the serial number for a Certificate.
+    ///
+    /// \param ctx          CRT context to use
+    /// \param serial       A raw array of bytes containing the serial number in big
+    ///                     endian format
+    /// \param serial_len   Length of valid bytes (expressed in bytes) in \p serial
+    ///                     input buffer
+    ///
+    /// \return          0 if successful, or
+    ///                  MBEDTLS_ERR_X509_BAD_INPUT_DATA if the provided input buffer
+    ///                  is too big (longer than MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN)
+    pub fn mbedtls_x509write_crt_set_serial_raw(
+        ctx: *mut mbedtls_x509write_cert,
+        serial: *mut crate::c_types::c_uchar,
+        serial_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Set the validity period for a Certificate
+    ///                  Timestamps should be in string format for UTC timezone
+    ///                  i.e. "YYYYMMDDhhmmss"
+    ///                  e.g. "20131231235959" for December 31st 2013
+    ///                       at 23:59:59
+    ///
+    /// \param ctx       CRT context to use
+    /// \param not_before    not_before timestamp
+    /// \param not_after     not_after timestamp
+    ///
+    /// \return          0 if timestamp was parsed successfully, or
+    ///                  a specific error code
+    pub fn mbedtls_x509write_crt_set_validity(
+        ctx: *mut mbedtls_x509write_cert,
+        not_before: *const crate::c_types::c_char,
+        not_after: *const crate::c_types::c_char,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Set the issuer name for a Certificate
+    ///                  Issuer names should contain a comma-separated list
+    ///                  of OID types and values:
+    ///                  e.g. "C=UK,O=ARM,CN=mbed TLS CA"
+    ///
+    /// \param ctx           CRT context to use
+    /// \param issuer_name   issuer name to set
+    ///
+    /// \return          0 if issuer name was parsed successfully, or
+    ///                  a specific error code
+    pub fn mbedtls_x509write_crt_set_issuer_name(
+        ctx: *mut mbedtls_x509write_cert,
+        issuer_name: *const crate::c_types::c_char,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Set the subject name for a Certificate
+    ///                  Subject names should contain a comma-separated list
+    ///                  of OID types and values:
+    ///                  e.g. "C=UK,O=ARM,CN=mbed TLS Server 1"
+    ///
+    /// \param ctx           CRT context to use
+    /// \param subject_name  subject name to set
+    ///
+    /// \return          0 if subject name was parsed successfully, or
+    ///                  a specific error code
+    pub fn mbedtls_x509write_crt_set_subject_name(
+        ctx: *mut mbedtls_x509write_cert,
+        subject_name: *const crate::c_types::c_char,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Set the subject public key for the certificate
+    ///
+    /// \param ctx       CRT context to use
+    /// \param key       public key to include
+    pub fn mbedtls_x509write_crt_set_subject_key(
+        ctx: *mut mbedtls_x509write_cert,
+        key: *mut mbedtls_pk_context,
+    );
+}
+extern "C" {
+    /// \brief           Set the issuer key used for signing the certificate
+    ///
+    /// \param ctx       CRT context to use
+    /// \param key       private key to sign with
+    pub fn mbedtls_x509write_crt_set_issuer_key(
+        ctx: *mut mbedtls_x509write_cert,
+        key: *mut mbedtls_pk_context,
+    );
+}
+extern "C" {
+    /// \brief           Set the MD algorithm to use for the signature
+    ///                  (e.g. MBEDTLS_MD_SHA1)
+    ///
+    /// \param ctx       CRT context to use
+    /// \param md_alg    MD algorithm to use
+    pub fn mbedtls_x509write_crt_set_md_alg(
+        ctx: *mut mbedtls_x509write_cert,
+        md_alg: mbedtls_md_type_t,
+    );
+}
+extern "C" {
+    /// \brief           Generic function to add to or replace an extension in the
+    ///                  CRT
+    ///
+    /// \param ctx       CRT context to use
+    /// \param oid       OID of the extension
+    /// \param oid_len   length of the OID
+    /// \param critical  if the extension is critical (per the RFC's definition)
+    /// \param val       value of the extension OCTET STRING
+    /// \param val_len   length of the value data
+    ///
+    /// \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
+    pub fn mbedtls_x509write_crt_set_extension(
+        ctx: *mut mbedtls_x509write_cert,
+        oid: *const crate::c_types::c_char,
+        oid_len: usize,
+        critical: crate::c_types::c_int,
+        val: *const crate::c_types::c_uchar,
+        val_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Set the basicConstraints extension for a CRT
+    ///
+    /// \param ctx       CRT context to use
+    /// \param is_ca     is this a CA certificate
+    /// \param max_pathlen   maximum length of certificate chains below this
+    ///                      certificate (only for CA certificates, -1 is
+    ///                      unlimited)
+    ///
+    /// \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
+    pub fn mbedtls_x509write_crt_set_basic_constraints(
+        ctx: *mut mbedtls_x509write_cert,
+        is_ca: crate::c_types::c_int,
+        max_pathlen: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Set the subjectKeyIdentifier extension for a CRT
+    ///                  Requires that mbedtls_x509write_crt_set_subject_key() has been
+    ///                  called before
+    ///
+    /// \param ctx       CRT context to use
+    ///
+    /// \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
+    pub fn mbedtls_x509write_crt_set_subject_key_identifier(
+        ctx: *mut mbedtls_x509write_cert,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Set the authorityKeyIdentifier extension for a CRT
+    ///                  Requires that mbedtls_x509write_crt_set_issuer_key() has been
+    ///                  called before
+    ///
+    /// \param ctx       CRT context to use
+    ///
+    /// \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
+    pub fn mbedtls_x509write_crt_set_authority_key_identifier(
+        ctx: *mut mbedtls_x509write_cert,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Set the Key Usage Extension flags
+    ///                  (e.g. MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_SIGN)
+    ///
+    /// \param ctx       CRT context to use
+    /// \param key_usage key usage flags to set
+    ///
+    /// \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
+    pub fn mbedtls_x509write_crt_set_key_usage(
+        ctx: *mut mbedtls_x509write_cert,
+        key_usage: crate::c_types::c_uint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Set the Extended Key Usage Extension
+    ///                  (e.g. MBEDTLS_OID_SERVER_AUTH)
+    ///
+    /// \param ctx       CRT context to use
+    /// \param exts      extended key usage extensions to set, a sequence of
+    ///                  MBEDTLS_ASN1_OID objects
+    ///
+    /// \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
+    pub fn mbedtls_x509write_crt_set_ext_key_usage(
+        ctx: *mut mbedtls_x509write_cert,
+        exts: *const mbedtls_asn1_sequence,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Set the Netscape Cert Type flags
+    ///                  (e.g. MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT | MBEDTLS_X509_NS_CERT_TYPE_EMAIL)
+    ///
+    /// \param ctx           CRT context to use
+    /// \param ns_cert_type  Netscape Cert Type flags to set
+    ///
+    /// \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
+    pub fn mbedtls_x509write_crt_set_ns_cert_type(
+        ctx: *mut mbedtls_x509write_cert,
+        ns_cert_type: crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Free the contents of a CRT write context
+    ///
+    /// \param ctx       CRT context to free
+    pub fn mbedtls_x509write_crt_free(ctx: *mut mbedtls_x509write_cert);
+}
+extern "C" {
+    /// \brief           Write a built up certificate to a X509 DER structure
+    ///                  Note: data is written at the end of the buffer! Use the
+    ///                        return value to determine where you should start
+    ///                        using the buffer
+    ///
+    /// \param ctx       certificate to write away
+    /// \param buf       buffer to write to
+    /// \param size      size of the buffer
+    /// \param f_rng     RNG function. This must not be \c NULL.
+    /// \param p_rng     RNG parameter
+    ///
+    /// \return          length of data written if successful, or a specific
+    ///                  error code
+    ///
+    /// \note            \p f_rng is used for the signature operation.
+    pub fn mbedtls_x509write_crt_der(
+        ctx: *mut mbedtls_x509write_cert,
+        buf: *mut crate::c_types::c_uchar,
+        size: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Write a built up certificate to a X509 PEM string
+    ///
+    /// \param ctx       certificate to write away
+    /// \param buf       buffer to write to
+    /// \param size      size of the buffer
+    /// \param f_rng     RNG function. This must not be \c NULL.
+    /// \param p_rng     RNG parameter
+    ///
+    /// \return          0 if successful, or a specific error code
+    ///
+    /// \note            \p f_rng is used for the signature operation.
+    pub fn mbedtls_x509write_crt_pem(
+        ctx: *mut mbedtls_x509write_cert,
+        buf: *mut crate::c_types::c_uchar,
+        size: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+///<  The prime modulus.
+pub const mbedtls_dhm_parameter_MBEDTLS_DHM_PARAM_P: mbedtls_dhm_parameter = 0;
+///<  The generator.
+pub const mbedtls_dhm_parameter_MBEDTLS_DHM_PARAM_G: mbedtls_dhm_parameter = 1;
+///<  Our secret value.
+pub const mbedtls_dhm_parameter_MBEDTLS_DHM_PARAM_X: mbedtls_dhm_parameter = 2;
+///<  Our public key = \c G^X mod \c P.
+pub const mbedtls_dhm_parameter_MBEDTLS_DHM_PARAM_GX: mbedtls_dhm_parameter = 3;
+///<  The public key of the peer = \c G^Y mod \c P.
+pub const mbedtls_dhm_parameter_MBEDTLS_DHM_PARAM_GY: mbedtls_dhm_parameter = 4;
+///<  The shared secret = \c G^(XY) mod \c P.
+pub const mbedtls_dhm_parameter_MBEDTLS_DHM_PARAM_K: mbedtls_dhm_parameter = 5;
+/// Which parameter to access in mbedtls_dhm_get_value().
+pub type mbedtls_dhm_parameter = crate::c_types::c_uint;
+/// \brief          The DHM context structure.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_dhm_context {
+    pub private_P: mbedtls_mpi,
+    pub private_G: mbedtls_mpi,
+    pub private_X: mbedtls_mpi,
+    pub private_GX: mbedtls_mpi,
+    pub private_GY: mbedtls_mpi,
+    pub private_K: mbedtls_mpi,
+    pub private_RP: mbedtls_mpi,
+    pub private_Vi: mbedtls_mpi,
+    pub private_Vf: mbedtls_mpi,
+    pub private_pX: mbedtls_mpi,
+}
+extern "C" {
+    /// \brief          This function initializes the DHM context.
+    ///
+    /// \param ctx      The DHM context to initialize.
+    pub fn mbedtls_dhm_init(ctx: *mut mbedtls_dhm_context);
+}
+extern "C" {
+    /// \brief          This function parses the DHM parameters in a
+    ///                 TLS ServerKeyExchange handshake message
+    ///                 (DHM modulus, generator, and public key).
+    ///
+    /// \note           In a TLS handshake, this is the how the client
+    ///                 sets up its DHM context from the server's public
+    ///                 DHM key material.
+    ///
+    /// \param ctx      The DHM context to use. This must be initialized.
+    /// \param p        On input, *p must be the start of the input buffer.
+    ///                 On output, *p is updated to point to the end of the data
+    ///                 that has been read. On success, this is the first byte
+    ///                 past the end of the ServerKeyExchange parameters.
+    ///                 On error, this is the point at which an error has been
+    ///                 detected, which is usually not useful except to debug
+    ///                 failures.
+    /// \param end      The end of the input buffer.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_DHM_XXX error code on failure.
+    pub fn mbedtls_dhm_read_params(
+        ctx: *mut mbedtls_dhm_context,
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function generates a DHM key pair and exports its
+    ///                 public part together with the DHM parameters in the format
+    ///                 used in a TLS ServerKeyExchange handshake message.
+    ///
+    /// \note           This function assumes that the DHM parameters \c ctx->P
+    ///                 and \c ctx->G have already been properly set. For that, use
+    ///                 mbedtls_dhm_set_group() below in conjunction with
+    ///                 mbedtls_mpi_read_binary() and mbedtls_mpi_read_string().
+    ///
+    /// \note           In a TLS handshake, this is the how the server generates
+    ///                 and exports its DHM key material.
+    ///
+    /// \param ctx      The DHM context to use. This must be initialized
+    ///                 and have the DHM parameters set. It may or may not
+    ///                 already have imported the peer's public key.
+    /// \param x_size   The private key size in Bytes.
+    /// \param olen     The address at which to store the number of Bytes
+    ///                 written on success. This must not be \c NULL.
+    /// \param output   The destination buffer. This must be a writable buffer of
+    ///                 sufficient size to hold the reduced binary presentation of
+    ///                 the modulus, the generator and the public key, each wrapped
+    ///                 with a 2-byte length field. It is the responsibility of the
+    ///                 caller to ensure that enough space is available. Refer to
+    ///                 mbedtls_mpi_size() to computing the byte-size of an MPI.
+    /// \param f_rng    The RNG function. Must not be \c NULL.
+    /// \param p_rng    The RNG context to be passed to \p f_rng. This may be
+    ///                 \c NULL if \p f_rng doesn't need a context parameter.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_DHM_XXX error code on failure.
+    pub fn mbedtls_dhm_make_params(
+        ctx: *mut mbedtls_dhm_context,
+        x_size: crate::c_types::c_int,
+        output: *mut crate::c_types::c_uchar,
+        olen: *mut usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function sets the prime modulus and generator.
+    ///
+    /// \note           This function can be used to set \c ctx->P, \c ctx->G
+    ///                 in preparation for mbedtls_dhm_make_params().
+    ///
+    /// \param ctx      The DHM context to configure. This must be initialized.
+    /// \param P        The MPI holding the DHM prime modulus. This must be
+    ///                 an initialized MPI.
+    /// \param G        The MPI holding the DHM generator. This must be an
+    ///                 initialized MPI.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         An \c MBEDTLS_ERR_DHM_XXX error code on failure.
+    pub fn mbedtls_dhm_set_group(
+        ctx: *mut mbedtls_dhm_context,
+        P: *const mbedtls_mpi,
+        G: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function imports the raw public value of the peer.
+    ///
+    /// \note           In a TLS handshake, this is the how the server imports
+    ///                 the Client's public DHM key.
+    ///
+    /// \param ctx      The DHM context to use. This must be initialized and have
+    ///                 its DHM parameters set, e.g. via mbedtls_dhm_set_group().
+    ///                 It may or may not already have generated its own private key.
+    /// \param input    The input buffer containing the \c G^Y value of the peer.
+    ///                 This must be a readable buffer of size \p ilen Bytes.
+    /// \param ilen     The size of the input buffer \p input in Bytes.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_DHM_XXX error code on failure.
+    pub fn mbedtls_dhm_read_public(
+        ctx: *mut mbedtls_dhm_context,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function creates a DHM key pair and exports
+    ///                 the raw public key in big-endian format.
+    ///
+    /// \note           The destination buffer is always fully written
+    ///                 so as to contain a big-endian representation of G^X mod P.
+    ///                 If it is larger than \c ctx->len, it is padded accordingly
+    ///                 with zero-bytes at the beginning.
+    ///
+    /// \param ctx      The DHM context to use. This must be initialized and
+    ///                 have the DHM parameters set. It may or may not already
+    ///                 have imported the peer's public key.
+    /// \param x_size   The private key size in Bytes.
+    /// \param output   The destination buffer. This must be a writable buffer of
+    ///                 size \p olen Bytes.
+    /// \param olen     The length of the destination buffer. This must be at least
+    ///                 equal to `ctx->len` (the size of \c P).
+    /// \param f_rng    The RNG function. This must not be \c NULL.
+    /// \param p_rng    The RNG context to be passed to \p f_rng. This may be \c NULL
+    ///                 if \p f_rng doesn't need a context argument.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_DHM_XXX error code on failure.
+    pub fn mbedtls_dhm_make_public(
+        ctx: *mut mbedtls_dhm_context,
+        x_size: crate::c_types::c_int,
+        output: *mut crate::c_types::c_uchar,
+        olen: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function derives and exports the shared secret
+    ///                 \c (G^Y)^X mod \c P.
+    ///
+    /// \note           If \p f_rng is not \c NULL, it is used to blind the input as
+    ///                 a countermeasure against timing attacks. Blinding is used
+    ///                 only if our private key \c X is re-used, and not used
+    ///                 otherwise. We recommend always passing a non-NULL
+    ///                 \p f_rng argument.
+    ///
+    /// \param ctx           The DHM context to use. This must be initialized
+    ///                      and have its own private key generated and the peer's
+    ///                      public key imported.
+    /// \param output        The buffer to write the generated shared key to. This
+    ///                      must be a writable buffer of size \p output_size Bytes.
+    /// \param output_size   The size of the destination buffer. This must be at
+    ///                      least the size of \c ctx->len (the size of \c P).
+    /// \param olen          On exit, holds the actual number of Bytes written.
+    /// \param f_rng         The RNG function. Must not be \c NULL. Used for
+    ///                      blinding.
+    /// \param p_rng         The RNG context to be passed to \p f_rng. This may be
+    ///                      \c NULL if \p f_rng doesn't need a context parameter.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              An \c MBEDTLS_ERR_DHM_XXX error code on failure.
+    pub fn mbedtls_dhm_calc_secret(
+        ctx: *mut mbedtls_dhm_context,
+        output: *mut crate::c_types::c_uchar,
+        output_size: usize,
+        olen: *mut usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function returns the size of the prime modulus in bits.
+    ///
+    /// \param ctx      The DHM context to query.
+    ///
+    /// \return         The size of the prime modulus in bits,
+    ///                 i.e. the number n such that 2^(n-1) <= P < 2^n.
+    pub fn mbedtls_dhm_get_bitlen(ctx: *const mbedtls_dhm_context) -> usize;
+}
+extern "C" {
+    /// \brief          This function returns the size of the prime modulus in bytes.
+    ///
+    /// \param ctx      The DHM context to query.
+    ///
+    /// \return         The size of the prime modulus in bytes,
+    ///                 i.e. the number n such that 2^(8*(n-1)) <= P < 2^(8*n).
+    pub fn mbedtls_dhm_get_len(ctx: *const mbedtls_dhm_context) -> usize;
+}
+extern "C" {
+    /// \brief          This function copies a parameter of a DHM key.
+    ///
+    /// \param ctx      The DHM context to query.
+    /// \param param    The parameter to copy.
+    /// \param dest     The MPI object to copy the value into. It must be
+    ///                 initialized.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_DHM_BAD_INPUT_DATA if \p field is invalid.
+    /// \return         An \c MBEDTLS_ERR_MPI_XXX error code if the copy fails.
+    pub fn mbedtls_dhm_get_value(
+        ctx: *const mbedtls_dhm_context,
+        param: mbedtls_dhm_parameter,
+        dest: *mut mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function frees and clears the components
+    ///                 of a DHM context.
+    ///
+    /// \param ctx      The DHM context to free and clear. This may be \c NULL,
+    ///                 in which case this function is a no-op. If it is not \c NULL,
+    ///                 it must point to an initialized DHM context.
+    pub fn mbedtls_dhm_free(ctx: *mut mbedtls_dhm_context);
+}
+extern "C" {
+    /// \brief             This function parses DHM parameters in PEM or DER format.
+    ///
+    /// \param dhm         The DHM context to import the DHM parameters into.
+    ///                    This must be initialized.
+    /// \param dhmin       The input buffer. This must be a readable buffer of
+    ///                    length \p dhminlen Bytes.
+    /// \param dhminlen    The size of the input buffer \p dhmin, including the
+    ///                    terminating \c NULL Byte for PEM data.
+    ///
+    /// \return            \c 0 on success.
+    /// \return            An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX error
+    ///                    code on failure.
+    pub fn mbedtls_dhm_parse_dhm(
+        dhm: *mut mbedtls_dhm_context,
+        dhmin: *const crate::c_types::c_uchar,
+        dhminlen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          The DMH checkup routine.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_dhm_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+///< Our key.
+pub const mbedtls_ecdh_side_MBEDTLS_ECDH_OURS: mbedtls_ecdh_side = 0;
+///< The key of the peer.
+pub const mbedtls_ecdh_side_MBEDTLS_ECDH_THEIRS: mbedtls_ecdh_side = 1;
+/// Defines the source of the imported EC key.
+pub type mbedtls_ecdh_side = crate::c_types::c_uint;
+///< Implementation not defined.
+pub const mbedtls_ecdh_variant_MBEDTLS_ECDH_VARIANT_NONE: mbedtls_ecdh_variant = 0;
+///< The default Mbed TLS implementation
+pub const mbedtls_ecdh_variant_MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: mbedtls_ecdh_variant = 1;
+/// Defines the ECDH implementation used.
+///
+/// Later versions of the library may add new variants, therefore users should
+/// not make any assumptions about them.
+pub type mbedtls_ecdh_variant = crate::c_types::c_uint;
+/// The context used by the default ECDH implementation.
+///
+/// Later versions might change the structure of this context, therefore users
+/// should not make any assumptions about the structure of
+/// mbedtls_ecdh_context_mbed.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ecdh_context_mbed {
+    pub private_grp: mbedtls_ecp_group,
+    pub private_d: mbedtls_mpi,
+    pub private_Q: mbedtls_ecp_point,
+    pub private_Qp: mbedtls_ecp_point,
+    pub private_z: mbedtls_mpi,
+}
+/// \warning         Performing multiple operations concurrently on the same
+///                  ECDSA context is not supported; objects of this type
+///                  should not be shared between multiple threads.
+/// \brief           The ECDH context structure.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ecdh_context {
+    pub private_point_format: u8,
+    pub private_grp_id: mbedtls_ecp_group_id,
+    pub private_var: mbedtls_ecdh_variant,
+    pub private_ctx: mbedtls_ecdh_context__bindgen_ty_1,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union mbedtls_ecdh_context__bindgen_ty_1 {
+    pub private_mbed_ecdh: mbedtls_ecdh_context_mbed,
+}
+extern "C" {
+    /// \brief          Check whether a given group can be used for ECDH.
+    ///
+    /// \param gid      The ECP group ID to check.
+    ///
+    /// \return         \c 1 if the group can be used, \c 0 otherwise
+    pub fn mbedtls_ecdh_can_do(gid: mbedtls_ecp_group_id) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function generates an ECDH keypair on an elliptic
+    ///                  curve.
+    ///
+    ///                  This function performs the first of two core computations
+    ///                  implemented during the ECDH key exchange. The second core
+    ///                  computation is performed by mbedtls_ecdh_compute_shared().
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param grp       The ECP group to use. This must be initialized and have
+    ///                  domain parameters loaded, for example through
+    ///                  mbedtls_ecp_load() or mbedtls_ecp_tls_read_group().
+    /// \param d         The destination MPI (private key).
+    ///                  This must be initialized.
+    /// \param Q         The destination point (public key).
+    ///                  This must be initialized.
+    /// \param f_rng     The RNG function to use. This must not be \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may be
+    ///                  \c NULL in case \p f_rng doesn't need a context argument.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          Another \c MBEDTLS_ERR_ECP_XXX or
+    ///                  \c MBEDTLS_MPI_XXX error code on failure.
+    pub fn mbedtls_ecdh_gen_public(
+        grp: *mut mbedtls_ecp_group,
+        d: *mut mbedtls_mpi,
+        Q: *mut mbedtls_ecp_point,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function computes the shared secret.
+    ///
+    ///                  This function performs the second of two core computations
+    ///                  implemented during the ECDH key exchange. The first core
+    ///                  computation is performed by mbedtls_ecdh_gen_public().
+    ///
+    /// \see             ecp.h
+    ///
+    /// \note            If \p f_rng is not NULL, it is used to implement
+    ///                  countermeasures against side-channel attacks.
+    ///                  For more information, see mbedtls_ecp_mul().
+    ///
+    /// \param grp       The ECP group to use. This must be initialized and have
+    ///                  domain parameters loaded, for example through
+    ///                  mbedtls_ecp_load() or mbedtls_ecp_tls_read_group().
+    /// \param z         The destination MPI (shared secret).
+    ///                  This must be initialized.
+    /// \param Q         The public key from another party.
+    ///                  This must be initialized.
+    /// \param d         Our secret exponent (private key).
+    ///                  This must be initialized.
+    /// \param f_rng     The RNG function to use. This must not be \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may be
+    ///                  \c NULL if \p f_rng is \c NULL or doesn't need a
+    ///                  context argument.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          Another \c MBEDTLS_ERR_ECP_XXX or
+    ///                  \c MBEDTLS_MPI_XXX error code on failure.
+    pub fn mbedtls_ecdh_compute_shared(
+        grp: *mut mbedtls_ecp_group,
+        z: *mut mbedtls_mpi,
+        Q: *const mbedtls_ecp_point,
+        d: *const mbedtls_mpi,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function initializes an ECDH context.
+    ///
+    /// \param ctx       The ECDH context to initialize. This must not be \c NULL.
+    pub fn mbedtls_ecdh_init(ctx: *mut mbedtls_ecdh_context);
+}
+extern "C" {
+    /// \brief           This function sets up the ECDH context with the information
+    ///                  given.
+    ///
+    ///                  This function should be called after mbedtls_ecdh_init() but
+    ///                  before mbedtls_ecdh_make_params(). There is no need to call
+    ///                  this function before mbedtls_ecdh_read_params().
+    ///
+    ///                  This is the first function used by a TLS server for ECDHE
+    ///                  ciphersuites.
+    ///
+    /// \param ctx       The ECDH context to set up. This must be initialized.
+    /// \param grp_id    The group id of the group to set up the context for.
+    ///
+    /// \return          \c 0 on success.
+    pub fn mbedtls_ecdh_setup(
+        ctx: *mut mbedtls_ecdh_context,
+        grp_id: mbedtls_ecp_group_id,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function frees a context.
+    ///
+    /// \param ctx       The context to free. This may be \c NULL, in which
+    ///                  case this function does nothing. If it is not \c NULL,
+    ///                  it must point to an initialized ECDH context.
+    pub fn mbedtls_ecdh_free(ctx: *mut mbedtls_ecdh_context);
+}
+extern "C" {
+    /// \brief           This function generates an EC key pair and exports its
+    ///                  in the format used in a TLS ServerKeyExchange handshake
+    ///                  message.
+    ///
+    ///                  This is the second function used by a TLS server for ECDHE
+    ///                  ciphersuites. (It is called after mbedtls_ecdh_setup().)
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param ctx       The ECDH context to use. This must be initialized
+    ///                  and bound to a group, for example via mbedtls_ecdh_setup().
+    /// \param olen      The address at which to store the number of Bytes written.
+    /// \param buf       The destination buffer. This must be a writable buffer of
+    ///                  length \p blen Bytes.
+    /// \param blen      The length of the destination buffer \p buf in Bytes.
+    /// \param f_rng     The RNG function to use. This must not be \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may be
+    ///                  \c NULL in case \p f_rng doesn't need a context argument.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                  operations was reached: see \c mbedtls_ecp_set_max_ops().
+    /// \return          Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
+    pub fn mbedtls_ecdh_make_params(
+        ctx: *mut mbedtls_ecdh_context,
+        olen: *mut usize,
+        buf: *mut crate::c_types::c_uchar,
+        blen: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function parses the ECDHE parameters in a
+    ///                  TLS ServerKeyExchange handshake message.
+    ///
+    /// \note            In a TLS handshake, this is the how the client
+    ///                  sets up its ECDHE context from the server's public
+    ///                  ECDHE key material.
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param ctx       The ECDHE context to use. This must be initialized.
+    /// \param buf       On input, \c *buf must be the start of the input buffer.
+    ///                  On output, \c *buf is updated to point to the end of the
+    ///                  data that has been read. On success, this is the first byte
+    ///                  past the end of the ServerKeyExchange parameters.
+    ///                  On error, this is the point at which an error has been
+    ///                  detected, which is usually not useful except to debug
+    ///                  failures.
+    /// \param end       The end of the input buffer.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX error code on failure.
+    pub fn mbedtls_ecdh_read_params(
+        ctx: *mut mbedtls_ecdh_context,
+        buf: *mut *const crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function sets up an ECDH context from an EC key.
+    ///
+    ///                  It is used by clients and servers in place of the
+    ///                  ServerKeyEchange for static ECDH, and imports ECDH
+    ///                  parameters from the EC key information of a certificate.
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param ctx       The ECDH context to set up. This must be initialized.
+    /// \param key       The EC key to use. This must be initialized.
+    /// \param side      Defines the source of the key. Possible values are:
+    ///                  - #MBEDTLS_ECDH_OURS: The key is ours.
+    ///                  - #MBEDTLS_ECDH_THEIRS: The key is that of the peer.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
+    pub fn mbedtls_ecdh_get_params(
+        ctx: *mut mbedtls_ecdh_context,
+        key: *const mbedtls_ecp_keypair,
+        side: mbedtls_ecdh_side,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function generates a public key and exports it
+    ///                  as a TLS ClientKeyExchange payload.
+    ///
+    ///                  This is the second function used by a TLS client for ECDH(E)
+    ///                  ciphersuites.
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param ctx       The ECDH context to use. This must be initialized
+    ///                  and bound to a group, the latter usually by
+    ///                  mbedtls_ecdh_read_params().
+    /// \param olen      The address at which to store the number of Bytes written.
+    ///                  This must not be \c NULL.
+    /// \param buf       The destination buffer. This must be a writable buffer
+    ///                  of length \p blen Bytes.
+    /// \param blen      The size of the destination buffer \p buf in Bytes.
+    /// \param f_rng     The RNG function to use. This must not be \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may be
+    ///                  \c NULL in case \p f_rng doesn't need a context argument.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                  operations was reached: see \c mbedtls_ecp_set_max_ops().
+    /// \return          Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
+    pub fn mbedtls_ecdh_make_public(
+        ctx: *mut mbedtls_ecdh_context,
+        olen: *mut usize,
+        buf: *mut crate::c_types::c_uchar,
+        blen: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       This function parses and processes the ECDHE payload of a
+    ///              TLS ClientKeyExchange message.
+    ///
+    ///              This is the third function used by a TLS server for ECDH(E)
+    ///              ciphersuites. (It is called after mbedtls_ecdh_setup() and
+    ///              mbedtls_ecdh_make_params().)
+    ///
+    /// \see         ecp.h
+    ///
+    /// \param ctx   The ECDH context to use. This must be initialized
+    ///              and bound to a group, for example via mbedtls_ecdh_setup().
+    /// \param buf   The pointer to the ClientKeyExchange payload. This must
+    ///              be a readable buffer of length \p blen Bytes.
+    /// \param blen  The length of the input buffer \p buf in Bytes.
+    ///
+    /// \return      \c 0 on success.
+    /// \return      An \c MBEDTLS_ERR_ECP_XXX error code on failure.
+    pub fn mbedtls_ecdh_read_public(
+        ctx: *mut mbedtls_ecdh_context,
+        buf: *const crate::c_types::c_uchar,
+        blen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function derives and exports the shared secret.
+    ///
+    ///                  This is the last function used by both TLS client
+    ///                  and servers.
+    ///
+    /// \note            If \p f_rng is not NULL, it is used to implement
+    ///                  countermeasures against side-channel attacks.
+    ///                  For more information, see mbedtls_ecp_mul().
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param ctx       The ECDH context to use. This must be initialized
+    ///                  and have its own private key generated and the peer's
+    ///                  public key imported.
+    /// \param olen      The address at which to store the total number of
+    ///                  Bytes written on success. This must not be \c NULL.
+    /// \param buf       The buffer to write the generated shared key to. This
+    ///                  must be a writable buffer of size \p blen Bytes.
+    /// \param blen      The length of the destination buffer \p buf in Bytes.
+    /// \param f_rng     The RNG function to use. This must not be \c NULL.
+    /// \param p_rng     The RNG context. This may be \c NULL if \p f_rng
+    ///                  doesn't need a context argument.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                  operations was reached: see \c mbedtls_ecp_set_max_ops().
+    /// \return          Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
+    pub fn mbedtls_ecdh_calc_secret(
+        ctx: *mut mbedtls_ecdh_context,
+        olen: *mut usize,
+        buf: *mut crate::c_types::c_uchar,
+        blen: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union mbedtls_ssl_premaster_secret {
+    pub _pms_rsa: [crate::c_types::c_uchar; 48usize],
+    pub _pms_dhm: [crate::c_types::c_uchar; 1024usize],
+    pub _pms_ecdh: [crate::c_types::c_uchar; 66usize],
+    pub _pms_psk: [crate::c_types::c_uchar; 100usize],
+    pub _pms_dhe_psk: [crate::c_types::c_uchar; 1076usize],
+    pub _pms_rsa_psk: [crate::c_types::c_uchar; 100usize],
+    pub _pms_ecdhe_psk: [crate::c_types::c_uchar; 118usize],
+}
+pub const mbedtls_ssl_states_MBEDTLS_SSL_HELLO_REQUEST: mbedtls_ssl_states = 0;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_CLIENT_HELLO: mbedtls_ssl_states = 1;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_SERVER_HELLO: mbedtls_ssl_states = 2;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_SERVER_CERTIFICATE: mbedtls_ssl_states = 3;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_SERVER_KEY_EXCHANGE: mbedtls_ssl_states = 4;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_CERTIFICATE_REQUEST: mbedtls_ssl_states = 5;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_SERVER_HELLO_DONE: mbedtls_ssl_states = 6;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_CLIENT_CERTIFICATE: mbedtls_ssl_states = 7;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_CLIENT_KEY_EXCHANGE: mbedtls_ssl_states = 8;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_CERTIFICATE_VERIFY: mbedtls_ssl_states = 9;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC: mbedtls_ssl_states = 10;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_CLIENT_FINISHED: mbedtls_ssl_states = 11;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC: mbedtls_ssl_states = 12;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_SERVER_FINISHED: mbedtls_ssl_states = 13;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_FLUSH_BUFFERS: mbedtls_ssl_states = 14;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_HANDSHAKE_WRAPUP: mbedtls_ssl_states = 15;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_NEW_SESSION_TICKET: mbedtls_ssl_states = 16;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT: mbedtls_ssl_states = 17;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_HELLO_RETRY_REQUEST: mbedtls_ssl_states = 18;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_ENCRYPTED_EXTENSIONS: mbedtls_ssl_states = 19;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_END_OF_EARLY_DATA: mbedtls_ssl_states = 20;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY: mbedtls_ssl_states = 21;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED: mbedtls_ssl_states = 22;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO: mbedtls_ssl_states =
+    23;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO: mbedtls_ssl_states = 24;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO: mbedtls_ssl_states = 25;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST: mbedtls_ssl_states =
+    26;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_HANDSHAKE_OVER: mbedtls_ssl_states = 27;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET: mbedtls_ssl_states = 28;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH: mbedtls_ssl_states = 29;
+pub type mbedtls_ssl_states = crate::c_types::c_uint;
+/// \brief          Callback type: send data on the network.
+///
+/// \note           That callback may be either blocking or non-blocking.
+///
+/// \param ctx      Context for the send callback (typically a file descriptor)
+/// \param buf      Buffer holding the data to send
+/// \param len      Length of the data to send
+///
+/// \return         The callback must return the number of bytes sent if any,
+///                 or a non-zero error code.
+///                 If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_WRITE
+///                 must be returned when the operation would block.
+///
+/// \note           The callback is allowed to send fewer bytes than requested.
+///                 It must always return the number of bytes actually sent.
+pub type mbedtls_ssl_send_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        ctx: *mut crate::c_types::c_void,
+        buf: *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int,
+>;
+/// \brief          Callback type: receive data from the network.
+///
+/// \note           That callback may be either blocking or non-blocking.
+///
+/// \param ctx      Context for the receive callback (typically a file
+///                 descriptor)
+/// \param buf      Buffer to write the received data to
+/// \param len      Length of the receive buffer
+///
+/// \returns        If data has been received, the positive number of bytes received.
+/// \returns        \c 0 if the connection has been closed.
+/// \returns        If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_READ
+///                 must be returned when the operation would block.
+/// \returns        Another negative error code on other kinds of failures.
+///
+/// \note           The callback may receive fewer bytes than the length of the
+///                 buffer. It must always return the number of bytes actually
+///                 received and written to the buffer.
+pub type mbedtls_ssl_recv_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        ctx: *mut crate::c_types::c_void,
+        buf: *mut crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int,
+>;
+/// \brief          Callback type: receive data from the network, with timeout
+///
+/// \note           That callback must block until data is received, or the
+///                 timeout delay expires, or the operation is interrupted by a
+///                 signal.
+///
+/// \param ctx      Context for the receive callback (typically a file descriptor)
+/// \param buf      Buffer to write the received data to
+/// \param len      Length of the receive buffer
+/// \param timeout  Maximum number of milliseconds to wait for data
+///                 0 means no timeout (potentially waiting forever)
+///
+/// \return         The callback must return the number of bytes received,
+///                 or a non-zero error code:
+///                 \c MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out,
+///                 \c MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal.
+///
+/// \note           The callback may receive fewer bytes than the length of the
+///                 buffer. It must always return the number of bytes actually
+///                 received and written to the buffer.
+pub type mbedtls_ssl_recv_timeout_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        ctx: *mut crate::c_types::c_void,
+        buf: *mut crate::c_types::c_uchar,
+        len: usize,
+        timeout: u32,
+    ) -> crate::c_types::c_int,
+>;
+/// \brief          Callback type: set a pair of timers/delays to watch
+///
+/// \param ctx      Context pointer
+/// \param int_ms   Intermediate delay in milliseconds
+/// \param fin_ms   Final delay in milliseconds
+///                 0 cancels the current timer.
+///
+/// \note           This callback must at least store the necessary information
+///                 for the associated \c mbedtls_ssl_get_timer_t callback to
+///                 return correct information.
+///
+/// \note           If using an event-driven style of programming, an event must
+///                 be generated when the final delay is passed. The event must
+///                 cause a call to \c mbedtls_ssl_handshake() with the proper
+///                 SSL context to be scheduled. Care must be taken to ensure
+///                 that at most one such call happens at a time.
+///
+/// \note           Only one timer at a time must be running. Calling this
+///                 function while a timer is running must cancel it. Cancelled
+///                 timers must not generate any event.
+pub type mbedtls_ssl_set_timer_t = ::core::option::Option<
+    unsafe extern "C" fn(ctx: *mut crate::c_types::c_void, int_ms: u32, fin_ms: u32),
+>;
+/// \brief          Callback type: get status of timers/delays
+///
+/// \param ctx      Context pointer
+///
+/// \return         This callback must return:
+///                 -1 if cancelled (fin_ms == 0),
+///                  0 if none of the delays have passed,
+///                  1 if only the intermediate delay has passed,
+///                  2 if the final delay has passed.
+pub type mbedtls_ssl_get_timer_t = ::core::option::Option<
+    unsafe extern "C" fn(ctx: *mut crate::c_types::c_void) -> crate::c_types::c_int,
+>;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ssl_transform {
+    _unused: [u8; 0],
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ssl_handshake_params {
+    _unused: [u8; 0],
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ssl_sig_hash_set_t {
+    _unused: [u8; 0],
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ssl_key_cert {
+    _unused: [u8; 0],
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ssl_flight_item {
+    _unused: [u8; 0],
+}
+/// \brief          Callback type: server-side session cache getter
+///
+///                 The session cache is logically a key value store, with
+///                 keys being session IDs and values being instances of
+///                 mbedtls_ssl_session.
+///
+///                 This callback retrieves an entry in this key-value store.
+///
+/// \param data            The address of the session cache structure to query.
+/// \param session_id      The buffer holding the session ID to query.
+/// \param session_id_len  The length of \p session_id in Bytes.
+/// \param session         The address of the session structure to populate.
+///                        It is initialized with mbdtls_ssl_session_init(),
+///                        and the callback must always leave it in a state
+///                        where it can safely be freed via
+///                        mbedtls_ssl_session_free() independent of the
+///                        return code of this function.
+///
+/// \return                \c 0 on success
+/// \return                A non-zero return value on failure.
+pub type mbedtls_ssl_cache_get_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        data: *mut crate::c_types::c_void,
+        session_id: *const crate::c_types::c_uchar,
+        session_id_len: usize,
+        session: *mut mbedtls_ssl_session,
+    ) -> crate::c_types::c_int,
+>;
+/// \brief          Callback type: server-side session cache setter
+///
+///                 The session cache is logically a key value store, with
+///                 keys being session IDs and values being instances of
+///                 mbedtls_ssl_session.
+///
+///                 This callback sets an entry in this key-value store.
+///
+/// \param data            The address of the session cache structure to modify.
+/// \param session_id      The buffer holding the session ID to query.
+/// \param session_id_len  The length of \p session_id in Bytes.
+/// \param session         The address of the session to be stored in the
+///                        session cache.
+///
+/// \return                \c 0 on success
+/// \return                A non-zero return value on failure.
+pub type mbedtls_ssl_cache_set_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        data: *mut crate::c_types::c_void,
+        session_id: *const crate::c_types::c_uchar,
+        session_id_len: usize,
+        session: *const mbedtls_ssl_session,
+    ) -> crate::c_types::c_int,
+>;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ssl_tls13_application_secrets {
+    pub client_application_traffic_secret_N: [crate::c_types::c_uchar; 64usize],
+    pub server_application_traffic_secret_N: [crate::c_types::c_uchar; 64usize],
+    pub exporter_master_secret: [crate::c_types::c_uchar; 64usize],
+    pub resumption_master_secret: [crate::c_types::c_uchar; 64usize],
+}
+///< Context not in use or version not yet negotiated.
+pub const mbedtls_ssl_protocol_version_MBEDTLS_SSL_VERSION_UNKNOWN: mbedtls_ssl_protocol_version =
+    0;
+///< (D)TLS 1.2
+pub const mbedtls_ssl_protocol_version_MBEDTLS_SSL_VERSION_TLS1_2: mbedtls_ssl_protocol_version =
+    771;
+///< (D)TLS 1.3
+pub const mbedtls_ssl_protocol_version_MBEDTLS_SSL_VERSION_TLS1_3: mbedtls_ssl_protocol_version =
+    772;
+/// Human-friendly representation of the (D)TLS protocol version.
+pub type mbedtls_ssl_protocol_version = crate::c_types::c_uint;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ssl_session {
+    pub private_mfl_code: crate::c_types::c_uchar,
+    pub private_exported: crate::c_types::c_uchar,
+    pub private_tls_version: mbedtls_ssl_protocol_version,
+    pub private_ciphersuite: crate::c_types::c_int,
+    pub private_id_len: usize,
+    pub private_id: [crate::c_types::c_uchar; 32usize],
+    pub private_master: [crate::c_types::c_uchar; 48usize],
+    pub private_peer_cert: *mut mbedtls_x509_crt,
+    pub private_verify_result: u32,
+    pub private_ticket: *mut crate::c_types::c_uchar,
+    pub private_ticket_len: usize,
+    pub private_ticket_lifetime: u32,
+    pub private_endpoint: u8,
+    pub private_ticket_flags: u8,
+    pub private_ticket_age_add: u32,
+    pub private_resumption_key_len: u8,
+    pub private_resumption_key: [crate::c_types::c_uchar; 48usize],
+    pub private_hostname: *mut crate::c_types::c_char,
+    pub private_encrypt_then_mac: crate::c_types::c_int,
+    pub private_app_secrets: mbedtls_ssl_tls13_application_secrets,
+}
+pub const mbedtls_tls_prf_types_MBEDTLS_SSL_TLS_PRF_NONE: mbedtls_tls_prf_types = 0;
+pub const mbedtls_tls_prf_types_MBEDTLS_SSL_TLS_PRF_SHA384: mbedtls_tls_prf_types = 1;
+pub const mbedtls_tls_prf_types_MBEDTLS_SSL_TLS_PRF_SHA256: mbedtls_tls_prf_types = 2;
+pub const mbedtls_tls_prf_types_MBEDTLS_SSL_HKDF_EXPAND_SHA384: mbedtls_tls_prf_types = 3;
+pub const mbedtls_tls_prf_types_MBEDTLS_SSL_HKDF_EXPAND_SHA256: mbedtls_tls_prf_types = 4;
+pub type mbedtls_tls_prf_types = crate::c_types::c_uint;
+pub const mbedtls_ssl_key_export_type_MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET:
+    mbedtls_ssl_key_export_type = 0;
+pub const mbedtls_ssl_key_export_type_MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_EARLY_SECRET:
+    mbedtls_ssl_key_export_type = 1;
+pub const mbedtls_ssl_key_export_type_MBEDTLS_SSL_KEY_EXPORT_TLS1_3_EARLY_EXPORTER_SECRET:
+    mbedtls_ssl_key_export_type = 2;
+pub const mbedtls_ssl_key_export_type_MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_HANDSHAKE_TRAFFIC_SECRET : mbedtls_ssl_key_export_type = 3 ;
+pub const mbedtls_ssl_key_export_type_MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_HANDSHAKE_TRAFFIC_SECRET : mbedtls_ssl_key_export_type = 4 ;
+pub const mbedtls_ssl_key_export_type_MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_APPLICATION_TRAFFIC_SECRET : mbedtls_ssl_key_export_type = 5 ;
+pub const mbedtls_ssl_key_export_type_MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_APPLICATION_TRAFFIC_SECRET : mbedtls_ssl_key_export_type = 6 ;
+pub type mbedtls_ssl_key_export_type = crate::c_types::c_uint;
+/// \brief           Callback type: Export key alongside random values for
+///                                 session identification, and PRF for
+///                                 implementation of TLS key exporters.
+///
+/// \param p_expkey   Context for the callback.
+/// \param type       The type of the key that is being exported.
+/// \param secret     The address of the buffer holding the secret
+///                   that's being exporterd.
+/// \param secret_len The length of \p secret in bytes.
+/// \param client_random The client random bytes.
+/// \param server_random The server random bytes.
+/// \param tls_prf_type The identifier for the PRF used in the handshake
+///                     to which the key belongs.
+pub type mbedtls_ssl_export_keys_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        p_expkey: *mut crate::c_types::c_void,
+        type_: mbedtls_ssl_key_export_type,
+        secret: *const crate::c_types::c_uchar,
+        secret_len: usize,
+        client_random: *const crate::c_types::c_uchar,
+        server_random: *const crate::c_types::c_uchar,
+        tls_prf_type: mbedtls_tls_prf_types,
+    ),
+>;
+/// \brief           Callback type: generic handshake callback
+///
+/// \note            Callbacks may use user_data funcs to set/get app user data.
+///                  See \c mbedtls_ssl_get_user_data_p()
+///                      \c mbedtls_ssl_get_user_data_n()
+///                      \c mbedtls_ssl_conf_get_user_data_p()
+///                      \c mbedtls_ssl_conf_get_user_data_n()
+///
+/// \param ssl       \c mbedtls_ssl_context on which the callback is run
+///
+/// \return          The return value of the callback is 0 if successful,
+///                  or a specific MBEDTLS_ERR_XXX code, which will cause
+///                  the handshake to be aborted.
+pub type mbedtls_ssl_hs_cb_t = ::core::option::Option<
+    unsafe extern "C" fn(ssl: *mut mbedtls_ssl_context) -> crate::c_types::c_int,
+>;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union mbedtls_ssl_user_data_t {
+    pub n: usize,
+    pub p: *mut crate::c_types::c_void,
+}
+/// SSL/TLS configuration to be shared between mbedtls_ssl_context structures.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ssl_config {
+    pub private_max_tls_version: mbedtls_ssl_protocol_version,
+    pub private_min_tls_version: mbedtls_ssl_protocol_version,
+    pub private_endpoint: u8,
+    pub private_transport: u8,
+    pub private_authmode: u8,
+    pub private_allow_legacy_renegotiation: u8,
+    pub private_mfl_code: u8,
+    pub private_encrypt_then_mac: u8,
+    pub private_extended_ms: u8,
+    pub private_anti_replay: u8,
+    pub private_disable_renegotiation: u8,
+    pub private_session_tickets: u8,
+    pub private_new_session_tickets_count: u16,
+    pub private_cert_req_ca_list: u8,
+    pub private_respect_cli_pref: u8,
+    pub private_ignore_unexpected_cid: u8,
+    pub private_ciphersuite_list: *const crate::c_types::c_int,
+    pub private_tls13_kex_modes: crate::c_types::c_int,
+    pub private_f_dbg: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut crate::c_types::c_void,
+            arg2: crate::c_types::c_int,
+            arg3: *const crate::c_types::c_char,
+            arg4: crate::c_types::c_int,
+            arg5: *const crate::c_types::c_char,
+        ),
+    >,
+    pub private_p_dbg: *mut crate::c_types::c_void,
+    pub private_f_rng: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut crate::c_types::c_void,
+            arg2: *mut crate::c_types::c_uchar,
+            arg3: usize,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_p_rng: *mut crate::c_types::c_void,
+    pub private_f_get_cache: mbedtls_ssl_cache_get_t,
+    pub private_f_set_cache: mbedtls_ssl_cache_set_t,
+    pub private_p_cache: *mut crate::c_types::c_void,
+    pub private_f_sni: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut crate::c_types::c_void,
+            arg2: *mut mbedtls_ssl_context,
+            arg3: *const crate::c_types::c_uchar,
+            arg4: usize,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_p_sni: *mut crate::c_types::c_void,
+    pub private_f_vrfy: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut crate::c_types::c_void,
+            arg2: *mut mbedtls_x509_crt,
+            arg3: crate::c_types::c_int,
+            arg4: *mut u32,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_p_vrfy: *mut crate::c_types::c_void,
+    pub private_f_psk: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut crate::c_types::c_void,
+            arg2: *mut mbedtls_ssl_context,
+            arg3: *const crate::c_types::c_uchar,
+            arg4: usize,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_p_psk: *mut crate::c_types::c_void,
+    pub private_f_cookie_write: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut crate::c_types::c_void,
+            arg2: *mut *mut crate::c_types::c_uchar,
+            arg3: *mut crate::c_types::c_uchar,
+            arg4: *const crate::c_types::c_uchar,
+            arg5: usize,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_f_cookie_check: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut crate::c_types::c_void,
+            arg2: *const crate::c_types::c_uchar,
+            arg3: usize,
+            arg4: *const crate::c_types::c_uchar,
+            arg5: usize,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_p_cookie: *mut crate::c_types::c_void,
+    pub private_f_ticket_write: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut crate::c_types::c_void,
+            arg2: *const mbedtls_ssl_session,
+            arg3: *mut crate::c_types::c_uchar,
+            arg4: *const crate::c_types::c_uchar,
+            arg5: *mut usize,
+            arg6: *mut u32,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_f_ticket_parse: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut crate::c_types::c_void,
+            arg2: *mut mbedtls_ssl_session,
+            arg3: *mut crate::c_types::c_uchar,
+            arg4: usize,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_p_ticket: *mut crate::c_types::c_void,
+    pub private_cid_len: usize,
+    pub private_cert_profile: *const mbedtls_x509_crt_profile,
+    pub private_key_cert: *mut mbedtls_ssl_key_cert,
+    pub private_ca_chain: *mut mbedtls_x509_crt,
+    pub private_ca_crl: *mut mbedtls_x509_crl,
+    pub private_sig_hashes: *const crate::c_types::c_int,
+    pub private_sig_algs: *const u16,
+    pub private_curve_list: *const mbedtls_ecp_group_id,
+    pub private_group_list: *const u16,
+    pub private_dhm_P: mbedtls_mpi,
+    pub private_dhm_G: mbedtls_mpi,
+    pub private_psk: *mut crate::c_types::c_uchar,
+    pub private_psk_len: usize,
+    pub private_psk_identity: *mut crate::c_types::c_uchar,
+    pub private_psk_identity_len: usize,
+    pub private_alpn_list: *mut *const crate::c_types::c_char,
+    pub private_read_timeout: u32,
+    pub private_hs_timeout_min: u32,
+    pub private_hs_timeout_max: u32,
+    pub private_renego_max_records: crate::c_types::c_int,
+    pub private_renego_period: [crate::c_types::c_uchar; 8usize],
+    pub private_badmac_limit: crate::c_types::c_uint,
+    pub private_dhm_min_bitlen: crate::c_types::c_uint,
+    pub private_user_data: mbedtls_ssl_user_data_t,
+    pub private_f_cert_cb: mbedtls_ssl_hs_cb_t,
+    pub private_dn_hints: *const mbedtls_x509_crt,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ssl_context {
+    pub private_conf: *const mbedtls_ssl_config,
+    pub private_state: crate::c_types::c_int,
+    pub private_renego_status: crate::c_types::c_int,
+    pub private_renego_records_seen: crate::c_types::c_int,
+    pub private_tls_version: mbedtls_ssl_protocol_version,
+    pub private_badmac_seen: crate::c_types::c_uint,
+    pub private_f_vrfy: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut crate::c_types::c_void,
+            arg2: *mut mbedtls_x509_crt,
+            arg3: crate::c_types::c_int,
+            arg4: *mut u32,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_p_vrfy: *mut crate::c_types::c_void,
+    pub private_f_send: mbedtls_ssl_send_t,
+    pub private_f_recv: mbedtls_ssl_recv_t,
+    pub private_f_recv_timeout: mbedtls_ssl_recv_timeout_t,
+    pub private_p_bio: *mut crate::c_types::c_void,
+    pub private_session_in: *mut mbedtls_ssl_session,
+    pub private_session_out: *mut mbedtls_ssl_session,
+    pub private_session: *mut mbedtls_ssl_session,
+    pub private_session_negotiate: *mut mbedtls_ssl_session,
+    pub private_handshake: *mut mbedtls_ssl_handshake_params,
+    pub private_transform_in: *mut mbedtls_ssl_transform,
+    pub private_transform_out: *mut mbedtls_ssl_transform,
+    pub private_transform: *mut mbedtls_ssl_transform,
+    pub private_transform_negotiate: *mut mbedtls_ssl_transform,
+    pub private_transform_application: *mut mbedtls_ssl_transform,
+    pub private_p_timer: *mut crate::c_types::c_void,
+    pub private_f_set_timer: mbedtls_ssl_set_timer_t,
+    pub private_f_get_timer: mbedtls_ssl_get_timer_t,
+    pub private_in_buf: *mut crate::c_types::c_uchar,
+    pub private_in_ctr: *mut crate::c_types::c_uchar,
+    pub private_in_hdr: *mut crate::c_types::c_uchar,
+    pub private_in_cid: *mut crate::c_types::c_uchar,
+    pub private_in_len: *mut crate::c_types::c_uchar,
+    pub private_in_iv: *mut crate::c_types::c_uchar,
+    pub private_in_msg: *mut crate::c_types::c_uchar,
+    pub private_in_offt: *mut crate::c_types::c_uchar,
+    pub private_in_msgtype: crate::c_types::c_int,
+    pub private_in_msglen: usize,
+    pub private_in_left: usize,
+    pub private_in_epoch: u16,
+    pub private_next_record_offset: usize,
+    pub private_in_window_top: u64,
+    pub private_in_window: u64,
+    pub private_in_hslen: usize,
+    pub private_nb_zero: crate::c_types::c_int,
+    pub private_keep_current_message: crate::c_types::c_int,
+    pub private_send_alert: crate::c_types::c_uchar,
+    pub private_alert_type: crate::c_types::c_uchar,
+    pub private_alert_reason: crate::c_types::c_int,
+    pub private_disable_datagram_packing: u8,
+    pub private_out_buf: *mut crate::c_types::c_uchar,
+    pub private_out_ctr: *mut crate::c_types::c_uchar,
+    pub private_out_hdr: *mut crate::c_types::c_uchar,
+    pub private_out_cid: *mut crate::c_types::c_uchar,
+    pub private_out_len: *mut crate::c_types::c_uchar,
+    pub private_out_iv: *mut crate::c_types::c_uchar,
+    pub private_out_msg: *mut crate::c_types::c_uchar,
+    pub private_out_msgtype: crate::c_types::c_int,
+    pub private_out_msglen: usize,
+    pub private_out_left: usize,
+    pub private_cur_out_ctr: [crate::c_types::c_uchar; 8usize],
+    pub private_mtu: u16,
+    pub private_hostname: *mut crate::c_types::c_char,
+    pub private_alpn_chosen: *const crate::c_types::c_char,
+    pub private_cli_id: *mut crate::c_types::c_uchar,
+    pub private_cli_id_len: usize,
+    pub private_secure_renegotiation: crate::c_types::c_int,
+    pub private_verify_data_len: usize,
+    pub private_own_verify_data: [crate::c_types::c_char; 12usize],
+    pub private_peer_verify_data: [crate::c_types::c_char; 12usize],
+    pub private_own_cid: [crate::c_types::c_uchar; 32usize],
+    pub private_own_cid_len: u8,
+    pub private_negotiate_cid: u8,
+    pub private_f_export_keys: mbedtls_ssl_export_keys_t,
+    pub private_p_export_keys: *mut crate::c_types::c_void,
+    pub private_user_data: mbedtls_ssl_user_data_t,
+}
+extern "C" {
+    /// \brief               Return the name of the ciphersuite associated with the
+    ///                      given ID
+    ///
+    /// \param ciphersuite_id SSL ciphersuite ID
+    ///
+    /// \return              a string containing the ciphersuite name
+    pub fn mbedtls_ssl_get_ciphersuite_name(
+        ciphersuite_id: crate::c_types::c_int,
+    ) -> *const crate::c_types::c_char;
+}
+extern "C" {
+    /// \brief               Return the ID of the ciphersuite associated with the
+    ///                      given name
+    ///
+    /// \param ciphersuite_name SSL ciphersuite name
+    ///
+    /// \return              the ID with the ciphersuite or 0 if not found
+    pub fn mbedtls_ssl_get_ciphersuite_id(
+        ciphersuite_name: *const crate::c_types::c_char,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Initialize an SSL context
+    ///                 Just makes the context ready for mbedtls_ssl_setup() or
+    ///                 mbedtls_ssl_free()
+    ///
+    /// \param ssl      SSL context
+    pub fn mbedtls_ssl_init(ssl: *mut mbedtls_ssl_context);
+}
+extern "C" {
+    /// \brief          Set up an SSL context for use
+    ///
+    /// \note           No copy of the configuration context is made, it can be
+    ///                 shared by many mbedtls_ssl_context structures.
+    ///
+    /// \warning        The conf structure will be accessed during the session.
+    ///                 It must not be modified or freed as long as the session
+    ///                 is active.
+    ///
+    /// \warning        This function must be called exactly once per context.
+    ///                 Calling mbedtls_ssl_setup again is not supported, even
+    ///                 if no session is active.
+    ///
+    /// \note           If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+    ///                 subsystem must have been initialized by calling
+    ///                 psa_crypto_init() before calling this function.
+    ///
+    /// \param ssl      SSL context
+    /// \param conf     SSL configuration to use
+    ///
+    /// \return         0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED if
+    ///                 memory allocation failed
+    pub fn mbedtls_ssl_setup(
+        ssl: *mut mbedtls_ssl_context,
+        conf: *const mbedtls_ssl_config,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Reset an already initialized SSL context for re-use
+    ///                 while retaining application-set variables, function
+    ///                 pointers and data.
+    ///
+    /// \param ssl      SSL context
+    /// \return         0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED or
+    ///MBEDTLS_ERR_SSL_HW_ACCEL_FAILED
+    pub fn mbedtls_ssl_session_reset(ssl: *mut mbedtls_ssl_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Set the current endpoint type
+    ///
+    /// \param conf     SSL configuration
+    /// \param endpoint must be MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER
+    pub fn mbedtls_ssl_conf_endpoint(
+        conf: *mut mbedtls_ssl_config,
+        endpoint: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief           Set the transport type (TLS or DTLS).
+    ///                  Default: TLS
+    ///
+    /// \note            For DTLS, you must either provide a recv callback that
+    ///                  doesn't block, or one that handles timeouts, see
+    ///                  \c mbedtls_ssl_set_bio(). You also need to provide timer
+    ///                  callbacks with \c mbedtls_ssl_set_timer_cb().
+    ///
+    /// \param conf      SSL configuration
+    /// \param transport transport type:
+    ///                  MBEDTLS_SSL_TRANSPORT_STREAM for TLS,
+    ///                  MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS.
+    pub fn mbedtls_ssl_conf_transport(
+        conf: *mut mbedtls_ssl_config,
+        transport: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief          Set the certificate verification mode
+    ///                 Default: NONE on server, REQUIRED on client
+    ///
+    /// \param conf     SSL configuration
+    /// \param authmode can be:
+    ///
+    ///  MBEDTLS_SSL_VERIFY_NONE:      peer certificate is not checked
+    ///                        (default on server)
+    ///                        (insecure on client)
+    ///
+    ///  MBEDTLS_SSL_VERIFY_OPTIONAL:  peer certificate is checked, however the
+    ///                        handshake continues even if verification failed;
+    ///                        mbedtls_ssl_get_verify_result() can be called after the
+    ///                        handshake is complete.
+    ///
+    ///  MBEDTLS_SSL_VERIFY_REQUIRED:  peer *must* present a valid certificate,
+    ///                        handshake is aborted if verification failed.
+    ///                        (default on client)
+    ///
+    /// \note On client, MBEDTLS_SSL_VERIFY_REQUIRED is the recommended mode.
+    /// With MBEDTLS_SSL_VERIFY_OPTIONAL, the user needs to call mbedtls_ssl_get_verify_result() at
+    /// the right time(s), which may not be obvious, while REQUIRED always perform
+    /// the verification as soon as possible. For example, REQUIRED was protecting
+    /// against the "triple handshake" attack even before it was found.
+    pub fn mbedtls_ssl_conf_authmode(
+        conf: *mut mbedtls_ssl_config,
+        authmode: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief          Set the verification callback (Optional).
+    ///
+    ///                 If set, the provided verify callback is called for each
+    ///                 certificate in the peer's CRT chain, including the trusted
+    ///                 root. For more information, please see the documentation of
+    ///                 \c mbedtls_x509_crt_verify().
+    ///
+    /// \note           For per context callbacks and contexts, please use
+    ///                 mbedtls_ssl_set_verify() instead.
+    ///
+    /// \param conf     The SSL configuration to use.
+    /// \param f_vrfy   The verification callback to use during CRT verification.
+    /// \param p_vrfy   The opaque context to be passed to the callback.
+    pub fn mbedtls_ssl_conf_verify(
+        conf: *mut mbedtls_ssl_config,
+        f_vrfy: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut mbedtls_x509_crt,
+                arg3: crate::c_types::c_int,
+                arg4: *mut u32,
+            ) -> crate::c_types::c_int,
+        >,
+        p_vrfy: *mut crate::c_types::c_void,
+    );
+}
+extern "C" {
+    /// \brief          Set the random number generator callback
+    ///
+    /// \param conf     SSL configuration
+    /// \param f_rng    RNG function (mandatory)
+    /// \param p_rng    RNG parameter
+    pub fn mbedtls_ssl_conf_rng(
+        conf: *mut mbedtls_ssl_config,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    );
+}
+extern "C" {
+    /// \brief          Set the debug callback
+    ///
+    ///                 The callback has the following argument:
+    ///                 void *           opaque context for the callback
+    ///                 int              debug level
+    ///                 const char *     file name
+    ///                 int              line number
+    ///                 const char *     message
+    ///
+    /// \param conf     SSL configuration
+    /// \param f_dbg    debug function
+    /// \param p_dbg    debug parameter
+    pub fn mbedtls_ssl_conf_dbg(
+        conf: *mut mbedtls_ssl_config,
+        f_dbg: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: crate::c_types::c_int,
+                arg3: *const crate::c_types::c_char,
+                arg4: crate::c_types::c_int,
+                arg5: *const crate::c_types::c_char,
+            ),
+        >,
+        p_dbg: *mut crate::c_types::c_void,
+    );
+}
+extern "C" {
+    /// \brief          Set the underlying BIO callbacks for write, read and
+    ///                 read-with-timeout.
+    ///
+    /// \param ssl      SSL context
+    /// \param p_bio    parameter (context) shared by BIO callbacks
+    /// \param f_send   write callback
+    /// \param f_recv   read callback
+    /// \param f_recv_timeout blocking read callback with timeout.
+    ///
+    /// \note           One of f_recv or f_recv_timeout can be NULL, in which case
+    ///                 the other is used. If both are non-NULL, f_recv_timeout is
+    ///                 used and f_recv is ignored (as if it were NULL).
+    ///
+    /// \note           The two most common use cases are:
+    ///                 - non-blocking I/O, f_recv != NULL, f_recv_timeout == NULL
+    ///                 - blocking I/O, f_recv == NULL, f_recv_timeout != NULL
+    ///
+    /// \note           For DTLS, you need to provide either a non-NULL
+    ///                 f_recv_timeout callback, or a f_recv that doesn't block.
+    ///
+    /// \note           See the documentations of \c mbedtls_ssl_send_t,
+    ///                 \c mbedtls_ssl_recv_t and \c mbedtls_ssl_recv_timeout_t for
+    ///                 the conventions those callbacks must follow.
+    ///
+    /// \note           On some platforms, net_sockets.c provides
+    ///                 \c mbedtls_net_send(), \c mbedtls_net_recv() and
+    ///                 \c mbedtls_net_recv_timeout() that are suitable to be used
+    ///                 here.
+    pub fn mbedtls_ssl_set_bio(
+        ssl: *mut mbedtls_ssl_context,
+        p_bio: *mut crate::c_types::c_void,
+        f_send: mbedtls_ssl_send_t,
+        f_recv: mbedtls_ssl_recv_t,
+        f_recv_timeout: mbedtls_ssl_recv_timeout_t,
+    );
+}
+extern "C" {
+    /// \brief             Configure the use of the Connection ID (CID)
+    ///                    extension in the next handshake.
+    ///
+    ///                    Reference: RFC 9146 (or draft-ietf-tls-dtls-connection-id-05
+    ///                    https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05
+    ///                    for legacy version)
+    ///
+    ///                    The DTLS CID extension allows the reliable association of
+    ///                    DTLS records to DTLS connections across changes in the
+    ///                    underlying transport (changed IP and Port metadata) by
+    ///                    adding explicit connection identifiers (CIDs) to the
+    ///                    headers of encrypted DTLS records. The desired CIDs are
+    ///                    configured by the application layer and are exchanged in
+    ///                    new `ClientHello` / `ServerHello` extensions during the
+    ///                    handshake, where each side indicates the CID it wants the
+    ///                    peer to use when writing encrypted messages. The CIDs are
+    ///                    put to use once records get encrypted: the stack discards
+    ///                    any incoming records that don't include the configured CID
+    ///                    in their header, and adds the peer's requested CID to the
+    ///                    headers of outgoing messages.
+    ///
+    ///                    This API enables or disables the use of the CID extension
+    ///                    in the next handshake and sets the value of the CID to
+    ///                    be used for incoming messages.
+    ///
+    /// \param ssl         The SSL context to configure. This must be initialized.
+    /// \param enable      This value determines whether the CID extension should
+    ///                    be used or not. Possible values are:
+    ///                    - MBEDTLS_SSL_CID_ENABLED to enable the use of the CID.
+    ///                    - MBEDTLS_SSL_CID_DISABLED (default) to disable the use
+    ///                      of the CID.
+    /// \param own_cid     The address of the readable buffer holding the CID we want
+    ///                    the peer to use when sending encrypted messages to us.
+    ///                    This may be \c NULL if \p own_cid_len is \c 0.
+    ///                    This parameter is unused if \p enabled is set to
+    ///                    MBEDTLS_SSL_CID_DISABLED.
+    /// \param own_cid_len The length of \p own_cid.
+    ///                    This parameter is unused if \p enabled is set to
+    ///                    MBEDTLS_SSL_CID_DISABLED.
+    ///
+    /// \note              The value of \p own_cid_len must match the value of the
+    ///                    \c len parameter passed to mbedtls_ssl_conf_cid()
+    ///                    when configuring the ::mbedtls_ssl_config that \p ssl
+    ///                    is bound to.
+    ///
+    /// \note              This CID configuration applies to subsequent handshakes
+    ///                    performed on the SSL context \p ssl, but does not trigger
+    ///                    one. You still have to call `mbedtls_ssl_handshake()`
+    ///                    (for the initial handshake) or `mbedtls_ssl_renegotiate()`
+    ///                    (for a renegotiation handshake) explicitly after a
+    ///                    successful call to this function to run the handshake.
+    ///
+    /// \note              This call cannot guarantee that the use of the CID
+    ///                    will be successfully negotiated in the next handshake,
+    ///                    because the peer might not support it. Specifically:
+    ///                    - On the Client, enabling the use of the CID through
+    ///                      this call implies that the `ClientHello` in the next
+    ///                      handshake will include the CID extension, thereby
+    ///                      offering the use of the CID to the server. Only if
+    ///                      the `ServerHello` contains the CID extension, too,
+    ///                      the CID extension will actually be put to use.
+    ///                    - On the Server, enabling the use of the CID through
+    ///                      this call implies that the server will look for
+    ///                      the CID extension in a `ClientHello` from the client,
+    ///                      and, if present, reply with a CID extension in its
+    ///                      `ServerHello`.
+    ///
+    /// \note              To check whether the use of the CID was negotiated
+    ///                    after the subsequent handshake has completed, please
+    ///                    use the API mbedtls_ssl_get_peer_cid().
+    ///
+    /// \warning           If the use of the CID extension is enabled in this call
+    ///                    and the subsequent handshake negotiates its use, Mbed TLS
+    ///                    will silently drop every packet whose CID does not match
+    ///                    the CID configured in \p own_cid. It is the responsibility
+    ///                    of the user to adapt the underlying transport to take care
+    ///                    of CID-based demultiplexing before handing datagrams to
+    ///                    Mbed TLS.
+    ///
+    /// \return            \c 0 on success. In this case, the CID configuration
+    ///                    applies to the next handshake.
+    /// \return            A negative error code on failure.
+    pub fn mbedtls_ssl_set_cid(
+        ssl: *mut mbedtls_ssl_context,
+        enable: crate::c_types::c_int,
+        own_cid: *const crate::c_types::c_uchar,
+        own_cid_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief              Get information about our request for usage of the CID
+    ///                     extension in the current connection.
+    ///
+    /// \param ssl          The SSL context to query.
+    /// \param enabled      The address at which to store whether the CID extension
+    ///                     is requested to be used or not. If the CID is
+    ///                     requested, `*enabled` is set to
+    ///                     MBEDTLS_SSL_CID_ENABLED; otherwise, it is set to
+    ///                     MBEDTLS_SSL_CID_DISABLED.
+    /// \param own_cid      The address of the buffer in which to store our own
+    ///                     CID (if the CID extension is requested). This may be
+    ///                     \c NULL in case the value of our CID isn't needed. If
+    ///                     it is not \c NULL, \p own_cid_len must not be \c NULL.
+    /// \param own_cid_len  The address at which to store the size of our own CID
+    ///                     (if the CID extension is requested). This is also the
+    ///                     number of Bytes in \p own_cid that have been written.
+    ///                     This may be \c NULL in case the length of our own CID
+    ///                     isn't needed. If it is \c NULL, \p own_cid must be
+    ///                     \c NULL, too.
+    ///
+    ///\note                If we are requesting an empty CID this function sets
+    ///                     `*enabled` to #MBEDTLS_SSL_CID_DISABLED (the rationale
+    ///                     for this is that the resulting outcome is the
+    ///                     same as if the CID extensions wasn't requested).
+    ///
+    /// \return            \c 0 on success.
+    /// \return            A negative error code on failure.
+    pub fn mbedtls_ssl_get_own_cid(
+        ssl: *mut mbedtls_ssl_context,
+        enabled: *mut crate::c_types::c_int,
+        own_cid: *mut crate::c_types::c_uchar,
+        own_cid_len: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief              Get information about the use of the CID extension
+    ///                     in the current connection.
+    ///
+    /// \param ssl          The SSL context to query.
+    /// \param enabled      The address at which to store whether the CID extension
+    ///                     is currently in use or not. If the CID is in use,
+    ///                     `*enabled` is set to MBEDTLS_SSL_CID_ENABLED;
+    ///                     otherwise, it is set to MBEDTLS_SSL_CID_DISABLED.
+    /// \param peer_cid     The address of the buffer in which to store the CID
+    ///                     chosen by the peer (if the CID extension is used).
+    ///                     This may be \c NULL in case the value of peer CID
+    ///                     isn't needed. If it is not \c NULL, \p peer_cid_len
+    ///                     must not be \c NULL.
+    /// \param peer_cid_len The address at which to store the size of the CID
+    ///                     chosen by the peer (if the CID extension is used).
+    ///                     This is also the number of Bytes in \p peer_cid that
+    ///                     have been written.
+    ///                     This may be \c NULL in case the length of the peer CID
+    ///                     isn't needed. If it is \c NULL, \p peer_cid must be
+    ///                     \c NULL, too.
+    ///
+    /// \note               This applies to the state of the CID negotiated in
+    ///                     the last complete handshake. If a handshake is in
+    ///                     progress, this function will attempt to complete
+    ///                     the handshake first.
+    ///
+    /// \note               If CID extensions have been exchanged but both client
+    ///                     and server chose to use an empty CID, this function
+    ///                     sets `*enabled` to #MBEDTLS_SSL_CID_DISABLED
+    ///                     (the rationale for this is that the resulting
+    ///                     communication is the same as if the CID extensions
+    ///                     hadn't been used).
+    ///
+    /// \return            \c 0 on success.
+    /// \return            A negative error code on failure.
+    pub fn mbedtls_ssl_get_peer_cid(
+        ssl: *mut mbedtls_ssl_context,
+        enabled: *mut crate::c_types::c_int,
+        peer_cid: *mut crate::c_types::c_uchar,
+        peer_cid_len: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Set the Maximum Transport Unit (MTU).
+    ///                 Special value: 0 means unset (no limit).
+    ///                 This represents the maximum size of a datagram payload
+    ///                 handled by the transport layer (usually UDP) as determined
+    ///                 by the network link and stack. In practice, this controls
+    ///                 the maximum size datagram the DTLS layer will pass to the
+    ///                 \c f_send() callback set using \c mbedtls_ssl_set_bio().
+    ///
+    /// \note           The limit on datagram size is converted to a limit on
+    ///                 record payload by subtracting the current overhead of
+    ///                 encapsulation and encryption/authentication if any.
+    ///
+    /// \note           This can be called at any point during the connection, for
+    ///                 example when a Path Maximum Transfer Unit (PMTU)
+    ///                 estimate becomes available from other sources,
+    ///                 such as lower (or higher) protocol layers.
+    ///
+    /// \note           This setting only controls the size of the packets we send,
+    ///                 and does not restrict the size of the datagrams we're
+    ///                 willing to receive. Client-side, you can request the
+    ///                 server to use smaller records with \c
+    ///                 mbedtls_ssl_conf_max_frag_len().
+    ///
+    /// \note           If both a MTU and a maximum fragment length have been
+    ///                 configured (or negotiated with the peer), the resulting
+    ///                 lower limit on record payload (see first note) is used.
+    ///
+    /// \note           This can only be used to decrease the maximum size
+    ///                 of datagrams (hence records, see first note) sent. It
+    ///                 cannot be used to increase the maximum size of records over
+    ///                 the limit set by #MBEDTLS_SSL_OUT_CONTENT_LEN.
+    ///
+    /// \note           Values lower than the current record layer expansion will
+    ///                 result in an error when trying to send data.
+    ///
+    /// \param ssl      SSL context
+    /// \param mtu      Value of the path MTU in bytes
+    pub fn mbedtls_ssl_set_mtu(ssl: *mut mbedtls_ssl_context, mtu: u16);
+}
+extern "C" {
+    /// \brief          Set a connection-specific verification callback (optional).
+    ///
+    ///                 If set, the provided verify callback is called for each
+    ///                 certificate in the peer's CRT chain, including the trusted
+    ///                 root. For more information, please see the documentation of
+    ///                 \c mbedtls_x509_crt_verify().
+    ///
+    /// \note           This call is analogous to mbedtls_ssl_conf_verify() but
+    ///                 binds the verification callback and context to an SSL context
+    ///                 as opposed to an SSL configuration.
+    ///                 If mbedtls_ssl_conf_verify() and mbedtls_ssl_set_verify()
+    ///                 are both used, mbedtls_ssl_set_verify() takes precedence.
+    ///
+    /// \param ssl      The SSL context to use.
+    /// \param f_vrfy   The verification callback to use during CRT verification.
+    /// \param p_vrfy   The opaque context to be passed to the callback.
+    pub fn mbedtls_ssl_set_verify(
+        ssl: *mut mbedtls_ssl_context,
+        f_vrfy: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut mbedtls_x509_crt,
+                arg3: crate::c_types::c_int,
+                arg4: *mut u32,
+            ) -> crate::c_types::c_int,
+        >,
+        p_vrfy: *mut crate::c_types::c_void,
+    );
+}
+extern "C" {
+    /// \brief          Set the timeout period for mbedtls_ssl_read()
+    ///                 (Default: no timeout.)
+    ///
+    /// \param conf     SSL configuration context
+    /// \param timeout  Timeout value in milliseconds.
+    ///                 Use 0 for no timeout (default).
+    ///
+    /// \note           With blocking I/O, this will only work if a non-NULL
+    ///                 \c f_recv_timeout was set with \c mbedtls_ssl_set_bio().
+    ///                 With non-blocking I/O, this will only work if timer
+    ///                 callbacks were set with \c mbedtls_ssl_set_timer_cb().
+    ///
+    /// \note           With non-blocking I/O, you may also skip this function
+    ///                 altogether and handle timeouts at the application layer.
+    pub fn mbedtls_ssl_conf_read_timeout(conf: *mut mbedtls_ssl_config, timeout: u32);
+}
+extern "C" {
+    /// \brief          Check whether a buffer contains a valid and authentic record
+    ///                 that has not been seen before. (DTLS only).
+    ///
+    ///                 This function does not change the user-visible state
+    ///                 of the SSL context. Its sole purpose is to provide
+    ///                 an indication of the legitimacy of an incoming record.
+    ///
+    ///                 This can be useful e.g. in distributed server environments
+    ///                 using the DTLS Connection ID feature, in which connections
+    ///                 might need to be passed between service instances on a change
+    ///                 of peer address, but where such disruptive operations should
+    ///                 only happen after the validity of incoming records has been
+    ///                 confirmed.
+    ///
+    /// \param ssl      The SSL context to use.
+    /// \param buf      The address of the buffer holding the record to be checked.
+    ///                 This must be a read/write buffer of length \p buflen Bytes.
+    /// \param buflen   The length of \p buf in Bytes.
+    ///
+    /// \note           This routine only checks whether the provided buffer begins
+    ///                 with a valid and authentic record that has not been seen
+    ///                 before, but does not check potential data following the
+    ///                 initial record. In particular, it is possible to pass DTLS
+    ///                 datagrams containing multiple records, in which case only
+    ///                 the first record is checked.
+    ///
+    /// \note           This function modifies the input buffer \p buf. If you need
+    ///                 to preserve the original record, you have to maintain a copy.
+    ///
+    /// \return         \c 0 if the record is valid and authentic and has not been
+    ///                 seen before.
+    /// \return         MBEDTLS_ERR_SSL_INVALID_MAC if the check completed
+    ///                 successfully but the record was found to be not authentic.
+    /// \return         MBEDTLS_ERR_SSL_INVALID_RECORD if the check completed
+    ///                 successfully but the record was found to be invalid for
+    ///                 a reason different from authenticity checking.
+    /// \return         MBEDTLS_ERR_SSL_UNEXPECTED_RECORD if the check completed
+    ///                 successfully but the record was found to be unexpected
+    ///                 in the state of the SSL context, including replayed records.
+    /// \return         Another negative error code on different kinds of failure.
+    ///                 In this case, the SSL context becomes unusable and needs
+    ///                 to be freed or reset before reuse.
+    pub fn mbedtls_ssl_check_record(
+        ssl: *const mbedtls_ssl_context,
+        buf: *mut crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Set the timer callbacks (Mandatory for DTLS.)
+    ///
+    /// \param ssl      SSL context
+    /// \param p_timer  parameter (context) shared by timer callbacks
+    /// \param f_set_timer   set timer callback
+    /// \param f_get_timer   get timer callback. Must return:
+    ///
+    /// \note           See the documentation of \c mbedtls_ssl_set_timer_t and
+    ///                 \c mbedtls_ssl_get_timer_t for the conventions this pair of
+    ///                 callbacks must follow.
+    ///
+    /// \note           On some platforms, timing.c provides
+    ///                 \c mbedtls_timing_set_delay() and
+    ///                 \c mbedtls_timing_get_delay() that are suitable for using
+    ///                 here, except if using an event-driven style.
+    ///
+    /// \note           See also the "DTLS tutorial" article in our knowledge base.
+    ///                 https://mbed-tls.readthedocs.io/en/latest/kb/how-to/dtls-tutorial
+    pub fn mbedtls_ssl_set_timer_cb(
+        ssl: *mut mbedtls_ssl_context,
+        p_timer: *mut crate::c_types::c_void,
+        f_set_timer: mbedtls_ssl_set_timer_t,
+        f_get_timer: mbedtls_ssl_get_timer_t,
+    );
+}
+/// \brief           Callback type: generate and write session ticket
+///
+/// \note            This describes what a callback implementation should do.
+///                  This callback should generate an encrypted and
+///                  authenticated ticket for the session and write it to the
+///                  output buffer. Here, ticket means the opaque ticket part
+///                  of the NewSessionTicket structure of RFC 5077.
+///
+/// \param p_ticket  Context for the callback
+/// \param session   SSL session to be written in the ticket
+/// \param start     Start of the output buffer
+/// \param end       End of the output buffer
+/// \param tlen      On exit, holds the length written
+/// \param lifetime  On exit, holds the lifetime of the ticket in seconds
+///
+/// \return          0 if successful, or
+///                  a specific MBEDTLS_ERR_XXX code.
+pub type mbedtls_ssl_ticket_write_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        p_ticket: *mut crate::c_types::c_void,
+        session: *const mbedtls_ssl_session,
+        start: *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        tlen: *mut usize,
+        lifetime: *mut u32,
+    ) -> crate::c_types::c_int,
+>;
+/// \brief           Callback type: parse and load session ticket
+///
+/// \note            This describes what a callback implementation should do.
+///                  This callback should parse a session ticket as generated
+///                  by the corresponding mbedtls_ssl_ticket_write_t function,
+///                  and, if the ticket is authentic and valid, load the
+///                  session.
+///
+/// \note            The implementation is allowed to modify the first len
+///                  bytes of the input buffer, eg to use it as a temporary
+///                  area for the decrypted ticket contents.
+///
+/// \param p_ticket  Context for the callback
+/// \param session   SSL session to be loaded
+/// \param buf       Start of the buffer containing the ticket
+/// \param len       Length of the ticket.
+///
+/// \return          0 if successful, or
+///                  MBEDTLS_ERR_SSL_INVALID_MAC if not authentic, or
+///                  MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED if expired, or
+///                  any other non-zero code for other failures.
+pub type mbedtls_ssl_ticket_parse_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        p_ticket: *mut crate::c_types::c_void,
+        session: *mut mbedtls_ssl_session,
+        buf: *mut crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int,
+>;
+extern "C" {
+    /// \brief           Configure SSL session ticket callbacks (server only).
+    ///                  (Default: none.)
+    ///
+    /// \note            On server, session tickets are enabled by providing
+    ///                  non-NULL callbacks.
+    ///
+    /// \note            On client, use \c mbedtls_ssl_conf_session_tickets().
+    ///
+    /// \param conf      SSL configuration context
+    /// \param f_ticket_write    Callback for writing a ticket
+    /// \param f_ticket_parse    Callback for parsing a ticket
+    /// \param p_ticket          Context shared by the two callbacks
+    pub fn mbedtls_ssl_conf_session_tickets_cb(
+        conf: *mut mbedtls_ssl_config,
+        f_ticket_write: mbedtls_ssl_ticket_write_t,
+        f_ticket_parse: mbedtls_ssl_ticket_parse_t,
+        p_ticket: *mut crate::c_types::c_void,
+    );
+}
+extern "C" {
+    /// \brief   Configure a key export callback.
+    ///          (Default: none.)
+    ///
+    ///          This API can be used for two purposes:
+    ///          - Debugging: Use this API to e.g. generate an NSSKeylog
+    ///            file and use it to inspect encrypted traffic in tools
+    ///            such as Wireshark.
+    ///          - Application-specific export: Use this API to implement
+    ///            key exporters, e.g. for EAP-TLS or DTLS-SRTP.
+    ///
+    ///
+    /// \param ssl            The SSL context to which the export
+    ///                       callback should be attached.
+    /// \param f_export_keys  The callback for the key export.
+    /// \param p_export_keys  The opaque context pointer to be passed to the
+    ///                       callback \p f_export_keys.
+    pub fn mbedtls_ssl_set_export_keys_cb(
+        ssl: *mut mbedtls_ssl_context,
+        f_export_keys: mbedtls_ssl_export_keys_t,
+        p_export_keys: *mut crate::c_types::c_void,
+    );
+}
+/// \brief          Callback type: generate a cookie
+///
+/// \param ctx      Context for the callback
+/// \param p        Buffer to write to,
+///                 must be updated to point right after the cookie
+/// \param end      Pointer to one past the end of the output buffer
+/// \param info     Client ID info that was passed to
+///                 \c mbedtls_ssl_set_client_transport_id()
+/// \param ilen     Length of info in bytes
+///
+/// \return         The callback must return 0 on success,
+///                 or a negative error code.
+pub type mbedtls_ssl_cookie_write_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        ctx: *mut crate::c_types::c_void,
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *mut crate::c_types::c_uchar,
+        info: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int,
+>;
+/// \brief          Callback type: verify a cookie
+///
+/// \param ctx      Context for the callback
+/// \param cookie   Cookie to verify
+/// \param clen     Length of cookie
+/// \param info     Client ID info that was passed to
+///                 \c mbedtls_ssl_set_client_transport_id()
+/// \param ilen     Length of info in bytes
+///
+/// \return         The callback must return 0 if cookie is valid,
+///                 or a negative error code.
+pub type mbedtls_ssl_cookie_check_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        ctx: *mut crate::c_types::c_void,
+        cookie: *const crate::c_types::c_uchar,
+        clen: usize,
+        info: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int,
+>;
+extern "C" {
+    /// \brief           Register callbacks for DTLS cookies
+    ///                  (Server only. DTLS only.)
+    ///
+    ///                  Default: dummy callbacks that fail, in order to force you to
+    ///                  register working callbacks (and initialize their context).
+    ///
+    ///                  To disable HelloVerifyRequest, register NULL callbacks.
+    ///
+    /// \warning         Disabling hello verification allows your server to be used
+    ///                  for amplification in DoS attacks against other hosts.
+    ///                  Only disable if you known this can't happen in your
+    ///                  particular environment.
+    ///
+    /// \note            See comments on \c mbedtls_ssl_handshake() about handling
+    ///                  the MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED that is expected
+    ///                  on the first handshake attempt when this is enabled.
+    ///
+    /// \note            This is also necessary to handle client reconnection from
+    ///                  the same port as described in RFC 6347 section 4.2.8 (only
+    ///                  the variant with cookies is supported currently). See
+    ///                  comments on \c mbedtls_ssl_read() for details.
+    ///
+    /// \param conf              SSL configuration
+    /// \param f_cookie_write    Cookie write callback
+    /// \param f_cookie_check    Cookie check callback
+    /// \param p_cookie          Context for both callbacks
+    pub fn mbedtls_ssl_conf_dtls_cookies(
+        conf: *mut mbedtls_ssl_config,
+        f_cookie_write: mbedtls_ssl_cookie_write_t,
+        f_cookie_check: mbedtls_ssl_cookie_check_t,
+        p_cookie: *mut crate::c_types::c_void,
+    );
+}
+extern "C" {
+    /// \brief          Set client's transport-level identification info.
+    ///                 (Server only. DTLS only.)
+    ///
+    ///                 This is usually the IP address (and port), but could be
+    ///                 anything identify the client depending on the underlying
+    ///                 network stack. Used for HelloVerifyRequest with DTLS.
+    ///                 This is *not* used to route the actual packets.
+    ///
+    /// \param ssl      SSL context
+    /// \param info     Transport-level info identifying the client (eg IP + port)
+    /// \param ilen     Length of info in bytes
+    ///
+    /// \note           An internal copy is made, so the info buffer can be reused.
+    ///
+    /// \return         0 on success,
+    ///                 MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used on client,
+    ///                 MBEDTLS_ERR_SSL_ALLOC_FAILED if out of memory.
+    pub fn mbedtls_ssl_set_client_transport_id(
+        ssl: *mut mbedtls_ssl_context,
+        info: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Enable or disable anti-replay protection for DTLS.
+    ///                 (DTLS only, no effect on TLS.)
+    ///                 Default: enabled.
+    ///
+    /// \param conf     SSL configuration
+    /// \param mode     MBEDTLS_SSL_ANTI_REPLAY_ENABLED or MBEDTLS_SSL_ANTI_REPLAY_DISABLED.
+    ///
+    /// \warning        Disabling this is a security risk unless the application
+    ///                 protocol handles duplicated packets in a safe way. You
+    ///                 should not disable this without careful consideration.
+    ///                 However, if your application already detects duplicated
+    ///                 packets and needs information about them to adjust its
+    ///                 transmission strategy, then you'll want to disable this.
+    pub fn mbedtls_ssl_conf_dtls_anti_replay(
+        conf: *mut mbedtls_ssl_config,
+        mode: crate::c_types::c_char,
+    );
+}
+extern "C" {
+    /// \brief          Set a limit on the number of records with a bad MAC
+    ///                 before terminating the connection.
+    ///                 (DTLS only, no effect on TLS.)
+    ///                 Default: 0 (disabled).
+    ///
+    /// \param conf     SSL configuration
+    /// \param limit    Limit, or 0 to disable.
+    ///
+    /// \note           If the limit is N, then the connection is terminated when
+    ///                 the Nth non-authentic record is seen.
+    ///
+    /// \note           Records with an invalid header are not counted, only the
+    ///                 ones going through the authentication-decryption phase.
+    ///
+    /// \note           This is a security trade-off related to the fact that it's
+    ///                 often relatively easy for an active attacker to inject UDP
+    ///                 datagrams. On one hand, setting a low limit here makes it
+    ///                 easier for such an attacker to forcibly terminated a
+    ///                 connection. On the other hand, a high limit or no limit
+    ///                 might make us waste resources checking authentication on
+    ///                 many bogus packets.
+    pub fn mbedtls_ssl_conf_dtls_badmac_limit(
+        conf: *mut mbedtls_ssl_config,
+        limit: crate::c_types::c_uint,
+    );
+}
+extern "C" {
+    /// \brief          Allow or disallow packing of multiple handshake records
+    ///                 within a single datagram.
+    ///
+    /// \param ssl           The SSL context to configure.
+    /// \param allow_packing This determines whether datagram packing may
+    ///                      be used or not. A value of \c 0 means that every
+    ///                      record will be sent in a separate datagram; a
+    ///                      value of \c 1 means that, if space permits,
+    ///                      multiple handshake messages (including CCS) belonging to
+    ///                      a single flight may be packed within a single datagram.
+    ///
+    /// \note           This is enabled by default and should only be disabled
+    ///                 for test purposes, or if datagram packing causes
+    ///                 interoperability issues with peers that don't support it.
+    ///
+    /// \note           Allowing datagram packing reduces the network load since
+    ///                 there's less overhead if multiple messages share the same
+    ///                 datagram. Also, it increases the handshake efficiency
+    ///                 since messages belonging to a single datagram will not
+    ///                 be reordered in transit, and so future message buffering
+    ///                 or flight retransmission (if no buffering is used) as
+    ///                 means to deal with reordering are needed less frequently.
+    ///
+    /// \note           Application records are not affected by this option and
+    ///                 are currently always sent in separate datagrams.
+    pub fn mbedtls_ssl_set_datagram_packing(
+        ssl: *mut mbedtls_ssl_context,
+        allow_packing: crate::c_types::c_uint,
+    );
+}
+extern "C" {
+    /// \brief          Set retransmit timeout values for the DTLS handshake.
+    ///                 (DTLS only, no effect on TLS.)
+    ///
+    /// \param conf     SSL configuration
+    /// \param min      Initial timeout value in milliseconds.
+    ///                 Default: 1000 (1 second).
+    /// \param max      Maximum timeout value in milliseconds.
+    ///                 Default: 60000 (60 seconds).
+    ///
+    /// \note           Default values are from RFC 6347 section 4.2.4.1.
+    ///
+    /// \note           The 'min' value should typically be slightly above the
+    ///                 expected round-trip time to your peer, plus whatever time
+    ///                 it takes for the peer to process the message. For example,
+    ///                 if your RTT is about 600ms and you peer needs up to 1s to
+    ///                 do the cryptographic operations in the handshake, then you
+    ///                 should set 'min' slightly above 1600. Lower values of 'min'
+    ///                 might cause spurious resends which waste network resources,
+    ///                 while larger value of 'min' will increase overall latency
+    ///                 on unreliable network links.
+    ///
+    /// \note           The more unreliable your network connection is, the larger
+    ///                 your max / min ratio needs to be in order to achieve
+    ///                 reliable handshakes.
+    ///
+    /// \note           Messages are retransmitted up to log2(ceil(max/min)) times.
+    ///                 For example, if min = 1s and max = 5s, the retransmit plan
+    ///                 goes: send ... 1s -> resend ... 2s -> resend ... 4s ->
+    ///                 resend ... 5s -> give up and return a timeout error.
+    pub fn mbedtls_ssl_conf_handshake_timeout(conf: *mut mbedtls_ssl_config, min: u32, max: u32);
+}
+extern "C" {
+    /// \brief          Set the session cache callbacks (server-side only)
+    ///                 If not set, no session resuming is done (except if session
+    ///                 tickets are enabled too).
+    ///
+    ///                 The session cache has the responsibility to check for stale
+    ///                 entries based on timeout. See RFC 5246 for recommendations.
+    ///
+    ///                 Warning: session.peer_cert is cleared by the SSL/TLS layer on
+    ///                 connection shutdown, so do not cache the pointer! Either set
+    ///                 it to NULL or make a full copy of the certificate.
+    ///
+    ///                 The get callback is called once during the initial handshake
+    ///                 to enable session resuming. The get function has the
+    ///                 following parameters: (void *parameter, mbedtls_ssl_session *session)
+    ///                 If a valid entry is found, it should fill the master of
+    ///                 the session object with the cached values and return 0,
+    ///                 return 1 otherwise. Optionally peer_cert can be set as well
+    ///                 if it is properly present in cache entry.
+    ///
+    ///                 The set callback is called once during the initial handshake
+    ///                 to enable session resuming after the entire handshake has
+    ///                 been finished. The set function has the following parameters:
+    ///                 (void *parameter, const mbedtls_ssl_session *session). The function
+    ///                 should create a cache entry for future retrieval based on
+    ///                 the data in the session structure and should keep in mind
+    ///                 that the mbedtls_ssl_session object presented (and all its referenced
+    ///                 data) is cleared by the SSL/TLS layer when the connection is
+    ///                 terminated. It is recommended to add metadata to determine if
+    ///                 an entry is still valid in the future. Return 0 if
+    ///                 successfully cached, return 1 otherwise.
+    ///
+    /// \param conf           SSL configuration
+    /// \param p_cache        parameter (context) for both callbacks
+    /// \param f_get_cache    session get callback
+    /// \param f_set_cache    session set callback
+    pub fn mbedtls_ssl_conf_session_cache(
+        conf: *mut mbedtls_ssl_config,
+        p_cache: *mut crate::c_types::c_void,
+        f_get_cache: mbedtls_ssl_cache_get_t,
+        f_set_cache: mbedtls_ssl_cache_set_t,
+    );
+}
+extern "C" {
+    /// \brief          Load a session for session resumption.
+    ///
+    ///                 Sessions loaded through this call will be considered
+    ///                 for session resumption in the next handshake.
+    ///
+    /// \note           Even if this call succeeds, it is not guaranteed that
+    ///                 the next handshake will indeed be shortened through the
+    ///                 use of session resumption: The server is always free
+    ///                 to reject any attempt for resumption and fall back to
+    ///                 a full handshake.
+    ///
+    /// \note           This function can handle a variety of mechanisms for session
+    ///                 resumption: For TLS 1.2, both session ID-based resumption and
+    ///                 ticket-based resumption will be considered. For TLS 1.3,
+    ///                 once implemented, sessions equate to tickets, and loading
+    ///                 one or more sessions via this call will lead to their
+    ///                 corresponding tickets being advertised as resumption PSKs
+    ///                 by the client.
+    ///
+    /// \note           Calling this function multiple times will only be useful
+    ///                 once TLS 1.3 is supported. For TLS 1.2 connections, this
+    ///                 function should be called at most once.
+    ///
+    /// \param ssl      The SSL context representing the connection which should
+    ///                 be attempted to be setup using session resumption. This
+    ///                 must be initialized via mbedtls_ssl_init() and bound to
+    ///                 an SSL configuration via mbedtls_ssl_setup(), but
+    ///                 the handshake must not yet have been started.
+    /// \param session  The session to be considered for session resumption.
+    ///                 This must be a session previously exported via
+    ///                 mbedtls_ssl_get_session(), and potentially serialized and
+    ///                 deserialized through mbedtls_ssl_session_save() and
+    ///                 mbedtls_ssl_session_load() in the meantime.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         \c MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if the session
+    ///                 could not be loaded because of an implementation limitation.
+    ///                 This error is non-fatal, and has no observable effect on
+    ///                 the SSL context or the session that was attempted to be loaded.
+    /// \return         Another negative error code on other kinds of failure.
+    ///
+    /// \sa             mbedtls_ssl_get_session()
+    /// \sa             mbedtls_ssl_session_load()
+    pub fn mbedtls_ssl_set_session(
+        ssl: *mut mbedtls_ssl_context,
+        session: *const mbedtls_ssl_session,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Load serialized session data into a session structure.
+    ///                 On client, this can be used for loading saved sessions
+    ///                 before resuming them with mbedtls_ssl_set_session().
+    ///                 On server, this can be used for alternative implementations
+    ///                 of session cache or session tickets.
+    ///
+    /// \warning        If a peer certificate chain is associated with the session,
+    ///                 the serialized state will only contain the peer's
+    ///                 end-entity certificate and the result of the chain
+    ///                 verification (unless verification was disabled), but not
+    ///                 the rest of the chain.
+    ///
+    /// \see            mbedtls_ssl_session_save()
+    /// \see            mbedtls_ssl_set_session()
+    ///
+    /// \param session  The session structure to be populated. It must have been
+    ///                 initialised with mbedtls_ssl_session_init() but not
+    ///                 populated yet.
+    /// \param buf      The buffer holding the serialized session data. It must be a
+    ///                 readable buffer of at least \p len bytes.
+    /// \param len      The size of the serialized data in bytes.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed.
+    /// \return         #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid.
+    /// \return         #MBEDTLS_ERR_SSL_VERSION_MISMATCH if the serialized data
+    ///                 was generated in a different version or configuration of
+    ///                 Mbed TLS.
+    /// \return         Another negative value for other kinds of errors (for
+    ///                 example, unsupported features in the embedded certificate).
+    pub fn mbedtls_ssl_session_load(
+        session: *mut mbedtls_ssl_session,
+        buf: *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Save session structure as serialized data in a buffer.
+    ///                 On client, this can be used for saving session data,
+    ///                 potentially in non-volatile storage, for resuming later.
+    ///                 On server, this can be used for alternative implementations
+    ///                 of session cache or session tickets.
+    ///
+    /// \see            mbedtls_ssl_session_load()
+    ///
+    /// \param session  The session structure to be saved.
+    /// \param buf      The buffer to write the serialized data to. It must be a
+    ///                 writeable buffer of at least \p len bytes, or may be \c
+    ///                 NULL if \p len is \c 0.
+    /// \param buf_len  The number of bytes available for writing in \p buf.
+    /// \param olen     The size in bytes of the data that has been or would have
+    ///                 been written. It must point to a valid \c size_t.
+    ///
+    /// \note           \p olen is updated to the correct value regardless of
+    ///                 whether \p buf_len was large enough. This makes it possible
+    ///                 to determine the necessary size by calling this function
+    ///                 with \p buf set to \c NULL and \p buf_len to \c 0.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small.
+    pub fn mbedtls_ssl_session_save(
+        session: *const mbedtls_ssl_session,
+        buf: *mut crate::c_types::c_uchar,
+        buf_len: usize,
+        olen: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               Set the list of allowed ciphersuites and the preference
+    ///                      order. First in the list has the highest preference.
+    ///
+    ///                      For TLS 1.2, the notion of ciphersuite determines both
+    ///                      the key exchange mechanism and the suite of symmetric
+    ///                      algorithms to be used during and after the handshake.
+    ///
+    ///                      For TLS 1.3 (in development), the notion of ciphersuite
+    ///                      only determines the suite of symmetric algorithms to be
+    ///                      used during and after the handshake, while key exchange
+    ///                      mechanisms are configured separately.
+    ///
+    ///                      In Mbed TLS, ciphersuites for both TLS 1.2 and TLS 1.3
+    ///                      are configured via this function. For users of TLS 1.3,
+    ///                      there will be separate API for the configuration of key
+    ///                      exchange mechanisms.
+    ///
+    ///                      The list of ciphersuites passed to this function may
+    ///                      contain a mixture of TLS 1.2 and TLS 1.3 ciphersuite
+    ///                      identifiers. This is useful if negotiation of TLS 1.3
+    ///                      should be attempted, but a fallback to TLS 1.2 would
+    ///                      be tolerated.
+    ///
+    /// \note                By default, the server chooses its preferred
+    ///                      ciphersuite among those that the client supports. If
+    ///                      mbedtls_ssl_conf_preference_order() is called to prefer
+    ///                      the client's preferences, the server instead chooses
+    ///                      the client's preferred ciphersuite among those that
+    ///                      the server supports.
+    ///
+    /// \warning             The ciphersuites array \p ciphersuites is not copied.
+    ///                      It must remain valid for the lifetime of the SSL
+    ///                      configuration \p conf.
+    ///
+    /// \param conf          The SSL configuration to modify.
+    /// \param ciphersuites  A 0-terminated list of IANA identifiers of supported
+    ///                      ciphersuites, accessible through \c MBEDTLS_TLS_XXX
+    ///                      and \c MBEDTLS_TLS1_3_XXX macros defined in
+    ///                      ssl_ciphersuites.h.
+    pub fn mbedtls_ssl_conf_ciphersuites(
+        conf: *mut mbedtls_ssl_config,
+        ciphersuites: *const crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief Set the supported key exchange modes for TLS 1.3 connections.
+    ///
+    ///        In contrast to TLS 1.2, the ciphersuite concept in TLS 1.3 does not
+    ///        include the choice of key exchange mechanism. It is therefore not
+    ///        covered by the API mbedtls_ssl_conf_ciphersuites(). See the
+    ///        documentation of mbedtls_ssl_conf_ciphersuites() for more
+    ///        information on the ciphersuite concept in TLS 1.2 and TLS 1.3.
+    ///
+    ///        The present function is specific to TLS 1.3 and allows users to
+    ///        configure the set of supported key exchange mechanisms in TLS 1.3.
+    ///
+    /// \param conf       The SSL configuration the change should apply to.
+    /// \param kex_modes  A bitwise combination of one or more of the following:
+    ///                   - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK
+    ///                     This flag enables pure-PSK key exchanges.
+    ///                   - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL
+    ///                     This flag enables combined PSK-ephemeral key exchanges.
+    ///                   - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL
+    ///                     This flag enables pure-ephemeral key exchanges.
+    ///                   For convenience, the following pre-defined macros are
+    ///                   available for combinations of the above:
+    ///                   - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL
+    ///                     Includes all of pure-PSK, PSK-ephemeral and pure-ephemeral.
+    ///                   - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL
+    ///                     Includes both pure-PSK and combined PSK-ephemeral
+    ///                     key exchanges, but excludes pure-ephemeral key exchanges.
+    ///                   - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL
+    ///                     Includes both pure-ephemeral and combined PSK-ephemeral
+    ///                     key exchanges.
+    ///
+    /// \note  If a PSK-based key exchange mode shall be supported, applications
+    ///        must also use the APIs mbedtls_ssl_conf_psk() or
+    ///        mbedtls_ssl_conf_psk_cb() or mbedtls_ssl_conf_psk_opaque()
+    ///        to configure the PSKs to be used.
+    ///
+    /// \note  If a pure-ephemeral key exchange mode shall be supported,
+    ///        server-side applications must also provide a certificate via
+    ///        mbedtls_ssl_conf_own_cert().
+    pub fn mbedtls_ssl_conf_tls13_key_exchange_modes(
+        conf: *mut mbedtls_ssl_config,
+        kex_modes: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief               Specify the length of Connection IDs for incoming
+    ///                      encrypted DTLS records, as well as the behaviour
+    ///                      on unexpected CIDs.
+    ///
+    ///                      By default, the CID length is set to \c 0,
+    ///                      and unexpected CIDs are silently ignored.
+    ///
+    /// \param conf          The SSL configuration to modify.
+    /// \param len           The length in Bytes of the CID fields in encrypted
+    ///                      DTLS records using the CID mechanism. This must
+    ///                      not be larger than #MBEDTLS_SSL_CID_OUT_LEN_MAX.
+    /// \param ignore_other_cids This determines the stack's behaviour when
+    ///                          receiving a record with an unexpected CID.
+    ///                          Possible values are:
+    ///                          - #MBEDTLS_SSL_UNEXPECTED_CID_IGNORE
+    ///                            In this case, the record is silently ignored.
+    ///                          - #MBEDTLS_SSL_UNEXPECTED_CID_FAIL
+    ///                            In this case, the stack fails with the specific
+    ///                            error code #MBEDTLS_ERR_SSL_UNEXPECTED_CID.
+    ///
+    /// \note                The CID specification allows implementations to either
+    ///                      use a common length for all incoming connection IDs or
+    ///                      allow variable-length incoming IDs. Mbed TLS currently
+    ///                      requires a common length for all connections sharing the
+    ///                      same SSL configuration; this allows simpler parsing of
+    ///                      record headers.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if \p own_cid_len
+    ///                      is too large.
+    pub fn mbedtls_ssl_conf_cid(
+        conf: *mut mbedtls_ssl_config,
+        len: usize,
+        ignore_other_cids: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Set the X.509 security profile used for verification
+    ///
+    /// \note           The restrictions are enforced for all certificates in the
+    ///                 chain. However, signatures in the handshake are not covered
+    ///                 by this setting but by \b mbedtls_ssl_conf_sig_hashes().
+    ///
+    /// \param conf     SSL configuration
+    /// \param profile  Profile to use
+    pub fn mbedtls_ssl_conf_cert_profile(
+        conf: *mut mbedtls_ssl_config,
+        profile: *const mbedtls_x509_crt_profile,
+    );
+}
+extern "C" {
+    /// \brief          Set the data required to verify peer certificate
+    ///
+    /// \note           See \c mbedtls_x509_crt_verify() for notes regarding the
+    ///                 parameters ca_chain (maps to trust_ca for that function)
+    ///                 and ca_crl.
+    ///
+    /// \param conf     SSL configuration
+    /// \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs)
+    /// \param ca_crl   trusted CA CRLs
+    pub fn mbedtls_ssl_conf_ca_chain(
+        conf: *mut mbedtls_ssl_config,
+        ca_chain: *mut mbedtls_x509_crt,
+        ca_crl: *mut mbedtls_x509_crl,
+    );
+}
+extern "C" {
+    /// \brief          Set own certificate chain and private key
+    ///
+    /// \note           own_cert should contain in order from the bottom up your
+    ///                 certificate chain. The top certificate (self-signed)
+    ///                 can be omitted.
+    ///
+    /// \note           On server, this function can be called multiple times to
+    ///                 provision more than one cert/key pair (eg one ECDSA, one
+    ///                 RSA with SHA-256, one RSA with SHA-1). An adequate
+    ///                 certificate will be selected according to the client's
+    ///                 advertised capabilities. In case multiple certificates are
+    ///                 adequate, preference is given to the one set by the first
+    ///                 call to this function, then second, etc.
+    ///
+    /// \note           On client, only the first call has any effect. That is,
+    ///                 only one client certificate can be provisioned. The
+    ///                 server's preferences in its CertificateRequest message will
+    ///                 be ignored and our only cert will be sent regardless of
+    ///                 whether it matches those preferences - the server can then
+    ///                 decide what it wants to do with it.
+    ///
+    /// \note           The provided \p pk_key needs to match the public key in the
+    ///                 first certificate in \p own_cert, or all handshakes using
+    ///                 that certificate will fail. It is your responsibility
+    ///                 to ensure that; this function will not perform any check.
+    ///                 You may use mbedtls_pk_check_pair() in order to perform
+    ///                 this check yourself, but be aware that this function can
+    ///                 be computationally expensive on some key types.
+    ///
+    /// \param conf     SSL configuration
+    /// \param own_cert own public certificate chain
+    /// \param pk_key   own private key
+    ///
+    /// \return         0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED
+    pub fn mbedtls_ssl_conf_own_cert(
+        conf: *mut mbedtls_ssl_config,
+        own_cert: *mut mbedtls_x509_crt,
+        pk_key: *mut mbedtls_pk_context,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Configure pre-shared keys (PSKs) and their
+    ///                 identities to be used in PSK-based ciphersuites.
+    ///
+    ///                 Only one PSK can be registered, through either
+    ///                 mbedtls_ssl_conf_psk() or mbedtls_ssl_conf_psk_opaque().
+    ///                 If you attempt to register more than one PSK, this function
+    ///                 fails, though this may change in future versions, which
+    ///                 may add support for multiple PSKs.
+    ///
+    /// \note           This is mainly useful for clients. Servers will usually
+    ///                 want to use \c mbedtls_ssl_conf_psk_cb() instead.
+    ///
+    /// \note           A PSK set by \c mbedtls_ssl_set_hs_psk() in the PSK callback
+    ///                 takes precedence over a PSK configured by this function.
+    ///
+    /// \param conf     The SSL configuration to register the PSK with.
+    /// \param psk      The pointer to the pre-shared key to use.
+    /// \param psk_len  The length of the pre-shared key in bytes.
+    /// \param psk_identity      The pointer to the pre-shared key identity.
+    /// \param psk_identity_len  The length of the pre-shared key identity
+    ///                          in bytes.
+    ///
+    /// \note           The PSK and its identity are copied internally and
+    ///                 hence need not be preserved by the caller for the lifetime
+    ///                 of the SSL configuration.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if no more PSKs
+    ///                 can be configured. In this case, the old PSK(s) remain intact.
+    /// \return         Another negative error code on other kinds of failure.
+    pub fn mbedtls_ssl_conf_psk(
+        conf: *mut mbedtls_ssl_config,
+        psk: *const crate::c_types::c_uchar,
+        psk_len: usize,
+        psk_identity: *const crate::c_types::c_uchar,
+        psk_identity_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Set the pre-shared Key (PSK) for the current handshake.
+    ///
+    /// \note           This should only be called inside the PSK callback,
+    ///                 i.e. the function passed to \c mbedtls_ssl_conf_psk_cb().
+    ///
+    /// \note           A PSK set by this function takes precedence over a PSK
+    ///                 configured by \c mbedtls_ssl_conf_psk().
+    ///
+    /// \param ssl      The SSL context to configure a PSK for.
+    /// \param psk      The pointer to the pre-shared key.
+    /// \param psk_len  The length of the pre-shared key in bytes.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         An \c MBEDTLS_ERR_SSL_XXX error code on failure.
+    pub fn mbedtls_ssl_set_hs_psk(
+        ssl: *mut mbedtls_ssl_context,
+        psk: *const crate::c_types::c_uchar,
+        psk_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Set the PSK callback (server-side only).
+    ///
+    ///                 If set, the PSK callback is called for each
+    ///                 handshake where a PSK-based ciphersuite was negotiated.
+    ///                 The caller provides the identity received and wants to
+    ///                 receive the actual PSK data and length.
+    ///
+    ///                 The callback has the following parameters:
+    ///                 - \c void*: The opaque pointer \p p_psk.
+    ///                 - \c mbedtls_ssl_context*: The SSL context to which
+    ///                                            the operation applies.
+    ///                 - \c const unsigned char*: The PSK identity
+    ///                                            selected by the client.
+    ///                 - \c size_t: The length of the PSK identity
+    ///                              selected by the client.
+    ///
+    ///                 If a valid PSK identity is found, the callback should use
+    ///                 \c mbedtls_ssl_set_hs_psk() or
+    ///                 \c mbedtls_ssl_set_hs_psk_opaque()
+    ///                 on the SSL context to set the correct PSK and return \c 0.
+    ///                 Any other return value will result in a denied PSK identity.
+    ///
+    /// \note           A dynamic PSK (i.e. set by the PSK callback) takes
+    ///                 precedence over a static PSK (i.e. set by
+    ///                 \c mbedtls_ssl_conf_psk() or
+    ///                 \c mbedtls_ssl_conf_psk_opaque()).
+    ///                 This means that if you set a PSK callback using this
+    ///                 function, you don't need to set a PSK using
+    ///                 \c mbedtls_ssl_conf_psk() or
+    ///                 \c mbedtls_ssl_conf_psk_opaque()).
+    ///
+    /// \param conf     The SSL configuration to register the callback with.
+    /// \param f_psk    The callback for selecting and setting the PSK based
+    ///                 in the PSK identity chosen by the client.
+    /// \param p_psk    A pointer to an opaque structure to be passed to
+    ///                 the callback, for example a PSK store.
+    pub fn mbedtls_ssl_conf_psk_cb(
+        conf: *mut mbedtls_ssl_config,
+        f_psk: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut mbedtls_ssl_context,
+                arg3: *const crate::c_types::c_uchar,
+                arg4: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_psk: *mut crate::c_types::c_void,
+    );
+}
+extern "C" {
+    /// \brief          Set the Diffie-Hellman public P and G values
+    ///                 from big-endian binary presentations.
+    ///                 (Default values: MBEDTLS_DHM_RFC3526_MODP_2048_[PG]_BIN)
+    ///
+    /// \param conf     SSL configuration
+    /// \param dhm_P    Diffie-Hellman-Merkle modulus in big-endian binary form
+    /// \param P_len    Length of DHM modulus
+    /// \param dhm_G    Diffie-Hellman-Merkle generator in big-endian binary form
+    /// \param G_len    Length of DHM generator
+    ///
+    /// \return         0 if successful
+    pub fn mbedtls_ssl_conf_dh_param_bin(
+        conf: *mut mbedtls_ssl_config,
+        dhm_P: *const crate::c_types::c_uchar,
+        P_len: usize,
+        dhm_G: *const crate::c_types::c_uchar,
+        G_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Set the Diffie-Hellman public P and G values,
+    ///                 read from existing context (server-side only)
+    ///
+    /// \param conf     SSL configuration
+    /// \param dhm_ctx  Diffie-Hellman-Merkle context
+    ///
+    /// \return         0 if successful
+    pub fn mbedtls_ssl_conf_dh_param_ctx(
+        conf: *mut mbedtls_ssl_config,
+        dhm_ctx: *mut mbedtls_dhm_context,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Set the minimum length for Diffie-Hellman parameters.
+    ///                 (Client-side only.)
+    ///                 (Default: 1024 bits.)
+    ///
+    /// \param conf     SSL configuration
+    /// \param bitlen   Minimum bit length of the DHM prime
+    pub fn mbedtls_ssl_conf_dhm_min_bitlen(
+        conf: *mut mbedtls_ssl_config,
+        bitlen: crate::c_types::c_uint,
+    );
+}
+extern "C" {
+    /// \brief          Set the allowed curves in order of preference.
+    ///
+    ///                 On server: this only affects selection of the ECDHE curve;
+    ///                 the curves used for ECDH and ECDSA are determined by the
+    ///                 list of available certificates instead.
+    ///
+    ///                 On client: this affects the list of curves offered for any
+    ///                 use. The server can override our preference order.
+    ///
+    ///                 Both sides: limits the set of curves accepted for use in
+    ///                 ECDHE and in the peer's end-entity certificate.
+    ///
+    /// \deprecated     Superseded by mbedtls_ssl_conf_groups().
+    ///
+    /// \note           This has no influence on which curves are allowed inside the
+    ///                 certificate chains, see \c mbedtls_ssl_conf_cert_profile()
+    ///                 for that. For the end-entity certificate however, the key
+    ///                 will be accepted only if it is allowed both by this list
+    ///                 and by the cert profile.
+    ///
+    /// \note           This list should be ordered by decreasing preference
+    ///                 (preferred curve first).
+    ///
+    /// \note           The default list is the same set of curves that
+    ///                 #mbedtls_x509_crt_profile_default allows, plus
+    ///                 ECDHE-only curves selected according to the same criteria.
+    ///                 The order favors curves with the lowest resource usage.
+    ///
+    /// \note           New minor versions of Mbed TLS may extend this list,
+    ///                 for example if new curves are added to the library.
+    ///                 New minor versions of Mbed TLS will not remove items
+    ///                 from this list unless serious security concerns require it.
+    ///                 New minor versions of Mbed TLS may change the order in
+    ///                 keeping with the general principle of favoring the lowest
+    ///                 resource usage.
+    ///
+    /// \param conf     SSL configuration
+    /// \param curves   Ordered list of allowed curves,
+    ///                 terminated by MBEDTLS_ECP_DP_NONE.
+    pub fn mbedtls_ssl_conf_curves(
+        conf: *mut mbedtls_ssl_config,
+        curves: *const mbedtls_ecp_group_id,
+    );
+}
+extern "C" {
+    /// \brief          Set the allowed groups in order of preference.
+    ///
+    ///                 On server: This only affects the choice of key agreement mechanism
+    ///
+    ///                 On client: this affects the list of groups offered for any
+    ///                 use. The server can override our preference order.
+    ///
+    ///                 Both sides: limits the set of groups accepted for use in
+    ///                 key sharing.
+    ///
+    /// \note           This function replaces the deprecated mbedtls_ssl_conf_curves(),
+    ///                 which only allows ECP curves to be configured.
+    ///
+    /// \note           The most recent invocation of either mbedtls_ssl_conf_curves()
+    ///                 or mbedtls_ssl_conf_groups() nullifies all previous invocations
+    ///                 of both.
+    ///
+    /// \note           This list should be ordered by decreasing preference
+    ///                 (preferred group first).
+    ///
+    /// \note           When this function is not called, a default list is used,
+    ///                 consisting of all supported curves at 255 bits and above,
+    ///                 and all supported finite fields at 2048 bits and above.
+    ///                 The order favors groups with the lowest resource usage.
+    ///
+    /// \note           New minor versions of Mbed TLS will not remove items
+    ///                 from the default list unless serious security concerns require it.
+    ///                 New minor versions of Mbed TLS may change the order in
+    ///                 keeping with the general principle of favoring the lowest
+    ///                 resource usage.
+    ///
+    /// \param conf     SSL configuration
+    /// \param groups   List of allowed groups ordered by preference, terminated by 0.
+    ///                 Must contain valid IANA NamedGroup IDs (provided via either an integer
+    ///                 or using MBEDTLS_TLS1_3_NAMED_GROUP_XXX macros).
+    pub fn mbedtls_ssl_conf_groups(conf: *mut mbedtls_ssl_config, groups: *const u16);
+}
+extern "C" {
+    /// \brief          Set the allowed hashes for signatures during the handshake.
+    ///
+    /// \note           This only affects which hashes are offered and can be used
+    ///                 for signatures during the handshake. Hashes for message
+    ///                 authentication and the TLS PRF are controlled by the
+    ///                 ciphersuite, see \c mbedtls_ssl_conf_ciphersuites(). Hashes
+    ///                 used for certificate signature are controlled by the
+    ///                 verification profile, see \c mbedtls_ssl_conf_cert_profile().
+    ///
+    /// \note           This list should be ordered by decreasing preference
+    ///                 (preferred hash first).
+    ///
+    /// \note           By default, all supported hashes whose length is at least
+    ///                 256 bits are allowed. This is the same set as the default
+    ///                 for certificate verification
+    ///                 (#mbedtls_x509_crt_profile_default).
+    ///                 The preference order is currently unspecified and may
+    ///                 change in future versions.
+    ///
+    /// \note           New minor versions of Mbed TLS may extend this list,
+    ///                 for example if new curves are added to the library.
+    ///                 New minor versions of Mbed TLS will not remove items
+    ///                 from this list unless serious security concerns require it.
+    ///
+    /// \param conf     SSL configuration
+    /// \param hashes   Ordered list of allowed signature hashes,
+    ///                 terminated by \c MBEDTLS_MD_NONE.
+    pub fn mbedtls_ssl_conf_sig_hashes(
+        conf: *mut mbedtls_ssl_config,
+        hashes: *const crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief          Configure allowed signature algorithms for use in TLS 1.3
+    ///
+    /// \param conf     The SSL configuration to use.
+    /// \param sig_algs List of allowed IANA values for TLS 1.3 signature algorithms,
+    ///                 terminated by \c MBEDTLS_TLS1_3_SIG_NONE. The list must remain
+    ///                 available throughout the lifetime of the conf object. Supported
+    ///                 values are available as \c MBEDTLS_TLS1_3_SIG_XXXX
+    pub fn mbedtls_ssl_conf_sig_algs(conf: *mut mbedtls_ssl_config, sig_algs: *const u16);
+}
+extern "C" {
+    /// \brief          Set or reset the hostname to check against the received
+    ///                 server certificate. It sets the ServerName TLS extension,
+    ///                 too, if that extension is enabled. (client-side only)
+    ///
+    /// \param ssl      SSL context
+    /// \param hostname the server hostname, may be NULL to clear hostname
+    ///
+    /// \note           Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN.
+    ///
+    /// \return         0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on
+    ///                 allocation failure, MBEDTLS_ERR_SSL_BAD_INPUT_DATA on
+    ///                 too long input hostname.
+    ///
+    ///                 Hostname set to the one provided on success (cleared
+    ///                 when NULL). On allocation failure hostname is cleared.
+    ///                 On too long input failure, old hostname is unchanged.
+    pub fn mbedtls_ssl_set_hostname(
+        ssl: *mut mbedtls_ssl_context,
+        hostname: *const crate::c_types::c_char,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Retrieve SNI extension value for the current handshake.
+    ///                 Available in \p f_cert_cb of \c mbedtls_ssl_conf_cert_cb(),
+    ///                 this is the same value passed to \p f_sni callback of
+    ///                 \c mbedtls_ssl_conf_sni() and may be used instead of
+    ///                 \c mbedtls_ssl_conf_sni().
+    ///
+    /// \param ssl      SSL context
+    /// \param name_len pointer into which to store length of returned value.
+    ///                 0 if SNI extension is not present or not yet processed.
+    ///
+    /// \return         const pointer to SNI extension value.
+    ///                 - value is valid only when called in \p f_cert_cb
+    ///                   registered with \c mbedtls_ssl_conf_cert_cb().
+    ///                 - value is NULL if SNI extension is not present.
+    ///                 - value is not '\0'-terminated.  Use \c name_len for len.
+    ///                 - value must not be freed.
+    pub fn mbedtls_ssl_get_hs_sni(
+        ssl: *mut mbedtls_ssl_context,
+        name_len: *mut usize,
+    ) -> *const crate::c_types::c_uchar;
+}
+extern "C" {
+    /// \brief          Set own certificate and key for the current handshake
+    ///
+    /// \note           Same as \c mbedtls_ssl_conf_own_cert() but for use within
+    ///                 the SNI callback or the certificate selection callback.
+    ///
+    /// \note           Passing null \c own_cert clears the certificate list for
+    ///                 the current handshake.
+    ///
+    /// \param ssl      SSL context
+    /// \param own_cert own public certificate chain
+    /// \param pk_key   own private key
+    ///
+    /// \return         0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED
+    pub fn mbedtls_ssl_set_hs_own_cert(
+        ssl: *mut mbedtls_ssl_context,
+        own_cert: *mut mbedtls_x509_crt,
+        pk_key: *mut mbedtls_pk_context,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Set the data required to verify peer certificate for the
+    ///                 current handshake
+    ///
+    /// \note           Same as \c mbedtls_ssl_conf_ca_chain() but for use within
+    ///                 the SNI callback or the certificate selection callback.
+    ///
+    /// \param ssl      SSL context
+    /// \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs)
+    /// \param ca_crl   trusted CA CRLs
+    pub fn mbedtls_ssl_set_hs_ca_chain(
+        ssl: *mut mbedtls_ssl_context,
+        ca_chain: *mut mbedtls_x509_crt,
+        ca_crl: *mut mbedtls_x509_crl,
+    );
+}
+extern "C" {
+    /// \brief          Set DN hints sent to client in CertificateRequest message
+    ///
+    /// \note           Same as \c mbedtls_ssl_conf_dn_hints() but for use within
+    ///                 the SNI callback or the certificate selection callback.
+    ///
+    /// \param ssl      SSL context
+    /// \param crt      crt chain whose subject DNs are issuer DNs of client certs
+    ///                 from which the client should select client peer certificate.
+    pub fn mbedtls_ssl_set_hs_dn_hints(ssl: *mut mbedtls_ssl_context, crt: *const mbedtls_x509_crt);
+}
+extern "C" {
+    /// \brief          Set authmode for the current handshake.
+    ///
+    /// \note           Same as \c mbedtls_ssl_conf_authmode() but for use within
+    ///                 the SNI callback or the certificate selection callback.
+    ///
+    /// \param ssl      SSL context
+    /// \param authmode MBEDTLS_SSL_VERIFY_NONE, MBEDTLS_SSL_VERIFY_OPTIONAL or
+    ///                 MBEDTLS_SSL_VERIFY_REQUIRED
+    pub fn mbedtls_ssl_set_hs_authmode(
+        ssl: *mut mbedtls_ssl_context,
+        authmode: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief          Set server side ServerName TLS extension callback
+    ///                 (optional, server-side only).
+    ///
+    ///                 If set, the ServerName callback is called whenever the
+    ///                 server receives a ServerName TLS extension from the client
+    ///                 during a handshake. The ServerName callback has the
+    ///                 following parameters: (void *parameter, mbedtls_ssl_context *ssl,
+    ///                 const unsigned char *hostname, size_t len). If a suitable
+    ///                 certificate is found, the callback must set the
+    ///                 certificate(s) and key(s) to use with \c
+    ///                 mbedtls_ssl_set_hs_own_cert() (can be called repeatedly),
+    ///                 and may optionally adjust the CA and associated CRL with \c
+    ///                 mbedtls_ssl_set_hs_ca_chain() as well as the client
+    ///                 authentication mode with \c mbedtls_ssl_set_hs_authmode(),
+    ///                 then must return 0. If no matching name is found, the
+    ///                 callback may return non-zero to abort the handshake.
+    ///
+    /// \param conf     SSL configuration
+    /// \param f_sni    verification function
+    /// \param p_sni    verification parameter
+    pub fn mbedtls_ssl_conf_sni(
+        conf: *mut mbedtls_ssl_config,
+        f_sni: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut mbedtls_ssl_context,
+                arg3: *const crate::c_types::c_uchar,
+                arg4: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_sni: *mut crate::c_types::c_void,
+    );
+}
+extern "C" {
+    /// \brief          Set the supported Application Layer Protocols.
+    ///
+    /// \param conf     SSL configuration
+    /// \param protos   Pointer to a NULL-terminated list of supported protocols,
+    ///                 in decreasing preference order. The pointer to the list is
+    ///                 recorded by the library for later reference as required, so
+    ///                 the lifetime of the table must be at least as long as the
+    ///                 lifetime of the SSL configuration structure.
+    ///
+    /// \return         0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA.
+    pub fn mbedtls_ssl_conf_alpn_protocols(
+        conf: *mut mbedtls_ssl_config,
+        protos: *mut *const crate::c_types::c_char,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Get the name of the negotiated Application Layer Protocol.
+    ///                 This function should be called after the handshake is
+    ///                 completed.
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         Protocol name, or NULL if no protocol was negotiated.
+    pub fn mbedtls_ssl_get_alpn_protocol(
+        ssl: *const mbedtls_ssl_context,
+    ) -> *const crate::c_types::c_char;
+}
+extern "C" {
+    /// \brief          Set the maximum supported version sent from the client side
+    ///                 and/or accepted at the server side.
+    ///
+    ///                 See also the documentation of mbedtls_ssl_conf_min_version().
+    ///
+    /// \note           This ignores ciphersuites from higher versions.
+    ///
+    /// \note           This function is deprecated and has been replaced by
+    ///                 \c mbedtls_ssl_conf_max_tls_version().
+    ///
+    /// \param conf     SSL configuration
+    /// \param major    Major version number (#MBEDTLS_SSL_MAJOR_VERSION_3)
+    /// \param minor    Minor version number
+    ///                 (#MBEDTLS_SSL_MINOR_VERSION_3 for (D)TLS 1.2,
+    ///                 #MBEDTLS_SSL_MINOR_VERSION_4 for TLS 1.3)
+    pub fn mbedtls_ssl_conf_max_version(
+        conf: *mut mbedtls_ssl_config,
+        major: crate::c_types::c_int,
+        minor: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief          Set the minimum accepted SSL/TLS protocol version
+    ///
+    /// \note           By default, all supported versions are accepted.
+    ///                 Future versions of the library may disable older
+    ///                 protocol versions by default if they become deprecated.
+    ///
+    /// \note           The following versions are supported (if enabled at
+    ///                 compile time):
+    ///                 - (D)TLS 1.2: \p major = #MBEDTLS_SSL_MAJOR_VERSION_3,
+    ///                   \p minor = #MBEDTLS_SSL_MINOR_VERSION_3
+    ///                 - TLS 1.3: \p major = #MBEDTLS_SSL_MAJOR_VERSION_3,
+    ///                   \p minor = #MBEDTLS_SSL_MINOR_VERSION_4
+    ///
+    ///                 Note that the numbers in the constant names are the
+    ///                 TLS internal protocol numbers, and the minor versions
+    ///                 differ by one from the human-readable versions!
+    ///
+    /// \note           Input outside of the SSL_MAX_XXXXX_VERSION and
+    ///                 SSL_MIN_XXXXX_VERSION range is ignored.
+    ///
+    /// \note           After the handshake, you can call
+    ///                 mbedtls_ssl_get_version_number() to see what version was
+    ///                 negotiated.
+    ///
+    /// \note           This function is deprecated and has been replaced by
+    ///                 \c mbedtls_ssl_conf_min_tls_version().
+    ///
+    /// \param conf     SSL configuration
+    /// \param major    Major version number (#MBEDTLS_SSL_MAJOR_VERSION_3)
+    /// \param minor    Minor version number
+    ///                 (#MBEDTLS_SSL_MINOR_VERSION_3 for (D)TLS 1.2,
+    ///                 #MBEDTLS_SSL_MINOR_VERSION_4 for TLS 1.3)
+    pub fn mbedtls_ssl_conf_min_version(
+        conf: *mut mbedtls_ssl_config,
+        major: crate::c_types::c_int,
+        minor: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief           Enable or disable Encrypt-then-MAC
+    ///                  (Default: MBEDTLS_SSL_ETM_ENABLED)
+    ///
+    /// \note            This should always be enabled, it is a security
+    ///                  improvement, and should not cause any interoperability
+    ///                  issue (used only if the peer supports it too).
+    ///
+    /// \param conf      SSL configuration
+    /// \param etm       MBEDTLS_SSL_ETM_ENABLED or MBEDTLS_SSL_ETM_DISABLED
+    pub fn mbedtls_ssl_conf_encrypt_then_mac(
+        conf: *mut mbedtls_ssl_config,
+        etm: crate::c_types::c_char,
+    );
+}
+extern "C" {
+    /// \brief           Enable or disable Extended Master Secret negotiation.
+    ///                  (Default: MBEDTLS_SSL_EXTENDED_MS_ENABLED)
+    ///
+    /// \note            This should always be enabled, it is a security fix to the
+    ///                  protocol, and should not cause any interoperability issue
+    ///                  (used only if the peer supports it too).
+    ///
+    /// \param conf      SSL configuration
+    /// \param ems       MBEDTLS_SSL_EXTENDED_MS_ENABLED or MBEDTLS_SSL_EXTENDED_MS_DISABLED
+    pub fn mbedtls_ssl_conf_extended_master_secret(
+        conf: *mut mbedtls_ssl_config,
+        ems: crate::c_types::c_char,
+    );
+}
+extern "C" {
+    /// \brief          Whether to send a list of acceptable CAs in
+    ///                 CertificateRequest messages.
+    ///                 (Default: do send)
+    ///
+    /// \param conf     SSL configuration
+    /// \param cert_req_ca_list   MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED or
+    ///                          MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED
+    pub fn mbedtls_ssl_conf_cert_req_ca_list(
+        conf: *mut mbedtls_ssl_config,
+        cert_req_ca_list: crate::c_types::c_char,
+    );
+}
+extern "C" {
+    /// \brief          Set the maximum fragment length to emit and/or negotiate.
+    ///                 (Typical: the smaller of #MBEDTLS_SSL_IN_CONTENT_LEN and
+    ///                 #MBEDTLS_SSL_OUT_CONTENT_LEN, usually `2^14` bytes)
+    ///                 (Server: set maximum fragment length to emit,
+    ///                 usually negotiated by the client during handshake)
+    ///                 (Client: set maximum fragment length to emit *and*
+    ///                 negotiate with the server during handshake)
+    ///                 (Default: #MBEDTLS_SSL_MAX_FRAG_LEN_NONE)
+    ///
+    /// \note           On the client side, the maximum fragment length extension
+    ///                 *will not* be used, unless the maximum fragment length has
+    ///                 been set via this function to a value different than
+    ///                 #MBEDTLS_SSL_MAX_FRAG_LEN_NONE.
+    ///
+    /// \note           With TLS, this currently only affects ApplicationData (sent
+    ///                 with \c mbedtls_ssl_read()), not handshake messages.
+    ///                 With DTLS, this affects both ApplicationData and handshake.
+    ///
+    /// \note           This sets the maximum length for a record's payload,
+    ///                 excluding record overhead that will be added to it, see
+    ///                 \c mbedtls_ssl_get_record_expansion().
+    ///
+    /// \note           For DTLS, it is also possible to set a limit for the total
+    ///                 size of datagrams passed to the transport layer, including
+    ///                 record overhead, see \c mbedtls_ssl_set_mtu().
+    ///
+    /// \param conf     SSL configuration
+    /// \param mfl_code Code for maximum fragment length (allowed values:
+    ///                 MBEDTLS_SSL_MAX_FRAG_LEN_512,  MBEDTLS_SSL_MAX_FRAG_LEN_1024,
+    ///                 MBEDTLS_SSL_MAX_FRAG_LEN_2048, MBEDTLS_SSL_MAX_FRAG_LEN_4096)
+    ///
+    /// \return         0 if successful or MBEDTLS_ERR_SSL_BAD_INPUT_DATA
+    pub fn mbedtls_ssl_conf_max_frag_len(
+        conf: *mut mbedtls_ssl_config,
+        mfl_code: crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Pick the ciphersuites order according to the second parameter
+    ///                 in the SSL Server module (MBEDTLS_SSL_SRV_C).
+    ///                 (Default, if never called: MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER)
+    ///
+    /// \param conf     SSL configuration
+    /// \param order    Server or client (MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER
+    ///                                or MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT)
+    pub fn mbedtls_ssl_conf_preference_order(
+        conf: *mut mbedtls_ssl_config,
+        order: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief          Enable / Disable session tickets (client only).
+    ///                 (Default: MBEDTLS_SSL_SESSION_TICKETS_ENABLED.)
+    ///
+    /// \note           On server, use \c mbedtls_ssl_conf_session_tickets_cb().
+    ///
+    /// \param conf     SSL configuration
+    /// \param use_tickets   Enable or disable (MBEDTLS_SSL_SESSION_TICKETS_ENABLED or
+    ///                                         MBEDTLS_SSL_SESSION_TICKETS_DISABLED)
+    pub fn mbedtls_ssl_conf_session_tickets(
+        conf: *mut mbedtls_ssl_config,
+        use_tickets: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief   Number of NewSessionTicket messages for the server to send
+    ///          after handshake completion.
+    ///
+    /// \note    The default value is
+    ///          \c MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS.
+    ///
+    /// \note    In case of a session resumption, this setting only partially apply.
+    ///          At most one ticket is sent in that case to just renew the pool of
+    ///          tickets of the client. The rationale is to avoid the number of
+    ///          tickets on the server to become rapidly out of control when the
+    ///          server has the same configuration for all its connection instances.
+    ///
+    /// \param conf    SSL configuration
+    /// \param num_tickets    Number of NewSessionTicket.
+    pub fn mbedtls_ssl_conf_new_session_tickets(conf: *mut mbedtls_ssl_config, num_tickets: u16);
+}
+extern "C" {
+    /// \brief          Enable / Disable renegotiation support for connection when
+    ///                 initiated by peer
+    ///                 (Default: MBEDTLS_SSL_RENEGOTIATION_DISABLED)
+    ///
+    /// \warning        It is recommended to always disable renegotiation unless you
+    ///                 know you need it and you know what you're doing. In the
+    ///                 past, there have been several issues associated with
+    ///                 renegotiation or a poor understanding of its properties.
+    ///
+    /// \note           Server-side, enabling renegotiation also makes the server
+    ///                 susceptible to a resource DoS by a malicious client.
+    ///
+    /// \param conf    SSL configuration
+    /// \param renegotiation     Enable or disable (MBEDTLS_SSL_RENEGOTIATION_ENABLED or
+    ///                                             MBEDTLS_SSL_RENEGOTIATION_DISABLED)
+    pub fn mbedtls_ssl_conf_renegotiation(
+        conf: *mut mbedtls_ssl_config,
+        renegotiation: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief          Prevent or allow legacy renegotiation.
+    ///                 (Default: MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION)
+    ///
+    ///                 MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION allows connections to
+    ///                 be established even if the peer does not support
+    ///                 secure renegotiation, but does not allow renegotiation
+    ///                 to take place if not secure.
+    ///                 (Interoperable and secure option)
+    ///
+    ///                 MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION allows renegotiations
+    ///                 with non-upgraded peers. Allowing legacy renegotiation
+    ///                 makes the connection vulnerable to specific man in the
+    ///                 middle attacks. (See RFC 5746)
+    ///                 (Most interoperable and least secure option)
+    ///
+    ///                 MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE breaks off connections
+    ///                 if peer does not support secure renegotiation. Results
+    ///                 in interoperability issues with non-upgraded peers
+    ///                 that do not support renegotiation altogether.
+    ///                 (Most secure option, interoperability issues)
+    ///
+    /// \param conf     SSL configuration
+    /// \param allow_legacy  Prevent or allow (SSL_NO_LEGACY_RENEGOTIATION,
+    ///                                        SSL_ALLOW_LEGACY_RENEGOTIATION or
+    ///                                        MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE)
+    pub fn mbedtls_ssl_conf_legacy_renegotiation(
+        conf: *mut mbedtls_ssl_config,
+        allow_legacy: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief          Enforce renegotiation requests.
+    ///                 (Default: enforced, max_records = 16)
+    ///
+    ///                 When we request a renegotiation, the peer can comply or
+    ///                 ignore the request. This function allows us to decide
+    ///                 whether to enforce our renegotiation requests by closing
+    ///                 the connection if the peer doesn't comply.
+    ///
+    ///                 However, records could already be in transit from the peer
+    ///                 when the request is emitted. In order to increase
+    ///                 reliability, we can accept a number of records before the
+    ///                 expected handshake records.
+    ///
+    ///                 The optimal value is highly dependent on the specific usage
+    ///                 scenario.
+    ///
+    /// \note           With DTLS and server-initiated renegotiation, the
+    ///                 HelloRequest is retransmitted every time mbedtls_ssl_read() times
+    ///                 out or receives Application Data, until:
+    ///                 - max_records records have beens seen, if it is >= 0, or
+    ///                 - the number of retransmits that would happen during an
+    ///                 actual handshake has been reached.
+    ///                 Please remember the request might be lost a few times
+    ///                 if you consider setting max_records to a really low value.
+    ///
+    /// \warning        On client, the grace period can only happen during
+    ///                 mbedtls_ssl_read(), as opposed to mbedtls_ssl_write() and mbedtls_ssl_renegotiate()
+    ///                 which always behave as if max_record was 0. The reason is,
+    ///                 if we receive application data from the server, we need a
+    ///                 place to write it, which only happens during mbedtls_ssl_read().
+    ///
+    /// \param conf     SSL configuration
+    /// \param max_records Use MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED if you don't want to
+    ///                 enforce renegotiation, or a non-negative value to enforce
+    ///                 it but allow for a grace period of max_records records.
+    pub fn mbedtls_ssl_conf_renegotiation_enforced(
+        conf: *mut mbedtls_ssl_config,
+        max_records: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief          Set record counter threshold for periodic renegotiation.
+    ///                 (Default: 2^48 - 1)
+    ///
+    ///                 Renegotiation is automatically triggered when a record
+    ///                 counter (outgoing or incoming) crosses the defined
+    ///                 threshold. The default value is meant to prevent the
+    ///                 connection from being closed when the counter is about to
+    ///                 reached its maximal value (it is not allowed to wrap).
+    ///
+    ///                 Lower values can be used to enforce policies such as "keys
+    ///                 must be refreshed every N packets with cipher X".
+    ///
+    ///                 The renegotiation period can be disabled by setting
+    ///                 conf->disable_renegotiation to
+    ///                 MBEDTLS_SSL_RENEGOTIATION_DISABLED.
+    ///
+    /// \note           When the configured transport is
+    ///                 MBEDTLS_SSL_TRANSPORT_DATAGRAM the maximum renegotiation
+    ///                 period is 2^48 - 1, and for MBEDTLS_SSL_TRANSPORT_STREAM,
+    ///                 the maximum renegotiation period is 2^64 - 1.
+    ///
+    /// \param conf     SSL configuration
+    /// \param period   The threshold value: a big-endian 64-bit number.
+    pub fn mbedtls_ssl_conf_renegotiation_period(
+        conf: *mut mbedtls_ssl_config,
+        period: *const crate::c_types::c_uchar,
+    );
+}
+extern "C" {
+    /// \brief          Check if there is data already read from the
+    ///                 underlying transport but not yet processed.
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         0 if nothing's pending, 1 otherwise.
+    ///
+    /// \note           This is different in purpose and behaviour from
+    ///                 \c mbedtls_ssl_get_bytes_avail in that it considers
+    ///                 any kind of unprocessed data, not only unread
+    ///                 application data. If \c mbedtls_ssl_get_bytes
+    ///                 returns a non-zero value, this function will
+    ///                 also signal pending data, but the converse does
+    ///                 not hold. For example, in DTLS there might be
+    ///                 further records waiting to be processed from
+    ///                 the current underlying transport's datagram.
+    ///
+    /// \note           If this function returns 1 (data pending), this
+    ///                 does not imply that a subsequent call to
+    ///                 \c mbedtls_ssl_read will provide any data;
+    ///                 e.g., the unprocessed data might turn out
+    ///                 to be an alert or a handshake message.
+    ///
+    /// \note           This function is useful in the following situation:
+    ///                 If the SSL/TLS module successfully returns from an
+    ///                 operation - e.g. a handshake or an application record
+    ///                 read - and you're awaiting incoming data next, you
+    ///                 must not immediately idle on the underlying transport
+    ///                 to have data ready, but you need to check the value
+    ///                 of this function first. The reason is that the desired
+    ///                 data might already be read but not yet processed.
+    ///                 If, in contrast, a previous call to the SSL/TLS module
+    ///                 returned MBEDTLS_ERR_SSL_WANT_READ, it is not necessary
+    ///                 to call this function, as the latter error code entails
+    ///                 that all internal data has been processed.
+    pub fn mbedtls_ssl_check_pending(ssl: *const mbedtls_ssl_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Return the number of application data bytes
+    ///                 remaining to be read from the current record.
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         How many bytes are available in the application
+    ///                 data record read buffer.
+    ///
+    /// \note           When working over a datagram transport, this is
+    ///                 useful to detect the current datagram's boundary
+    ///                 in case \c mbedtls_ssl_read has written the maximal
+    ///                 amount of data fitting into the input buffer.
+    pub fn mbedtls_ssl_get_bytes_avail(ssl: *const mbedtls_ssl_context) -> usize;
+}
+extern "C" {
+    /// \brief          Return the result of the certificate verification
+    ///
+    /// \param ssl      The SSL context to use.
+    ///
+    /// \return         \c 0 if the certificate verification was successful.
+    /// \return         \c -1u if the result is not available. This may happen
+    ///                 e.g. if the handshake aborts early, or a verification
+    ///                 callback returned a fatal error.
+    /// \return         A bitwise combination of \c MBEDTLS_X509_BADCERT_XXX
+    ///                 and \c MBEDTLS_X509_BADCRL_XXX failure flags; see x509.h.
+    pub fn mbedtls_ssl_get_verify_result(ssl: *const mbedtls_ssl_context) -> u32;
+}
+extern "C" {
+    /// \brief          Return the id of the current ciphersuite
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         a ciphersuite id
+    pub fn mbedtls_ssl_get_ciphersuite_id_from_ssl(
+        ssl: *const mbedtls_ssl_context,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Return the name of the current ciphersuite
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         a string containing the ciphersuite name
+    pub fn mbedtls_ssl_get_ciphersuite(
+        ssl: *const mbedtls_ssl_context,
+    ) -> *const crate::c_types::c_char;
+}
+extern "C" {
+    /// \brief          Return the current TLS version
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         a string containing the TLS version
+    pub fn mbedtls_ssl_get_version(
+        ssl: *const mbedtls_ssl_context,
+    ) -> *const crate::c_types::c_char;
+}
+extern "C" {
+    /// \brief          Return the (maximum) number of bytes added by the record
+    ///                 layer: header + encryption/MAC overhead (inc. padding)
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         Current maximum record expansion in bytes
+    pub fn mbedtls_ssl_get_record_expansion(
+        ssl: *const mbedtls_ssl_context,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Return the current maximum outgoing record payload in bytes.
+    ///
+    /// \note           The logic to determine the maximum outgoing record payload is
+    ///                 version-specific. It takes into account various factors, such as
+    ///                 the mbedtls_config.h setting \c MBEDTLS_SSL_OUT_CONTENT_LEN, extensions
+    ///                 such as the max fragment length or record size limit extension if
+    ///                 used, and for DTLS the path MTU as configured and current
+    ///                 record expansion.
+    ///
+    /// \note           With DTLS, \c mbedtls_ssl_write() will return an error if
+    ///                 called with a larger length value.
+    ///                 With TLS, \c mbedtls_ssl_write() will fragment the input if
+    ///                 necessary and return the number of bytes written; it is up
+    ///                 to the caller to call \c mbedtls_ssl_write() again in
+    ///                 order to send the remaining bytes if any.
+    ///
+    /// \sa             mbedtls_ssl_get_max_out_record_payload()
+    /// \sa             mbedtls_ssl_get_record_expansion()
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         Current maximum payload for an outgoing record,
+    ///                 or a negative error code.
+    pub fn mbedtls_ssl_get_max_out_record_payload(
+        ssl: *const mbedtls_ssl_context,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Return the current maximum incoming record payload in bytes.
+    ///
+    /// \note           The logic to determine the maximum incoming record payload is
+    ///                 version-specific. It takes into account various factors, such as
+    ///                 the mbedtls_config.h setting \c MBEDTLS_SSL_IN_CONTENT_LEN, extensions
+    ///                 such as the max fragment length extension or record size limit
+    ///                 extension if used, and the current record expansion.
+    ///
+    /// \sa             mbedtls_ssl_set_mtu()
+    /// \sa             mbedtls_ssl_get_max_in_record_payload()
+    /// \sa             mbedtls_ssl_get_record_expansion()
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         Current maximum payload for an incoming record,
+    ///                 or a negative error code.
+    pub fn mbedtls_ssl_get_max_in_record_payload(
+        ssl: *const mbedtls_ssl_context,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Return the peer certificate from the current connection.
+    ///
+    /// \param  ssl     The SSL context to use. This must be initialized and setup.
+    ///
+    /// \return         The current peer certificate, if available.
+    ///                 The returned certificate is owned by the SSL context and
+    ///                 is valid only until the next call to the SSL API.
+    /// \return         \c NULL if no peer certificate is available. This might
+    ///                 be because the chosen ciphersuite doesn't use CRTs
+    ///                 (PSK-based ciphersuites, for example), or because
+    ///                 #MBEDTLS_SSL_KEEP_PEER_CERTIFICATE has been disabled,
+    ///                 allowing the stack to free the peer's CRT to save memory.
+    ///
+    /// \note           For one-time inspection of the peer's certificate during
+    ///                 the handshake, consider registering an X.509 CRT verification
+    ///                 callback through mbedtls_ssl_conf_verify() instead of calling
+    ///                 this function. Using mbedtls_ssl_conf_verify() also comes at
+    ///                 the benefit of allowing you to influence the verification
+    ///                 process, for example by masking expected and tolerated
+    ///                 verification failures.
+    ///
+    /// \warning        You must not use the pointer returned by this function
+    ///                 after any further call to the SSL API, including
+    ///                 mbedtls_ssl_read() and mbedtls_ssl_write(); this is
+    ///                 because the pointer might change during renegotiation,
+    ///                 which happens transparently to the user.
+    ///                 If you want to use the certificate across API calls,
+    ///                 you must make a copy.
+    pub fn mbedtls_ssl_get_peer_cert(ssl: *const mbedtls_ssl_context) -> *const mbedtls_x509_crt;
+}
+extern "C" {
+    /// \brief          Export a session in order to resume it later.
+    ///
+    /// \param ssl      The SSL context representing the connection for which to
+    ///                 to export a session structure for later resumption.
+    /// \param session  The target structure in which to store the exported session.
+    ///                 This must have been initialized with mbedtls_ssl_init_session()
+    ///                 but otherwise be unused.
+    ///
+    /// \note           This function can handle a variety of mechanisms for session
+    ///                 resumption: For TLS 1.2, both session ID-based resumption and
+    ///                 ticket-based resumption will be considered. For TLS 1.3,
+    ///                 once implemented, sessions equate to tickets, and calling
+    ///                 this function multiple times will export the available
+    ///                 tickets one a time until no further tickets are available,
+    ///                 in which case MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE will
+    ///                 be returned.
+    ///
+    /// \note           Calling this function multiple times will only be useful
+    ///                 once TLS 1.3 is supported. For TLS 1.2 connections, this
+    ///                 function should be called at most once.
+    ///
+    /// \return         \c 0 if successful. In this case, \p session can be used for
+    ///                 session resumption by passing it to mbedtls_ssl_set_session(),
+    ///                 and serialized for storage via mbedtls_ssl_session_save().
+    /// \return         #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if no further session
+    ///                 is available for export.
+    ///                 This error is a non-fatal, and has no observable effect on
+    ///                 the SSL context or the destination session.
+    /// \return         Another negative error code on other kinds of failure.
+    ///
+    /// \sa             mbedtls_ssl_set_session()
+    /// \sa             mbedtls_ssl_session_save()
+    pub fn mbedtls_ssl_get_session(
+        ssl: *const mbedtls_ssl_context,
+        session: *mut mbedtls_ssl_session,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform the SSL handshake
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_SSL_WANT_READ or #MBEDTLS_ERR_SSL_WANT_WRITE
+    ///                 if the handshake is incomplete and waiting for data to
+    ///                 be available for reading from or writing to the underlying
+    ///                 transport - in this case you must call this function again
+    ///                 when the underlying transport is ready for the operation.
+    /// \return         #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if an asynchronous
+    ///                 operation is in progress (see
+    ///                 mbedtls_ssl_conf_async_private_cb()) - in this case you
+    ///                 must call this function again when the operation is ready.
+    /// \return         #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS if a cryptographic
+    ///                 operation is in progress (see mbedtls_ecp_set_max_ops()) -
+    ///                 in this case you must call this function again to complete
+    ///                 the handshake when you're done attending other tasks.
+    /// \return         #MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED if DTLS is in use
+    ///                 and the client did not demonstrate reachability yet - in
+    ///                 this case you must stop using the context (see below).
+    /// \return         Another SSL error code - in this case you must stop using
+    ///                 the context (see below).
+    ///
+    /// \warning        If this function returns something other than
+    ///                 \c 0,
+    ///                 #MBEDTLS_ERR_SSL_WANT_READ,
+    ///                 #MBEDTLS_ERR_SSL_WANT_WRITE,
+    ///                 #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or
+    ///                 #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS,
+    ///                 you must stop using the SSL context for reading or writing,
+    ///                 and either free it or call \c mbedtls_ssl_session_reset()
+    ///                 on it before re-using it for a new connection; the current
+    ///                 connection must be closed.
+    ///
+    /// \note           If DTLS is in use, then you may choose to handle
+    ///                 #MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED specially for logging
+    ///                 purposes, as it is an expected return value rather than an
+    ///                 actual error, but you still need to reset/free the context.
+    ///
+    /// \note           Remarks regarding event-driven DTLS:
+    ///                 If the function returns #MBEDTLS_ERR_SSL_WANT_READ, no datagram
+    ///                 from the underlying transport layer is currently being processed,
+    ///                 and it is safe to idle until the timer or the underlying transport
+    ///                 signal a new event. This is not true for a successful handshake,
+    ///                 in which case the datagram of the underlying transport that is
+    ///                 currently being processed might or might not contain further
+    ///                 DTLS records.
+    ///
+    /// \note           If the context is configured to allow TLS 1.3, or if
+    ///                 #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+    ///                 subsystem must have been initialized by calling
+    ///                 psa_crypto_init() before calling this function.
+    pub fn mbedtls_ssl_handshake(ssl: *mut mbedtls_ssl_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a single step of the SSL handshake
+    ///
+    /// \note           The state of the context (ssl->state) will be at
+    ///                 the next state after this function returns \c 0. Do not
+    ///                 call this function if mbedtls_ssl_is_handshake_over()
+    ///                 returns \c 1.
+    ///
+    /// \warning        Whilst in the past you may have used direct access to the
+    ///                 context state (ssl->state) in order to ascertain when to
+    ///                 stop calling this function and although you can still do
+    ///                 so with something like ssl->MBEDTLS_PRIVATE(state) or by
+    ///                 defining MBEDTLS_ALLOW_PRIVATE_ACCESS, this is now
+    ///                 considered deprecated and could be broken in any future
+    ///                 release. If you still find you have good reason for such
+    ///                 direct access, then please do contact the team to explain
+    ///                 this (raise an issue or post to the mailing list), so that
+    ///                 we can add a solution to your problem that will be
+    ///                 guaranteed to work in the future.
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         See mbedtls_ssl_handshake().
+    ///
+    /// \warning        If this function returns something other than \c 0,
+    ///                 #MBEDTLS_ERR_SSL_WANT_READ, #MBEDTLS_ERR_SSL_WANT_WRITE,
+    ///                 #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or
+    ///                 #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, you must stop using
+    ///                 the SSL context for reading or writing, and either free it
+    ///                 or call \c mbedtls_ssl_session_reset() on it before
+    ///                 re-using it for a new connection; the current connection
+    ///                 must be closed.
+    pub fn mbedtls_ssl_handshake_step(ssl: *mut mbedtls_ssl_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Initiate an SSL renegotiation on the running connection.
+    ///                 Client: perform the renegotiation right now.
+    ///                 Server: request renegotiation, which will be performed
+    ///                 during the next call to mbedtls_ssl_read() if honored by
+    ///                 client.
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         0 if successful, or any mbedtls_ssl_handshake() return
+    ///                 value except #MBEDTLS_ERR_SSL_CLIENT_RECONNECT that can't
+    ///                 happen during a renegotiation.
+    ///
+    /// \warning        If this function returns something other than \c 0,
+    ///                 #MBEDTLS_ERR_SSL_WANT_READ, #MBEDTLS_ERR_SSL_WANT_WRITE,
+    ///                 #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or
+    ///                 #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, you must stop using
+    ///                 the SSL context for reading or writing, and either free it
+    ///                 or call \c mbedtls_ssl_session_reset() on it before
+    ///                 re-using it for a new connection; the current connection
+    ///                 must be closed.
+    pub fn mbedtls_ssl_renegotiate(ssl: *mut mbedtls_ssl_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Read at most 'len' application data bytes
+    ///
+    /// \param ssl      SSL context
+    /// \param buf      buffer that will hold the data
+    /// \param len      maximum number of bytes to read
+    ///
+    /// \return         The (positive) number of bytes read if successful.
+    /// \return         \c 0 if the read end of the underlying transport was closed
+    ///                 without sending a CloseNotify beforehand, which might happen
+    ///                 because of various reasons (internal error of an underlying
+    ///                 stack, non-conformant peer not sending a CloseNotify and
+    ///                 such) - in this case you must stop using the context
+    ///                 (see below).
+    /// \return         #MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY if the underlying
+    ///                 transport is still functional, but the peer has
+    ///                 acknowledged to not send anything anymore.
+    /// \return         #MBEDTLS_ERR_SSL_WANT_READ or #MBEDTLS_ERR_SSL_WANT_WRITE
+    ///                 if the handshake is incomplete and waiting for data to
+    ///                 be available for reading from or writing to the underlying
+    ///                 transport - in this case you must call this function again
+    ///                 when the underlying transport is ready for the operation.
+    /// \return         #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if an asynchronous
+    ///                 operation is in progress (see
+    ///                 mbedtls_ssl_conf_async_private_cb()) - in this case you
+    ///                 must call this function again when the operation is ready.
+    /// \return         #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS if a cryptographic
+    ///                 operation is in progress (see mbedtls_ecp_set_max_ops()) -
+    ///                 in this case you must call this function again to complete
+    ///                 the handshake when you're done attending other tasks.
+    /// \return         #MBEDTLS_ERR_SSL_CLIENT_RECONNECT if we're at the server
+    ///                 side of a DTLS connection and the client is initiating a
+    ///                 new connection using the same source port. See below.
+    /// \return         Another SSL error code - in this case you must stop using
+    ///                 the context (see below).
+    ///
+    /// \warning        If this function returns something other than
+    ///                 a positive value,
+    ///                 #MBEDTLS_ERR_SSL_WANT_READ,
+    ///                 #MBEDTLS_ERR_SSL_WANT_WRITE,
+    ///                 #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS,
+    ///                 #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS or
+    ///                 #MBEDTLS_ERR_SSL_CLIENT_RECONNECT,
+    ///                 you must stop using the SSL context for reading or writing,
+    ///                 and either free it or call \c mbedtls_ssl_session_reset()
+    ///                 on it before re-using it for a new connection; the current
+    ///                 connection must be closed.
+    ///
+    /// \note           When this function returns #MBEDTLS_ERR_SSL_CLIENT_RECONNECT
+    ///                 (which can only happen server-side), it means that a client
+    ///                 is initiating a new connection using the same source port.
+    ///                 You can either treat that as a connection close and wait
+    ///                 for the client to resend a ClientHello, or directly
+    ///                 continue with \c mbedtls_ssl_handshake() with the same
+    ///                 context (as it has been reset internally). Either way, you
+    ///                 must make sure this is seen by the application as a new
+    ///                 connection: application state, if any, should be reset, and
+    ///                 most importantly the identity of the client must be checked
+    ///                 again. WARNING: not validating the identity of the client
+    ///                 again, or not transmitting the new identity to the
+    ///                 application layer, would allow authentication bypass!
+    ///
+    /// \note           Remarks regarding event-driven DTLS:
+    ///                 - If the function returns #MBEDTLS_ERR_SSL_WANT_READ, no datagram
+    ///                   from the underlying transport layer is currently being processed,
+    ///                   and it is safe to idle until the timer or the underlying transport
+    ///                   signal a new event.
+    ///                 - This function may return MBEDTLS_ERR_SSL_WANT_READ even if data was
+    ///                   initially available on the underlying transport, as this data may have
+    ///                   been only e.g. duplicated messages or a renegotiation request.
+    ///                   Therefore, you must be prepared to receive MBEDTLS_ERR_SSL_WANT_READ even
+    ///                   when reacting to an incoming-data event from the underlying transport.
+    ///                 - On success, the datagram of the underlying transport that is currently
+    ///                   being processed may contain further DTLS records. You should call
+    ///                   \c mbedtls_ssl_check_pending to check for remaining records.
+    pub fn mbedtls_ssl_read(
+        ssl: *mut mbedtls_ssl_context,
+        buf: *mut crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Try to write exactly 'len' application data bytes
+    ///
+    /// \warning        This function will do partial writes in some cases. If the
+    ///                 return value is non-negative but less than length, the
+    ///                 function must be called again with updated arguments:
+    ///                 buf + ret, len - ret (if ret is the return value) until
+    ///                 it returns a value equal to the last 'len' argument.
+    ///
+    /// \param ssl      SSL context
+    /// \param buf      buffer holding the data
+    /// \param len      how many bytes must be written
+    ///
+    /// \return         The (non-negative) number of bytes actually written if
+    ///                 successful (may be less than \p len).
+    /// \return         #MBEDTLS_ERR_SSL_WANT_READ or #MBEDTLS_ERR_SSL_WANT_WRITE
+    ///                 if the handshake is incomplete and waiting for data to
+    ///                 be available for reading from or writing to the underlying
+    ///                 transport - in this case you must call this function again
+    ///                 when the underlying transport is ready for the operation.
+    /// \return         #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if an asynchronous
+    ///                 operation is in progress (see
+    ///                 mbedtls_ssl_conf_async_private_cb()) - in this case you
+    ///                 must call this function again when the operation is ready.
+    /// \return         #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS if a cryptographic
+    ///                 operation is in progress (see mbedtls_ecp_set_max_ops()) -
+    ///                 in this case you must call this function again to complete
+    ///                 the handshake when you're done attending other tasks.
+    /// \return         Another SSL error code - in this case you must stop using
+    ///                 the context (see below).
+    ///
+    /// \warning        If this function returns something other than
+    ///                 a non-negative value,
+    ///                 #MBEDTLS_ERR_SSL_WANT_READ,
+    ///                 #MBEDTLS_ERR_SSL_WANT_WRITE,
+    ///                 #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or
+    ///                 #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS,
+    ///                 you must stop using the SSL context for reading or writing,
+    ///                 and either free it or call \c mbedtls_ssl_session_reset()
+    ///                 on it before re-using it for a new connection; the current
+    ///                 connection must be closed.
+    ///
+    /// \note           When this function returns #MBEDTLS_ERR_SSL_WANT_WRITE/READ,
+    ///                 it must be called later with the *same* arguments,
+    ///                 until it returns a value greater than or equal to 0. When
+    ///                 the function returns #MBEDTLS_ERR_SSL_WANT_WRITE there may be
+    ///                 some partial data in the output buffer, however this is not
+    ///                 yet sent.
+    ///
+    /// \note           If the requested length is greater than the maximum
+    ///                 fragment length (either the built-in limit or the one set
+    ///                 or negotiated with the peer), then:
+    ///                 - with TLS, less bytes than requested are written.
+    ///                 - with DTLS, MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned.
+    ///                 \c mbedtls_ssl_get_max_out_record_payload() may be used to
+    ///                 query the active maximum fragment length.
+    ///
+    /// \note           Attempting to write 0 bytes will result in an empty TLS
+    ///                 application record being sent.
+    pub fn mbedtls_ssl_write(
+        ssl: *mut mbedtls_ssl_context,
+        buf: *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Send an alert message
+    ///
+    /// \param ssl       SSL context
+    /// \param level     The alert level of the message
+    ///                  (MBEDTLS_SSL_ALERT_LEVEL_WARNING or MBEDTLS_SSL_ALERT_LEVEL_FATAL)
+    /// \param message   The alert message (SSL_ALERT_MSG_*)
+    ///
+    /// \return          0 if successful, or a specific SSL error code.
+    ///
+    /// \note           If this function returns something other than 0 or
+    ///                 MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using
+    ///                 the SSL context for reading or writing, and either free it or
+    ///                 call \c mbedtls_ssl_session_reset() on it before re-using it
+    ///                 for a new connection; the current connection must be closed.
+    pub fn mbedtls_ssl_send_alert_message(
+        ssl: *mut mbedtls_ssl_context,
+        level: crate::c_types::c_uchar,
+        message: crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Notify the peer that the connection is being closed
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return          0 if successful, or a specific SSL error code.
+    ///
+    /// \note           If this function returns something other than 0 or
+    ///                 MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using
+    ///                 the SSL context for reading or writing, and either free it or
+    ///                 call \c mbedtls_ssl_session_reset() on it before re-using it
+    ///                 for a new connection; the current connection must be closed.
+    pub fn mbedtls_ssl_close_notify(ssl: *mut mbedtls_ssl_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Free referenced items in an SSL context and clear memory
+    ///
+    /// \param ssl      SSL context
+    pub fn mbedtls_ssl_free(ssl: *mut mbedtls_ssl_context);
+}
+extern "C" {
+    /// \brief          Save an active connection as serialized data in a buffer.
+    ///                 This allows the freeing or re-using of the SSL context
+    ///                 while still picking up the connection later in a way that
+    ///                 it entirely transparent to the peer.
+    ///
+    /// \see            mbedtls_ssl_context_load()
+    ///
+    /// \note           The serialized data only contains the data that is
+    ///                 necessary to resume the connection: negotiated protocol
+    ///                 options, session identifier, keys, etc.
+    ///                 Loading a saved SSL context does not restore settings and
+    ///                 state related to how the application accesses the context,
+    ///                 such as configured callback functions, user data, pending
+    ///                 incoming or outgoing data, etc.
+    ///
+    /// \note           This feature is currently only available under certain
+    ///                 conditions, see the documentation of the return value
+    ///                 #MBEDTLS_ERR_SSL_BAD_INPUT_DATA for details.
+    ///
+    /// \note           When this function succeeds, it calls
+    ///                 mbedtls_ssl_session_reset() on \p ssl which as a result is
+    ///                 no longer associated with the connection that has been
+    ///                 serialized. This avoids creating copies of the connection
+    ///                 state. You're then free to either re-use the context
+    ///                 structure for a different connection, or call
+    ///                 mbedtls_ssl_free() on it. See the documentation of
+    ///                 mbedtls_ssl_session_reset() for more details.
+    ///
+    /// \param ssl      The SSL context to save. On success, it is no longer
+    ///                 associated with the connection that has been serialized.
+    /// \param buf      The buffer to write the serialized data to. It must be a
+    ///                 writeable buffer of at least \p buf_len bytes, or may be \c
+    ///                 NULL if \p buf_len is \c 0.
+    /// \param buf_len  The number of bytes available for writing in \p buf.
+    /// \param olen     The size in bytes of the data that has been or would have
+    ///                 been written. It must point to a valid \c size_t.
+    ///
+    /// \note           \p olen is updated to the correct value regardless of
+    ///                 whether \p buf_len was large enough. This makes it possible
+    ///                 to determine the necessary size by calling this function
+    ///                 with \p buf set to \c NULL and \p buf_len to \c 0. However,
+    ///                 the value of \p olen is only guaranteed to be correct when
+    ///                 the function returns #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL or
+    ///                 \c 0. If the return value is different, then the value of
+    ///                 \p olen is undefined.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small.
+    /// \return         #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed
+    ///                 while resetting the context.
+    /// \return         #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if a handshake is in
+    ///                 progress, or there is pending data for reading or sending,
+    ///                 or the connection does not use DTLS 1.2 with an AEAD
+    ///                 ciphersuite, or renegotiation is enabled.
+    pub fn mbedtls_ssl_context_save(
+        ssl: *mut mbedtls_ssl_context,
+        buf: *mut crate::c_types::c_uchar,
+        buf_len: usize,
+        olen: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Load serialized connection data to an SSL context.
+    ///
+    /// \see            mbedtls_ssl_context_save()
+    ///
+    /// \warning        The same serialized data must never be loaded into more
+    ///                 that one context. In order to ensure that, after
+    ///                 successfully loading serialized data to an SSL context, you
+    ///                 should immediately destroy or invalidate all copies of the
+    ///                 serialized data that was loaded. Loading the same data in
+    ///                 more than one context would cause severe security failures
+    ///                 including but not limited to loss of confidentiality.
+    ///
+    /// \note           Before calling this function, the SSL context must be
+    ///                 prepared in one of the two following ways. The first way is
+    ///                 to take a context freshly initialised with
+    ///                 mbedtls_ssl_init() and call mbedtls_ssl_setup() on it with
+    ///                 the same ::mbedtls_ssl_config structure that was used in
+    ///                 the original connection. The second way is to
+    ///                 call mbedtls_ssl_session_reset() on a context that was
+    ///                 previously prepared as above but used in the meantime.
+    ///                 Either way, you must not use the context to perform a
+    ///                 handshake between calling mbedtls_ssl_setup() or
+    ///                 mbedtls_ssl_session_reset() and calling this function. You
+    ///                 may however call other setter functions in that time frame
+    ///                 as indicated in the note below.
+    ///
+    /// \note           Before or after calling this function successfully, you
+    ///                 also need to configure some connection-specific callbacks
+    ///                 and settings before you can use the connection again
+    ///                 (unless they were already set before calling
+    ///                 mbedtls_ssl_session_reset() and the values are suitable for
+    ///                 the present connection). Specifically, you want to call
+    ///                 at least mbedtls_ssl_set_bio(),
+    ///                 mbedtls_ssl_set_timer_cb(), and
+    ///                 mbedtls_ssl_set_user_data_n() or
+    ///                 mbedtls_ssl_set_user_data_p() if they were set originally.
+    ///                 All other SSL setter functions
+    ///                 are not necessary to call, either because they're only used
+    ///                 in handshakes, or because the setting is already saved. You
+    ///                 might choose to call them anyway, for example in order to
+    ///                 share code between the cases of establishing a new
+    ///                 connection and the case of loading an already-established
+    ///                 connection.
+    ///
+    /// \note           If you have new information about the path MTU, you want to
+    ///                 call mbedtls_ssl_set_mtu() after calling this function, as
+    ///                 otherwise this function would overwrite your
+    ///                 newly-configured value with the value that was active when
+    ///                 the context was saved.
+    ///
+    /// \note           When this function returns an error code, it calls
+    ///                 mbedtls_ssl_free() on \p ssl. In this case, you need to
+    ///                 prepare the context with the usual sequence starting with a
+    ///                 call to mbedtls_ssl_init() if you want to use it again.
+    ///
+    /// \param ssl      The SSL context structure to be populated. It must have
+    ///                 been prepared as described in the note above.
+    /// \param buf      The buffer holding the serialized connection data. It must
+    ///                 be a readable buffer of at least \p len bytes.
+    /// \param len      The size of the serialized data in bytes.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed.
+    /// \return         #MBEDTLS_ERR_SSL_VERSION_MISMATCH if the serialized data
+    ///                 comes from a different Mbed TLS version or build.
+    /// \return         #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid.
+    pub fn mbedtls_ssl_context_load(
+        ssl: *mut mbedtls_ssl_context,
+        buf: *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Initialize an SSL configuration context
+    ///                 Just makes the context ready for
+    ///                 mbedtls_ssl_config_defaults() or mbedtls_ssl_config_free().
+    ///
+    /// \note           You need to call mbedtls_ssl_config_defaults() unless you
+    ///                 manually set all of the relevant fields yourself.
+    ///
+    /// \param conf     SSL configuration context
+    pub fn mbedtls_ssl_config_init(conf: *mut mbedtls_ssl_config);
+}
+extern "C" {
+    /// \brief          Load reasonable default SSL configuration values.
+    ///                 (You need to call mbedtls_ssl_config_init() first.)
+    ///
+    /// \param conf     SSL configuration context
+    /// \param endpoint MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER
+    /// \param transport MBEDTLS_SSL_TRANSPORT_STREAM for TLS, or
+    ///                  MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS
+    /// \param preset   a MBEDTLS_SSL_PRESET_XXX value
+    ///
+    /// \note           See \c mbedtls_ssl_conf_transport() for notes on DTLS.
+    ///
+    /// \return         0 if successful, or
+    ///                 MBEDTLS_ERR_XXX_ALLOC_FAILED on memory allocation error.
+    pub fn mbedtls_ssl_config_defaults(
+        conf: *mut mbedtls_ssl_config,
+        endpoint: crate::c_types::c_int,
+        transport: crate::c_types::c_int,
+        preset: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Free an SSL configuration context
+    ///
+    /// \param conf     SSL configuration context
+    pub fn mbedtls_ssl_config_free(conf: *mut mbedtls_ssl_config);
+}
+extern "C" {
+    /// \brief          Initialize SSL session structure
+    ///
+    /// \param session  SSL session
+    pub fn mbedtls_ssl_session_init(session: *mut mbedtls_ssl_session);
+}
+extern "C" {
+    /// \brief          Free referenced items in an SSL session including the
+    ///                 peer certificate and clear memory
+    ///
+    /// \note           A session object can be freed even if the SSL context
+    ///                 that was used to retrieve the session is still in use.
+    ///
+    /// \param session  SSL session
+    pub fn mbedtls_ssl_session_free(session: *mut mbedtls_ssl_session);
+}
+extern "C" {
+    /// \brief          TLS-PRF function for key derivation.
+    ///
+    /// \param prf      The tls_prf type function type to be used.
+    /// \param secret   Secret for the key derivation function.
+    /// \param slen     Length of the secret.
+    /// \param label    String label for the key derivation function,
+    ///                 terminated with null character.
+    /// \param random   Random bytes.
+    /// \param rlen     Length of the random bytes buffer.
+    /// \param dstbuf   The buffer holding the derived key.
+    /// \param dlen     Length of the output buffer.
+    ///
+    /// \return         0 on success. An SSL specific error on failure.
+    pub fn mbedtls_ssl_tls_prf(
+        prf: mbedtls_tls_prf_types,
+        secret: *const crate::c_types::c_uchar,
+        slen: usize,
+        label: *const crate::c_types::c_char,
+        random: *const crate::c_types::c_uchar,
+        rlen: usize,
+        dstbuf: *mut crate::c_types::c_uchar,
+        dlen: usize,
+    ) -> crate::c_types::c_int;
+}
+/// \brief           Entropy poll callback pointer
+///
+/// \param data      Callback-specific data pointer
+/// \param output    Data to fill
+/// \param len       Maximum size to provide
+/// \param olen      The actual amount of bytes put into the buffer (Can be 0)
+///
+/// \return          0 if no critical failures occurred,
+///                  MBEDTLS_ERR_ENTROPY_SOURCE_FAILED otherwise
+pub type mbedtls_entropy_f_source_ptr = ::core::option::Option<
+    unsafe extern "C" fn(
+        data: *mut crate::c_types::c_void,
+        output: *mut crate::c_types::c_uchar,
+        len: usize,
+        olen: *mut usize,
+    ) -> crate::c_types::c_int,
+>;
+/// \brief           Entropy source state
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_entropy_source_state {
+    pub private_f_source: mbedtls_entropy_f_source_ptr,
+    pub private_p_source: *mut crate::c_types::c_void,
+    pub private_size: usize,
+    pub private_threshold: usize,
+    pub private_strong: crate::c_types::c_int,
+}
+/// \brief           Entropy context structure
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_entropy_context {
+    pub private_accumulator_started: crate::c_types::c_int,
+    pub private_accumulator: mbedtls_sha512_context,
+    pub private_source_count: crate::c_types::c_int,
+    pub private_source: [mbedtls_entropy_source_state; 20usize],
+}
+extern "C" {
+    /// \brief           Initialize the context
+    ///
+    /// \param ctx       Entropy context to initialize
+    pub fn mbedtls_entropy_init(ctx: *mut mbedtls_entropy_context);
+}
+extern "C" {
+    /// \brief           Free the data in the context
+    ///
+    /// \param ctx       Entropy context to free
+    pub fn mbedtls_entropy_free(ctx: *mut mbedtls_entropy_context);
+}
+extern "C" {
+    /// \brief           Adds an entropy source to poll
+    ///                  (Thread-safe if MBEDTLS_THREADING_C is enabled)
+    ///
+    /// \param ctx       Entropy context
+    /// \param f_source  Entropy function
+    /// \param p_source  Function data
+    /// \param threshold Minimum required from source before entropy is released
+    ///                  ( with mbedtls_entropy_func() ) (in bytes)
+    /// \param strong    MBEDTLS_ENTROPY_SOURCE_STRONG or
+    ///                  MBEDTLS_ENTROPY_SOURCE_WEAK.
+    ///                  At least one strong source needs to be added.
+    ///                  Weaker sources (such as the cycle counter) can be used as
+    ///                  a complement.
+    ///
+    /// \return          0 if successful or MBEDTLS_ERR_ENTROPY_MAX_SOURCES
+    pub fn mbedtls_entropy_add_source(
+        ctx: *mut mbedtls_entropy_context,
+        f_source: mbedtls_entropy_f_source_ptr,
+        p_source: *mut crate::c_types::c_void,
+        threshold: usize,
+        strong: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Trigger an extra gather poll for the accumulator
+    ///                  (Thread-safe if MBEDTLS_THREADING_C is enabled)
+    ///
+    /// \param ctx       Entropy context
+    ///
+    /// \return          0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+    pub fn mbedtls_entropy_gather(ctx: *mut mbedtls_entropy_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Retrieve entropy from the accumulator
+    ///                  (Maximum length: MBEDTLS_ENTROPY_BLOCK_SIZE)
+    ///                  (Thread-safe if MBEDTLS_THREADING_C is enabled)
+    ///
+    /// \param data      Entropy context
+    /// \param output    Buffer to fill
+    /// \param len       Number of bytes desired, must be at most MBEDTLS_ENTROPY_BLOCK_SIZE
+    ///
+    /// \return          0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+    pub fn mbedtls_entropy_func(
+        data: *mut crate::c_types::c_void,
+        output: *mut crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Add data to the accumulator manually
+    ///                  (Thread-safe if MBEDTLS_THREADING_C is enabled)
+    ///
+    /// \param ctx       Entropy context
+    /// \param data      Data to add
+    /// \param len       Length of data
+    ///
+    /// \return          0 if successful
+    pub fn mbedtls_entropy_update_manual(
+        ctx: *mut mbedtls_entropy_context,
+        data: *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Checkup routine
+    ///
+    ///                 This module self-test also calls the entropy self-test,
+    ///                 mbedtls_entropy_source_self_test();
+    ///
+    /// \return         0 if successful, or 1 if a test failed
+    pub fn mbedtls_entropy_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief   Set the threshold error level to handle globally all debug output.
+    ///          Debug messages that have a level over the threshold value are
+    ///          discarded.
+    ///          (Default value: 0 = No debug )
+    ///
+    /// \param threshold     threshold level of messages to filter on. Messages at a
+    ///                      higher level will be discarded.
+    ///                          - Debug levels
+    ///                              - 0 No debug
+    ///                              - 1 Error
+    ///                              - 2 State change
+    ///                              - 3 Informational
+    ///                              - 4 Verbose
+    pub fn mbedtls_debug_set_threshold(threshold: crate::c_types::c_int);
+}
+extern "C" {
+    /// \brief    Print a message to the debug output. This function is always used
+    ///          through the MBEDTLS_SSL_DEBUG_MSG() macro, which supplies the ssl
+    ///          context, file and line number parameters.
+    ///
+    /// \param ssl       SSL context
+    /// \param level     error level of the debug message
+    /// \param file      file the message has occurred in
+    /// \param line      line number the message has occurred at
+    /// \param format    format specifier, in printf format
+    /// \param ...       variables used by the format specifier
+    ///
+    /// \attention       This function is intended for INTERNAL usage within the
+    ///                  library only.
+    pub fn mbedtls_debug_print_msg(
+        ssl: *const mbedtls_ssl_context,
+        level: crate::c_types::c_int,
+        file: *const crate::c_types::c_char,
+        line: crate::c_types::c_int,
+        format: *const crate::c_types::c_char,
+        ...
+    );
+}
+extern "C" {
+    /// \brief   Print the return value of a function to the debug output. This
+    ///          function is always used through the MBEDTLS_SSL_DEBUG_RET() macro,
+    ///          which supplies the ssl context, file and line number parameters.
+    ///
+    /// \param ssl       SSL context
+    /// \param level     error level of the debug message
+    /// \param file      file the error has occurred in
+    /// \param line      line number the error has occurred in
+    /// \param text      the name of the function that returned the error
+    /// \param ret       the return code value
+    ///
+    /// \attention       This function is intended for INTERNAL usage within the
+    ///                  library only.
+    pub fn mbedtls_debug_print_ret(
+        ssl: *const mbedtls_ssl_context,
+        level: crate::c_types::c_int,
+        file: *const crate::c_types::c_char,
+        line: crate::c_types::c_int,
+        text: *const crate::c_types::c_char,
+        ret: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief   Output a buffer of size len bytes to the debug output. This function
+    ///          is always used through the MBEDTLS_SSL_DEBUG_BUF() macro,
+    ///          which supplies the ssl context, file and line number parameters.
+    ///
+    /// \param ssl       SSL context
+    /// \param level     error level of the debug message
+    /// \param file      file the error has occurred in
+    /// \param line      line number the error has occurred in
+    /// \param text      a name or label for the buffer being dumped. Normally the
+    ///                  variable or buffer name
+    /// \param buf       the buffer to be outputted
+    /// \param len       length of the buffer
+    ///
+    /// \attention       This function is intended for INTERNAL usage within the
+    ///                  library only.
+    pub fn mbedtls_debug_print_buf(
+        ssl: *const mbedtls_ssl_context,
+        level: crate::c_types::c_int,
+        file: *const crate::c_types::c_char,
+        line: crate::c_types::c_int,
+        text: *const crate::c_types::c_char,
+        buf: *const crate::c_types::c_uchar,
+        len: usize,
+    );
+}
+extern "C" {
+    /// \brief   Print a MPI variable to the debug output. This function is always
+    ///          used through the MBEDTLS_SSL_DEBUG_MPI() macro, which supplies the
+    ///          ssl context, file and line number parameters.
+    ///
+    /// \param ssl       SSL context
+    /// \param level     error level of the debug message
+    /// \param file      file the error has occurred in
+    /// \param line      line number the error has occurred in
+    /// \param text      a name or label for the MPI being output. Normally the
+    ///                  variable name
+    /// \param X         the MPI variable
+    ///
+    /// \attention       This function is intended for INTERNAL usage within the
+    ///                  library only.
+    pub fn mbedtls_debug_print_mpi(
+        ssl: *const mbedtls_ssl_context,
+        level: crate::c_types::c_int,
+        file: *const crate::c_types::c_char,
+        line: crate::c_types::c_int,
+        text: *const crate::c_types::c_char,
+        X: *const mbedtls_mpi,
+    );
+}
+extern "C" {
+    /// \brief   Print an ECP point to the debug output. This function is always
+    ///          used through the MBEDTLS_SSL_DEBUG_ECP() macro, which supplies the
+    ///          ssl context, file and line number parameters.
+    ///
+    /// \param ssl       SSL context
+    /// \param level     error level of the debug message
+    /// \param file      file the error has occurred in
+    /// \param line      line number the error has occurred in
+    /// \param text      a name or label for the ECP point being output. Normally the
+    ///                  variable name
+    /// \param X         the ECP point
+    ///
+    /// \attention       This function is intended for INTERNAL usage within the
+    ///                  library only.
+    pub fn mbedtls_debug_print_ecp(
+        ssl: *const mbedtls_ssl_context,
+        level: crate::c_types::c_int,
+        file: *const crate::c_types::c_char,
+        line: crate::c_types::c_int,
+        text: *const crate::c_types::c_char,
+        X: *const mbedtls_ecp_point,
+    );
+}
+extern "C" {
+    /// \brief   Print a X.509 certificate structure to the debug output. This
+    ///          function is always used through the MBEDTLS_SSL_DEBUG_CRT() macro,
+    ///          which supplies the ssl context, file and line number parameters.
+    ///
+    /// \param ssl       SSL context
+    /// \param level     error level of the debug message
+    /// \param file      file the error has occurred in
+    /// \param line      line number the error has occurred in
+    /// \param text      a name or label for the certificate being output
+    /// \param crt       X.509 certificate structure
+    ///
+    /// \attention       This function is intended for INTERNAL usage within the
+    ///                  library only.
+    pub fn mbedtls_debug_print_crt(
+        ssl: *const mbedtls_ssl_context,
+        level: crate::c_types::c_int,
+        file: *const crate::c_types::c_char,
+        line: crate::c_types::c_int,
+        text: *const crate::c_types::c_char,
+        crt: *const mbedtls_x509_crt,
+    );
+}
+pub const mbedtls_debug_ecdh_attr_MBEDTLS_DEBUG_ECDH_Q: mbedtls_debug_ecdh_attr = 0;
+pub const mbedtls_debug_ecdh_attr_MBEDTLS_DEBUG_ECDH_QP: mbedtls_debug_ecdh_attr = 1;
+pub const mbedtls_debug_ecdh_attr_MBEDTLS_DEBUG_ECDH_Z: mbedtls_debug_ecdh_attr = 2;
+pub type mbedtls_debug_ecdh_attr = crate::c_types::c_uint;
+extern "C" {
+    /// \brief   Print a field of the ECDH structure in the SSL context to the debug
+    ///          output. This function is always used through the
+    ///          MBEDTLS_SSL_DEBUG_ECDH() macro, which supplies the ssl context, file
+    ///          and line number parameters.
+    ///
+    /// \param ssl       SSL context
+    /// \param level     error level of the debug message
+    /// \param file      file the error has occurred in
+    /// \param line      line number the error has occurred in
+    /// \param ecdh      the ECDH context
+    /// \param attr      the identifier of the attribute being output
+    ///
+    /// \attention       This function is intended for INTERNAL usage within the
+    ///                  library only.
+    pub fn mbedtls_debug_printf_ecdh(
+        ssl: *const mbedtls_ssl_context,
+        level: crate::c_types::c_int,
+        file: *const crate::c_types::c_char,
+        line: crate::c_types::c_int,
+        ecdh: *const mbedtls_ecdh_context,
+        attr: mbedtls_debug_ecdh_attr,
+    );
+}
+/// \brief The AES context-type definition.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_aes_context {
+    pub private_nr: crate::c_types::c_int,
+    pub private_rk_offset: usize,
+    pub private_buf: [u32; 68usize],
+}
+/// \brief The AES XTS context-type definition.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_aes_xts_context {
+    pub private_crypt: mbedtls_aes_context,
+    pub private_tweak: mbedtls_aes_context,
+}
+extern "C" {
+    /// \brief          This function initializes the specified AES context.
+    ///
+    ///                 It must be the first API called before using
+    ///                 the context.
+    ///
+    /// \param ctx      The AES context to initialize. This must not be \c NULL.
+    pub fn mbedtls_aes_init(ctx: *mut mbedtls_aes_context);
+}
+extern "C" {
+    /// \brief          This function releases and clears the specified AES context.
+    ///
+    /// \param ctx      The AES context to clear.
+    ///                 If this is \c NULL, this function does nothing.
+    ///                 Otherwise, the context must have been at least initialized.
+    pub fn mbedtls_aes_free(ctx: *mut mbedtls_aes_context);
+}
+extern "C" {
+    /// \brief          This function initializes the specified AES XTS context.
+    ///
+    ///                 It must be the first API called before using
+    ///                 the context.
+    ///
+    /// \param ctx      The AES XTS context to initialize. This must not be \c NULL.
+    pub fn mbedtls_aes_xts_init(ctx: *mut mbedtls_aes_xts_context);
+}
+extern "C" {
+    /// \brief          This function releases and clears the specified AES XTS context.
+    ///
+    /// \param ctx      The AES XTS context to clear.
+    ///                 If this is \c NULL, this function does nothing.
+    ///                 Otherwise, the context must have been at least initialized.
+    pub fn mbedtls_aes_xts_free(ctx: *mut mbedtls_aes_xts_context);
+}
+extern "C" {
+    /// \brief          This function sets the encryption key.
+    ///
+    /// \param ctx      The AES context to which the key should be bound.
+    ///                 It must be initialized.
+    /// \param key      The encryption key.
+    ///                 This must be a readable buffer of size \p keybits bits.
+    /// \param keybits  The size of data passed in bits. Valid options are:
+    ///                 <ul><li>128 bits</li>
+    ///                 <li>192 bits</li>
+    ///                 <li>256 bits</li></ul>
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
+    pub fn mbedtls_aes_setkey_enc(
+        ctx: *mut mbedtls_aes_context,
+        key: *const crate::c_types::c_uchar,
+        keybits: crate::c_types::c_uint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function sets the decryption key.
+    ///
+    /// \param ctx      The AES context to which the key should be bound.
+    ///                 It must be initialized.
+    /// \param key      The decryption key.
+    ///                 This must be a readable buffer of size \p keybits bits.
+    /// \param keybits  The size of data passed. Valid options are:
+    ///                 <ul><li>128 bits</li>
+    ///                 <li>192 bits</li>
+    ///                 <li>256 bits</li></ul>
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
+    pub fn mbedtls_aes_setkey_dec(
+        ctx: *mut mbedtls_aes_context,
+        key: *const crate::c_types::c_uchar,
+        keybits: crate::c_types::c_uint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function prepares an XTS context for encryption and
+    ///                 sets the encryption key.
+    ///
+    /// \param ctx      The AES XTS context to which the key should be bound.
+    ///                 It must be initialized.
+    /// \param key      The encryption key. This is comprised of the XTS key1
+    ///                 concatenated with the XTS key2.
+    ///                 This must be a readable buffer of size \p keybits bits.
+    /// \param keybits  The size of \p key passed in bits. Valid options are:
+    ///                 <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li>
+    ///                 <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul>
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
+    pub fn mbedtls_aes_xts_setkey_enc(
+        ctx: *mut mbedtls_aes_xts_context,
+        key: *const crate::c_types::c_uchar,
+        keybits: crate::c_types::c_uint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function prepares an XTS context for decryption and
+    ///                 sets the decryption key.
+    ///
+    /// \param ctx      The AES XTS context to which the key should be bound.
+    ///                 It must be initialized.
+    /// \param key      The decryption key. This is comprised of the XTS key1
+    ///                 concatenated with the XTS key2.
+    ///                 This must be a readable buffer of size \p keybits bits.
+    /// \param keybits  The size of \p key passed in bits. Valid options are:
+    ///                 <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li>
+    ///                 <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul>
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
+    pub fn mbedtls_aes_xts_setkey_dec(
+        ctx: *mut mbedtls_aes_xts_context,
+        key: *const crate::c_types::c_uchar,
+        keybits: crate::c_types::c_uint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs an AES single-block encryption or
+    ///                 decryption operation.
+    ///
+    ///                 It performs the operation defined in the \p mode parameter
+    ///                 (encrypt or decrypt), on the input data buffer defined in
+    ///                 the \p input parameter.
+    ///
+    ///                 mbedtls_aes_init(), and either mbedtls_aes_setkey_enc() or
+    ///                 mbedtls_aes_setkey_dec() must be called before the first
+    ///                 call to this API with the same context.
+    ///
+    /// \param ctx      The AES context to use for encryption or decryption.
+    ///                 It must be initialized and bound to a key.
+    /// \param mode     The AES operation: #MBEDTLS_AES_ENCRYPT or
+    ///                 #MBEDTLS_AES_DECRYPT.
+    /// \param input    The buffer holding the input data.
+    ///                 It must be readable and at least \c 16 Bytes long.
+    /// \param output   The buffer where the output data will be written.
+    ///                 It must be writeable and at least \c 16 Bytes long.
+    ///
+    /// \return         \c 0 on success.
+    pub fn mbedtls_aes_crypt_ecb(
+        ctx: *mut mbedtls_aes_context,
+        mode: crate::c_types::c_int,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief  This function performs an AES-CBC encryption or decryption operation
+    ///         on full blocks.
+    ///
+    ///         It performs the operation defined in the \p mode
+    ///         parameter (encrypt/decrypt), on the input data buffer defined in
+    ///         the \p input parameter.
+    ///
+    ///         It can be called as many times as needed, until all the input
+    ///         data is processed. mbedtls_aes_init(), and either
+    ///         mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called
+    ///         before the first call to this API with the same context.
+    ///
+    /// \note   This function operates on full blocks, that is, the input size
+    ///         must be a multiple of the AES block size of \c 16 Bytes.
+    ///
+    /// \note   Upon exit, the content of the IV is updated so that you can
+    ///         call the same function again on the next
+    ///         block(s) of data and get the same result as if it was
+    ///         encrypted in one call. This allows a "streaming" usage.
+    ///         If you need to retain the contents of the IV, you should
+    ///         either save it manually or use the cipher module instead.
+    ///
+    ///
+    /// \param ctx      The AES context to use for encryption or decryption.
+    ///                 It must be initialized and bound to a key.
+    /// \param mode     The AES operation: #MBEDTLS_AES_ENCRYPT or
+    ///                 #MBEDTLS_AES_DECRYPT.
+    /// \param length   The length of the input data in Bytes. This must be a
+    ///                 multiple of the block size (\c 16 Bytes).
+    /// \param iv       Initialization vector (updated after use).
+    ///                 It must be a readable and writeable buffer of \c 16 Bytes.
+    /// \param input    The buffer holding the input data.
+    ///                 It must be readable and of size \p length Bytes.
+    /// \param output   The buffer holding the output data.
+    ///                 It must be writeable and of size \p length Bytes.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
+    ///                 on failure.
+    pub fn mbedtls_aes_crypt_cbc(
+        ctx: *mut mbedtls_aes_context,
+        mode: crate::c_types::c_int,
+        length: usize,
+        iv: *mut crate::c_types::c_uchar,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief      This function performs an AES-XTS encryption or decryption
+    ///             operation for an entire XTS data unit.
+    ///
+    ///             AES-XTS encrypts or decrypts blocks based on their location as
+    ///             defined by a data unit number. The data unit number must be
+    ///             provided by \p data_unit.
+    ///
+    ///             NIST SP 800-38E limits the maximum size of a data unit to 2^20
+    ///             AES blocks. If the data unit is larger than this, this function
+    ///             returns #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH.
+    ///
+    /// \param ctx          The AES XTS context to use for AES XTS operations.
+    ///                     It must be initialized and bound to a key.
+    /// \param mode         The AES operation: #MBEDTLS_AES_ENCRYPT or
+    ///                     #MBEDTLS_AES_DECRYPT.
+    /// \param length       The length of a data unit in Bytes. This can be any
+    ///                     length between 16 bytes and 2^24 bytes inclusive
+    ///                     (between 1 and 2^20 block cipher blocks).
+    /// \param data_unit    The address of the data unit encoded as an array of 16
+    ///                     bytes in little-endian format. For disk encryption, this
+    ///                     is typically the index of the block device sector that
+    ///                     contains the data.
+    /// \param input        The buffer holding the input data (which is an entire
+    ///                     data unit). This function reads \p length Bytes from \p
+    ///                     input.
+    /// \param output       The buffer holding the output data (which is an entire
+    ///                     data unit). This function writes \p length Bytes to \p
+    ///                     output.
+    ///
+    /// \return             \c 0 on success.
+    /// \return             #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH if \p length is
+    ///                     smaller than an AES block in size (16 Bytes) or if \p
+    ///                     length is larger than 2^20 blocks (16 MiB).
+    pub fn mbedtls_aes_crypt_xts(
+        ctx: *mut mbedtls_aes_xts_context,
+        mode: crate::c_types::c_int,
+        length: usize,
+        data_unit: *const crate::c_types::c_uchar,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief This function performs an AES-CFB128 encryption or decryption
+    ///        operation.
+    ///
+    ///        It performs the operation defined in the \p mode
+    ///        parameter (encrypt or decrypt), on the input data buffer
+    ///        defined in the \p input parameter.
+    ///
+    ///        For CFB, you must set up the context with mbedtls_aes_setkey_enc(),
+    ///        regardless of whether you are performing an encryption or decryption
+    ///        operation, that is, regardless of the \p mode parameter. This is
+    ///        because CFB mode uses the same key schedule for encryption and
+    ///        decryption.
+    ///
+    /// \note  Upon exit, the content of the IV is updated so that you can
+    ///        call the same function again on the next
+    ///        block(s) of data and get the same result as if it was
+    ///        encrypted in one call. This allows a "streaming" usage.
+    ///        If you need to retain the contents of the
+    ///        IV, you must either save it manually or use the cipher
+    ///        module instead.
+    ///
+    ///
+    /// \param ctx      The AES context to use for encryption or decryption.
+    ///                 It must be initialized and bound to a key.
+    /// \param mode     The AES operation: #MBEDTLS_AES_ENCRYPT or
+    ///                 #MBEDTLS_AES_DECRYPT.
+    /// \param length   The length of the input data in Bytes.
+    /// \param iv_off   The offset in IV (updated after use).
+    ///                 It must point to a valid \c size_t.
+    /// \param iv       The initialization vector (updated after use).
+    ///                 It must be a readable and writeable buffer of \c 16 Bytes.
+    /// \param input    The buffer holding the input data.
+    ///                 It must be readable and of size \p length Bytes.
+    /// \param output   The buffer holding the output data.
+    ///                 It must be writeable and of size \p length Bytes.
+    ///
+    /// \return         \c 0 on success.
+    pub fn mbedtls_aes_crypt_cfb128(
+        ctx: *mut mbedtls_aes_context,
+        mode: crate::c_types::c_int,
+        length: usize,
+        iv_off: *mut usize,
+        iv: *mut crate::c_types::c_uchar,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief This function performs an AES-CFB8 encryption or decryption
+    ///        operation.
+    ///
+    ///        It performs the operation defined in the \p mode
+    ///        parameter (encrypt/decrypt), on the input data buffer defined
+    ///        in the \p input parameter.
+    ///
+    ///        Due to the nature of CFB, you must use the same key schedule for
+    ///        both encryption and decryption operations. Therefore, you must
+    ///        use the context initialized with mbedtls_aes_setkey_enc() for
+    ///        both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT.
+    ///
+    /// \note  Upon exit, the content of the IV is updated so that you can
+    ///        call the same function again on the next
+    ///        block(s) of data and get the same result as if it was
+    ///        encrypted in one call. This allows a "streaming" usage.
+    ///        If you need to retain the contents of the
+    ///        IV, you should either save it manually or use the cipher
+    ///        module instead.
+    ///
+    ///
+    /// \param ctx      The AES context to use for encryption or decryption.
+    ///                 It must be initialized and bound to a key.
+    /// \param mode     The AES operation: #MBEDTLS_AES_ENCRYPT or
+    ///                 #MBEDTLS_AES_DECRYPT
+    /// \param length   The length of the input data.
+    /// \param iv       The initialization vector (updated after use).
+    ///                 It must be a readable and writeable buffer of \c 16 Bytes.
+    /// \param input    The buffer holding the input data.
+    ///                 It must be readable and of size \p length Bytes.
+    /// \param output   The buffer holding the output data.
+    ///                 It must be writeable and of size \p length Bytes.
+    ///
+    /// \return         \c 0 on success.
+    pub fn mbedtls_aes_crypt_cfb8(
+        ctx: *mut mbedtls_aes_context,
+        mode: crate::c_types::c_int,
+        length: usize,
+        iv: *mut crate::c_types::c_uchar,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       This function performs an AES-OFB (Output Feedback Mode)
+    ///              encryption or decryption operation.
+    ///
+    ///              For OFB, you must set up the context with
+    ///              mbedtls_aes_setkey_enc(), regardless of whether you are
+    ///              performing an encryption or decryption operation. This is
+    ///              because OFB mode uses the same key schedule for encryption and
+    ///              decryption.
+    ///
+    ///              The OFB operation is identical for encryption or decryption,
+    ///              therefore no operation mode needs to be specified.
+    ///
+    /// \note        Upon exit, the content of iv, the Initialisation Vector, is
+    ///              updated so that you can call the same function again on the next
+    ///              block(s) of data and get the same result as if it was encrypted
+    ///              in one call. This allows a "streaming" usage, by initialising
+    ///              iv_off to 0 before the first call, and preserving its value
+    ///              between calls.
+    ///
+    ///              For non-streaming use, the iv should be initialised on each call
+    ///              to a unique value, and iv_off set to 0 on each call.
+    ///
+    ///              If you need to retain the contents of the initialisation vector,
+    ///              you must either save it manually or use the cipher module
+    ///              instead.
+    ///
+    /// \warning     For the OFB mode, the initialisation vector must be unique
+    ///              every encryption operation. Reuse of an initialisation vector
+    ///              will compromise security.
+    ///
+    /// \param ctx      The AES context to use for encryption or decryption.
+    ///                 It must be initialized and bound to a key.
+    /// \param length   The length of the input data.
+    /// \param iv_off   The offset in IV (updated after use).
+    ///                 It must point to a valid \c size_t.
+    /// \param iv       The initialization vector (updated after use).
+    ///                 It must be a readable and writeable buffer of \c 16 Bytes.
+    /// \param input    The buffer holding the input data.
+    ///                 It must be readable and of size \p length Bytes.
+    /// \param output   The buffer holding the output data.
+    ///                 It must be writeable and of size \p length Bytes.
+    ///
+    /// \return         \c 0 on success.
+    pub fn mbedtls_aes_crypt_ofb(
+        ctx: *mut mbedtls_aes_context,
+        length: usize,
+        iv_off: *mut usize,
+        iv: *mut crate::c_types::c_uchar,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief      This function performs an AES-CTR encryption or decryption
+    ///             operation.
+    ///
+    ///             Due to the nature of CTR, you must use the same key schedule
+    ///             for both encryption and decryption operations. Therefore, you
+    ///             must use the context initialized with mbedtls_aes_setkey_enc()
+    ///             for both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT.
+    ///
+    /// \warning    You must never reuse a nonce value with the same key. Doing so
+    ///             would void the encryption for the two messages encrypted with
+    ///             the same nonce and key.
+    ///
+    ///             There are two common strategies for managing nonces with CTR:
+    ///
+    ///             1. You can handle everything as a single message processed over
+    ///             successive calls to this function. In that case, you want to
+    ///             set \p nonce_counter and \p nc_off to 0 for the first call, and
+    ///             then preserve the values of \p nonce_counter, \p nc_off and \p
+    ///             stream_block across calls to this function as they will be
+    ///             updated by this function.
+    ///
+    ///             With this strategy, you must not encrypt more than 2**128
+    ///             blocks of data with the same key.
+    ///
+    ///             2. You can encrypt separate messages by dividing the \p
+    ///             nonce_counter buffer in two areas: the first one used for a
+    ///             per-message nonce, handled by yourself, and the second one
+    ///             updated by this function internally.
+    ///
+    ///             For example, you might reserve the first 12 bytes for the
+    ///             per-message nonce, and the last 4 bytes for internal use. In that
+    ///             case, before calling this function on a new message you need to
+    ///             set the first 12 bytes of \p nonce_counter to your chosen nonce
+    ///             value, the last 4 to 0, and \p nc_off to 0 (which will cause \p
+    ///             stream_block to be ignored). That way, you can encrypt at most
+    ///             2**96 messages of up to 2**32 blocks each with the same key.
+    ///
+    ///             The per-message nonce (or information sufficient to reconstruct
+    ///             it) needs to be communicated with the ciphertext and must be unique.
+    ///             The recommended way to ensure uniqueness is to use a message
+    ///             counter. An alternative is to generate random nonces, but this
+    ///             limits the number of messages that can be securely encrypted:
+    ///             for example, with 96-bit random nonces, you should not encrypt
+    ///             more than 2**32 messages with the same key.
+    ///
+    ///             Note that for both strategies, sizes are measured in blocks and
+    ///             that an AES block is 16 bytes.
+    ///
+    /// \warning    Upon return, \p stream_block contains sensitive data. Its
+    ///             content must not be written to insecure storage and should be
+    ///             securely discarded as soon as it's no longer needed.
+    ///
+    /// \param ctx              The AES context to use for encryption or decryption.
+    ///                         It must be initialized and bound to a key.
+    /// \param length           The length of the input data.
+    /// \param nc_off           The offset in the current \p stream_block, for
+    ///                         resuming within the current cipher stream. The
+    ///                         offset pointer should be 0 at the start of a stream.
+    ///                         It must point to a valid \c size_t.
+    /// \param nonce_counter    The 128-bit nonce and counter.
+    ///                         It must be a readable-writeable buffer of \c 16 Bytes.
+    /// \param stream_block     The saved stream block for resuming. This is
+    ///                         overwritten by the function.
+    ///                         It must be a readable-writeable buffer of \c 16 Bytes.
+    /// \param input            The buffer holding the input data.
+    ///                         It must be readable and of size \p length Bytes.
+    /// \param output           The buffer holding the output data.
+    ///                         It must be writeable and of size \p length Bytes.
+    ///
+    /// \return                 \c 0 on success.
+    pub fn mbedtls_aes_crypt_ctr(
+        ctx: *mut mbedtls_aes_context,
+        length: usize,
+        nc_off: *mut usize,
+        nonce_counter: *mut crate::c_types::c_uchar,
+        stream_block: *mut crate::c_types::c_uchar,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Internal AES block encryption function. This is only
+    ///                  exposed to allow overriding it using
+    ///                  \c MBEDTLS_AES_ENCRYPT_ALT.
+    ///
+    /// \param ctx       The AES context to use for encryption.
+    /// \param input     The plaintext block.
+    /// \param output    The output (ciphertext) block.
+    ///
+    /// \return          \c 0 on success.
+    pub fn mbedtls_internal_aes_encrypt(
+        ctx: *mut mbedtls_aes_context,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Internal AES block decryption function. This is only
+    ///                  exposed to allow overriding it using see
+    ///                  \c MBEDTLS_AES_DECRYPT_ALT.
+    ///
+    /// \param ctx       The AES context to use for decryption.
+    /// \param input     The ciphertext block.
+    /// \param output    The output (plaintext) block.
+    ///
+    /// \return          \c 0 on success.
+    pub fn mbedtls_internal_aes_decrypt(
+        ctx: *mut mbedtls_aes_context,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Checkup routine.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_aes_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+/// \brief          The CTR_DRBG context structure.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ctr_drbg_context {
+    pub private_counter: [crate::c_types::c_uchar; 16usize],
+    pub private_reseed_counter: crate::c_types::c_int,
+    pub private_prediction_resistance: crate::c_types::c_int,
+    pub private_entropy_len: usize,
+    pub private_reseed_interval: crate::c_types::c_int,
+    pub private_aes_ctx: mbedtls_aes_context,
+    pub private_f_entropy: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut crate::c_types::c_void,
+            arg2: *mut crate::c_types::c_uchar,
+            arg3: usize,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_p_entropy: *mut crate::c_types::c_void,
+}
+extern "C" {
+    /// \brief               This function initializes the CTR_DRBG context,
+    ///                      and prepares it for mbedtls_ctr_drbg_seed()
+    ///                      or mbedtls_ctr_drbg_free().
+    ///
+    /// \note                The reseed interval is
+    ///                      #MBEDTLS_CTR_DRBG_RESEED_INTERVAL by default.
+    ///                      You can override it by calling
+    ///                      mbedtls_ctr_drbg_set_reseed_interval().
+    ///
+    /// \param ctx           The CTR_DRBG context to initialize.
+    pub fn mbedtls_ctr_drbg_init(ctx: *mut mbedtls_ctr_drbg_context);
+}
+extern "C" {
+    /// - The \p custom string.
+    ///
+    /// \note                To achieve the nominal security strength permitted
+    ///                      by CTR_DRBG, the entropy length must be:
+    ///                      - at least 16 bytes for a 128-bit strength
+    ///                      (maximum achievable strength when using AES-128);
+    ///                      - at least 32 bytes for a 256-bit strength
+    ///                      (maximum achievable strength when using AES-256).
+    ///
+    ///                      In addition, if you do not pass a nonce in \p custom,
+    ///                      the sum of the entropy length
+    ///                      and the entropy nonce length must be:
+    ///                      - at least 24 bytes for a 128-bit strength
+    ///                      (maximum achievable strength when using AES-128);
+    ///                      - at least 48 bytes for a 256-bit strength
+    ///                      (maximum achievable strength when using AES-256).
+    ///
+    /// \param ctx           The CTR_DRBG context to seed.
+    ///                      It must have been initialized with
+    ///                      mbedtls_ctr_drbg_init().
+    ///                      After a successful call to mbedtls_ctr_drbg_seed(),
+    ///                      you may not call mbedtls_ctr_drbg_seed() again on
+    ///                      the same context unless you call
+    ///                      mbedtls_ctr_drbg_free() and mbedtls_ctr_drbg_init()
+    ///                      again first.
+    ///                      After a failed call to mbedtls_ctr_drbg_seed(),
+    ///                      you must call mbedtls_ctr_drbg_free().
+    /// \param f_entropy     The entropy callback, taking as arguments the
+    ///                      \p p_entropy context, the buffer to fill, and the
+    ///                      length of the buffer.
+    ///                      \p f_entropy is always called with a buffer size
+    ///                      less than or equal to the entropy length.
+    /// \param p_entropy     The entropy context to pass to \p f_entropy.
+    /// \param custom        The personalization string.
+    ///                      This can be \c NULL, in which case the personalization
+    ///                      string is empty regardless of the value of \p len.
+    /// \param len           The length of the personalization string.
+    ///                      This must be at most
+    ///                      #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT
+    ///                      - #MBEDTLS_CTR_DRBG_ENTROPY_LEN.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
+    pub fn mbedtls_ctr_drbg_seed(
+        ctx: *mut mbedtls_ctr_drbg_context,
+        f_entropy: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_entropy: *mut crate::c_types::c_void,
+        custom: *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function resets CTR_DRBG context to the state immediately
+    ///                      after initial call of mbedtls_ctr_drbg_init().
+    ///
+    /// \param ctx           The CTR_DRBG context to clear.
+    pub fn mbedtls_ctr_drbg_free(ctx: *mut mbedtls_ctr_drbg_context);
+}
+extern "C" {
+    /// \brief               This function turns prediction resistance on or off.
+    ///                      The default value is off.
+    ///
+    /// \note                If enabled, entropy is gathered at the beginning of
+    ///                      every call to mbedtls_ctr_drbg_random_with_add()
+    ///                      or mbedtls_ctr_drbg_random().
+    ///                      Only use this if your entropy source has sufficient
+    ///                      throughput.
+    ///
+    /// \param ctx           The CTR_DRBG context.
+    /// \param resistance    #MBEDTLS_CTR_DRBG_PR_ON or #MBEDTLS_CTR_DRBG_PR_OFF.
+    pub fn mbedtls_ctr_drbg_set_prediction_resistance(
+        ctx: *mut mbedtls_ctr_drbg_context,
+        resistance: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief               This function sets the amount of entropy grabbed on each
+    ///                      seed or reseed.
+    ///
+    /// The default value is #MBEDTLS_CTR_DRBG_ENTROPY_LEN.
+    ///
+    /// \note                The security strength of CTR_DRBG is bounded by the
+    ///                      entropy length. Thus:
+    ///                      - When using AES-256
+    ///                        (\c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is disabled,
+    ///                        which is the default),
+    ///                        \p len must be at least 32 (in bytes)
+    ///                        to achieve a 256-bit strength.
+    ///                      - When using AES-128
+    ///                        (\c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is enabled)
+    ///                        \p len must be at least 16 (in bytes)
+    ///                        to achieve a 128-bit strength.
+    ///
+    /// \param ctx           The CTR_DRBG context.
+    /// \param len           The amount of entropy to grab, in bytes.
+    ///                      This must be at most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT
+    ///                      and at most the maximum length accepted by the
+    ///                      entropy function that is set in the context.
+    pub fn mbedtls_ctr_drbg_set_entropy_len(ctx: *mut mbedtls_ctr_drbg_context, len: usize);
+}
+extern "C" {
+    /// \brief               This function sets the amount of entropy grabbed
+    ///                      as a nonce for the initial seeding.
+    ///
+    /// Call this function before calling mbedtls_ctr_drbg_seed() to read
+    /// a nonce from the entropy source during the initial seeding.
+    ///
+    /// \param ctx           The CTR_DRBG context.
+    /// \param len           The amount of entropy to grab for the nonce, in bytes.
+    ///                      This must be at most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT
+    ///                      and at most the maximum length accepted by the
+    ///                      entropy function that is set in the context.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if \p len is
+    ///                      more than #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
+    /// \return              #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
+    ///                      if the initial seeding has already taken place.
+    pub fn mbedtls_ctr_drbg_set_nonce_len(
+        ctx: *mut mbedtls_ctr_drbg_context,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function sets the reseed interval.
+    ///
+    /// The reseed interval is the number of calls to mbedtls_ctr_drbg_random()
+    /// or mbedtls_ctr_drbg_random_with_add() after which the entropy function
+    /// is called again.
+    ///
+    /// The default value is #MBEDTLS_CTR_DRBG_RESEED_INTERVAL.
+    ///
+    /// \param ctx           The CTR_DRBG context.
+    /// \param interval      The reseed interval.
+    pub fn mbedtls_ctr_drbg_set_reseed_interval(
+        ctx: *mut mbedtls_ctr_drbg_context,
+        interval: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief               This function reseeds the CTR_DRBG context, that is
+    ///                      extracts data from the entropy source.
+    ///
+    /// \note                This function is not thread-safe. It is not safe
+    ///                      to call this function if another thread might be
+    ///                      concurrently obtaining random numbers from the same
+    ///                      context or updating or reseeding the same context.
+    ///
+    /// \param ctx           The CTR_DRBG context.
+    /// \param additional    Additional data to add to the state. Can be \c NULL.
+    /// \param len           The length of the additional data.
+    ///                      This must be less than
+    ///                      #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - \c entropy_len
+    ///                      where \c entropy_len is the entropy length
+    ///                      configured for the context.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
+    pub fn mbedtls_ctr_drbg_reseed(
+        ctx: *mut mbedtls_ctr_drbg_context,
+        additional: *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief              This function updates the state of the CTR_DRBG context.
+    ///
+    /// \note                This function is not thread-safe. It is not safe
+    ///                      to call this function if another thread might be
+    ///                      concurrently obtaining random numbers from the same
+    ///                      context or updating or reseeding the same context.
+    ///
+    /// \param ctx          The CTR_DRBG context.
+    /// \param additional   The data to update the state with. This must not be
+    ///                     \c NULL unless \p add_len is \c 0.
+    /// \param add_len      Length of \p additional in bytes. This must be at
+    ///                     most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
+    ///
+    /// \return             \c 0 on success.
+    /// \return             #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if
+    ///                     \p add_len is more than
+    ///                     #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
+    /// \return             An error from the underlying AES cipher on failure.
+    pub fn mbedtls_ctr_drbg_update(
+        ctx: *mut mbedtls_ctr_drbg_context,
+        additional: *const crate::c_types::c_uchar,
+        add_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief   This function updates a CTR_DRBG instance with additional
+    ///          data and uses it to generate random data.
+    ///
+    /// This function automatically reseeds if the reseed counter is exceeded
+    /// or prediction resistance is enabled.
+    ///
+    /// \note                This function is not thread-safe. It is not safe
+    ///                      to call this function if another thread might be
+    ///                      concurrently obtaining random numbers from the same
+    ///                      context or updating or reseeding the same context.
+    ///
+    /// \param p_rng         The CTR_DRBG context. This must be a pointer to a
+    ///                      #mbedtls_ctr_drbg_context structure.
+    /// \param output        The buffer to fill.
+    /// \param output_len    The length of the buffer in bytes.
+    /// \param additional    Additional data to update. Can be \c NULL, in which
+    ///                      case the additional data is empty regardless of
+    ///                      the value of \p add_len.
+    /// \param add_len       The length of the additional data
+    ///                      if \p additional is not \c NULL.
+    ///                      This must be less than #MBEDTLS_CTR_DRBG_MAX_INPUT
+    ///                      and less than
+    ///                      #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - \c entropy_len
+    ///                      where \c entropy_len is the entropy length
+    ///                      configured for the context.
+    ///
+    /// \return    \c 0 on success.
+    /// \return    #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
+    ///            #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure.
+    pub fn mbedtls_ctr_drbg_random_with_add(
+        p_rng: *mut crate::c_types::c_void,
+        output: *mut crate::c_types::c_uchar,
+        output_len: usize,
+        additional: *const crate::c_types::c_uchar,
+        add_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \param p_rng         The CTR_DRBG context. This must be a pointer to a
+    ///                      #mbedtls_ctr_drbg_context structure.
+    /// \param output        The buffer to fill.
+    /// \param output_len    The length of the buffer in bytes.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
+    ///                      #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure.
+    pub fn mbedtls_ctr_drbg_random(
+        p_rng: *mut crate::c_types::c_void,
+        output: *mut crate::c_types::c_uchar,
+        output_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               The CTR_DRBG checkup routine.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              \c 1 on failure.
+    pub fn mbedtls_ctr_drbg_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
diff --git a/esp-mbedtls-sys/src/include/esp32s3.rs b/esp-mbedtls-sys/src/include/esp32s3.rs
new file mode 100644
index 0000000..34a5e23
--- /dev/null
+++ b/esp-mbedtls-sys/src/include/esp32s3.rs
@@ -0,0 +1,22631 @@
+/* automatically generated by rust-bindgen 0.68.1 */
+
+#![allow(
+    non_camel_case_types,
+    non_snake_case,
+    non_upper_case_globals,
+    dead_code
+)]
+
+#[repr(C)]
+#[derive(Copy, Clone, Debug, Default, Eq, Hash, Ord, PartialEq, PartialOrd)]
+pub struct __BindgenBitfieldUnit<Storage> {
+    storage: Storage,
+}
+impl<Storage> __BindgenBitfieldUnit<Storage> {
+    #[inline]
+    pub const fn new(storage: Storage) -> Self {
+        Self { storage }
+    }
+}
+impl<Storage> __BindgenBitfieldUnit<Storage>
+where
+    Storage: AsRef<[u8]> + AsMut<[u8]>,
+{
+    #[inline]
+    pub fn get_bit(&self, index: usize) -> bool {
+        debug_assert!(index / 8 < self.storage.as_ref().len());
+        let byte_index = index / 8;
+        let byte = self.storage.as_ref()[byte_index];
+        let bit_index = if cfg!(target_endian = "big") {
+            7 - (index % 8)
+        } else {
+            index % 8
+        };
+        let mask = 1 << bit_index;
+        byte & mask == mask
+    }
+    #[inline]
+    pub fn set_bit(&mut self, index: usize, val: bool) {
+        debug_assert!(index / 8 < self.storage.as_ref().len());
+        let byte_index = index / 8;
+        let byte = &mut self.storage.as_mut()[byte_index];
+        let bit_index = if cfg!(target_endian = "big") {
+            7 - (index % 8)
+        } else {
+            index % 8
+        };
+        let mask = 1 << bit_index;
+        if val {
+            *byte |= mask;
+        } else {
+            *byte &= !mask;
+        }
+    }
+    #[inline]
+    pub fn get(&self, bit_offset: usize, bit_width: u8) -> u64 {
+        debug_assert!(bit_width <= 64);
+        debug_assert!(bit_offset / 8 < self.storage.as_ref().len());
+        debug_assert!((bit_offset + (bit_width as usize)) / 8 <= self.storage.as_ref().len());
+        let mut val = 0;
+        for i in 0..(bit_width as usize) {
+            if self.get_bit(i + bit_offset) {
+                let index = if cfg!(target_endian = "big") {
+                    bit_width as usize - 1 - i
+                } else {
+                    i
+                };
+                val |= 1 << index;
+            }
+        }
+        val
+    }
+    #[inline]
+    pub fn set(&mut self, bit_offset: usize, bit_width: u8, val: u64) {
+        debug_assert!(bit_width <= 64);
+        debug_assert!(bit_offset / 8 < self.storage.as_ref().len());
+        debug_assert!((bit_offset + (bit_width as usize)) / 8 <= self.storage.as_ref().len());
+        for i in 0..(bit_width as usize) {
+            let mask = 1 << i;
+            let val_bit_is_set = val & mask == mask;
+            let index = if cfg!(target_endian = "big") {
+                bit_width as usize - 1 - i
+            } else {
+                i
+            };
+            self.set_bit(index + bit_offset, val_bit_is_set);
+        }
+    }
+}
+pub const MBEDTLS_CONFIG_FILE: &[u8; 9] = b"config.h\0";
+pub const MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT: u32 = 0;
+pub const MBEDTLS_SSL_MAX_EARLY_DATA_SIZE: u32 = 1024;
+pub const MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE: u32 = 6000;
+pub const MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH: u32 = 32;
+pub const MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS: u32 = 1;
+pub const MBEDTLS_VERSION_MAJOR: u32 = 3;
+pub const MBEDTLS_VERSION_MINOR: u32 = 4;
+pub const MBEDTLS_VERSION_PATCH: u32 = 0;
+pub const MBEDTLS_VERSION_NUMBER: u32 = 50593792;
+pub const MBEDTLS_VERSION_STRING: &[u8; 6] = b"3.4.0\0";
+pub const MBEDTLS_VERSION_STRING_FULL: &[u8; 15] = b"mbed TLS 3.4.0\0";
+pub const MBEDTLS_PSA_BUILTIN_ALG_CCM: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG: u32 = 1;
+pub const PSA_WANT_ALG_CCM: u32 = 1;
+pub const PSA_WANT_ALG_CCM_STAR_NO_TAG: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_CMAC: u32 = 1;
+pub const PSA_WANT_ALG_CMAC: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_ECDH: u32 = 1;
+pub const PSA_WANT_ALG_ECDH: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_ECDSA: u32 = 1;
+pub const PSA_WANT_ALG_ECDSA: u32 = 1;
+pub const PSA_WANT_ALG_ECDSA_ANY: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA: u32 = 1;
+pub const PSA_WANT_ALG_DETERMINISTIC_ECDSA: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_ECC_KEY_PAIR: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_GCM: u32 = 1;
+pub const PSA_WANT_ALG_GCM: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_HMAC: u32 = 1;
+pub const PSA_WANT_ALG_HMAC: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_HKDF: u32 = 1;
+pub const PSA_WANT_ALG_HKDF: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT: u32 = 1;
+pub const PSA_WANT_ALG_HKDF_EXTRACT: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND: u32 = 1;
+pub const PSA_WANT_ALG_HKDF_EXPAND: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF: u32 = 1;
+pub const PSA_WANT_ALG_TLS12_PRF: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS: u32 = 1;
+pub const PSA_WANT_ALG_TLS12_PSK_TO_MS: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_MD5: u32 = 1;
+pub const PSA_WANT_ALG_MD5: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_PAKE: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_JPAKE: u32 = 1;
+pub const PSA_WANT_ALG_JPAKE: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160: u32 = 1;
+pub const PSA_WANT_ALG_RIPEMD160: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT: u32 = 1;
+pub const PSA_WANT_ALG_RSA_PKCS1V15_CRYPT: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN: u32 = 1;
+pub const PSA_WANT_ALG_RSA_PKCS1V15_SIGN: u32 = 1;
+pub const PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP: u32 = 1;
+pub const PSA_WANT_ALG_RSA_OAEP: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS: u32 = 1;
+pub const PSA_WANT_ALG_RSA_PSS: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_RSA_KEY_PAIR: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_SHA_1: u32 = 1;
+pub const PSA_WANT_ALG_SHA_1: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_SHA_224: u32 = 1;
+pub const PSA_WANT_ALG_SHA_224: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_SHA_256: u32 = 1;
+pub const PSA_WANT_ALG_SHA_256: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_SHA_384: u32 = 1;
+pub const PSA_WANT_ALG_SHA_384: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_SHA_512: u32 = 1;
+pub const PSA_WANT_ALG_SHA_512: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_AES: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_ARIA: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_CAMELLIA: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_DES: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS: u32 = 1;
+pub const PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_CHACHA20: u32 = 1;
+pub const PSA_WANT_ALG_STREAM_CIPHER: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER: u32 = 1;
+pub const PSA_WANT_ALG_CHACHA20_POLY1305: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING: u32 = 1;
+pub const PSA_WANT_ALG_CBC_NO_PADDING: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7: u32 = 1;
+pub const PSA_WANT_ALG_CBC_PKCS7: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING: u32 = 1;
+pub const PSA_WANT_ALG_ECB_NO_PADDING: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_CFB: u32 = 1;
+pub const PSA_WANT_ALG_CFB: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_CTR: u32 = 1;
+pub const PSA_WANT_ALG_CTR: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ALG_OFB: u32 = 1;
+pub const PSA_WANT_ALG_OFB: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256: u32 = 1;
+pub const PSA_HAVE_FULL_ECDSA: u32 = 1;
+pub const PSA_HAVE_FULL_JPAKE: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_DERIVE: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_PASSWORD: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_PASSWORD_HASH: u32 = 1;
+pub const PSA_WANT_KEY_TYPE_RAW_DATA: u32 = 1;
+pub const _LIBC_LIMITS_H_: u32 = 1;
+pub const __NEWLIB_H__: u32 = 1;
+pub const _NEWLIB_VERSION_H__: u32 = 1;
+pub const _NEWLIB_VERSION: &[u8; 6] = b"3.3.0\0";
+pub const __NEWLIB__: u32 = 3;
+pub const __NEWLIB_MINOR__: u32 = 3;
+pub const __NEWLIB_PATCHLEVEL__: u32 = 0;
+pub const _WANT_IO_C99_FORMATS: u32 = 1;
+pub const _WANT_IO_LONG_LONG: u32 = 1;
+pub const _WANT_IO_POS_ARGS: u32 = 1;
+pub const _WANT_REENT_SMALL: u32 = 1;
+pub const _REENT_CHECK_VERIFY: u32 = 1;
+pub const _MB_LEN_MAX: u32 = 1;
+pub const _ICONV_ENABLED: u32 = 1;
+pub const HAVE_INITFINI_ARRAY: u32 = 1;
+pub const _ATEXIT_DYNAMIC_ALLOC: u32 = 1;
+pub const _HAVE_LONG_DOUBLE: u32 = 1;
+pub const _HAVE_CC_INHIBIT_LOOP_TO_LIBCALL: u32 = 1;
+pub const _LDBL_EQ_DBL: u32 = 1;
+pub const _FVWRITE_IN_STREAMIO: u32 = 1;
+pub const _FSEEK_OPTIMIZATION: u32 = 1;
+pub const _UNBUF_STREAM_OPT: u32 = 1;
+pub const _RETARGETABLE_LOCKING: u32 = 1;
+pub const _WANT_USE_LONG_TIME_T: u32 = 1;
+pub const _DEFAULT_SOURCE: u32 = 1;
+pub const _POSIX_SOURCE: u32 = 1;
+pub const _POSIX_C_SOURCE: u32 = 200809;
+pub const _ATFILE_SOURCE: u32 = 1;
+pub const __ATFILE_VISIBLE: u32 = 1;
+pub const __BSD_VISIBLE: u32 = 1;
+pub const __GNU_VISIBLE: u32 = 0;
+pub const __ISO_C_VISIBLE: u32 = 2011;
+pub const __LARGEFILE_VISIBLE: u32 = 0;
+pub const __MISC_VISIBLE: u32 = 1;
+pub const __POSIX_VISIBLE: u32 = 200809;
+pub const __SVID_VISIBLE: u32 = 1;
+pub const __XSI_VISIBLE: u32 = 0;
+pub const __SSP_FORTIFY_LEVEL: u32 = 0;
+pub const _POSIX_THREADS: u32 = 1;
+pub const _POSIX_TIMEOUTS: u32 = 1;
+pub const _POSIX_TIMERS: u32 = 1;
+pub const _POSIX_MONOTONIC_CLOCK: u32 = 200112;
+pub const _POSIX_CLOCK_SELECTION: u32 = 200112;
+pub const _UNIX98_THREAD_MUTEX_ATTRIBUTES: u32 = 1;
+pub const __have_longlong64: u32 = 1;
+pub const __have_long32: u32 = 1;
+pub const ___int8_t_defined: u32 = 1;
+pub const ___int16_t_defined: u32 = 1;
+pub const ___int32_t_defined: u32 = 1;
+pub const ___int64_t_defined: u32 = 1;
+pub const ___int_least8_t_defined: u32 = 1;
+pub const ___int_least16_t_defined: u32 = 1;
+pub const ___int_least32_t_defined: u32 = 1;
+pub const ___int_least64_t_defined: u32 = 1;
+pub const __GNUCLIKE_ASM: u32 = 3;
+pub const __GNUCLIKE___TYPEOF: u32 = 1;
+pub const __GNUCLIKE___OFFSETOF: u32 = 1;
+pub const __GNUCLIKE___SECTION: u32 = 1;
+pub const __GNUCLIKE_CTOR_SECTION_HANDLING: u32 = 1;
+pub const __GNUCLIKE_BUILTIN_CONSTANT_P: u32 = 1;
+pub const __GNUCLIKE_BUILTIN_VARARGS: u32 = 1;
+pub const __GNUCLIKE_BUILTIN_STDARG: u32 = 1;
+pub const __GNUCLIKE_BUILTIN_VAALIST: u32 = 1;
+pub const __GNUC_VA_LIST_COMPATIBILITY: u32 = 1;
+pub const __GNUCLIKE_BUILTIN_NEXT_ARG: u32 = 1;
+pub const __GNUCLIKE_BUILTIN_MEMCPY: u32 = 1;
+pub const __CC_SUPPORTS_INLINE: u32 = 1;
+pub const __CC_SUPPORTS___INLINE: u32 = 1;
+pub const __CC_SUPPORTS___INLINE__: u32 = 1;
+pub const __CC_SUPPORTS___FUNC__: u32 = 1;
+pub const __CC_SUPPORTS_WARNING: u32 = 1;
+pub const __CC_SUPPORTS_VARADIC_XXX: u32 = 1;
+pub const __CC_SUPPORTS_DYNAMIC_ARRAY_INIT: u32 = 1;
+pub const ARG_MAX: u32 = 4096;
+pub const CHILD_MAX: u32 = 40;
+pub const LINK_MAX: u32 = 32767;
+pub const MAX_CANON: u32 = 255;
+pub const MAX_INPUT: u32 = 255;
+pub const NAME_MAX: u32 = 255;
+pub const NGROUPS_MAX: u32 = 16;
+pub const OPEN_MAX: u32 = 64;
+pub const PATH_MAX: u32 = 1024;
+pub const PIPE_BUF: u32 = 512;
+pub const IOV_MAX: u32 = 1024;
+pub const BC_BASE_MAX: u32 = 99;
+pub const BC_DIM_MAX: u32 = 2048;
+pub const BC_SCALE_MAX: u32 = 99;
+pub const BC_STRING_MAX: u32 = 1000;
+pub const COLL_WEIGHTS_MAX: u32 = 0;
+pub const EXPR_NEST_MAX: u32 = 32;
+pub const LINE_MAX: u32 = 2048;
+pub const RE_DUP_MAX: u32 = 255;
+pub const MB_LEN_MAX: u32 = 1;
+pub const NL_ARGMAX: u32 = 32;
+pub const _POSIX2_RE_DUP_MAX: u32 = 255;
+pub const __int20: u32 = 2;
+pub const __int20__: u32 = 2;
+pub const __INT8: &[u8; 3] = b"hh\0";
+pub const __INT16: &[u8; 2] = b"h\0";
+pub const __INT64: &[u8; 3] = b"ll\0";
+pub const __FAST8: &[u8; 3] = b"hh\0";
+pub const __FAST16: &[u8; 2] = b"h\0";
+pub const __FAST64: &[u8; 3] = b"ll\0";
+pub const __LEAST8: &[u8; 3] = b"hh\0";
+pub const __LEAST16: &[u8; 2] = b"h\0";
+pub const __LEAST64: &[u8; 3] = b"ll\0";
+pub const __int8_t_defined: u32 = 1;
+pub const __int16_t_defined: u32 = 1;
+pub const __int32_t_defined: u32 = 1;
+pub const __int64_t_defined: u32 = 1;
+pub const __int_least8_t_defined: u32 = 1;
+pub const __int_least16_t_defined: u32 = 1;
+pub const __int_least32_t_defined: u32 = 1;
+pub const __int_least64_t_defined: u32 = 1;
+pub const __int_fast8_t_defined: u32 = 1;
+pub const __int_fast16_t_defined: u32 = 1;
+pub const __int_fast32_t_defined: u32 = 1;
+pub const __int_fast64_t_defined: u32 = 1;
+pub const WINT_MIN: u32 = 0;
+pub const MBEDTLS_ERR_MPI_FILE_IO_ERROR: i32 = -2;
+pub const MBEDTLS_ERR_MPI_BAD_INPUT_DATA: i32 = -4;
+pub const MBEDTLS_ERR_MPI_INVALID_CHARACTER: i32 = -6;
+pub const MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL: i32 = -8;
+pub const MBEDTLS_ERR_MPI_NEGATIVE_VALUE: i32 = -10;
+pub const MBEDTLS_ERR_MPI_DIVISION_BY_ZERO: i32 = -12;
+pub const MBEDTLS_ERR_MPI_NOT_ACCEPTABLE: i32 = -14;
+pub const MBEDTLS_ERR_MPI_ALLOC_FAILED: i32 = -16;
+pub const MBEDTLS_MPI_MAX_LIMBS: u32 = 10000;
+pub const MBEDTLS_MPI_WINDOW_SIZE: u32 = 2;
+pub const MBEDTLS_MPI_MAX_SIZE: u32 = 1024;
+pub const MBEDTLS_MPI_MAX_BITS: u32 = 8192;
+pub const MBEDTLS_MPI_MAX_BITS_SCALE100: u32 = 819200;
+pub const MBEDTLS_LN_2_DIV_LN_10_SCALE100: u32 = 332;
+pub const MBEDTLS_MPI_RW_BUFFER_SIZE: u32 = 2484;
+pub const MBEDTLS_ERR_ECP_BAD_INPUT_DATA: i32 = -20352;
+pub const MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL: i32 = -20224;
+pub const MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE: i32 = -20096;
+pub const MBEDTLS_ERR_ECP_VERIFY_FAILED: i32 = -19968;
+pub const MBEDTLS_ERR_ECP_ALLOC_FAILED: i32 = -19840;
+pub const MBEDTLS_ERR_ECP_RANDOM_FAILED: i32 = -19712;
+pub const MBEDTLS_ERR_ECP_INVALID_KEY: i32 = -19584;
+pub const MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH: i32 = -19456;
+pub const MBEDTLS_ERR_ECP_IN_PROGRESS: i32 = -19200;
+pub const MBEDTLS_ECP_DP_MAX: u32 = 14;
+pub const MBEDTLS_ECP_WINDOW_SIZE: u32 = 4;
+pub const MBEDTLS_ECP_FIXED_POINT_OPTIM: u32 = 1;
+pub const MBEDTLS_ECP_MAX_BITS: u32 = 521;
+pub const MBEDTLS_ECP_MAX_BYTES: u32 = 66;
+pub const MBEDTLS_ECP_MAX_PT_LEN: u32 = 133;
+pub const MBEDTLS_ECP_PF_UNCOMPRESSED: u32 = 0;
+pub const MBEDTLS_ECP_PF_COMPRESSED: u32 = 1;
+pub const MBEDTLS_ECP_TLS_NAMED_CURVE: u32 = 3;
+pub const MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE: i32 = -20608;
+pub const MBEDTLS_ERR_MD_BAD_INPUT_DATA: i32 = -20736;
+pub const MBEDTLS_ERR_MD_ALLOC_FAILED: i32 = -20864;
+pub const MBEDTLS_ERR_MD_FILE_IO_ERROR: i32 = -20992;
+pub const MBEDTLS_MD_MAX_SIZE: u32 = 64;
+pub const MBEDTLS_MD_MAX_BLOCK_SIZE: u32 = 128;
+pub const MBEDTLS_ERR_RSA_BAD_INPUT_DATA: i32 = -16512;
+pub const MBEDTLS_ERR_RSA_INVALID_PADDING: i32 = -16640;
+pub const MBEDTLS_ERR_RSA_KEY_GEN_FAILED: i32 = -16768;
+pub const MBEDTLS_ERR_RSA_KEY_CHECK_FAILED: i32 = -16896;
+pub const MBEDTLS_ERR_RSA_PUBLIC_FAILED: i32 = -17024;
+pub const MBEDTLS_ERR_RSA_PRIVATE_FAILED: i32 = -17152;
+pub const MBEDTLS_ERR_RSA_VERIFY_FAILED: i32 = -17280;
+pub const MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE: i32 = -17408;
+pub const MBEDTLS_ERR_RSA_RNG_FAILED: i32 = -17536;
+pub const MBEDTLS_RSA_PKCS_V15: u32 = 0;
+pub const MBEDTLS_RSA_PKCS_V21: u32 = 1;
+pub const MBEDTLS_RSA_SIGN: u32 = 1;
+pub const MBEDTLS_RSA_CRYPT: u32 = 2;
+pub const MBEDTLS_RSA_SALT_LEN_ANY: i32 = -1;
+pub const MBEDTLS_ERR_PK_ALLOC_FAILED: i32 = -16256;
+pub const MBEDTLS_ERR_PK_TYPE_MISMATCH: i32 = -16128;
+pub const MBEDTLS_ERR_PK_BAD_INPUT_DATA: i32 = -16000;
+pub const MBEDTLS_ERR_PK_FILE_IO_ERROR: i32 = -15872;
+pub const MBEDTLS_ERR_PK_KEY_INVALID_VERSION: i32 = -15744;
+pub const MBEDTLS_ERR_PK_KEY_INVALID_FORMAT: i32 = -15616;
+pub const MBEDTLS_ERR_PK_UNKNOWN_PK_ALG: i32 = -15488;
+pub const MBEDTLS_ERR_PK_PASSWORD_REQUIRED: i32 = -15360;
+pub const MBEDTLS_ERR_PK_PASSWORD_MISMATCH: i32 = -15232;
+pub const MBEDTLS_ERR_PK_INVALID_PUBKEY: i32 = -15104;
+pub const MBEDTLS_ERR_PK_INVALID_ALG: i32 = -14976;
+pub const MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE: i32 = -14848;
+pub const MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE: i32 = -14720;
+pub const MBEDTLS_ERR_PK_SIG_LEN_MISMATCH: i32 = -14592;
+pub const MBEDTLS_ERR_PK_BUFFER_TOO_SMALL: i32 = -14464;
+pub const MBEDTLS_PK_SIGNATURE_MAX_SIZE: u32 = 0;
+pub const MBEDTLS_PK_DEBUG_MAX_ITEMS: u32 = 3;
+pub const MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE: i32 = -24704;
+pub const MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA: i32 = -24832;
+pub const MBEDTLS_ERR_CIPHER_ALLOC_FAILED: i32 = -24960;
+pub const MBEDTLS_ERR_CIPHER_INVALID_PADDING: i32 = -25088;
+pub const MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED: i32 = -25216;
+pub const MBEDTLS_ERR_CIPHER_AUTH_FAILED: i32 = -25344;
+pub const MBEDTLS_ERR_CIPHER_INVALID_CONTEXT: i32 = -25472;
+pub const MBEDTLS_CIPHER_VARIABLE_IV_LEN: u32 = 1;
+pub const MBEDTLS_CIPHER_VARIABLE_KEY_LEN: u32 = 2;
+pub const MBEDTLS_MAX_IV_LENGTH: u32 = 16;
+pub const MBEDTLS_MAX_BLOCK_LENGTH: u32 = 16;
+pub const MBEDTLS_MAX_KEY_LENGTH: u32 = 64;
+pub const MBEDTLS_TLS_RSA_WITH_NULL_MD5: u32 = 1;
+pub const MBEDTLS_TLS_RSA_WITH_NULL_SHA: u32 = 2;
+pub const MBEDTLS_TLS_PSK_WITH_NULL_SHA: u32 = 44;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA: u32 = 45;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA: u32 = 46;
+pub const MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA: u32 = 47;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA: u32 = 51;
+pub const MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA: u32 = 53;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA: u32 = 57;
+pub const MBEDTLS_TLS_RSA_WITH_NULL_SHA256: u32 = 59;
+pub const MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256: u32 = 60;
+pub const MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256: u32 = 61;
+pub const MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: u32 = 65;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: u32 = 69;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: u32 = 103;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: u32 = 107;
+pub const MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: u32 = 132;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: u32 = 136;
+pub const MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA: u32 = 140;
+pub const MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA: u32 = 141;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA: u32 = 144;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA: u32 = 145;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA: u32 = 148;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA: u32 = 149;
+pub const MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256: u32 = 156;
+pub const MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384: u32 = 157;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: u32 = 158;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: u32 = 159;
+pub const MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256: u32 = 168;
+pub const MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384: u32 = 169;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256: u32 = 170;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384: u32 = 171;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256: u32 = 172;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384: u32 = 173;
+pub const MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256: u32 = 174;
+pub const MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384: u32 = 175;
+pub const MBEDTLS_TLS_PSK_WITH_NULL_SHA256: u32 = 176;
+pub const MBEDTLS_TLS_PSK_WITH_NULL_SHA384: u32 = 177;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256: u32 = 178;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384: u32 = 179;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256: u32 = 180;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384: u32 = 181;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256: u32 = 182;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384: u32 = 183;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256: u32 = 184;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384: u32 = 185;
+pub const MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256: u32 = 186;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256: u32 = 190;
+pub const MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256: u32 = 192;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256: u32 = 196;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA: u32 = 49153;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: u32 = 49156;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: u32 = 49157;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA: u32 = 49158;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: u32 = 49161;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: u32 = 49162;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA: u32 = 49163;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: u32 = 49166;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: u32 = 49167;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA: u32 = 49168;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: u32 = 49171;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: u32 = 49172;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: u32 = 49187;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: u32 = 49188;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256: u32 = 49189;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384: u32 = 49190;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: u32 = 49191;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: u32 = 49192;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256: u32 = 49193;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384: u32 = 49194;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: u32 = 49195;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: u32 = 49196;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256: u32 = 49197;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384: u32 = 49198;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: u32 = 49199;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: u32 = 49200;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256: u32 = 49201;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384: u32 = 49202;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA: u32 = 49205;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA: u32 = 49206;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256: u32 = 49207;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384: u32 = 49208;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA: u32 = 49209;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256: u32 = 49210;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384: u32 = 49211;
+pub const MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256: u32 = 49212;
+pub const MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384: u32 = 49213;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256: u32 = 49220;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384: u32 = 49221;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256: u32 = 49224;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384: u32 = 49225;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256: u32 = 49226;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384: u32 = 49227;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256: u32 = 49228;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384: u32 = 49229;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256: u32 = 49230;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384: u32 = 49231;
+pub const MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256: u32 = 49232;
+pub const MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384: u32 = 49233;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256: u32 = 49234;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384: u32 = 49235;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256: u32 = 49244;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384: u32 = 49245;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256: u32 = 49246;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384: u32 = 49247;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256: u32 = 49248;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384: u32 = 49249;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256: u32 = 49250;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384: u32 = 49251;
+pub const MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256: u32 = 49252;
+pub const MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384: u32 = 49253;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256: u32 = 49254;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384: u32 = 49255;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256: u32 = 49256;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384: u32 = 49257;
+pub const MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256: u32 = 49258;
+pub const MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384: u32 = 49259;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256: u32 = 49260;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384: u32 = 49261;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256: u32 = 49262;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384: u32 = 49263;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256: u32 = 49264;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384: u32 = 49265;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256: u32 = 49266;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384: u32 = 49267;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256: u32 = 49268;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384: u32 = 49269;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256: u32 = 49270;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384: u32 = 49271;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256: u32 = 49272;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384: u32 = 49273;
+pub const MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256: u32 = 49274;
+pub const MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384: u32 = 49275;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256: u32 = 49276;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384: u32 = 49277;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256: u32 = 49286;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384: u32 = 49287;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256: u32 = 49288;
+pub const MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384: u32 = 49289;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256: u32 = 49290;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384: u32 = 49291;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256: u32 = 49292;
+pub const MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384: u32 = 49293;
+pub const MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256: u32 = 49294;
+pub const MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384: u32 = 49295;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256: u32 = 49296;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384: u32 = 49297;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256: u32 = 49298;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384: u32 = 49299;
+pub const MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256: u32 = 49300;
+pub const MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384: u32 = 49301;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256: u32 = 49302;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384: u32 = 49303;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256: u32 = 49304;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384: u32 = 49305;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256: u32 = 49306;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384: u32 = 49307;
+pub const MBEDTLS_TLS_RSA_WITH_AES_128_CCM: u32 = 49308;
+pub const MBEDTLS_TLS_RSA_WITH_AES_256_CCM: u32 = 49309;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM: u32 = 49310;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM: u32 = 49311;
+pub const MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8: u32 = 49312;
+pub const MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8: u32 = 49313;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8: u32 = 49314;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8: u32 = 49315;
+pub const MBEDTLS_TLS_PSK_WITH_AES_128_CCM: u32 = 49316;
+pub const MBEDTLS_TLS_PSK_WITH_AES_256_CCM: u32 = 49317;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM: u32 = 49318;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM: u32 = 49319;
+pub const MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8: u32 = 49320;
+pub const MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8: u32 = 49321;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8: u32 = 49322;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8: u32 = 49323;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM: u32 = 49324;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM: u32 = 49325;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8: u32 = 49326;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8: u32 = 49327;
+pub const MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8: u32 = 49407;
+pub const MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: u32 = 52392;
+pub const MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: u32 = 52393;
+pub const MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256: u32 = 52394;
+pub const MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256: u32 = 52395;
+pub const MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256: u32 = 52396;
+pub const MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256: u32 = 52397;
+pub const MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256: u32 = 52398;
+pub const MBEDTLS_TLS1_3_AES_128_GCM_SHA256: u32 = 4865;
+pub const MBEDTLS_TLS1_3_AES_256_GCM_SHA384: u32 = 4866;
+pub const MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256: u32 = 4867;
+pub const MBEDTLS_TLS1_3_AES_128_CCM_SHA256: u32 = 4868;
+pub const MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256: u32 = 4869;
+pub const MBEDTLS_CIPHERSUITE_WEAK: u32 = 1;
+pub const MBEDTLS_CIPHERSUITE_SHORT_TAG: u32 = 2;
+pub const MBEDTLS_CIPHERSUITE_NODTLS: u32 = 4;
+pub const PSA_CRYPTO_API_VERSION_MAJOR: u32 = 1;
+pub const PSA_CRYPTO_API_VERSION_MINOR: u32 = 0;
+pub const PSA_MAC_TRUNCATION_OFFSET: u32 = 16;
+pub const PSA_AEAD_TAG_LENGTH_OFFSET: u32 = 16;
+pub const PSA_HASH_MAX_SIZE: u32 = 64;
+pub const PSA_HMAC_MAX_HASH_BLOCK_SIZE: u32 = 128;
+pub const PSA_MAC_MAX_SIZE: u32 = 64;
+pub const PSA_AEAD_TAG_MAX_SIZE: u32 = 16;
+pub const PSA_VENDOR_RSA_MAX_KEY_BITS: u32 = 4096;
+pub const PSA_VENDOR_ECC_MAX_CURVE_BITS: u32 = 521;
+pub const PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE: u32 = 128;
+pub const PSA_TLS12_ECJPAKE_TO_PMS_INPUT_SIZE: u32 = 65;
+pub const PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE: u32 = 32;
+pub const PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE: u32 = 16;
+pub const PSA_AEAD_NONCE_MAX_SIZE: u32 = 13;
+pub const PSA_AEAD_FINISH_OUTPUT_MAX_SIZE: u32 = 16;
+pub const PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE: u32 = 16;
+pub const PSA_CIPHER_IV_MAX_SIZE: u32 = 16;
+pub const PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE: u32 = 16;
+pub const MBEDTLS_AES_BLOCK_SIZE: u32 = 16;
+pub const MBEDTLS_DES3_BLOCK_SIZE: u32 = 8;
+pub const MBEDTLS_CIPHER_BLKSIZE_MAX: u32 = 16;
+pub const MBEDTLS_GCM_ENCRYPT: u32 = 1;
+pub const MBEDTLS_GCM_DECRYPT: u32 = 0;
+pub const MBEDTLS_ERR_GCM_AUTH_FAILED: i32 = -18;
+pub const MBEDTLS_ERR_GCM_BAD_INPUT: i32 = -20;
+pub const MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL: i32 = -22;
+pub const MBEDTLS_CCM_DECRYPT: u32 = 0;
+pub const MBEDTLS_CCM_ENCRYPT: u32 = 1;
+pub const MBEDTLS_CCM_STAR_DECRYPT: u32 = 2;
+pub const MBEDTLS_CCM_STAR_ENCRYPT: u32 = 3;
+pub const MBEDTLS_ERR_CCM_BAD_INPUT: i32 = -13;
+pub const MBEDTLS_ERR_CCM_AUTH_FAILED: i32 = -15;
+pub const MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA: i32 = -87;
+pub const MBEDTLS_ERR_CHACHAPOLY_BAD_STATE: i32 = -84;
+pub const MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED: i32 = -86;
+pub const MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA: i32 = -81;
+pub const MBEDTLS_ERR_SHA1_BAD_INPUT_DATA: i32 = -115;
+pub const MBEDTLS_ERR_SHA256_BAD_INPUT_DATA: i32 = -116;
+pub const MBEDTLS_ERR_SHA512_BAD_INPUT_DATA: i32 = -117;
+pub const MBEDTLS_PSA_BUILTIN_CIPHER: u32 = 1;
+pub const MBEDTLS_PSA_BUILTIN_AEAD: u32 = 1;
+pub const MBEDTLS_PSA_JPAKE_BUFFER_SIZE: u32 = 336;
+pub const PSA_MAX_KEY_BITS: u32 = 65528;
+pub const MBEDTLS_PSA_KA_MASK_DUAL_USE: u32 = 0;
+pub const PSA_CRYPTO_ITS_RANDOM_SEED_UID: u32 = 4294967122;
+pub const MBEDTLS_PSA_KEY_SLOT_COUNT: u32 = 32;
+pub const PSA_PAKE_OPERATION_STAGE_SETUP: u32 = 0;
+pub const PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS: u32 = 1;
+pub const PSA_PAKE_OPERATION_STAGE_COMPUTATION: u32 = 2;
+pub const PSA_PAKE_OUTPUT_MAX_SIZE: u32 = 65;
+pub const PSA_PAKE_INPUT_MAX_SIZE: u32 = 65;
+pub const MBEDTLS_ERR_ASN1_OUT_OF_DATA: i32 = -96;
+pub const MBEDTLS_ERR_ASN1_UNEXPECTED_TAG: i32 = -98;
+pub const MBEDTLS_ERR_ASN1_INVALID_LENGTH: i32 = -100;
+pub const MBEDTLS_ERR_ASN1_LENGTH_MISMATCH: i32 = -102;
+pub const MBEDTLS_ERR_ASN1_INVALID_DATA: i32 = -104;
+pub const MBEDTLS_ERR_ASN1_ALLOC_FAILED: i32 = -106;
+pub const MBEDTLS_ERR_ASN1_BUF_TOO_SMALL: i32 = -108;
+pub const MBEDTLS_ASN1_BOOLEAN: u32 = 1;
+pub const MBEDTLS_ASN1_INTEGER: u32 = 2;
+pub const MBEDTLS_ASN1_BIT_STRING: u32 = 3;
+pub const MBEDTLS_ASN1_OCTET_STRING: u32 = 4;
+pub const MBEDTLS_ASN1_NULL: u32 = 5;
+pub const MBEDTLS_ASN1_OID: u32 = 6;
+pub const MBEDTLS_ASN1_ENUMERATED: u32 = 10;
+pub const MBEDTLS_ASN1_UTF8_STRING: u32 = 12;
+pub const MBEDTLS_ASN1_SEQUENCE: u32 = 16;
+pub const MBEDTLS_ASN1_SET: u32 = 17;
+pub const MBEDTLS_ASN1_PRINTABLE_STRING: u32 = 19;
+pub const MBEDTLS_ASN1_T61_STRING: u32 = 20;
+pub const MBEDTLS_ASN1_IA5_STRING: u32 = 22;
+pub const MBEDTLS_ASN1_UTC_TIME: u32 = 23;
+pub const MBEDTLS_ASN1_GENERALIZED_TIME: u32 = 24;
+pub const MBEDTLS_ASN1_UNIVERSAL_STRING: u32 = 28;
+pub const MBEDTLS_ASN1_BMP_STRING: u32 = 30;
+pub const MBEDTLS_ASN1_PRIMITIVE: u32 = 0;
+pub const MBEDTLS_ASN1_CONSTRUCTED: u32 = 32;
+pub const MBEDTLS_ASN1_CONTEXT_SPECIFIC: u32 = 128;
+pub const MBEDTLS_ASN1_TAG_CLASS_MASK: u32 = 192;
+pub const MBEDTLS_ASN1_TAG_PC_MASK: u32 = 32;
+pub const MBEDTLS_ASN1_TAG_VALUE_MASK: u32 = 31;
+pub const MBEDTLS_X509_MAX_INTERMEDIATE_CA: u32 = 8;
+pub const MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE: i32 = -8320;
+pub const MBEDTLS_ERR_X509_UNKNOWN_OID: i32 = -8448;
+pub const MBEDTLS_ERR_X509_INVALID_FORMAT: i32 = -8576;
+pub const MBEDTLS_ERR_X509_INVALID_VERSION: i32 = -8704;
+pub const MBEDTLS_ERR_X509_INVALID_SERIAL: i32 = -8832;
+pub const MBEDTLS_ERR_X509_INVALID_ALG: i32 = -8960;
+pub const MBEDTLS_ERR_X509_INVALID_NAME: i32 = -9088;
+pub const MBEDTLS_ERR_X509_INVALID_DATE: i32 = -9216;
+pub const MBEDTLS_ERR_X509_INVALID_SIGNATURE: i32 = -9344;
+pub const MBEDTLS_ERR_X509_INVALID_EXTENSIONS: i32 = -9472;
+pub const MBEDTLS_ERR_X509_UNKNOWN_VERSION: i32 = -9600;
+pub const MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG: i32 = -9728;
+pub const MBEDTLS_ERR_X509_SIG_MISMATCH: i32 = -9856;
+pub const MBEDTLS_ERR_X509_CERT_VERIFY_FAILED: i32 = -9984;
+pub const MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT: i32 = -10112;
+pub const MBEDTLS_ERR_X509_BAD_INPUT_DATA: i32 = -10240;
+pub const MBEDTLS_ERR_X509_ALLOC_FAILED: i32 = -10368;
+pub const MBEDTLS_ERR_X509_FILE_IO_ERROR: i32 = -10496;
+pub const MBEDTLS_ERR_X509_BUFFER_TOO_SMALL: i32 = -10624;
+pub const MBEDTLS_ERR_X509_FATAL_ERROR: i32 = -12288;
+pub const MBEDTLS_X509_BADCERT_EXPIRED: u32 = 1;
+pub const MBEDTLS_X509_BADCERT_REVOKED: u32 = 2;
+pub const MBEDTLS_X509_BADCERT_CN_MISMATCH: u32 = 4;
+pub const MBEDTLS_X509_BADCERT_NOT_TRUSTED: u32 = 8;
+pub const MBEDTLS_X509_BADCRL_NOT_TRUSTED: u32 = 16;
+pub const MBEDTLS_X509_BADCRL_EXPIRED: u32 = 32;
+pub const MBEDTLS_X509_BADCERT_MISSING: u32 = 64;
+pub const MBEDTLS_X509_BADCERT_SKIP_VERIFY: u32 = 128;
+pub const MBEDTLS_X509_BADCERT_OTHER: u32 = 256;
+pub const MBEDTLS_X509_BADCERT_FUTURE: u32 = 512;
+pub const MBEDTLS_X509_BADCRL_FUTURE: u32 = 1024;
+pub const MBEDTLS_X509_BADCERT_KEY_USAGE: u32 = 2048;
+pub const MBEDTLS_X509_BADCERT_EXT_KEY_USAGE: u32 = 4096;
+pub const MBEDTLS_X509_BADCERT_NS_CERT_TYPE: u32 = 8192;
+pub const MBEDTLS_X509_BADCERT_BAD_MD: u32 = 16384;
+pub const MBEDTLS_X509_BADCERT_BAD_PK: u32 = 32768;
+pub const MBEDTLS_X509_BADCERT_BAD_KEY: u32 = 65536;
+pub const MBEDTLS_X509_BADCRL_BAD_MD: u32 = 131072;
+pub const MBEDTLS_X509_BADCRL_BAD_PK: u32 = 262144;
+pub const MBEDTLS_X509_BADCRL_BAD_KEY: u32 = 524288;
+pub const MBEDTLS_X509_SAN_OTHER_NAME: u32 = 0;
+pub const MBEDTLS_X509_SAN_RFC822_NAME: u32 = 1;
+pub const MBEDTLS_X509_SAN_DNS_NAME: u32 = 2;
+pub const MBEDTLS_X509_SAN_X400_ADDRESS_NAME: u32 = 3;
+pub const MBEDTLS_X509_SAN_DIRECTORY_NAME: u32 = 4;
+pub const MBEDTLS_X509_SAN_EDI_PARTY_NAME: u32 = 5;
+pub const MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER: u32 = 6;
+pub const MBEDTLS_X509_SAN_IP_ADDRESS: u32 = 7;
+pub const MBEDTLS_X509_SAN_REGISTERED_ID: u32 = 8;
+pub const MBEDTLS_X509_KU_DIGITAL_SIGNATURE: u32 = 128;
+pub const MBEDTLS_X509_KU_NON_REPUDIATION: u32 = 64;
+pub const MBEDTLS_X509_KU_KEY_ENCIPHERMENT: u32 = 32;
+pub const MBEDTLS_X509_KU_DATA_ENCIPHERMENT: u32 = 16;
+pub const MBEDTLS_X509_KU_KEY_AGREEMENT: u32 = 8;
+pub const MBEDTLS_X509_KU_KEY_CERT_SIGN: u32 = 4;
+pub const MBEDTLS_X509_KU_CRL_SIGN: u32 = 2;
+pub const MBEDTLS_X509_KU_ENCIPHER_ONLY: u32 = 1;
+pub const MBEDTLS_X509_KU_DECIPHER_ONLY: u32 = 32768;
+pub const MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT: u32 = 128;
+pub const MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER: u32 = 64;
+pub const MBEDTLS_X509_NS_CERT_TYPE_EMAIL: u32 = 32;
+pub const MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING: u32 = 16;
+pub const MBEDTLS_X509_NS_CERT_TYPE_RESERVED: u32 = 8;
+pub const MBEDTLS_X509_NS_CERT_TYPE_SSL_CA: u32 = 4;
+pub const MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA: u32 = 2;
+pub const MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA: u32 = 1;
+pub const MBEDTLS_X509_FORMAT_DER: u32 = 1;
+pub const MBEDTLS_X509_FORMAT_PEM: u32 = 2;
+pub const MBEDTLS_X509_MAX_DN_NAME_SIZE: u32 = 256;
+pub const MBEDTLS_X509_CRT_VERSION_1: u32 = 0;
+pub const MBEDTLS_X509_CRT_VERSION_2: u32 = 1;
+pub const MBEDTLS_X509_CRT_VERSION_3: u32 = 2;
+pub const MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN: u32 = 20;
+pub const MBEDTLS_X509_RFC5280_UTC_TIME_LEN: u32 = 15;
+pub const MBEDTLS_X509_MAX_FILE_PATH_LEN: u32 = 512;
+pub const MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE: u32 = 10;
+pub const MBEDTLS_ERR_DHM_BAD_INPUT_DATA: i32 = -12416;
+pub const MBEDTLS_ERR_DHM_READ_PARAMS_FAILED: i32 = -12544;
+pub const MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED: i32 = -12672;
+pub const MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED: i32 = -12800;
+pub const MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED: i32 = -12928;
+pub const MBEDTLS_ERR_DHM_CALC_SECRET_FAILED: i32 = -13056;
+pub const MBEDTLS_ERR_DHM_INVALID_FORMAT: i32 = -13184;
+pub const MBEDTLS_ERR_DHM_ALLOC_FAILED: i32 = -13312;
+pub const MBEDTLS_ERR_DHM_FILE_IO_ERROR: i32 = -13440;
+pub const MBEDTLS_ERR_DHM_SET_GROUP_FAILED: i32 = -13696;
+pub const MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS: i32 = -28672;
+pub const MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE: i32 = -28800;
+pub const MBEDTLS_ERR_SSL_BAD_INPUT_DATA: i32 = -28928;
+pub const MBEDTLS_ERR_SSL_INVALID_MAC: i32 = -29056;
+pub const MBEDTLS_ERR_SSL_INVALID_RECORD: i32 = -29184;
+pub const MBEDTLS_ERR_SSL_CONN_EOF: i32 = -29312;
+pub const MBEDTLS_ERR_SSL_DECODE_ERROR: i32 = -29440;
+pub const MBEDTLS_ERR_SSL_NO_RNG: i32 = -29696;
+pub const MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE: i32 = -29824;
+pub const MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION: i32 = -29952;
+pub const MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL: i32 = -30080;
+pub const MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED: i32 = -30208;
+pub const MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED: i32 = -30336;
+pub const MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE: i32 = -30464;
+pub const MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE: i32 = -30592;
+pub const MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME: i32 = -30720;
+pub const MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY: i32 = -30848;
+pub const MBEDTLS_ERR_SSL_BAD_CERTIFICATE: i32 = -31232;
+pub const MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET: i32 = -31488;
+pub const MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA: i32 = -31616;
+pub const MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA: i32 = -31744;
+pub const MBEDTLS_ERR_SSL_ALLOC_FAILED: i32 = -32512;
+pub const MBEDTLS_ERR_SSL_HW_ACCEL_FAILED: i32 = -32640;
+pub const MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH: i32 = -28544;
+pub const MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION: i32 = -28288;
+pub const MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE: i32 = -28160;
+pub const MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED: i32 = -28032;
+pub const MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH: i32 = -27904;
+pub const MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY: i32 = -27776;
+pub const MBEDTLS_ERR_SSL_INTERNAL_ERROR: i32 = -27648;
+pub const MBEDTLS_ERR_SSL_COUNTER_WRAPPING: i32 = -27520;
+pub const MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO: i32 = -27392;
+pub const MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED: i32 = -27264;
+pub const MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL: i32 = -27136;
+pub const MBEDTLS_ERR_SSL_WANT_READ: i32 = -26880;
+pub const MBEDTLS_ERR_SSL_WANT_WRITE: i32 = -26752;
+pub const MBEDTLS_ERR_SSL_TIMEOUT: i32 = -26624;
+pub const MBEDTLS_ERR_SSL_CLIENT_RECONNECT: i32 = -26496;
+pub const MBEDTLS_ERR_SSL_UNEXPECTED_RECORD: i32 = -26368;
+pub const MBEDTLS_ERR_SSL_NON_FATAL: i32 = -26240;
+pub const MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER: i32 = -26112;
+pub const MBEDTLS_ERR_SSL_CONTINUE_PROCESSING: i32 = -25984;
+pub const MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS: i32 = -25856;
+pub const MBEDTLS_ERR_SSL_EARLY_MESSAGE: i32 = -25728;
+pub const MBEDTLS_ERR_SSL_UNEXPECTED_CID: i32 = -24576;
+pub const MBEDTLS_ERR_SSL_VERSION_MISMATCH: i32 = -24320;
+pub const MBEDTLS_ERR_SSL_BAD_CONFIG: i32 = -24192;
+pub const MBEDTLS_SSL_TLS1_3_PSK_MODE_PURE: u32 = 0;
+pub const MBEDTLS_SSL_TLS1_3_PSK_MODE_ECDHE: u32 = 1;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_NONE: u32 = 0;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1: u32 = 18;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1: u32 = 19;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1: u32 = 20;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1: u32 = 21;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1: u32 = 22;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1: u32 = 23;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1: u32 = 24;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1: u32 = 25;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1: u32 = 26;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1: u32 = 27;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1: u32 = 28;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_X25519: u32 = 29;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_X448: u32 = 30;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048: u32 = 256;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072: u32 = 257;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096: u32 = 258;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144: u32 = 259;
+pub const MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192: u32 = 260;
+pub const MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK: u32 = 1;
+pub const MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL: u32 = 2;
+pub const MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL: u32 = 4;
+pub const MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL: u32 = 7;
+pub const MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL: u32 = 5;
+pub const MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL: u32 = 6;
+pub const MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE: u32 = 0;
+pub const MBEDTLS_SSL_MAJOR_VERSION_3: u32 = 3;
+pub const MBEDTLS_SSL_MINOR_VERSION_3: u32 = 3;
+pub const MBEDTLS_SSL_MINOR_VERSION_4: u32 = 4;
+pub const MBEDTLS_SSL_TRANSPORT_STREAM: u32 = 0;
+pub const MBEDTLS_SSL_TRANSPORT_DATAGRAM: u32 = 1;
+pub const MBEDTLS_SSL_MAX_HOST_NAME_LEN: u32 = 255;
+pub const MBEDTLS_SSL_MAX_ALPN_NAME_LEN: u32 = 255;
+pub const MBEDTLS_SSL_MAX_ALPN_LIST_LEN: u32 = 65535;
+pub const MBEDTLS_SSL_MAX_FRAG_LEN_NONE: u32 = 0;
+pub const MBEDTLS_SSL_MAX_FRAG_LEN_512: u32 = 1;
+pub const MBEDTLS_SSL_MAX_FRAG_LEN_1024: u32 = 2;
+pub const MBEDTLS_SSL_MAX_FRAG_LEN_2048: u32 = 3;
+pub const MBEDTLS_SSL_MAX_FRAG_LEN_4096: u32 = 4;
+pub const MBEDTLS_SSL_MAX_FRAG_LEN_INVALID: u32 = 5;
+pub const MBEDTLS_SSL_IS_CLIENT: u32 = 0;
+pub const MBEDTLS_SSL_IS_SERVER: u32 = 1;
+pub const MBEDTLS_SSL_EXTENDED_MS_DISABLED: u32 = 0;
+pub const MBEDTLS_SSL_EXTENDED_MS_ENABLED: u32 = 1;
+pub const MBEDTLS_SSL_CID_DISABLED: u32 = 0;
+pub const MBEDTLS_SSL_CID_ENABLED: u32 = 1;
+pub const MBEDTLS_SSL_ETM_DISABLED: u32 = 0;
+pub const MBEDTLS_SSL_ETM_ENABLED: u32 = 1;
+pub const MBEDTLS_SSL_COMPRESS_NULL: u32 = 0;
+pub const MBEDTLS_SSL_VERIFY_NONE: u32 = 0;
+pub const MBEDTLS_SSL_VERIFY_OPTIONAL: u32 = 1;
+pub const MBEDTLS_SSL_VERIFY_REQUIRED: u32 = 2;
+pub const MBEDTLS_SSL_VERIFY_UNSET: u32 = 3;
+pub const MBEDTLS_SSL_LEGACY_RENEGOTIATION: u32 = 0;
+pub const MBEDTLS_SSL_SECURE_RENEGOTIATION: u32 = 1;
+pub const MBEDTLS_SSL_RENEGOTIATION_DISABLED: u32 = 0;
+pub const MBEDTLS_SSL_RENEGOTIATION_ENABLED: u32 = 1;
+pub const MBEDTLS_SSL_ANTI_REPLAY_DISABLED: u32 = 0;
+pub const MBEDTLS_SSL_ANTI_REPLAY_ENABLED: u32 = 1;
+pub const MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED: i32 = -1;
+pub const MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT: u32 = 16;
+pub const MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION: u32 = 0;
+pub const MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION: u32 = 1;
+pub const MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE: u32 = 2;
+pub const MBEDTLS_SSL_TRUNC_HMAC_DISABLED: u32 = 0;
+pub const MBEDTLS_SSL_TRUNC_HMAC_ENABLED: u32 = 1;
+pub const MBEDTLS_SSL_TRUNCATED_HMAC_LEN: u32 = 10;
+pub const MBEDTLS_SSL_SESSION_TICKETS_DISABLED: u32 = 0;
+pub const MBEDTLS_SSL_SESSION_TICKETS_ENABLED: u32 = 1;
+pub const MBEDTLS_SSL_PRESET_DEFAULT: u32 = 0;
+pub const MBEDTLS_SSL_PRESET_SUITEB: u32 = 2;
+pub const MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED: u32 = 1;
+pub const MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED: u32 = 0;
+pub const MBEDTLS_SSL_EARLY_DATA_DISABLED: u32 = 0;
+pub const MBEDTLS_SSL_EARLY_DATA_ENABLED: u32 = 1;
+pub const MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED: u32 = 0;
+pub const MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED: u32 = 1;
+pub const MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT: u32 = 1;
+pub const MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER: u32 = 0;
+pub const MBEDTLS_SSL_TLS1_3_TICKET_RESUMPTION_KEY_LEN: u32 = 48;
+pub const MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN: u32 = 1000;
+pub const MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX: u32 = 60000;
+pub const MBEDTLS_SSL_IN_CONTENT_LEN: u32 = 16384;
+pub const MBEDTLS_SSL_OUT_CONTENT_LEN: u32 = 16384;
+pub const MBEDTLS_SSL_DTLS_MAX_BUFFERING: u32 = 32768;
+pub const MBEDTLS_SSL_CID_IN_LEN_MAX: u32 = 32;
+pub const MBEDTLS_SSL_CID_OUT_LEN_MAX: u32 = 32;
+pub const MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY: u32 = 16;
+pub const MBEDTLS_SSL_VERIFY_DATA_MAX_LEN: u32 = 12;
+pub const MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO: u32 = 255;
+pub const MBEDTLS_SSL_HASH_NONE: u32 = 0;
+pub const MBEDTLS_SSL_HASH_MD5: u32 = 1;
+pub const MBEDTLS_SSL_HASH_SHA1: u32 = 2;
+pub const MBEDTLS_SSL_HASH_SHA224: u32 = 3;
+pub const MBEDTLS_SSL_HASH_SHA256: u32 = 4;
+pub const MBEDTLS_SSL_HASH_SHA384: u32 = 5;
+pub const MBEDTLS_SSL_HASH_SHA512: u32 = 6;
+pub const MBEDTLS_SSL_SIG_ANON: u32 = 0;
+pub const MBEDTLS_SSL_SIG_RSA: u32 = 1;
+pub const MBEDTLS_SSL_SIG_ECDSA: u32 = 3;
+pub const MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256: u32 = 1025;
+pub const MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384: u32 = 1281;
+pub const MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512: u32 = 1537;
+pub const MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256: u32 = 1027;
+pub const MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384: u32 = 1283;
+pub const MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512: u32 = 1539;
+pub const MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: u32 = 2052;
+pub const MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: u32 = 2053;
+pub const MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: u32 = 2054;
+pub const MBEDTLS_TLS1_3_SIG_ED25519: u32 = 2055;
+pub const MBEDTLS_TLS1_3_SIG_ED448: u32 = 2056;
+pub const MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA256: u32 = 2057;
+pub const MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA384: u32 = 2058;
+pub const MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA512: u32 = 2059;
+pub const MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA1: u32 = 513;
+pub const MBEDTLS_TLS1_3_SIG_ECDSA_SHA1: u32 = 515;
+pub const MBEDTLS_TLS1_3_SIG_NONE: u32 = 0;
+pub const MBEDTLS_SSL_CERT_TYPE_RSA_SIGN: u32 = 1;
+pub const MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN: u32 = 64;
+pub const MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC: u32 = 20;
+pub const MBEDTLS_SSL_MSG_ALERT: u32 = 21;
+pub const MBEDTLS_SSL_MSG_HANDSHAKE: u32 = 22;
+pub const MBEDTLS_SSL_MSG_APPLICATION_DATA: u32 = 23;
+pub const MBEDTLS_SSL_MSG_CID: u32 = 25;
+pub const MBEDTLS_SSL_ALERT_LEVEL_WARNING: u32 = 1;
+pub const MBEDTLS_SSL_ALERT_LEVEL_FATAL: u32 = 2;
+pub const MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY: u32 = 0;
+pub const MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE: u32 = 10;
+pub const MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC: u32 = 20;
+pub const MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED: u32 = 21;
+pub const MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW: u32 = 22;
+pub const MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE: u32 = 30;
+pub const MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE: u32 = 40;
+pub const MBEDTLS_SSL_ALERT_MSG_NO_CERT: u32 = 41;
+pub const MBEDTLS_SSL_ALERT_MSG_BAD_CERT: u32 = 42;
+pub const MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT: u32 = 43;
+pub const MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED: u32 = 44;
+pub const MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED: u32 = 45;
+pub const MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN: u32 = 46;
+pub const MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER: u32 = 47;
+pub const MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA: u32 = 48;
+pub const MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED: u32 = 49;
+pub const MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR: u32 = 50;
+pub const MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR: u32 = 51;
+pub const MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION: u32 = 60;
+pub const MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION: u32 = 70;
+pub const MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY: u32 = 71;
+pub const MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR: u32 = 80;
+pub const MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK: u32 = 86;
+pub const MBEDTLS_SSL_ALERT_MSG_USER_CANCELED: u32 = 90;
+pub const MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION: u32 = 100;
+pub const MBEDTLS_SSL_ALERT_MSG_MISSING_EXTENSION: u32 = 109;
+pub const MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT: u32 = 110;
+pub const MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME: u32 = 112;
+pub const MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY: u32 = 115;
+pub const MBEDTLS_SSL_ALERT_MSG_CERT_REQUIRED: u32 = 116;
+pub const MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL: u32 = 120;
+pub const MBEDTLS_SSL_HS_HELLO_REQUEST: u32 = 0;
+pub const MBEDTLS_SSL_HS_CLIENT_HELLO: u32 = 1;
+pub const MBEDTLS_SSL_HS_SERVER_HELLO: u32 = 2;
+pub const MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST: u32 = 3;
+pub const MBEDTLS_SSL_HS_NEW_SESSION_TICKET: u32 = 4;
+pub const MBEDTLS_SSL_HS_END_OF_EARLY_DATA: u32 = 5;
+pub const MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS: u32 = 8;
+pub const MBEDTLS_SSL_HS_CERTIFICATE: u32 = 11;
+pub const MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE: u32 = 12;
+pub const MBEDTLS_SSL_HS_CERTIFICATE_REQUEST: u32 = 13;
+pub const MBEDTLS_SSL_HS_SERVER_HELLO_DONE: u32 = 14;
+pub const MBEDTLS_SSL_HS_CERTIFICATE_VERIFY: u32 = 15;
+pub const MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE: u32 = 16;
+pub const MBEDTLS_SSL_HS_FINISHED: u32 = 20;
+pub const MBEDTLS_SSL_HS_MESSAGE_HASH: u32 = 254;
+pub const MBEDTLS_TLS_EXT_SERVERNAME: u32 = 0;
+pub const MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME: u32 = 0;
+pub const MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH: u32 = 1;
+pub const MBEDTLS_TLS_EXT_TRUNCATED_HMAC: u32 = 4;
+pub const MBEDTLS_TLS_EXT_STATUS_REQUEST: u32 = 5;
+pub const MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES: u32 = 10;
+pub const MBEDTLS_TLS_EXT_SUPPORTED_GROUPS: u32 = 10;
+pub const MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS: u32 = 11;
+pub const MBEDTLS_TLS_EXT_SIG_ALG: u32 = 13;
+pub const MBEDTLS_TLS_EXT_USE_SRTP: u32 = 14;
+pub const MBEDTLS_TLS_EXT_HEARTBEAT: u32 = 15;
+pub const MBEDTLS_TLS_EXT_ALPN: u32 = 16;
+pub const MBEDTLS_TLS_EXT_SCT: u32 = 18;
+pub const MBEDTLS_TLS_EXT_CLI_CERT_TYPE: u32 = 19;
+pub const MBEDTLS_TLS_EXT_SERV_CERT_TYPE: u32 = 20;
+pub const MBEDTLS_TLS_EXT_PADDING: u32 = 21;
+pub const MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC: u32 = 22;
+pub const MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET: u32 = 23;
+pub const MBEDTLS_TLS_EXT_RECORD_SIZE_LIMIT: u32 = 28;
+pub const MBEDTLS_TLS_EXT_SESSION_TICKET: u32 = 35;
+pub const MBEDTLS_TLS_EXT_PRE_SHARED_KEY: u32 = 41;
+pub const MBEDTLS_TLS_EXT_EARLY_DATA: u32 = 42;
+pub const MBEDTLS_TLS_EXT_SUPPORTED_VERSIONS: u32 = 43;
+pub const MBEDTLS_TLS_EXT_COOKIE: u32 = 44;
+pub const MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES: u32 = 45;
+pub const MBEDTLS_TLS_EXT_CERT_AUTH: u32 = 47;
+pub const MBEDTLS_TLS_EXT_OID_FILTERS: u32 = 48;
+pub const MBEDTLS_TLS_EXT_POST_HANDSHAKE_AUTH: u32 = 49;
+pub const MBEDTLS_TLS_EXT_SIG_ALG_CERT: u32 = 50;
+pub const MBEDTLS_TLS_EXT_KEY_SHARE: u32 = 51;
+pub const MBEDTLS_TLS_EXT_CID: u32 = 54;
+pub const MBEDTLS_TLS_EXT_ECJPAKE_KKPP: u32 = 256;
+pub const MBEDTLS_TLS_EXT_RENEGOTIATION_INFO: u32 = 65281;
+pub const MBEDTLS_PSK_MAX_LEN: u32 = 48;
+pub const MBEDTLS_TLS1_3_MD_MAX_SIZE: u32 = 64;
+pub const MBEDTLS_SSL_SEQUENCE_NUMBER_LEN: u32 = 8;
+pub const MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION: u32 = 1;
+pub const MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION: u32 = 4;
+pub const MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA: u32 = 8;
+pub const MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK: u32 = 13;
+pub const MBEDTLS_SSL_UNEXPECTED_CID_IGNORE: u32 = 0;
+pub const MBEDTLS_SSL_UNEXPECTED_CID_FAIL: u32 = 1;
+pub const MBEDTLS_ERR_ENTROPY_SOURCE_FAILED: i32 = -60;
+pub const MBEDTLS_ERR_ENTROPY_MAX_SOURCES: i32 = -62;
+pub const MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED: i32 = -64;
+pub const MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE: i32 = -61;
+pub const MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR: i32 = -63;
+pub const MBEDTLS_ENTROPY_MAX_SOURCES: u32 = 20;
+pub const MBEDTLS_ENTROPY_MAX_GATHER: u32 = 128;
+pub const MBEDTLS_ENTROPY_BLOCK_SIZE: u32 = 64;
+pub const MBEDTLS_ENTROPY_MAX_SEED_SIZE: u32 = 1024;
+pub const MBEDTLS_ENTROPY_SOURCE_MANUAL: u32 = 20;
+pub const MBEDTLS_ENTROPY_SOURCE_STRONG: u32 = 1;
+pub const MBEDTLS_ENTROPY_SOURCE_WEAK: u32 = 0;
+pub const MBEDTLS_PRINTF_SIZET: &[u8; 3] = b"zu\0";
+pub const MBEDTLS_PRINTF_LONGLONG: &[u8; 4] = b"lld\0";
+pub const MBEDTLS_AES_ENCRYPT: u32 = 1;
+pub const MBEDTLS_AES_DECRYPT: u32 = 0;
+pub const MBEDTLS_ERR_AES_INVALID_KEY_LENGTH: i32 = -32;
+pub const MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH: i32 = -34;
+pub const MBEDTLS_ERR_AES_BAD_INPUT_DATA: i32 = -33;
+pub const MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED: i32 = -52;
+pub const MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG: i32 = -54;
+pub const MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG: i32 = -56;
+pub const MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR: i32 = -58;
+pub const MBEDTLS_CTR_DRBG_BLOCKSIZE: u32 = 16;
+pub const MBEDTLS_CTR_DRBG_KEYSIZE: u32 = 32;
+pub const MBEDTLS_CTR_DRBG_KEYBITS: u32 = 256;
+pub const MBEDTLS_CTR_DRBG_SEEDLEN: u32 = 48;
+pub const MBEDTLS_CTR_DRBG_ENTROPY_LEN: u32 = 48;
+pub const MBEDTLS_CTR_DRBG_RESEED_INTERVAL: u32 = 10000;
+pub const MBEDTLS_CTR_DRBG_MAX_INPUT: u32 = 256;
+pub const MBEDTLS_CTR_DRBG_MAX_REQUEST: u32 = 1024;
+pub const MBEDTLS_CTR_DRBG_MAX_SEED_INPUT: u32 = 384;
+pub const MBEDTLS_CTR_DRBG_PR_OFF: u32 = 0;
+pub const MBEDTLS_CTR_DRBG_PR_ON: u32 = 1;
+pub const MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN: u32 = 0;
+pub type __int8_t = crate::c_types::c_schar;
+pub type __uint8_t = crate::c_types::c_uchar;
+pub type __int16_t = crate::c_types::c_short;
+pub type __uint16_t = crate::c_types::c_ushort;
+pub type __int32_t = crate::c_types::c_int;
+pub type __uint32_t = crate::c_types::c_uint;
+pub type __int64_t = crate::c_types::c_longlong;
+pub type __uint64_t = crate::c_types::c_ulonglong;
+pub type __int_least8_t = crate::c_types::c_schar;
+pub type __uint_least8_t = crate::c_types::c_uchar;
+pub type __int_least16_t = crate::c_types::c_short;
+pub type __uint_least16_t = crate::c_types::c_ushort;
+pub type __int_least32_t = crate::c_types::c_int;
+pub type __uint_least32_t = crate::c_types::c_uint;
+pub type __int_least64_t = crate::c_types::c_longlong;
+pub type __uint_least64_t = crate::c_types::c_ulonglong;
+pub type __intmax_t = crate::c_types::c_longlong;
+pub type __uintmax_t = crate::c_types::c_ulonglong;
+pub type __intptr_t = crate::c_types::c_int;
+pub type __uintptr_t = crate::c_types::c_uint;
+pub type wchar_t = crate::c_types::c_uchar;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct max_align_t {
+    pub __clang_max_align_nonce1: crate::c_types::c_longlong,
+    pub __clang_max_align_nonce2: f64,
+}
+pub type intmax_t = __intmax_t;
+pub type uintmax_t = __uintmax_t;
+pub type int_least8_t = __int_least8_t;
+pub type uint_least8_t = __uint_least8_t;
+pub type int_least16_t = __int_least16_t;
+pub type uint_least16_t = __uint_least16_t;
+pub type int_least32_t = __int_least32_t;
+pub type uint_least32_t = __uint_least32_t;
+pub type int_least64_t = __int_least64_t;
+pub type uint_least64_t = __uint_least64_t;
+pub type int_fast8_t = crate::c_types::c_schar;
+pub type uint_fast8_t = crate::c_types::c_uchar;
+pub type int_fast16_t = crate::c_types::c_short;
+pub type uint_fast16_t = crate::c_types::c_ushort;
+pub type int_fast32_t = crate::c_types::c_int;
+pub type uint_fast32_t = crate::c_types::c_uint;
+pub type int_fast64_t = crate::c_types::c_longlong;
+pub type uint_fast64_t = crate::c_types::c_ulonglong;
+pub type mbedtls_iso_c_forbids_empty_translation_units = crate::c_types::c_int;
+extern "C" {
+    /// \brief       Securely zeroize a buffer
+    ///
+    ///              The function is meant to wipe the data contained in a buffer so
+    ///              that it can no longer be recovered even if the program memory
+    ///              is later compromised. Call this function on sensitive data
+    ///              stored on the stack before returning from a function, and on
+    ///              sensitive data stored on the heap before freeing the heap
+    ///              object.
+    ///
+    ///              It is extremely difficult to guarantee that calls to
+    ///              mbedtls_platform_zeroize() are not removed by aggressive
+    ///              compiler optimizations in a portable way. For this reason, Mbed
+    ///              TLS provides the configuration option
+    ///              MBEDTLS_PLATFORM_ZEROIZE_ALT, which allows users to configure
+    ///              mbedtls_platform_zeroize() to use a suitable implementation for
+    ///              their platform and needs
+    ///
+    /// \param buf   Buffer to be zeroized
+    /// \param len   Length of the buffer in bytes
+    pub fn mbedtls_platform_zeroize(buf: *mut crate::c_types::c_void, len: usize);
+}
+pub type mbedtls_mpi_sint = i32;
+pub type mbedtls_mpi_uint = u32;
+pub type mbedtls_t_udbl = u64;
+/// \brief          MPI structure
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_mpi {
+    pub private_s: crate::c_types::c_int,
+    pub private_n: usize,
+    pub private_p: *mut mbedtls_mpi_uint,
+}
+extern "C" {
+    /// \brief           Initialize an MPI context.
+    ///
+    ///                  This makes the MPI ready to be set or freed,
+    ///                  but does not define a value for the MPI.
+    ///
+    /// \param X         The MPI context to initialize. This must not be \c NULL.
+    pub fn mbedtls_mpi_init(X: *mut mbedtls_mpi);
+}
+extern "C" {
+    /// \brief          This function frees the components of an MPI context.
+    ///
+    /// \param X        The MPI context to be cleared. This may be \c NULL,
+    ///                 in which case this function is a no-op. If it is
+    ///                 not \c NULL, it must point to an initialized MPI.
+    pub fn mbedtls_mpi_free(X: *mut mbedtls_mpi);
+}
+extern "C" {
+    /// \brief          Enlarge an MPI to the specified number of limbs.
+    ///
+    /// \note           This function does nothing if the MPI is
+    ///                 already large enough.
+    ///
+    /// \param X        The MPI to grow. It must be initialized.
+    /// \param nblimbs  The target number of limbs.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+    /// \return         Another negative error code on other kinds of failure.
+    pub fn mbedtls_mpi_grow(X: *mut mbedtls_mpi, nblimbs: usize) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function resizes an MPI downwards, keeping at least the
+    ///                 specified number of limbs.
+    ///
+    ///                 If \c X is smaller than \c nblimbs, it is resized up
+    ///                 instead.
+    ///
+    /// \param X        The MPI to shrink. This must point to an initialized MPI.
+    /// \param nblimbs  The minimum number of limbs to keep.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
+    ///                 (this can only happen when resizing up).
+    /// \return         Another negative error code on other kinds of failure.
+    pub fn mbedtls_mpi_shrink(X: *mut mbedtls_mpi, nblimbs: usize) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Make a copy of an MPI.
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param Y        The source MPI. This must point to an initialized MPI.
+    ///
+    /// \note           The limb-buffer in the destination MPI is enlarged
+    ///                 if necessary to hold the value in the source MPI.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+    /// \return         Another negative error code on other kinds of failure.
+    pub fn mbedtls_mpi_copy(X: *mut mbedtls_mpi, Y: *const mbedtls_mpi) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Swap the contents of two MPIs.
+    ///
+    /// \param X        The first MPI. It must be initialized.
+    /// \param Y        The second MPI. It must be initialized.
+    pub fn mbedtls_mpi_swap(X: *mut mbedtls_mpi, Y: *mut mbedtls_mpi);
+}
+extern "C" {
+    /// \brief          Perform a safe conditional copy of MPI which doesn't
+    ///                 reveal whether the condition was true or not.
+    ///
+    /// \param X        The MPI to conditionally assign to. This must point
+    ///                 to an initialized MPI.
+    /// \param Y        The MPI to be assigned from. This must point to an
+    ///                 initialized MPI.
+    /// \param assign   The condition deciding whether to perform the
+    ///                 assignment or not. Must be either 0 or 1:
+    ///                 * \c 1: Perform the assignment `X = Y`.
+    ///                 * \c 0: Keep the original value of \p X.
+    ///
+    /// \note           This function is equivalent to
+    ///                      `if( assign ) mbedtls_mpi_copy( X, Y );`
+    ///                 except that it avoids leaking any information about whether
+    ///                 the assignment was done or not (the above code may leak
+    ///                 information through branch prediction and/or memory access
+    ///                 patterns analysis).
+    ///
+    /// \warning        If \p assign is neither 0 nor 1, the result of this function
+    ///                 is indeterminate, and the resulting value in \p X might be
+    ///                 neither its original value nor the value in \p Y.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+    /// \return         Another negative error code on other kinds of failure.
+    pub fn mbedtls_mpi_safe_cond_assign(
+        X: *mut mbedtls_mpi,
+        Y: *const mbedtls_mpi,
+        assign: crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a safe conditional swap which doesn't
+    ///                 reveal whether the condition was true or not.
+    ///
+    /// \param X        The first MPI. This must be initialized.
+    /// \param Y        The second MPI. This must be initialized.
+    /// \param swap     The condition deciding whether to perform
+    ///                 the swap or not. Must be either 0 or 1:
+    ///                 * \c 1: Swap the values of \p X and \p Y.
+    ///                 * \c 0: Keep the original values of \p X and \p Y.
+    ///
+    /// \note           This function is equivalent to
+    ///                      if( swap ) mbedtls_mpi_swap( X, Y );
+    ///                 except that it avoids leaking any information about whether
+    ///                 the swap was done or not (the above code may leak
+    ///                 information through branch prediction and/or memory access
+    ///                 patterns analysis).
+    ///
+    /// \warning        If \p swap is neither 0 nor 1, the result of this function
+    ///                 is indeterminate, and both \p X and \p Y might end up with
+    ///                 values different to either of the original ones.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+    /// \return         Another negative error code on other kinds of failure.
+    pub fn mbedtls_mpi_safe_cond_swap(
+        X: *mut mbedtls_mpi,
+        Y: *mut mbedtls_mpi,
+        swap: crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Store integer value in MPI.
+    ///
+    /// \param X        The MPI to set. This must be initialized.
+    /// \param z        The value to use.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+    /// \return         Another negative error code on other kinds of failure.
+    pub fn mbedtls_mpi_lset(X: *mut mbedtls_mpi, z: mbedtls_mpi_sint) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Get a specific bit from an MPI.
+    ///
+    /// \param X        The MPI to query. This must be initialized.
+    /// \param pos      Zero-based index of the bit to query.
+    ///
+    /// \return         \c 0 or \c 1 on success, depending on whether bit \c pos
+    ///                 of \c X is unset or set.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_mpi_get_bit(X: *const mbedtls_mpi, pos: usize) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Modify a specific bit in an MPI.
+    ///
+    /// \note           This function will grow the target MPI if necessary to set a
+    ///                 bit to \c 1 in a not yet existing limb. It will not grow if
+    ///                 the bit should be set to \c 0.
+    ///
+    /// \param X        The MPI to modify. This must be initialized.
+    /// \param pos      Zero-based index of the bit to modify.
+    /// \param val      The desired value of bit \c pos: \c 0 or \c 1.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+    /// \return         Another negative error code on other kinds of failure.
+    pub fn mbedtls_mpi_set_bit(
+        X: *mut mbedtls_mpi,
+        pos: usize,
+        val: crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Return the number of bits of value \c 0 before the
+    ///                 least significant bit of value \c 1.
+    ///
+    /// \note           This is the same as the zero-based index of
+    ///                 the least significant bit of value \c 1.
+    ///
+    /// \param X        The MPI to query.
+    ///
+    /// \return         The number of bits of value \c 0 before the least significant
+    ///                 bit of value \c 1 in \p X.
+    pub fn mbedtls_mpi_lsb(X: *const mbedtls_mpi) -> usize;
+}
+extern "C" {
+    /// \brief          Return the number of bits up to and including the most
+    ///                 significant bit of value \c 1.
+    ///
+    /// * \note         This is same as the one-based index of the most
+    ///                 significant bit of value \c 1.
+    ///
+    /// \param X        The MPI to query. This must point to an initialized MPI.
+    ///
+    /// \return         The number of bits up to and including the most
+    ///                 significant bit of value \c 1.
+    pub fn mbedtls_mpi_bitlen(X: *const mbedtls_mpi) -> usize;
+}
+extern "C" {
+    /// \brief          Return the total size of an MPI value in bytes.
+    ///
+    /// \param X        The MPI to use. This must point to an initialized MPI.
+    ///
+    /// \note           The value returned by this function may be less than
+    ///                 the number of bytes used to store \p X internally.
+    ///                 This happens if and only if there are trailing bytes
+    ///                 of value zero.
+    ///
+    /// \return         The least number of bytes capable of storing
+    ///                 the absolute value of \p X.
+    pub fn mbedtls_mpi_size(X: *const mbedtls_mpi) -> usize;
+}
+extern "C" {
+    /// \brief          Import an MPI from an ASCII string.
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param radix    The numeric base of the input string.
+    /// \param s        Null-terminated string buffer.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_mpi_read_string(
+        X: *mut mbedtls_mpi,
+        radix: crate::c_types::c_int,
+        s: *const crate::c_types::c_char,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Export an MPI to an ASCII string.
+    ///
+    /// \param X        The source MPI. This must point to an initialized MPI.
+    /// \param radix    The numeric base of the output string.
+    /// \param buf      The buffer to write the string to. This must be writable
+    ///                 buffer of length \p buflen Bytes.
+    /// \param buflen   The available size in Bytes of \p buf.
+    /// \param olen     The address at which to store the length of the string
+    ///                 written, including the  final \c NULL byte. This must
+    ///                 not be \c NULL.
+    ///
+    /// \note           You can call this function with `buflen == 0` to obtain the
+    ///                 minimum required buffer size in `*olen`.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if the target buffer \p buf
+    ///                 is too small to hold the value of \p X in the desired base.
+    ///                 In this case, `*olen` is nonetheless updated to contain the
+    ///                 size of \p buf required for a successful call.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_write_string(
+        X: *const mbedtls_mpi,
+        radix: crate::c_types::c_int,
+        buf: *mut crate::c_types::c_char,
+        buflen: usize,
+        olen: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Import an MPI from unsigned big endian binary data.
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param buf      The input buffer. This must be a readable buffer of length
+    ///                 \p buflen Bytes.
+    /// \param buflen   The length of the input buffer \p p in Bytes.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_read_binary(
+        X: *mut mbedtls_mpi,
+        buf: *const crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Import X from unsigned binary data, little endian
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param buf      The input buffer. This must be a readable buffer of length
+    ///                 \p buflen Bytes.
+    /// \param buflen   The length of the input buffer \p p in Bytes.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_read_binary_le(
+        X: *mut mbedtls_mpi,
+        buf: *const crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Export X into unsigned binary data, big endian.
+    ///                 Always fills the whole buffer, which will start with zeros
+    ///                 if the number is smaller.
+    ///
+    /// \param X        The source MPI. This must point to an initialized MPI.
+    /// \param buf      The output buffer. This must be a writable buffer of length
+    ///                 \p buflen Bytes.
+    /// \param buflen   The size of the output buffer \p buf in Bytes.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't
+    ///                 large enough to hold the value of \p X.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_write_binary(
+        X: *const mbedtls_mpi,
+        buf: *mut crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Export X into unsigned binary data, little endian.
+    ///                 Always fills the whole buffer, which will end with zeros
+    ///                 if the number is smaller.
+    ///
+    /// \param X        The source MPI. This must point to an initialized MPI.
+    /// \param buf      The output buffer. This must be a writable buffer of length
+    ///                 \p buflen Bytes.
+    /// \param buflen   The size of the output buffer \p buf in Bytes.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't
+    ///                 large enough to hold the value of \p X.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_write_binary_le(
+        X: *const mbedtls_mpi,
+        buf: *mut crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a left-shift on an MPI: X <<= count
+    ///
+    /// \param X        The MPI to shift. This must point to an initialized MPI.
+    /// \param count    The number of bits to shift by.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_shift_l(X: *mut mbedtls_mpi, count: usize) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a right-shift on an MPI: X >>= count
+    ///
+    /// \param X        The MPI to shift. This must point to an initialized MPI.
+    /// \param count    The number of bits to shift by.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_shift_r(X: *mut mbedtls_mpi, count: usize) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Compare the absolute values of two MPIs.
+    ///
+    /// \param X        The left-hand MPI. This must point to an initialized MPI.
+    /// \param Y        The right-hand MPI. This must point to an initialized MPI.
+    ///
+    /// \return         \c 1 if `|X|` is greater than `|Y|`.
+    /// \return         \c -1 if `|X|` is lesser than `|Y|`.
+    /// \return         \c 0 if `|X|` is equal to `|Y|`.
+    pub fn mbedtls_mpi_cmp_abs(
+        X: *const mbedtls_mpi,
+        Y: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Compare two MPIs.
+    ///
+    /// \param X        The left-hand MPI. This must point to an initialized MPI.
+    /// \param Y        The right-hand MPI. This must point to an initialized MPI.
+    ///
+    /// \return         \c 1 if \p X is greater than \p Y.
+    /// \return         \c -1 if \p X is lesser than \p Y.
+    /// \return         \c 0 if \p X is equal to \p Y.
+    pub fn mbedtls_mpi_cmp_mpi(
+        X: *const mbedtls_mpi,
+        Y: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Check if an MPI is less than the other in constant time.
+    ///
+    /// \param X        The left-hand MPI. This must point to an initialized MPI
+    ///                 with the same allocated length as Y.
+    /// \param Y        The right-hand MPI. This must point to an initialized MPI
+    ///                 with the same allocated length as X.
+    /// \param ret      The result of the comparison:
+    ///                 \c 1 if \p X is less than \p Y.
+    ///                 \c 0 if \p X is greater than or equal to \p Y.
+    ///
+    /// \return         0 on success.
+    /// \return         MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the allocated length of
+    ///                 the two input MPIs is not the same.
+    pub fn mbedtls_mpi_lt_mpi_ct(
+        X: *const mbedtls_mpi,
+        Y: *const mbedtls_mpi,
+        ret: *mut crate::c_types::c_uint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Compare an MPI with an integer.
+    ///
+    /// \param X        The left-hand MPI. This must point to an initialized MPI.
+    /// \param z        The integer value to compare \p X to.
+    ///
+    /// \return         \c 1 if \p X is greater than \p z.
+    /// \return         \c -1 if \p X is lesser than \p z.
+    /// \return         \c 0 if \p X is equal to \p z.
+    pub fn mbedtls_mpi_cmp_int(X: *const mbedtls_mpi, z: mbedtls_mpi_sint)
+        -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform an unsigned addition of MPIs: X = |A| + |B|
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param A        The first summand. This must point to an initialized MPI.
+    /// \param B        The second summand. This must point to an initialized MPI.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_add_abs(
+        X: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        B: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform an unsigned subtraction of MPIs: X = |A| - |B|
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param A        The minuend. This must point to an initialized MPI.
+    /// \param B        The subtrahend. This must point to an initialized MPI.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p B is greater than \p A.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_sub_abs(
+        X: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        B: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a signed addition of MPIs: X = A + B
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param A        The first summand. This must point to an initialized MPI.
+    /// \param B        The second summand. This must point to an initialized MPI.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_add_mpi(
+        X: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        B: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a signed subtraction of MPIs: X = A - B
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param A        The minuend. This must point to an initialized MPI.
+    /// \param B        The subtrahend. This must point to an initialized MPI.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_sub_mpi(
+        X: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        B: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a signed addition of an MPI and an integer: X = A + b
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param A        The first summand. This must point to an initialized MPI.
+    /// \param b        The second summand.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_add_int(
+        X: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        b: mbedtls_mpi_sint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a signed subtraction of an MPI and an integer:
+    ///                 X = A - b
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param A        The minuend. This must point to an initialized MPI.
+    /// \param b        The subtrahend.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_sub_int(
+        X: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        b: mbedtls_mpi_sint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a multiplication of two MPIs: X = A * B
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param A        The first factor. This must point to an initialized MPI.
+    /// \param B        The second factor. This must point to an initialized MPI.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_mul_mpi(
+        X: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        B: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a multiplication of an MPI with an unsigned integer:
+    ///                 X = A * b
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param A        The first factor. This must point to an initialized MPI.
+    /// \param b        The second factor.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_mul_int(
+        X: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        b: mbedtls_mpi_uint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a division with remainder of two MPIs:
+    ///                 A = Q * B + R
+    ///
+    /// \param Q        The destination MPI for the quotient.
+    ///                 This may be \c NULL if the value of the
+    ///                 quotient is not needed. This must not alias A or B.
+    /// \param R        The destination MPI for the remainder value.
+    ///                 This may be \c NULL if the value of the
+    ///                 remainder is not needed. This must not alias A or B.
+    /// \param A        The dividend. This must point to an initialized MPI.
+    /// \param B        The divisor. This must point to an initialized MPI.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+    /// \return         #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p B equals zero.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_div_mpi(
+        Q: *mut mbedtls_mpi,
+        R: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        B: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a division with remainder of an MPI by an integer:
+    ///                 A = Q * b + R
+    ///
+    /// \param Q        The destination MPI for the quotient.
+    ///                 This may be \c NULL if the value of the
+    ///                 quotient is not needed.  This must not alias A.
+    /// \param R        The destination MPI for the remainder value.
+    ///                 This may be \c NULL if the value of the
+    ///                 remainder is not needed.  This must not alias A.
+    /// \param A        The dividend. This must point to an initialized MPi.
+    /// \param b        The divisor.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+    /// \return         #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p b equals zero.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_div_int(
+        Q: *mut mbedtls_mpi,
+        R: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        b: mbedtls_mpi_sint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a modular reduction. R = A mod B
+    ///
+    /// \param R        The destination MPI for the residue value.
+    ///                 This must point to an initialized MPI.
+    /// \param A        The MPI to compute the residue of.
+    ///                 This must point to an initialized MPI.
+    /// \param B        The base of the modular reduction.
+    ///                 This must point to an initialized MPI.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p B equals zero.
+    /// \return         #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p B is negative.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_mod_mpi(
+        R: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        B: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a modular reduction with respect to an integer.
+    ///                 r = A mod b
+    ///
+    /// \param r        The address at which to store the residue.
+    ///                 This must not be \c NULL.
+    /// \param A        The MPI to compute the residue of.
+    ///                 This must point to an initialized MPi.
+    /// \param b        The integer base of the modular reduction.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p b equals zero.
+    /// \return         #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p b is negative.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_mod_int(
+        r: *mut mbedtls_mpi_uint,
+        A: *const mbedtls_mpi,
+        b: mbedtls_mpi_sint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a sliding-window exponentiation: X = A^E mod N
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    ///                 This must not alias E or N.
+    /// \param A        The base of the exponentiation.
+    ///                 This must point to an initialized MPI.
+    /// \param E        The exponent MPI. This must point to an initialized MPI.
+    /// \param N        The base for the modular reduction. This must point to an
+    ///                 initialized MPI.
+    /// \param prec_RR  A helper MPI depending solely on \p N which can be used to
+    ///                 speed-up multiple modular exponentiations for the same value
+    ///                 of \p N. This may be \c NULL. If it is not \c NULL, it must
+    ///                 point to an initialized MPI. If it hasn't been used after
+    ///                 the call to mbedtls_mpi_init(), this function will compute
+    ///                 the helper value and store it in \p prec_RR for reuse on
+    ///                 subsequent calls to this function. Otherwise, the function
+    ///                 will assume that \p prec_RR holds the helper value set by a
+    ///                 previous call to mbedtls_mpi_exp_mod(), and reuse it.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \c N is negative or
+    ///                 even, or if \c E is negative.
+    /// \return         Another negative error code on different kinds of failures.
+    pub fn mbedtls_mpi_exp_mod(
+        X: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        E: *const mbedtls_mpi,
+        N: *const mbedtls_mpi,
+        prec_RR: *mut mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Fill an MPI with a number of random bytes.
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param size     The number of random bytes to generate.
+    /// \param f_rng    The RNG function to use. This must not be \c NULL.
+    /// \param p_rng    The RNG parameter to be passed to \p f_rng. This may be
+    ///                 \c NULL if \p f_rng doesn't need a context argument.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         Another negative error code on failure.
+    ///
+    /// \note           The bytes obtained from the RNG are interpreted
+    ///                 as a big-endian representation of an MPI; this can
+    ///                 be relevant in applications like deterministic ECDSA.
+    pub fn mbedtls_mpi_fill_random(
+        X: *mut mbedtls_mpi,
+        size: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// Generate a random number uniformly in a range.
+    ///
+    /// This function generates a random number between \p min inclusive and
+    /// \p N exclusive.
+    ///
+    /// The procedure complies with RFC 6979 §3.3 (deterministic ECDSA)
+    /// when the RNG is a suitably parametrized instance of HMAC_DRBG
+    /// and \p min is \c 1.
+    ///
+    /// \note           There are `N - min` possible outputs. The lower bound
+    ///                 \p min can be reached, but the upper bound \p N cannot.
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param min      The minimum value to return.
+    ///                 It must be nonnegative.
+    /// \param N        The upper bound of the range, exclusive.
+    ///                 In other words, this is one plus the maximum value to return.
+    ///                 \p N must be strictly larger than \p min.
+    /// \param f_rng    The RNG function to use. This must not be \c NULL.
+    /// \param p_rng    The RNG parameter to be passed to \p f_rng.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p min or \p N is invalid
+    ///                 or if they are incompatible.
+    /// \return         #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if the implementation was
+    ///                 unable to find a suitable value within a limited number
+    ///                 of attempts. This has a negligible probability if \p N
+    ///                 is significantly larger than \p min, which is the case
+    ///                 for all usual cryptographic applications.
+    /// \return         Another negative error code on failure.
+    pub fn mbedtls_mpi_random(
+        X: *mut mbedtls_mpi,
+        min: mbedtls_mpi_sint,
+        N: *const mbedtls_mpi,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Compute the greatest common divisor: G = gcd(A, B)
+    ///
+    /// \param G        The destination MPI. This must point to an initialized MPI.
+    /// \param A        The first operand. This must point to an initialized MPI.
+    /// \param B        The second operand. This must point to an initialized MPI.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         Another negative error code on different kinds of failure.
+    pub fn mbedtls_mpi_gcd(
+        G: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        B: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Compute the modular inverse: X = A^-1 mod N
+    ///
+    /// \param X        The destination MPI. This must point to an initialized MPI.
+    /// \param A        The MPI to calculate the modular inverse of. This must point
+    ///                 to an initialized MPI.
+    /// \param N        The base of the modular inversion. This must point to an
+    ///                 initialized MPI.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p N is less than
+    ///                 or equal to one.
+    /// \return         #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p has no modular inverse
+    ///                 with respect to \p N.
+    pub fn mbedtls_mpi_inv_mod(
+        X: *mut mbedtls_mpi,
+        A: *const mbedtls_mpi,
+        N: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Miller-Rabin primality test.
+    ///
+    /// \warning        If \p X is potentially generated by an adversary, for example
+    ///                 when validating cryptographic parameters that you didn't
+    ///                 generate yourself and that are supposed to be prime, then
+    ///                 \p rounds should be at least the half of the security
+    ///                 strength of the cryptographic algorithm. On the other hand,
+    ///                 if \p X is chosen uniformly or non-adversarially (as is the
+    ///                 case when mbedtls_mpi_gen_prime calls this function), then
+    ///                 \p rounds can be much lower.
+    ///
+    /// \param X        The MPI to check for primality.
+    ///                 This must point to an initialized MPI.
+    /// \param rounds   The number of bases to perform the Miller-Rabin primality
+    ///                 test for. The probability of returning 0 on a composite is
+    ///                 at most 2<sup>-2*\p rounds</sup>.
+    /// \param f_rng    The RNG function to use. This must not be \c NULL.
+    /// \param p_rng    The RNG parameter to be passed to \p f_rng.
+    ///                 This may be \c NULL if \p f_rng doesn't use
+    ///                 a context parameter.
+    ///
+    /// \return         \c 0 if successful, i.e. \p X is probably prime.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p X is not prime.
+    /// \return         Another negative error code on other kinds of failure.
+    pub fn mbedtls_mpi_is_prime_ext(
+        X: *const mbedtls_mpi,
+        rounds: crate::c_types::c_int,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+///< (X-1)/2 is prime too
+pub const mbedtls_mpi_gen_prime_flag_t_MBEDTLS_MPI_GEN_PRIME_FLAG_DH: mbedtls_mpi_gen_prime_flag_t =
+    1;
+///< lower error rate from 2<sup>-80</sup> to 2<sup>-128</sup>
+pub const mbedtls_mpi_gen_prime_flag_t_MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR:
+    mbedtls_mpi_gen_prime_flag_t = 2;
+/// \brief Flags for mbedtls_mpi_gen_prime()
+///
+/// Each of these flags is a constraint on the result X returned by
+/// mbedtls_mpi_gen_prime().
+pub type mbedtls_mpi_gen_prime_flag_t = crate::c_types::c_uint;
+extern "C" {
+    /// \brief          Generate a prime number.
+    ///
+    /// \param X        The destination MPI to store the generated prime in.
+    ///                 This must point to an initialized MPi.
+    /// \param nbits    The required size of the destination MPI in bits.
+    ///                 This must be between \c 3 and #MBEDTLS_MPI_MAX_BITS.
+    /// \param flags    A mask of flags of type #mbedtls_mpi_gen_prime_flag_t.
+    /// \param f_rng    The RNG function to use. This must not be \c NULL.
+    /// \param p_rng    The RNG parameter to be passed to \p f_rng.
+    ///                 This may be \c NULL if \p f_rng doesn't use
+    ///                 a context parameter.
+    ///
+    /// \return         \c 0 if successful, in which case \p X holds a
+    ///                 probably prime number.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+    /// \return         #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if `nbits` is not between
+    ///                 \c 3 and #MBEDTLS_MPI_MAX_BITS.
+    pub fn mbedtls_mpi_gen_prime(
+        X: *mut mbedtls_mpi,
+        nbits: usize,
+        flags: crate::c_types::c_int,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Checkup routine
+    ///
+    /// \return         0 if successful, or 1 if the test failed
+    pub fn mbedtls_mpi_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+///< Curve not defined.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_NONE: mbedtls_ecp_group_id = 0;
+///< Domain parameters for the 192-bit curve defined by FIPS 186-4 and SEC1.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_SECP192R1: mbedtls_ecp_group_id = 1;
+///< Domain parameters for the 224-bit curve defined by FIPS 186-4 and SEC1.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_SECP224R1: mbedtls_ecp_group_id = 2;
+///< Domain parameters for the 256-bit curve defined by FIPS 186-4 and SEC1.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_SECP256R1: mbedtls_ecp_group_id = 3;
+///< Domain parameters for the 384-bit curve defined by FIPS 186-4 and SEC1.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_SECP384R1: mbedtls_ecp_group_id = 4;
+///< Domain parameters for the 521-bit curve defined by FIPS 186-4 and SEC1.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_SECP521R1: mbedtls_ecp_group_id = 5;
+///< Domain parameters for 256-bit Brainpool curve.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_BP256R1: mbedtls_ecp_group_id = 6;
+///< Domain parameters for 384-bit Brainpool curve.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_BP384R1: mbedtls_ecp_group_id = 7;
+///< Domain parameters for 512-bit Brainpool curve.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_BP512R1: mbedtls_ecp_group_id = 8;
+///< Domain parameters for Curve25519.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_CURVE25519: mbedtls_ecp_group_id = 9;
+///< Domain parameters for 192-bit "Koblitz" curve.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_SECP192K1: mbedtls_ecp_group_id = 10;
+///< Domain parameters for 224-bit "Koblitz" curve.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_SECP224K1: mbedtls_ecp_group_id = 11;
+///< Domain parameters for 256-bit "Koblitz" curve.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_SECP256K1: mbedtls_ecp_group_id = 12;
+///< Domain parameters for Curve448.
+pub const mbedtls_ecp_group_id_MBEDTLS_ECP_DP_CURVE448: mbedtls_ecp_group_id = 13;
+/// Domain-parameter identifiers: curve, subgroup, and generator.
+///
+/// \note Only curves over prime fields are supported.
+///
+/// \warning This library does not support validation of arbitrary domain
+/// parameters. Therefore, only standardized domain parameters from trusted
+/// sources should be used. See mbedtls_ecp_group_load().
+pub type mbedtls_ecp_group_id = crate::c_types::c_uint;
+pub const mbedtls_ecp_curve_type_MBEDTLS_ECP_TYPE_NONE: mbedtls_ecp_curve_type = 0;
+pub const mbedtls_ecp_curve_type_MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS: mbedtls_ecp_curve_type = 1;
+pub const mbedtls_ecp_curve_type_MBEDTLS_ECP_TYPE_MONTGOMERY: mbedtls_ecp_curve_type = 2;
+pub type mbedtls_ecp_curve_type = crate::c_types::c_uint;
+pub const mbedtls_ecp_modulus_type_MBEDTLS_ECP_MOD_NONE: mbedtls_ecp_modulus_type = 0;
+pub const mbedtls_ecp_modulus_type_MBEDTLS_ECP_MOD_COORDINATE: mbedtls_ecp_modulus_type = 1;
+pub const mbedtls_ecp_modulus_type_MBEDTLS_ECP_MOD_SCALAR: mbedtls_ecp_modulus_type = 2;
+pub type mbedtls_ecp_modulus_type = crate::c_types::c_uint;
+/// Curve information, for use by other modules.
+///
+/// The fields of this structure are part of the public API and can be
+/// accessed directly by applications. Future versions of the library may
+/// add extra fields or reorder existing fields.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ecp_curve_info {
+    ///< An internal identifier.
+    pub grp_id: mbedtls_ecp_group_id,
+    ///< The TLS NamedCurve identifier.
+    pub tls_id: u16,
+    ///< The curve size in bits.
+    pub bit_size: u16,
+    ///< A human-friendly name.
+    pub name: *const crate::c_types::c_char,
+}
+/// \brief           The ECP point structure, in Jacobian coordinates.
+///
+/// \note            All functions expect and return points satisfying
+///                  the following condition: <code>Z == 0</code> or
+///                  <code>Z == 1</code>. Other values of \p Z are
+///                  used only by internal functions.
+///                  The point is zero, or "at infinity", if <code>Z == 0</code>.
+///                  Otherwise, \p X and \p Y are its standard (affine)
+///                  coordinates.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ecp_point {
+    pub private_X: mbedtls_mpi,
+    pub private_Y: mbedtls_mpi,
+    pub private_Z: mbedtls_mpi,
+}
+/// \brief           The ECP group structure.
+///
+/// We consider two types of curve equations:
+/// <ul><li>Short Weierstrass: <code>y^2 = x^3 + A x + B mod P</code>
+/// (SEC1 + RFC-4492)</li>
+/// <li>Montgomery: <code>y^2 = x^3 + A x^2 + x mod P</code> (Curve25519,
+/// Curve448)</li></ul>
+/// In both cases, the generator (\p G) for a prime-order subgroup is fixed.
+///
+/// For Short Weierstrass, this subgroup is the whole curve, and its
+/// cardinality is denoted by \p N. Our code requires that \p N is an
+/// odd prime as mbedtls_ecp_mul() requires an odd number, and
+/// mbedtls_ecdsa_sign() requires that it is prime for blinding purposes.
+///
+/// For Montgomery curves, we do not store \p A, but <code>(A + 2) / 4</code>,
+/// which is the quantity used in the formulas. Additionally, \p nbits is
+/// not the size of \p N but the required size for private keys.
+///
+/// If \p modp is NULL, reduction modulo \p P is done using a generic algorithm.
+/// Otherwise, \p modp must point to a function that takes an \p mbedtls_mpi in the
+/// range of <code>0..2^(2*pbits)-1</code>, and transforms it in-place to an integer
+/// which is congruent mod \p P to the given MPI, and is close enough to \p pbits
+/// in size, so that it may be efficiently brought in the 0..P-1 range by a few
+/// additions or subtractions. Therefore, it is only an approximative modular
+/// reduction. It must return 0 on success and non-zero on failure.
+///
+/// \note        Alternative implementations of the ECP module must obey the
+///              following constraints.
+///              * Group IDs must be distinct: if two group structures have
+///                the same ID, then they must be identical.
+///              * The fields \c id, \c P, \c A, \c B, \c G, \c N,
+///                \c pbits and \c nbits must have the same type and semantics
+///                as in the built-in implementation.
+///                They must be available for reading, but direct modification
+///                of these fields does not need to be supported.
+///                They do not need to be at the same offset in the structure.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ecp_group {
+    ///< An internal group identifier.
+    pub id: mbedtls_ecp_group_id,
+    ///< The prime modulus of the base field.
+    pub P: mbedtls_mpi,
+    ///< For Short Weierstrass: \p A in the equation. For
+    ///Montgomery curves: <code>(A + 2) / 4</code>.
+    pub A: mbedtls_mpi,
+    ///< For Short Weierstrass: \p B in the equation.
+    ///For Montgomery curves: unused.
+    pub B: mbedtls_mpi,
+    ///< The generator of the subgroup used.
+    pub G: mbedtls_ecp_point,
+    ///< The order of \p G.
+    pub N: mbedtls_mpi,
+    ///< The number of bits in \p P.
+    pub pbits: usize,
+    ///< For Short Weierstrass: The number of bits in \p P.
+    ///For Montgomery curves: the number of bits in the
+    ///private keys.
+    pub nbits: usize,
+    pub private_h: crate::c_types::c_uint,
+    pub private_modp: ::core::option::Option<
+        unsafe extern "C" fn(arg1: *mut mbedtls_mpi) -> crate::c_types::c_int,
+    >,
+    pub private_t_pre: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut mbedtls_ecp_point,
+            arg2: *mut crate::c_types::c_void,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_t_post: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut mbedtls_ecp_point,
+            arg2: *mut crate::c_types::c_void,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_t_data: *mut crate::c_types::c_void,
+    pub private_T: *mut mbedtls_ecp_point,
+    pub private_T_size: usize,
+}
+pub type mbedtls_ecp_restart_ctx = crate::c_types::c_void;
+/// \brief    The ECP key-pair structure.
+///
+/// A generic key-pair that may be used for ECDSA and fixed ECDH, for example.
+///
+/// \note    Members are deliberately in the same order as in the
+///          ::mbedtls_ecdsa_context structure.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ecp_keypair {
+    pub private_grp: mbedtls_ecp_group,
+    pub private_d: mbedtls_mpi,
+    pub private_Q: mbedtls_ecp_point,
+}
+extern "C" {
+    pub fn mbedtls_ecp_get_type(grp: *const mbedtls_ecp_group) -> mbedtls_ecp_curve_type;
+}
+extern "C" {
+    /// \brief           This function retrieves the information defined in
+    ///                  mbedtls_ecp_curve_info() for all supported curves.
+    ///
+    /// \note            This function returns information about all curves
+    ///                  supported by the library. Some curves may not be
+    ///                  supported for all algorithms. Call mbedtls_ecdh_can_do()
+    ///                  or mbedtls_ecdsa_can_do() to check if a curve is
+    ///                  supported for ECDH or ECDSA.
+    ///
+    /// \return          A statically allocated array. The last entry is 0.
+    pub fn mbedtls_ecp_curve_list() -> *const mbedtls_ecp_curve_info;
+}
+extern "C" {
+    /// \brief           This function retrieves the list of internal group
+    ///                  identifiers of all supported curves in the order of
+    ///                  preference.
+    ///
+    /// \note            This function returns information about all curves
+    ///                  supported by the library. Some curves may not be
+    ///                  supported for all algorithms. Call mbedtls_ecdh_can_do()
+    ///                  or mbedtls_ecdsa_can_do() to check if a curve is
+    ///                  supported for ECDH or ECDSA.
+    ///
+    /// \return          A statically allocated array,
+    ///                  terminated with MBEDTLS_ECP_DP_NONE.
+    pub fn mbedtls_ecp_grp_id_list() -> *const mbedtls_ecp_group_id;
+}
+extern "C" {
+    /// \brief           This function retrieves curve information from an internal
+    ///                  group identifier.
+    ///
+    /// \param grp_id    An \c MBEDTLS_ECP_DP_XXX value.
+    ///
+    /// \return          The associated curve information on success.
+    /// \return          NULL on failure.
+    pub fn mbedtls_ecp_curve_info_from_grp_id(
+        grp_id: mbedtls_ecp_group_id,
+    ) -> *const mbedtls_ecp_curve_info;
+}
+extern "C" {
+    /// \brief           This function retrieves curve information from a TLS
+    ///                  NamedCurve value.
+    ///
+    /// \param tls_id    An \c MBEDTLS_ECP_DP_XXX value.
+    ///
+    /// \return          The associated curve information on success.
+    /// \return          NULL on failure.
+    pub fn mbedtls_ecp_curve_info_from_tls_id(tls_id: u16) -> *const mbedtls_ecp_curve_info;
+}
+extern "C" {
+    /// \brief           This function retrieves curve information from a
+    ///                  human-readable name.
+    ///
+    /// \param name      The human-readable name.
+    ///
+    /// \return          The associated curve information on success.
+    /// \return          NULL on failure.
+    pub fn mbedtls_ecp_curve_info_from_name(
+        name: *const crate::c_types::c_char,
+    ) -> *const mbedtls_ecp_curve_info;
+}
+extern "C" {
+    /// \brief           This function initializes a point as zero.
+    ///
+    /// \param pt        The point to initialize.
+    pub fn mbedtls_ecp_point_init(pt: *mut mbedtls_ecp_point);
+}
+extern "C" {
+    /// \brief           This function initializes an ECP group context
+    ///                  without loading any domain parameters.
+    ///
+    /// \note            After this function is called, domain parameters
+    ///                  for various ECP groups can be loaded through the
+    ///                  mbedtls_ecp_group_load() or mbedtls_ecp_tls_read_group()
+    ///                  functions.
+    pub fn mbedtls_ecp_group_init(grp: *mut mbedtls_ecp_group);
+}
+extern "C" {
+    /// \brief           This function initializes a key pair as an invalid one.
+    ///
+    /// \param key       The key pair to initialize.
+    pub fn mbedtls_ecp_keypair_init(key: *mut mbedtls_ecp_keypair);
+}
+extern "C" {
+    /// \brief           This function frees the components of a point.
+    ///
+    /// \param pt        The point to free.
+    pub fn mbedtls_ecp_point_free(pt: *mut mbedtls_ecp_point);
+}
+extern "C" {
+    /// \brief           This function frees the components of an ECP group.
+    ///
+    /// \param grp       The group to free. This may be \c NULL, in which
+    ///                  case this function returns immediately. If it is not
+    ///                  \c NULL, it must point to an initialized ECP group.
+    pub fn mbedtls_ecp_group_free(grp: *mut mbedtls_ecp_group);
+}
+extern "C" {
+    /// \brief           This function frees the components of a key pair.
+    ///
+    /// \param key       The key pair to free. This may be \c NULL, in which
+    ///                  case this function returns immediately. If it is not
+    ///                  \c NULL, it must point to an initialized ECP key pair.
+    pub fn mbedtls_ecp_keypair_free(key: *mut mbedtls_ecp_keypair);
+}
+extern "C" {
+    /// \brief           This function copies the contents of point \p Q into
+    ///                  point \p P.
+    ///
+    /// \param P         The destination point. This must be initialized.
+    /// \param Q         The source point. This must be initialized.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+    /// \return          Another negative error code for other kinds of failure.
+    pub fn mbedtls_ecp_copy(
+        P: *mut mbedtls_ecp_point,
+        Q: *const mbedtls_ecp_point,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function copies the contents of group \p src into
+    ///                  group \p dst.
+    ///
+    /// \param dst       The destination group. This must be initialized.
+    /// \param src       The source group. This must be initialized.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_group_copy(
+        dst: *mut mbedtls_ecp_group,
+        src: *const mbedtls_ecp_group,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function sets a point to the point at infinity.
+    ///
+    /// \param pt        The point to set. This must be initialized.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_set_zero(pt: *mut mbedtls_ecp_point) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function checks if a point is the point at infinity.
+    ///
+    /// \param pt        The point to test. This must be initialized.
+    ///
+    /// \return          \c 1 if the point is zero.
+    /// \return          \c 0 if the point is non-zero.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_ecp_is_zero(pt: *mut mbedtls_ecp_point) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function compares two points.
+    ///
+    /// \note            This assumes that the points are normalized. Otherwise,
+    ///                  they may compare as "not equal" even if they are.
+    ///
+    /// \param P         The first point to compare. This must be initialized.
+    /// \param Q         The second point to compare. This must be initialized.
+    ///
+    /// \return          \c 0 if the points are equal.
+    /// \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the points are not equal.
+    pub fn mbedtls_ecp_point_cmp(
+        P: *const mbedtls_ecp_point,
+        Q: *const mbedtls_ecp_point,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function imports a non-zero point from two ASCII
+    ///                  strings.
+    ///
+    /// \param P         The destination point. This must be initialized.
+    /// \param radix     The numeric base of the input.
+    /// \param x         The first affine coordinate, as a null-terminated string.
+    /// \param y         The second affine coordinate, as a null-terminated string.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_MPI_XXX error code on failure.
+    pub fn mbedtls_ecp_point_read_string(
+        P: *mut mbedtls_ecp_point,
+        radix: crate::c_types::c_int,
+        x: *const crate::c_types::c_char,
+        y: *const crate::c_types::c_char,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function exports a point into unsigned binary data.
+    ///
+    /// \param grp       The group to which the point should belong.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param P         The point to export. This must be initialized.
+    /// \param format    The point format. This must be either
+    ///                  #MBEDTLS_ECP_PF_COMPRESSED or #MBEDTLS_ECP_PF_UNCOMPRESSED.
+    ///                  (For groups without these formats, this parameter is
+    ///                  ignored. But it still has to be either of the above
+    ///                  values.)
+    /// \param olen      The address at which to store the length of
+    ///                  the output in Bytes. This must not be \c NULL.
+    /// \param buf       The output buffer. This must be a writable buffer
+    ///                  of length \p buflen Bytes.
+    /// \param buflen    The length of the output buffer \p buf in Bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the output buffer
+    ///                  is too small to hold the point.
+    /// \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the point format
+    ///                  or the export for the given group is not implemented.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_point_write_binary(
+        grp: *const mbedtls_ecp_group,
+        P: *const mbedtls_ecp_point,
+        format: crate::c_types::c_int,
+        olen: *mut usize,
+        buf: *mut crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function imports a point from unsigned binary data.
+    ///
+    /// \note            This function does not check that the point actually
+    ///                  belongs to the given group, see mbedtls_ecp_check_pubkey()
+    ///                  for that.
+    ///
+    /// \note            For compressed points, see #MBEDTLS_ECP_PF_COMPRESSED for
+    ///                  limitations.
+    ///
+    /// \param grp       The group to which the point should belong.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param P         The destination context to import the point to.
+    ///                  This must be initialized.
+    /// \param buf       The input buffer. This must be a readable buffer
+    ///                  of length \p ilen Bytes.
+    /// \param ilen      The length of the input buffer \p buf in Bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the input is invalid.
+    /// \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+    /// \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the import for the
+    ///                  given group is not implemented.
+    pub fn mbedtls_ecp_point_read_binary(
+        grp: *const mbedtls_ecp_group,
+        P: *mut mbedtls_ecp_point,
+        buf: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function imports a point from a TLS ECPoint record.
+    ///
+    /// \note            On function return, \p *buf is updated to point immediately
+    ///                  after the ECPoint record.
+    ///
+    /// \param grp       The ECP group to use.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param pt        The destination point.
+    /// \param buf       The address of the pointer to the start of the input buffer.
+    /// \param len       The length of the buffer.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_MPI_XXX error code on initialization
+    ///                  failure.
+    /// \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
+    pub fn mbedtls_ecp_tls_read_point(
+        grp: *const mbedtls_ecp_group,
+        pt: *mut mbedtls_ecp_point,
+        buf: *mut *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function exports a point as a TLS ECPoint record
+    ///                  defined in RFC 4492, Section 5.4.
+    ///
+    /// \param grp       The ECP group to use.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param pt        The point to be exported. This must be initialized.
+    /// \param format    The point format to use. This must be either
+    ///                  #MBEDTLS_ECP_PF_COMPRESSED or #MBEDTLS_ECP_PF_UNCOMPRESSED.
+    /// \param olen      The address at which to store the length in Bytes
+    ///                  of the data written.
+    /// \param buf       The target buffer. This must be a writable buffer of
+    ///                  length \p blen Bytes.
+    /// \param blen      The length of the target buffer \p buf in Bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the input is invalid.
+    /// \return          #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the target buffer
+    ///                  is too small to hold the exported point.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_tls_write_point(
+        grp: *const mbedtls_ecp_group,
+        pt: *const mbedtls_ecp_point,
+        format: crate::c_types::c_int,
+        olen: *mut usize,
+        buf: *mut crate::c_types::c_uchar,
+        blen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function sets up an ECP group context
+    ///                  from a standardized set of domain parameters.
+    ///
+    /// \note            The index should be a value of the NamedCurve enum,
+    ///                  as defined in <em>RFC-4492: Elliptic Curve Cryptography
+    ///                  (ECC) Cipher Suites for Transport Layer Security (TLS)</em>,
+    ///                  usually in the form of an \c MBEDTLS_ECP_DP_XXX macro.
+    ///
+    /// \param grp       The group context to setup. This must be initialized.
+    /// \param id        The identifier of the domain parameter set to load.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if \p id doesn't
+    ///                  correspond to a known group.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_group_load(
+        grp: *mut mbedtls_ecp_group,
+        id: mbedtls_ecp_group_id,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function sets up an ECP group context from a TLS
+    ///                  ECParameters record as defined in RFC 4492, Section 5.4.
+    ///
+    /// \note            The read pointer \p buf is updated to point right after
+    ///                  the ECParameters record on exit.
+    ///
+    /// \param grp       The group context to setup. This must be initialized.
+    /// \param buf       The address of the pointer to the start of the input buffer.
+    /// \param len       The length of the input buffer \c *buf in Bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
+    /// \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the group is not
+    ///                  recognized.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_tls_read_group(
+        grp: *mut mbedtls_ecp_group,
+        buf: *mut *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function extracts an elliptic curve group ID from a
+    ///                  TLS ECParameters record as defined in RFC 4492, Section 5.4.
+    ///
+    /// \note            The read pointer \p buf is updated to point right after
+    ///                  the ECParameters record on exit.
+    ///
+    /// \param grp       The address at which to store the group id.
+    ///                  This must not be \c NULL.
+    /// \param buf       The address of the pointer to the start of the input buffer.
+    /// \param len       The length of the input buffer \c *buf in Bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
+    /// \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the group is not
+    ///                  recognized.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_tls_read_group_id(
+        grp: *mut mbedtls_ecp_group_id,
+        buf: *mut *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function exports an elliptic curve as a TLS
+    ///                  ECParameters record as defined in RFC 4492, Section 5.4.
+    ///
+    /// \param grp       The ECP group to be exported.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param olen      The address at which to store the number of Bytes written.
+    ///                  This must not be \c NULL.
+    /// \param buf       The buffer to write to. This must be a writable buffer
+    ///                  of length \p blen Bytes.
+    /// \param blen      The length of the output buffer \p buf in Bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the output
+    ///                  buffer is too small to hold the exported group.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_tls_write_group(
+        grp: *const mbedtls_ecp_group,
+        olen: *mut usize,
+        buf: *mut crate::c_types::c_uchar,
+        blen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function performs a scalar multiplication of a point
+    ///                  by an integer: \p R = \p m * \p P.
+    ///
+    ///                  It is not thread-safe to use same group in multiple threads.
+    ///
+    /// \note            To prevent timing attacks, this function
+    ///                  executes the exact same sequence of base-field
+    ///                  operations for any valid \p m. It avoids any if-branch or
+    ///                  array index depending on the value of \p m. It also uses
+    ///                  \p f_rng to randomize some intermediate results.
+    ///
+    /// \param grp       The ECP group to use.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param R         The point in which to store the result of the calculation.
+    ///                  This must be initialized.
+    /// \param m         The integer by which to multiply. This must be initialized.
+    /// \param P         The point to multiply. This must be initialized.
+    /// \param f_rng     The RNG function. This must not be \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may be \c
+    ///                  NULL if \p f_rng doesn't need a context.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_INVALID_KEY if \p m is not a valid private
+    ///                  key, or \p P is not a valid public key.
+    /// \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_mul(
+        grp: *mut mbedtls_ecp_group,
+        R: *mut mbedtls_ecp_point,
+        m: *const mbedtls_mpi,
+        P: *const mbedtls_ecp_point,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function performs multiplication of a point by
+    ///                  an integer: \p R = \p m * \p P in a restartable way.
+    ///
+    /// \see             mbedtls_ecp_mul()
+    ///
+    /// \note            This function does the same as \c mbedtls_ecp_mul(), but
+    ///                  it can return early and restart according to the limit set
+    ///                  with \c mbedtls_ecp_set_max_ops() to reduce blocking.
+    ///
+    /// \param grp       The ECP group to use.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param R         The point in which to store the result of the calculation.
+    ///                  This must be initialized.
+    /// \param m         The integer by which to multiply. This must be initialized.
+    /// \param P         The point to multiply. This must be initialized.
+    /// \param f_rng     The RNG function. This must not be \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may be \c
+    ///                  NULL if \p f_rng doesn't need a context.
+    /// \param rs_ctx    The restart context (NULL disables restart).
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_INVALID_KEY if \p m is not a valid private
+    ///                  key, or \p P is not a valid public key.
+    /// \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+    /// \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                  operations was reached: see \c mbedtls_ecp_set_max_ops().
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_mul_restartable(
+        grp: *mut mbedtls_ecp_group,
+        R: *mut mbedtls_ecp_point,
+        m: *const mbedtls_mpi,
+        P: *const mbedtls_ecp_point,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        rs_ctx: *mut mbedtls_ecp_restart_ctx,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function performs multiplication and addition of two
+    ///                  points by integers: \p R = \p m * \p P + \p n * \p Q
+    ///
+    ///                  It is not thread-safe to use same group in multiple threads.
+    ///
+    /// \note            In contrast to mbedtls_ecp_mul(), this function does not
+    ///                  guarantee a constant execution flow and timing.
+    ///
+    /// \note            This function is only defined for short Weierstrass curves.
+    ///                  It may not be included in builds without any short
+    ///                  Weierstrass curve.
+    ///
+    /// \param grp       The ECP group to use.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param R         The point in which to store the result of the calculation.
+    ///                  This must be initialized.
+    /// \param m         The integer by which to multiply \p P.
+    ///                  This must be initialized.
+    /// \param P         The point to multiply by \p m. This must be initialized.
+    /// \param n         The integer by which to multiply \p Q.
+    ///                  This must be initialized.
+    /// \param Q         The point to be multiplied by \p n.
+    ///                  This must be initialized.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_INVALID_KEY if \p m or \p n are not
+    ///                  valid private keys, or \p P or \p Q are not valid public
+    ///                  keys.
+    /// \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+    /// \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if \p grp does not
+    ///                  designate a short Weierstrass curve.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_muladd(
+        grp: *mut mbedtls_ecp_group,
+        R: *mut mbedtls_ecp_point,
+        m: *const mbedtls_mpi,
+        P: *const mbedtls_ecp_point,
+        n: *const mbedtls_mpi,
+        Q: *const mbedtls_ecp_point,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function performs multiplication and addition of two
+    ///                  points by integers: \p R = \p m * \p P + \p n * \p Q in a
+    ///                  restartable way.
+    ///
+    /// \see             \c mbedtls_ecp_muladd()
+    ///
+    /// \note            This function works the same as \c mbedtls_ecp_muladd(),
+    ///                  but it can return early and restart according to the limit
+    ///                  set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
+    ///
+    /// \note            This function is only defined for short Weierstrass curves.
+    ///                  It may not be included in builds without any short
+    ///                  Weierstrass curve.
+    ///
+    /// \param grp       The ECP group to use.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param R         The point in which to store the result of the calculation.
+    ///                  This must be initialized.
+    /// \param m         The integer by which to multiply \p P.
+    ///                  This must be initialized.
+    /// \param P         The point to multiply by \p m. This must be initialized.
+    /// \param n         The integer by which to multiply \p Q.
+    ///                  This must be initialized.
+    /// \param Q         The point to be multiplied by \p n.
+    ///                  This must be initialized.
+    /// \param rs_ctx    The restart context (NULL disables restart).
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_INVALID_KEY if \p m or \p n are not
+    ///                  valid private keys, or \p P or \p Q are not valid public
+    ///                  keys.
+    /// \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+    /// \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if \p grp does not
+    ///                  designate a short Weierstrass curve.
+    /// \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                  operations was reached: see \c mbedtls_ecp_set_max_ops().
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_muladd_restartable(
+        grp: *mut mbedtls_ecp_group,
+        R: *mut mbedtls_ecp_point,
+        m: *const mbedtls_mpi,
+        P: *const mbedtls_ecp_point,
+        n: *const mbedtls_mpi,
+        Q: *const mbedtls_ecp_point,
+        rs_ctx: *mut mbedtls_ecp_restart_ctx,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function checks that a point is a valid public key
+    ///                  on this curve.
+    ///
+    ///                  It only checks that the point is non-zero, has
+    ///                  valid coordinates and lies on the curve. It does not verify
+    ///                  that it is indeed a multiple of \p G. This additional
+    ///                  check is computationally more expensive, is not required
+    ///                  by standards, and should not be necessary if the group
+    ///                  used has a small cofactor. In particular, it is useless for
+    ///                  the NIST groups which all have a cofactor of 1.
+    ///
+    /// \note            This function uses bare components rather than an
+    ///                  ::mbedtls_ecp_keypair structure, to ease use with other
+    ///                  structures, such as ::mbedtls_ecdh_context or
+    ///                  ::mbedtls_ecdsa_context.
+    ///
+    /// \param grp       The ECP group the point should belong to.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param pt        The point to check. This must be initialized.
+    ///
+    /// \return          \c 0 if the point is a valid public key.
+    /// \return          #MBEDTLS_ERR_ECP_INVALID_KEY if the point is not
+    ///                  a valid public key for the given curve.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_check_pubkey(
+        grp: *const mbedtls_ecp_group,
+        pt: *const mbedtls_ecp_point,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function checks that an \p mbedtls_mpi is a
+    ///                  valid private key for this curve.
+    ///
+    /// \note            This function uses bare components rather than an
+    ///                  ::mbedtls_ecp_keypair structure to ease use with other
+    ///                  structures, such as ::mbedtls_ecdh_context or
+    ///                  ::mbedtls_ecdsa_context.
+    ///
+    /// \param grp       The ECP group the private key should belong to.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param d         The integer to check. This must be initialized.
+    ///
+    /// \return          \c 0 if the point is a valid private key.
+    /// \return          #MBEDTLS_ERR_ECP_INVALID_KEY if the point is not a valid
+    ///                  private key for the given curve.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_check_privkey(
+        grp: *const mbedtls_ecp_group,
+        d: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function generates a private key.
+    ///
+    /// \param grp       The ECP group to generate a private key for.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param d         The destination MPI (secret part). This must be initialized.
+    /// \param f_rng     The RNG function. This must not be \c NULL.
+    /// \param p_rng     The RNG parameter to be passed to \p f_rng. This may be
+    ///                  \c NULL if \p f_rng doesn't need a context argument.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
+    ///                  on failure.
+    pub fn mbedtls_ecp_gen_privkey(
+        grp: *const mbedtls_ecp_group,
+        d: *mut mbedtls_mpi,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function generates a keypair with a configurable base
+    ///                  point.
+    ///
+    /// \note            This function uses bare components rather than an
+    ///                  ::mbedtls_ecp_keypair structure to ease use with other
+    ///                  structures, such as ::mbedtls_ecdh_context or
+    ///                  ::mbedtls_ecdsa_context.
+    ///
+    /// \param grp       The ECP group to generate a key pair for.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param G         The base point to use. This must be initialized
+    ///                  and belong to \p grp. It replaces the default base
+    ///                  point \c grp->G used by mbedtls_ecp_gen_keypair().
+    /// \param d         The destination MPI (secret part).
+    ///                  This must be initialized.
+    /// \param Q         The destination point (public part).
+    ///                  This must be initialized.
+    /// \param f_rng     The RNG function. This must not be \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may
+    ///                  be \c NULL if \p f_rng doesn't need a context argument.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
+    ///                  on failure.
+    pub fn mbedtls_ecp_gen_keypair_base(
+        grp: *mut mbedtls_ecp_group,
+        G: *const mbedtls_ecp_point,
+        d: *mut mbedtls_mpi,
+        Q: *mut mbedtls_ecp_point,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function generates an ECP keypair.
+    ///
+    /// \note            This function uses bare components rather than an
+    ///                  ::mbedtls_ecp_keypair structure to ease use with other
+    ///                  structures, such as ::mbedtls_ecdh_context or
+    ///                  ::mbedtls_ecdsa_context.
+    ///
+    /// \param grp       The ECP group to generate a key pair for.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param d         The destination MPI (secret part).
+    ///                  This must be initialized.
+    /// \param Q         The destination point (public part).
+    ///                  This must be initialized.
+    /// \param f_rng     The RNG function. This must not be \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may
+    ///                  be \c NULL if \p f_rng doesn't need a context argument.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
+    ///                  on failure.
+    pub fn mbedtls_ecp_gen_keypair(
+        grp: *mut mbedtls_ecp_group,
+        d: *mut mbedtls_mpi,
+        Q: *mut mbedtls_ecp_point,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function generates an ECP key.
+    ///
+    /// \param grp_id    The ECP group identifier.
+    /// \param key       The destination key. This must be initialized.
+    /// \param f_rng     The RNG function to use. This must not be \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may
+    ///                  be \c NULL if \p f_rng doesn't need a context argument.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
+    ///                  on failure.
+    pub fn mbedtls_ecp_gen_key(
+        grp_id: mbedtls_ecp_group_id,
+        key: *mut mbedtls_ecp_keypair,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function reads an elliptic curve private key.
+    ///
+    /// \param grp_id    The ECP group identifier.
+    /// \param key       The destination key.
+    /// \param buf       The buffer containing the binary representation of the
+    ///                  key. (Big endian integer for Weierstrass curves, byte
+    ///                  string for Montgomery curves.)
+    /// \param buflen    The length of the buffer in bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_INVALID_KEY error if the key is
+    ///                  invalid.
+    /// \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
+    /// \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the operation for
+    ///                  the group is not implemented.
+    /// \return          Another negative error code on different kinds of failure.
+    pub fn mbedtls_ecp_read_key(
+        grp_id: mbedtls_ecp_group_id,
+        key: *mut mbedtls_ecp_keypair,
+        buf: *const crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function exports an elliptic curve private key.
+    ///
+    /// \param key       The private key.
+    /// \param buf       The output buffer for containing the binary representation
+    ///                  of the key. (Big endian integer for Weierstrass curves, byte
+    ///                  string for Montgomery curves.)
+    /// \param buflen    The total length of the buffer in bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the \p key
+    ///representation is larger than the available space in \p buf.
+    /// \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the operation for
+    ///                  the group is not implemented.
+    /// \return          Another negative error code on different kinds of failure.
+    pub fn mbedtls_ecp_write_key(
+        key: *mut mbedtls_ecp_keypair,
+        buf: *mut crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function checks that the keypair objects
+    ///                  \p pub and \p prv have the same group and the
+    ///                  same public point, and that the private key in
+    ///                  \p prv is consistent with the public key.
+    ///
+    /// \param pub       The keypair structure holding the public key. This
+    ///                  must be initialized. If it contains a private key, that
+    ///                  part is ignored.
+    /// \param prv       The keypair structure holding the full keypair.
+    ///                  This must be initialized.
+    /// \param f_rng     The RNG function. This must not be \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may be \c
+    ///                  NULL if \p f_rng doesn't need a context.
+    ///
+    /// \return          \c 0 on success, meaning that the keys are valid and match.
+    /// \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the keys are invalid or do not match.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX or an \c MBEDTLS_ERR_MPI_XXX
+    ///                  error code on calculation failure.
+    pub fn mbedtls_ecp_check_pub_priv(
+        pub_: *const mbedtls_ecp_keypair,
+        prv: *const mbedtls_ecp_keypair,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function exports generic key-pair parameters.
+    ///
+    /// \param key       The key pair to export from.
+    /// \param grp       Slot for exported ECP group.
+    ///                  It must point to an initialized ECP group.
+    /// \param d         Slot for the exported secret value.
+    ///                  It must point to an initialized mpi.
+    /// \param Q         Slot for the exported public value.
+    ///                  It must point to an initialized ECP point.
+    ///
+    /// \return          \c 0 on success,
+    /// \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
+    /// \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if key id doesn't
+    ///                  correspond to a known group.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_ecp_export(
+        key: *const mbedtls_ecp_keypair,
+        grp: *mut mbedtls_ecp_group,
+        d: *mut mbedtls_mpi,
+        Q: *mut mbedtls_ecp_point,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          The ECP checkup routine.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_ecp_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+///< None.
+pub const mbedtls_md_type_t_MBEDTLS_MD_NONE: mbedtls_md_type_t = 0;
+///< The MD5 message digest.
+pub const mbedtls_md_type_t_MBEDTLS_MD_MD5: mbedtls_md_type_t = 1;
+///< The SHA-1 message digest.
+pub const mbedtls_md_type_t_MBEDTLS_MD_SHA1: mbedtls_md_type_t = 2;
+///< The SHA-224 message digest.
+pub const mbedtls_md_type_t_MBEDTLS_MD_SHA224: mbedtls_md_type_t = 3;
+///< The SHA-256 message digest.
+pub const mbedtls_md_type_t_MBEDTLS_MD_SHA256: mbedtls_md_type_t = 4;
+///< The SHA-384 message digest.
+pub const mbedtls_md_type_t_MBEDTLS_MD_SHA384: mbedtls_md_type_t = 5;
+///< The SHA-512 message digest.
+pub const mbedtls_md_type_t_MBEDTLS_MD_SHA512: mbedtls_md_type_t = 6;
+///< The RIPEMD-160 message digest.
+pub const mbedtls_md_type_t_MBEDTLS_MD_RIPEMD160: mbedtls_md_type_t = 7;
+/// \brief     Supported message digests.
+///
+/// \warning   MD5 and SHA-1 are considered weak message digests and
+///            their use constitutes a security risk. We recommend considering
+///            stronger message digests instead.
+pub type mbedtls_md_type_t = crate::c_types::c_uint;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_md_info_t {
+    _unused: [u8; 0],
+}
+pub const mbedtls_md_engine_t_MBEDTLS_MD_ENGINE_LEGACY: mbedtls_md_engine_t = 0;
+pub const mbedtls_md_engine_t_MBEDTLS_MD_ENGINE_PSA: mbedtls_md_engine_t = 1;
+/// Used internally to indicate whether a context uses legacy or PSA.
+///
+/// Internal use only.
+pub type mbedtls_md_engine_t = crate::c_types::c_uint;
+/// The generic message-digest context.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_md_context_t {
+    pub private_md_info: *const mbedtls_md_info_t,
+    pub private_md_ctx: *mut crate::c_types::c_void,
+    pub private_hmac_ctx: *mut crate::c_types::c_void,
+}
+extern "C" {
+    /// \brief           This function returns the message-digest information
+    ///                  associated with the given digest type.
+    ///
+    /// \param md_type   The type of digest to search for.
+    ///
+    /// \return          The message-digest information associated with \p md_type.
+    /// \return          NULL if the associated message-digest information is not found.
+    pub fn mbedtls_md_info_from_type(md_type: mbedtls_md_type_t) -> *const mbedtls_md_info_t;
+}
+extern "C" {
+    /// \brief           This function initializes a message-digest context without
+    ///                  binding it to a particular message-digest algorithm.
+    ///
+    ///                  This function should always be called first. It prepares the
+    ///                  context for mbedtls_md_setup() for binding it to a
+    ///                  message-digest algorithm.
+    pub fn mbedtls_md_init(ctx: *mut mbedtls_md_context_t);
+}
+extern "C" {
+    /// \brief           This function clears the internal structure of \p ctx and
+    ///                  frees any embedded internal structure, but does not free
+    ///                  \p ctx itself.
+    ///
+    ///                  If you have called mbedtls_md_setup() on \p ctx, you must
+    ///                  call mbedtls_md_free() when you are no longer using the
+    ///                  context.
+    ///                  Calling this function if you have previously
+    ///                  called mbedtls_md_init() and nothing else is optional.
+    ///                  You must not call this function if you have not called
+    ///                  mbedtls_md_init().
+    pub fn mbedtls_md_free(ctx: *mut mbedtls_md_context_t);
+}
+extern "C" {
+    /// \brief           This function selects the message digest algorithm to use,
+    ///                  and allocates internal structures.
+    ///
+    ///                  It should be called after mbedtls_md_init() or
+    ///                  mbedtls_md_free(). Makes it necessary to call
+    ///                  mbedtls_md_free() later.
+    ///
+    /// \param ctx       The context to set up.
+    /// \param md_info   The information structure of the message-digest algorithm
+    ///                  to use.
+    /// \param hmac      Defines if HMAC is used. 0: HMAC is not used (saves some memory),
+    ///                  or non-zero: HMAC is used with this context.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+    ///                  failure.
+    /// \return          #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure.
+    pub fn mbedtls_md_setup(
+        ctx: *mut mbedtls_md_context_t,
+        md_info: *const mbedtls_md_info_t,
+        hmac: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function clones the state of a message-digest
+    ///                  context.
+    ///
+    /// \note            You must call mbedtls_md_setup() on \c dst before calling
+    ///                  this function.
+    ///
+    /// \note            The two contexts must have the same type,
+    ///                  for example, both are SHA-256.
+    ///
+    /// \warning         This function clones the message-digest state, not the
+    ///                  HMAC state.
+    ///
+    /// \param dst       The destination context.
+    /// \param src       The context to be cloned.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification failure.
+    /// \return          #MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE if both contexts are
+    ///                  not using the same engine. This can be avoided by moving
+    ///                  the call to psa_crypto_init() before the first call to
+    ///                  mbedtls_md_setup().
+    pub fn mbedtls_md_clone(
+        dst: *mut mbedtls_md_context_t,
+        src: *const mbedtls_md_context_t,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function extracts the message-digest size from the
+    ///                  message-digest information structure.
+    ///
+    /// \param md_info   The information structure of the message-digest algorithm
+    ///                  to use.
+    ///
+    /// \return          The size of the message-digest output in Bytes.
+    pub fn mbedtls_md_get_size(md_info: *const mbedtls_md_info_t) -> crate::c_types::c_uchar;
+}
+extern "C" {
+    /// \brief           This function extracts the message-digest type from the
+    ///                  message-digest information structure.
+    ///
+    /// \param md_info   The information structure of the message-digest algorithm
+    ///                  to use.
+    ///
+    /// \return          The type of the message digest.
+    pub fn mbedtls_md_get_type(md_info: *const mbedtls_md_info_t) -> mbedtls_md_type_t;
+}
+extern "C" {
+    /// \brief           This function starts a message-digest computation.
+    ///
+    ///                  You must call this function after setting up the context
+    ///                  with mbedtls_md_setup(), and before passing data with
+    ///                  mbedtls_md_update().
+    ///
+    /// \param ctx       The generic message-digest context.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+    ///                  failure.
+    pub fn mbedtls_md_starts(ctx: *mut mbedtls_md_context_t) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function feeds an input buffer into an ongoing
+    ///                  message-digest computation.
+    ///
+    ///                  You must call mbedtls_md_starts() before calling this
+    ///                  function. You may call this function multiple times.
+    ///                  Afterwards, call mbedtls_md_finish().
+    ///
+    /// \param ctx       The generic message-digest context.
+    /// \param input     The buffer holding the input data.
+    /// \param ilen      The length of the input data.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+    ///                  failure.
+    pub fn mbedtls_md_update(
+        ctx: *mut mbedtls_md_context_t,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function finishes the digest operation,
+    ///                  and writes the result to the output buffer.
+    ///
+    ///                  Call this function after a call to mbedtls_md_starts(),
+    ///                  followed by any number of calls to mbedtls_md_update().
+    ///                  Afterwards, you may either clear the context with
+    ///                  mbedtls_md_free(), or call mbedtls_md_starts() to reuse
+    ///                  the context for another digest operation with the same
+    ///                  algorithm.
+    ///
+    /// \param ctx       The generic message-digest context.
+    /// \param output    The buffer for the generic message-digest checksum result.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+    ///                  failure.
+    pub fn mbedtls_md_finish(
+        ctx: *mut mbedtls_md_context_t,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function calculates the message-digest of a buffer,
+    ///                 with respect to a configurable message-digest algorithm
+    ///                 in a single call.
+    ///
+    ///                 The result is calculated as
+    ///                 Output = message_digest(input buffer).
+    ///
+    /// \param md_info  The information structure of the message-digest algorithm
+    ///                 to use.
+    /// \param input    The buffer holding the data.
+    /// \param ilen     The length of the input data.
+    /// \param output   The generic message-digest checksum result.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+    ///                 failure.
+    pub fn mbedtls_md(
+        md_info: *const mbedtls_md_info_t,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function returns the list of digests supported by the
+    ///                  generic digest module.
+    ///
+    /// \note            The list starts with the strongest available hashes.
+    ///
+    /// \return          A statically allocated array of digests. Each element
+    ///                  in the returned list is an integer belonging to the
+    ///                  message-digest enumeration #mbedtls_md_type_t.
+    ///                  The last entry is 0.
+    pub fn mbedtls_md_list() -> *const crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function returns the message-digest information
+    ///                  associated with the given digest name.
+    ///
+    /// \param md_name   The name of the digest to search for.
+    ///
+    /// \return          The message-digest information associated with \p md_name.
+    /// \return          NULL if the associated message-digest information is not found.
+    pub fn mbedtls_md_info_from_string(
+        md_name: *const crate::c_types::c_char,
+    ) -> *const mbedtls_md_info_t;
+}
+extern "C" {
+    /// \brief           This function extracts the message-digest name from the
+    ///                  message-digest information structure.
+    ///
+    /// \param md_info   The information structure of the message-digest algorithm
+    ///                  to use.
+    ///
+    /// \return          The name of the message digest.
+    pub fn mbedtls_md_get_name(md_info: *const mbedtls_md_info_t) -> *const crate::c_types::c_char;
+}
+extern "C" {
+    /// \brief           This function returns the message-digest information
+    ///                  from the given context.
+    ///
+    /// \param ctx       The context from which to extract the information.
+    ///                  This must be initialized (or \c NULL).
+    ///
+    /// \return          The message-digest information associated with \p ctx.
+    /// \return          \c NULL if \p ctx is \c NULL.
+    pub fn mbedtls_md_info_from_ctx(ctx: *const mbedtls_md_context_t) -> *const mbedtls_md_info_t;
+}
+extern "C" {
+    /// \brief           This function sets the HMAC key and prepares to
+    ///                  authenticate a new message.
+    ///
+    ///                  Call this function after mbedtls_md_setup(), to use
+    ///                  the MD context for an HMAC calculation, then call
+    ///                  mbedtls_md_hmac_update() to provide the input data, and
+    ///                  mbedtls_md_hmac_finish() to get the HMAC value.
+    ///
+    /// \param ctx       The message digest context containing an embedded HMAC
+    ///                  context.
+    /// \param key       The HMAC secret key.
+    /// \param keylen    The length of the HMAC key in Bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+    ///                  failure.
+    pub fn mbedtls_md_hmac_starts(
+        ctx: *mut mbedtls_md_context_t,
+        key: *const crate::c_types::c_uchar,
+        keylen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function feeds an input buffer into an ongoing HMAC
+    ///                  computation.
+    ///
+    ///                  Call mbedtls_md_hmac_starts() or mbedtls_md_hmac_reset()
+    ///                  before calling this function.
+    ///                  You may call this function multiple times to pass the
+    ///                  input piecewise.
+    ///                  Afterwards, call mbedtls_md_hmac_finish().
+    ///
+    /// \param ctx       The message digest context containing an embedded HMAC
+    ///                  context.
+    /// \param input     The buffer holding the input data.
+    /// \param ilen      The length of the input data.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+    ///                  failure.
+    pub fn mbedtls_md_hmac_update(
+        ctx: *mut mbedtls_md_context_t,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function finishes the HMAC operation, and writes
+    ///                  the result to the output buffer.
+    ///
+    ///                  Call this function after mbedtls_md_hmac_starts() and
+    ///                  mbedtls_md_hmac_update() to get the HMAC value. Afterwards
+    ///                  you may either call mbedtls_md_free() to clear the context,
+    ///                  or call mbedtls_md_hmac_reset() to reuse the context with
+    ///                  the same HMAC key.
+    ///
+    /// \param ctx       The message digest context containing an embedded HMAC
+    ///                  context.
+    /// \param output    The generic HMAC checksum result.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+    ///                  failure.
+    pub fn mbedtls_md_hmac_finish(
+        ctx: *mut mbedtls_md_context_t,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function prepares to authenticate a new message with
+    ///                  the same key as the previous HMAC operation.
+    ///
+    ///                  You may call this function after mbedtls_md_hmac_finish().
+    ///                  Afterwards call mbedtls_md_hmac_update() to pass the new
+    ///                  input.
+    ///
+    /// \param ctx       The message digest context containing an embedded HMAC
+    ///                  context.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+    ///                  failure.
+    pub fn mbedtls_md_hmac_reset(ctx: *mut mbedtls_md_context_t) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function calculates the full generic HMAC
+    ///                 on the input buffer with the provided key.
+    ///
+    ///                 The function allocates the context, performs the
+    ///                 calculation, and frees the context.
+    ///
+    ///                 The HMAC result is calculated as
+    ///                 output = generic HMAC(hmac key, input buffer).
+    ///
+    /// \param md_info  The information structure of the message-digest algorithm
+    ///                 to use.
+    /// \param key      The HMAC secret key.
+    /// \param keylen   The length of the HMAC secret key in Bytes.
+    /// \param input    The buffer holding the input data.
+    /// \param ilen     The length of the input data.
+    /// \param output   The generic HMAC result.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
+    ///                 failure.
+    pub fn mbedtls_md_hmac(
+        md_info: *const mbedtls_md_info_t,
+        key: *const crate::c_types::c_uchar,
+        keylen: usize,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+/// \brief   The RSA context structure.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_rsa_context {
+    pub private_ver: crate::c_types::c_int,
+    pub private_len: usize,
+    pub private_N: mbedtls_mpi,
+    pub private_E: mbedtls_mpi,
+    pub private_D: mbedtls_mpi,
+    pub private_P: mbedtls_mpi,
+    pub private_Q: mbedtls_mpi,
+    pub private_DP: mbedtls_mpi,
+    pub private_DQ: mbedtls_mpi,
+    pub private_QP: mbedtls_mpi,
+    pub private_RN: mbedtls_mpi,
+    pub private_RP: mbedtls_mpi,
+    pub private_RQ: mbedtls_mpi,
+    pub private_Vi: mbedtls_mpi,
+    pub private_Vf: mbedtls_mpi,
+    pub private_padding: crate::c_types::c_int,
+    pub private_hash_id: crate::c_types::c_int,
+}
+extern "C" {
+    /// \brief          This function initializes an RSA context.
+    ///
+    /// \note           This function initializes the padding and the hash
+    ///                 identifier to respectively #MBEDTLS_RSA_PKCS_V15 and
+    ///                 #MBEDTLS_MD_NONE. See mbedtls_rsa_set_padding() for more
+    ///                 information about those parameters.
+    ///
+    /// \param ctx      The RSA context to initialize. This must not be \c NULL.
+    pub fn mbedtls_rsa_init(ctx: *mut mbedtls_rsa_context);
+}
+extern "C" {
+    /// \brief          This function sets padding for an already initialized RSA
+    ///                 context.
+    ///
+    /// \note           Set padding to #MBEDTLS_RSA_PKCS_V21 for the RSAES-OAEP
+    ///                 encryption scheme and the RSASSA-PSS signature scheme.
+    ///
+    /// \note           The \p hash_id parameter is ignored when using
+    ///                 #MBEDTLS_RSA_PKCS_V15 padding.
+    ///
+    /// \note           The choice of padding mode is strictly enforced for private
+    ///                 key operations, since there might be security concerns in
+    ///                 mixing padding modes. For public key operations it is
+    ///                 a default value, which can be overridden by calling specific
+    ///                 \c mbedtls_rsa_rsaes_xxx or \c mbedtls_rsa_rsassa_xxx
+    ///                 functions.
+    ///
+    /// \note           The hash selected in \p hash_id is always used for OEAP
+    ///                 encryption. For PSS signatures, it is always used for
+    ///                 making signatures, but can be overridden for verifying them.
+    ///                 If set to #MBEDTLS_MD_NONE, it is always overridden.
+    ///
+    /// \param ctx      The initialized RSA context to be configured.
+    /// \param padding  The padding mode to use. This must be either
+    ///                 #MBEDTLS_RSA_PKCS_V15 or #MBEDTLS_RSA_PKCS_V21.
+    /// \param hash_id  The hash identifier for PSS or OAEP, if \p padding is
+    ///                 #MBEDTLS_RSA_PKCS_V21. #MBEDTLS_MD_NONE is accepted by this
+    ///                 function but may be not suitable for some operations.
+    ///                 Ignored if \p padding is #MBEDTLS_RSA_PKCS_V15.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_RSA_INVALID_PADDING failure:
+    ///                 \p padding or \p hash_id is invalid.
+    pub fn mbedtls_rsa_set_padding(
+        ctx: *mut mbedtls_rsa_context,
+        padding: crate::c_types::c_int,
+        hash_id: mbedtls_md_type_t,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function retrieves padding mode of initialized
+    ///                 RSA context.
+    ///
+    /// \param ctx      The initialized RSA context.
+    ///
+    /// \return         RSA padding mode.
+    pub fn mbedtls_rsa_get_padding_mode(ctx: *const mbedtls_rsa_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function retrieves hash identifier of mbedtls_md_type_t
+    ///                 type.
+    ///
+    /// \param ctx      The initialized RSA context.
+    ///
+    /// \return         Hash identifier of mbedtls_md_type_t type.
+    pub fn mbedtls_rsa_get_md_alg(ctx: *const mbedtls_rsa_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function imports a set of core parameters into an
+    ///                 RSA context.
+    ///
+    /// \note           This function can be called multiple times for successive
+    ///                 imports, if the parameters are not simultaneously present.
+    ///
+    ///                 Any sequence of calls to this function should be followed
+    ///                 by a call to mbedtls_rsa_complete(), which checks and
+    ///                 completes the provided information to a ready-for-use
+    ///                 public or private RSA key.
+    ///
+    /// \note           See mbedtls_rsa_complete() for more information on which
+    ///                 parameters are necessary to set up a private or public
+    ///                 RSA key.
+    ///
+    /// \note           The imported parameters are copied and need not be preserved
+    ///                 for the lifetime of the RSA context being set up.
+    ///
+    /// \param ctx      The initialized RSA context to store the parameters in.
+    /// \param N        The RSA modulus. This may be \c NULL.
+    /// \param P        The first prime factor of \p N. This may be \c NULL.
+    /// \param Q        The second prime factor of \p N. This may be \c NULL.
+    /// \param D        The private exponent. This may be \c NULL.
+    /// \param E        The public exponent. This may be \c NULL.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A non-zero error code on failure.
+    pub fn mbedtls_rsa_import(
+        ctx: *mut mbedtls_rsa_context,
+        N: *const mbedtls_mpi,
+        P: *const mbedtls_mpi,
+        Q: *const mbedtls_mpi,
+        D: *const mbedtls_mpi,
+        E: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function imports core RSA parameters, in raw big-endian
+    ///                 binary format, into an RSA context.
+    ///
+    /// \note           This function can be called multiple times for successive
+    ///                 imports, if the parameters are not simultaneously present.
+    ///
+    ///                 Any sequence of calls to this function should be followed
+    ///                 by a call to mbedtls_rsa_complete(), which checks and
+    ///                 completes the provided information to a ready-for-use
+    ///                 public or private RSA key.
+    ///
+    /// \note           See mbedtls_rsa_complete() for more information on which
+    ///                 parameters are necessary to set up a private or public
+    ///                 RSA key.
+    ///
+    /// \note           The imported parameters are copied and need not be preserved
+    ///                 for the lifetime of the RSA context being set up.
+    ///
+    /// \param ctx      The initialized RSA context to store the parameters in.
+    /// \param N        The RSA modulus. This may be \c NULL.
+    /// \param N_len    The Byte length of \p N; it is ignored if \p N == NULL.
+    /// \param P        The first prime factor of \p N. This may be \c NULL.
+    /// \param P_len    The Byte length of \p P; it is ignored if \p P == NULL.
+    /// \param Q        The second prime factor of \p N. This may be \c NULL.
+    /// \param Q_len    The Byte length of \p Q; it is ignored if \p Q == NULL.
+    /// \param D        The private exponent. This may be \c NULL.
+    /// \param D_len    The Byte length of \p D; it is ignored if \p D == NULL.
+    /// \param E        The public exponent. This may be \c NULL.
+    /// \param E_len    The Byte length of \p E; it is ignored if \p E == NULL.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A non-zero error code on failure.
+    pub fn mbedtls_rsa_import_raw(
+        ctx: *mut mbedtls_rsa_context,
+        N: *const crate::c_types::c_uchar,
+        N_len: usize,
+        P: *const crate::c_types::c_uchar,
+        P_len: usize,
+        Q: *const crate::c_types::c_uchar,
+        Q_len: usize,
+        D: *const crate::c_types::c_uchar,
+        D_len: usize,
+        E: *const crate::c_types::c_uchar,
+        E_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function completes an RSA context from
+    ///                 a set of imported core parameters.
+    ///
+    ///                 To setup an RSA public key, precisely \p N and \p E
+    ///                 must have been imported.
+    ///
+    ///                 To setup an RSA private key, sufficient information must
+    ///                 be present for the other parameters to be derivable.
+    ///
+    ///                 The default implementation supports the following:
+    ///                 <ul><li>Derive \p P, \p Q from \p N, \p D, \p E.</li>
+    ///                 <li>Derive \p N, \p D from \p P, \p Q, \p E.</li></ul>
+    ///                 Alternative implementations need not support these.
+    ///
+    ///                 If this function runs successfully, it guarantees that
+    ///                 the RSA context can be used for RSA operations without
+    ///                 the risk of failure or crash.
+    ///
+    /// \warning        This function need not perform consistency checks
+    ///                 for the imported parameters. In particular, parameters that
+    ///                 are not needed by the implementation might be silently
+    ///                 discarded and left unchecked. To check the consistency
+    ///                 of the key material, see mbedtls_rsa_check_privkey().
+    ///
+    /// \param ctx      The initialized RSA context holding imported parameters.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the attempted derivations
+    ///                 failed.
+    pub fn mbedtls_rsa_complete(ctx: *mut mbedtls_rsa_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function exports the core parameters of an RSA key.
+    ///
+    ///                 If this function runs successfully, the non-NULL buffers
+    ///                 pointed to by \p N, \p P, \p Q, \p D, and \p E are fully
+    ///                 written, with additional unused space filled leading by
+    ///                 zero Bytes.
+    ///
+    ///                 Possible reasons for returning
+    ///                 #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED:<ul>
+    ///                 <li>An alternative RSA implementation is in use, which
+    ///                 stores the key externally, and either cannot or should
+    ///                 not export it into RAM.</li>
+    ///                 <li>A SW or HW implementation might not support a certain
+    ///                 deduction. For example, \p P, \p Q from \p N, \p D,
+    ///                 and \p E if the former are not part of the
+    ///                 implementation.</li></ul>
+    ///
+    ///                 If the function fails due to an unsupported operation,
+    ///                 the RSA context stays intact and remains usable.
+    ///
+    /// \param ctx      The initialized RSA context.
+    /// \param N        The MPI to hold the RSA modulus.
+    ///                 This may be \c NULL if this field need not be exported.
+    /// \param P        The MPI to hold the first prime factor of \p N.
+    ///                 This may be \c NULL if this field need not be exported.
+    /// \param Q        The MPI to hold the second prime factor of \p N.
+    ///                 This may be \c NULL if this field need not be exported.
+    /// \param D        The MPI to hold the private exponent.
+    ///                 This may be \c NULL if this field need not be exported.
+    /// \param E        The MPI to hold the public exponent.
+    ///                 This may be \c NULL if this field need not be exported.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED if exporting the
+    ///                 requested parameters cannot be done due to missing
+    ///                 functionality or because of security policies.
+    /// \return         A non-zero return code on any other failure.
+    pub fn mbedtls_rsa_export(
+        ctx: *const mbedtls_rsa_context,
+        N: *mut mbedtls_mpi,
+        P: *mut mbedtls_mpi,
+        Q: *mut mbedtls_mpi,
+        D: *mut mbedtls_mpi,
+        E: *mut mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function exports core parameters of an RSA key
+    ///                 in raw big-endian binary format.
+    ///
+    ///                 If this function runs successfully, the non-NULL buffers
+    ///                 pointed to by \p N, \p P, \p Q, \p D, and \p E are fully
+    ///                 written, with additional unused space filled leading by
+    ///                 zero Bytes.
+    ///
+    ///                 Possible reasons for returning
+    ///                 #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED:<ul>
+    ///                 <li>An alternative RSA implementation is in use, which
+    ///                 stores the key externally, and either cannot or should
+    ///                 not export it into RAM.</li>
+    ///                 <li>A SW or HW implementation might not support a certain
+    ///                 deduction. For example, \p P, \p Q from \p N, \p D,
+    ///                 and \p E if the former are not part of the
+    ///                 implementation.</li></ul>
+    ///                 If the function fails due to an unsupported operation,
+    ///                 the RSA context stays intact and remains usable.
+    ///
+    /// \note           The length parameters are ignored if the corresponding
+    ///                 buffer pointers are NULL.
+    ///
+    /// \param ctx      The initialized RSA context.
+    /// \param N        The Byte array to store the RSA modulus,
+    ///                 or \c NULL if this field need not be exported.
+    /// \param N_len    The size of the buffer for the modulus.
+    /// \param P        The Byte array to hold the first prime factor of \p N,
+    ///                 or \c NULL if this field need not be exported.
+    /// \param P_len    The size of the buffer for the first prime factor.
+    /// \param Q        The Byte array to hold the second prime factor of \p N,
+    ///                 or \c NULL if this field need not be exported.
+    /// \param Q_len    The size of the buffer for the second prime factor.
+    /// \param D        The Byte array to hold the private exponent,
+    ///                 or \c NULL if this field need not be exported.
+    /// \param D_len    The size of the buffer for the private exponent.
+    /// \param E        The Byte array to hold the public exponent,
+    ///                 or \c NULL if this field need not be exported.
+    /// \param E_len    The size of the buffer for the public exponent.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED if exporting the
+    ///                 requested parameters cannot be done due to missing
+    ///                 functionality or because of security policies.
+    /// \return         A non-zero return code on any other failure.
+    pub fn mbedtls_rsa_export_raw(
+        ctx: *const mbedtls_rsa_context,
+        N: *mut crate::c_types::c_uchar,
+        N_len: usize,
+        P: *mut crate::c_types::c_uchar,
+        P_len: usize,
+        Q: *mut crate::c_types::c_uchar,
+        Q_len: usize,
+        D: *mut crate::c_types::c_uchar,
+        D_len: usize,
+        E: *mut crate::c_types::c_uchar,
+        E_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function exports CRT parameters of a private RSA key.
+    ///
+    /// \note           Alternative RSA implementations not using CRT-parameters
+    ///                 internally can implement this function based on
+    ///                 mbedtls_rsa_deduce_opt().
+    ///
+    /// \param ctx      The initialized RSA context.
+    /// \param DP       The MPI to hold \c D modulo `P-1`,
+    ///                 or \c NULL if it need not be exported.
+    /// \param DQ       The MPI to hold \c D modulo `Q-1`,
+    ///                 or \c NULL if it need not be exported.
+    /// \param QP       The MPI to hold modular inverse of \c Q modulo \c P,
+    ///                 or \c NULL if it need not be exported.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A non-zero error code on failure.
+    pub fn mbedtls_rsa_export_crt(
+        ctx: *const mbedtls_rsa_context,
+        DP: *mut mbedtls_mpi,
+        DQ: *mut mbedtls_mpi,
+        QP: *mut mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function retrieves the length of RSA modulus in Bytes.
+    ///
+    /// \param ctx      The initialized RSA context.
+    ///
+    /// \return         The length of the RSA modulus in Bytes.
+    pub fn mbedtls_rsa_get_len(ctx: *const mbedtls_rsa_context) -> usize;
+}
+extern "C" {
+    /// \brief          This function generates an RSA keypair.
+    ///
+    /// \note           mbedtls_rsa_init() must be called before this function,
+    ///                 to set up the RSA context.
+    ///
+    /// \param ctx      The initialized RSA context used to hold the key.
+    /// \param f_rng    The RNG function to be used for key generation.
+    ///                 This is mandatory and must not be \c NULL.
+    /// \param p_rng    The RNG context to be passed to \p f_rng.
+    ///                 This may be \c NULL if \p f_rng doesn't need a context.
+    /// \param nbits    The size of the public key in bits.
+    /// \param exponent The public exponent to use. For example, \c 65537.
+    ///                 This must be odd and greater than \c 1.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_gen_key(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        nbits: crate::c_types::c_uint,
+        exponent: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function checks if a context contains at least an RSA
+    ///                 public key.
+    ///
+    ///                 If the function runs successfully, it is guaranteed that
+    ///                 enough information is present to perform an RSA public key
+    ///                 operation using mbedtls_rsa_public().
+    ///
+    /// \param ctx      The initialized RSA context to check.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_check_pubkey(ctx: *const mbedtls_rsa_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief      This function checks if a context contains an RSA private key
+    ///             and perform basic consistency checks.
+    ///
+    /// \note       The consistency checks performed by this function not only
+    ///             ensure that mbedtls_rsa_private() can be called successfully
+    ///             on the given context, but that the various parameters are
+    ///             mutually consistent with high probability, in the sense that
+    ///             mbedtls_rsa_public() and mbedtls_rsa_private() are inverses.
+    ///
+    /// \warning    This function should catch accidental misconfigurations
+    ///             like swapping of parameters, but it cannot establish full
+    ///             trust in neither the quality nor the consistency of the key
+    ///             material that was used to setup the given RSA context:
+    ///             <ul><li>Consistency: Imported parameters that are irrelevant
+    ///             for the implementation might be silently dropped. If dropped,
+    ///             the current function does not have access to them,
+    ///             and therefore cannot check them. See mbedtls_rsa_complete().
+    ///             If you want to check the consistency of the entire
+    ///             content of a PKCS1-encoded RSA private key, for example, you
+    ///             should use mbedtls_rsa_validate_params() before setting
+    ///             up the RSA context.
+    ///             Additionally, if the implementation performs empirical checks,
+    ///             these checks substantiate but do not guarantee consistency.</li>
+    ///             <li>Quality: This function is not expected to perform
+    ///             extended quality assessments like checking that the prime
+    ///             factors are safe. Additionally, it is the responsibility of the
+    ///             user to ensure the trustworthiness of the source of his RSA
+    ///             parameters, which goes beyond what is effectively checkable
+    ///             by the library.</li></ul>
+    ///
+    /// \param ctx  The initialized RSA context to check.
+    ///
+    /// \return     \c 0 on success.
+    /// \return     An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_check_privkey(ctx: *const mbedtls_rsa_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function checks a public-private RSA key pair.
+    ///
+    ///                 It checks each of the contexts, and makes sure they match.
+    ///
+    /// \param pub      The initialized RSA context holding the public key.
+    /// \param prv      The initialized RSA context holding the private key.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_check_pub_priv(
+        pub_: *const mbedtls_rsa_context,
+        prv: *const mbedtls_rsa_context,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs an RSA public key operation.
+    ///
+    /// \param ctx      The initialized RSA context to use.
+    /// \param input    The input buffer. This must be a readable buffer
+    ///                 of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    /// \param output   The output buffer. This must be a writable buffer
+    ///                 of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    ///
+    /// \note           This function does not handle message padding.
+    ///
+    /// \note           Make sure to set \p input[0] = 0 or ensure that
+    ///                 input is smaller than \p N.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_public(
+        ctx: *mut mbedtls_rsa_context,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs an RSA private key operation.
+    ///
+    /// \note           Blinding is used if and only if a PRNG is provided.
+    ///
+    /// \note           If blinding is used, both the base of exponentiation
+    ///                 and the exponent are blinded, providing protection
+    ///                 against some side-channel attacks.
+    ///
+    /// \warning        It is deprecated and a security risk to not provide
+    ///                 a PRNG here and thereby prevent the use of blinding.
+    ///                 Future versions of the library may enforce the presence
+    ///                 of a PRNG.
+    ///
+    /// \param ctx      The initialized RSA context to use.
+    /// \param f_rng    The RNG function, used for blinding. It is mandatory.
+    /// \param p_rng    The RNG context to pass to \p f_rng. This may be \c NULL
+    ///                 if \p f_rng doesn't need a context.
+    /// \param input    The input buffer. This must be a readable buffer
+    ///                 of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    /// \param output   The output buffer. This must be a writable buffer
+    ///                 of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_private(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function adds the message padding, then performs an RSA
+    ///                 operation.
+    ///
+    ///                 It is the generic wrapper for performing a PKCS#1 encryption
+    ///                 operation.
+    ///
+    /// \param ctx      The initialized RSA context to use.
+    /// \param f_rng    The RNG to use. It is used for padding generation
+    ///                 and it is mandatory.
+    /// \param p_rng    The RNG context to be passed to \p f_rng. May be
+    ///                 \c NULL if \p f_rng doesn't need a context argument.
+    /// \param ilen     The length of the plaintext in Bytes.
+    /// \param input    The input data to encrypt. This must be a readable
+    ///                 buffer of size \p ilen Bytes. It may be \c NULL if
+    ///                 `ilen == 0`.
+    /// \param output   The output buffer. This must be a writable buffer
+    ///                 of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_pkcs1_encrypt(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        ilen: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs a PKCS#1 v1.5 encryption operation
+    ///                 (RSAES-PKCS1-v1_5-ENCRYPT).
+    ///
+    /// \param ctx      The initialized RSA context to use.
+    /// \param f_rng    The RNG function to use. It is mandatory and used for
+    ///                 padding generation.
+    /// \param p_rng    The RNG context to be passed to \p f_rng. This may
+    ///                 be \c NULL if \p f_rng doesn't need a context argument.
+    /// \param ilen     The length of the plaintext in Bytes.
+    /// \param input    The input data to encrypt. This must be a readable
+    ///                 buffer of size \p ilen Bytes. It may be \c NULL if
+    ///                 `ilen == 0`.
+    /// \param output   The output buffer. This must be a writable buffer
+    ///                 of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_rsaes_pkcs1_v15_encrypt(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        ilen: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief            This function performs a PKCS#1 v2.1 OAEP encryption
+    ///                   operation (RSAES-OAEP-ENCRYPT).
+    ///
+    /// \note             The output buffer must be as large as the size
+    ///                   of ctx->N. For example, 128 Bytes if RSA-1024 is used.
+    ///
+    /// \param ctx        The initialized RSA context to use.
+    /// \param f_rng      The RNG function to use. This is needed for padding
+    ///                   generation and is mandatory.
+    /// \param p_rng      The RNG context to be passed to \p f_rng. This may
+    ///                   be \c NULL if \p f_rng doesn't need a context argument.
+    /// \param label      The buffer holding the custom label to use.
+    ///                   This must be a readable buffer of length \p label_len
+    ///                   Bytes. It may be \c NULL if \p label_len is \c 0.
+    /// \param label_len  The length of the label in Bytes.
+    /// \param ilen       The length of the plaintext buffer \p input in Bytes.
+    /// \param input      The input data to encrypt. This must be a readable
+    ///                   buffer of size \p ilen Bytes. It may be \c NULL if
+    ///                   `ilen == 0`.
+    /// \param output     The output buffer. This must be a writable buffer
+    ///                   of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                   for an 2048-bit RSA modulus.
+    ///
+    /// \return           \c 0 on success.
+    /// \return           An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_rsaes_oaep_encrypt(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        label: *const crate::c_types::c_uchar,
+        label_len: usize,
+        ilen: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs an RSA operation, then removes the
+    ///                 message padding.
+    ///
+    ///                 It is the generic wrapper for performing a PKCS#1 decryption
+    ///                 operation.
+    ///
+    /// \note           The output buffer length \c output_max_len should be
+    ///                 as large as the size \p ctx->len of \p ctx->N (for example,
+    ///                 128 Bytes if RSA-1024 is used) to be able to hold an
+    ///                 arbitrary decrypted message. If it is not large enough to
+    ///                 hold the decryption of the particular ciphertext provided,
+    ///                 the function returns \c MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
+    ///
+    /// \param ctx      The initialized RSA context to use.
+    /// \param f_rng    The RNG function. This is used for blinding and is
+    ///                 mandatory; see mbedtls_rsa_private() for more.
+    /// \param p_rng    The RNG context to be passed to \p f_rng. This may be
+    ///                 \c NULL if \p f_rng doesn't need a context.
+    /// \param olen     The address at which to store the length of
+    ///                 the plaintext. This must not be \c NULL.
+    /// \param input    The ciphertext buffer. This must be a readable buffer
+    ///                 of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    /// \param output   The buffer used to hold the plaintext. This must
+    ///                 be a writable buffer of length \p output_max_len Bytes.
+    /// \param output_max_len The length in Bytes of the output buffer \p output.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_pkcs1_decrypt(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        olen: *mut usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+        output_max_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs a PKCS#1 v1.5 decryption
+    ///                 operation (RSAES-PKCS1-v1_5-DECRYPT).
+    ///
+    /// \note           The output buffer length \c output_max_len should be
+    ///                 as large as the size \p ctx->len of \p ctx->N, for example,
+    ///                 128 Bytes if RSA-1024 is used, to be able to hold an
+    ///                 arbitrary decrypted message. If it is not large enough to
+    ///                 hold the decryption of the particular ciphertext provided,
+    ///                 the function returns #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
+    ///
+    /// \param ctx      The initialized RSA context to use.
+    /// \param f_rng    The RNG function. This is used for blinding and is
+    ///                 mandatory; see mbedtls_rsa_private() for more.
+    /// \param p_rng    The RNG context to be passed to \p f_rng. This may be
+    ///                 \c NULL if \p f_rng doesn't need a context.
+    /// \param olen     The address at which to store the length of
+    ///                 the plaintext. This must not be \c NULL.
+    /// \param input    The ciphertext buffer. This must be a readable buffer
+    ///                 of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    /// \param output   The buffer used to hold the plaintext. This must
+    ///                 be a writable buffer of length \p output_max_len Bytes.
+    /// \param output_max_len The length in Bytes of the output buffer \p output.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_rsaes_pkcs1_v15_decrypt(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        olen: *mut usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+        output_max_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief            This function performs a PKCS#1 v2.1 OAEP decryption
+    ///                   operation (RSAES-OAEP-DECRYPT).
+    ///
+    /// \note             The output buffer length \c output_max_len should be
+    ///                   as large as the size \p ctx->len of \p ctx->N, for
+    ///                   example, 128 Bytes if RSA-1024 is used, to be able to
+    ///                   hold an arbitrary decrypted message. If it is not
+    ///                   large enough to hold the decryption of the particular
+    ///                   ciphertext provided, the function returns
+    ///                   #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
+    ///
+    /// \param ctx        The initialized RSA context to use.
+    /// \param f_rng      The RNG function. This is used for blinding and is
+    ///                   mandatory.
+    /// \param p_rng      The RNG context to be passed to \p f_rng. This may be
+    ///                   \c NULL if \p f_rng doesn't need a context.
+    /// \param label      The buffer holding the custom label to use.
+    ///                   This must be a readable buffer of length \p label_len
+    ///                   Bytes. It may be \c NULL if \p label_len is \c 0.
+    /// \param label_len  The length of the label in Bytes.
+    /// \param olen       The address at which to store the length of
+    ///                   the plaintext. This must not be \c NULL.
+    /// \param input      The ciphertext buffer. This must be a readable buffer
+    ///                   of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                   for an 2048-bit RSA modulus.
+    /// \param output     The buffer used to hold the plaintext. This must
+    ///                   be a writable buffer of length \p output_max_len Bytes.
+    /// \param output_max_len The length in Bytes of the output buffer \p output.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_rsaes_oaep_decrypt(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        label: *const crate::c_types::c_uchar,
+        label_len: usize,
+        olen: *mut usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+        output_max_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs a private RSA operation to sign
+    ///                 a message digest using PKCS#1.
+    ///
+    ///                 It is the generic wrapper for performing a PKCS#1
+    ///                 signature.
+    ///
+    /// \note           The \p sig buffer must be as large as the size
+    ///                 of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
+    ///
+    /// \note           For PKCS#1 v2.1 encoding, see comments on
+    ///                 mbedtls_rsa_rsassa_pss_sign() for details on
+    ///                 \p md_alg and \p hash_id.
+    ///
+    /// \param ctx      The initialized RSA context to use.
+    /// \param f_rng    The RNG function to use. This is mandatory and
+    ///                 must not be \c NULL.
+    /// \param p_rng    The RNG context to be passed to \p f_rng. This may be \c NULL
+    ///                 if \p f_rng doesn't need a context argument.
+    /// \param md_alg   The message-digest algorithm used to hash the original data.
+    ///                 Use #MBEDTLS_MD_NONE for signing raw data.
+    /// \param hashlen  The length of the message digest or raw data in Bytes.
+    ///                 If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+    ///                 output length of the corresponding hash algorithm.
+    /// \param hash     The buffer holding the message digest or raw data.
+    ///                 This must be a readable buffer of at least \p hashlen Bytes.
+    /// \param sig      The buffer to hold the signature. This must be a writable
+    ///                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus. A buffer length of
+    ///                 #MBEDTLS_MPI_MAX_SIZE is always safe.
+    ///
+    /// \return         \c 0 if the signing operation was successful.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_pkcs1_sign(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        md_alg: mbedtls_md_type_t,
+        hashlen: crate::c_types::c_uint,
+        hash: *const crate::c_types::c_uchar,
+        sig: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs a PKCS#1 v1.5 signature
+    ///                 operation (RSASSA-PKCS1-v1_5-SIGN).
+    ///
+    /// \param ctx      The initialized RSA context to use.
+    /// \param f_rng    The RNG function. This is used for blinding and is
+    ///                 mandatory; see mbedtls_rsa_private() for more.
+    /// \param p_rng    The RNG context to be passed to \p f_rng. This may be \c NULL
+    ///                 if \p f_rng doesn't need a context argument.
+    /// \param md_alg   The message-digest algorithm used to hash the original data.
+    ///                 Use #MBEDTLS_MD_NONE for signing raw data.
+    /// \param hashlen  The length of the message digest or raw data in Bytes.
+    ///                 If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+    ///                 output length of the corresponding hash algorithm.
+    /// \param hash     The buffer holding the message digest or raw data.
+    ///                 This must be a readable buffer of at least \p hashlen Bytes.
+    /// \param sig      The buffer to hold the signature. This must be a writable
+    ///                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus. A buffer length of
+    ///                 #MBEDTLS_MPI_MAX_SIZE is always safe.
+    ///
+    /// \return         \c 0 if the signing operation was successful.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_rsassa_pkcs1_v15_sign(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        md_alg: mbedtls_md_type_t,
+        hashlen: crate::c_types::c_uint,
+        hash: *const crate::c_types::c_uchar,
+        sig: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs a PKCS#1 v2.1 PSS signature
+    ///                 operation (RSASSA-PSS-SIGN).
+    ///
+    /// \note           The \c hash_id set in \p ctx by calling
+    ///                 mbedtls_rsa_set_padding() selects the hash used for the
+    ///                 encoding operation and for the mask generation function
+    ///                 (MGF1). For more details on the encoding operation and the
+    ///                 mask generation function, consult <em>RFC-3447: Public-Key
+    ///                 Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography
+    ///                 Specifications</em>.
+    ///
+    /// \note           This function enforces that the provided salt length complies
+    ///                 with FIPS 186-4 §5.5 (e) and RFC 8017 (PKCS#1 v2.2) §9.1.1
+    ///                 step 3. The constraint is that the hash length plus the salt
+    ///                 length plus 2 bytes must be at most the key length. If this
+    ///                 constraint is not met, this function returns
+    ///                 #MBEDTLS_ERR_RSA_BAD_INPUT_DATA.
+    ///
+    /// \param ctx      The initialized RSA context to use.
+    /// \param f_rng    The RNG function. It is mandatory and must not be \c NULL.
+    /// \param p_rng    The RNG context to be passed to \p f_rng. This may be \c NULL
+    ///                 if \p f_rng doesn't need a context argument.
+    /// \param md_alg   The message-digest algorithm used to hash the original data.
+    ///                 Use #MBEDTLS_MD_NONE for signing raw data.
+    /// \param hashlen  The length of the message digest or raw data in Bytes.
+    ///                 If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+    ///                 output length of the corresponding hash algorithm.
+    /// \param hash     The buffer holding the message digest or raw data.
+    ///                 This must be a readable buffer of at least \p hashlen Bytes.
+    /// \param saltlen  The length of the salt that should be used.
+    ///                 If passed #MBEDTLS_RSA_SALT_LEN_ANY, the function will use
+    ///                 the largest possible salt length up to the hash length,
+    ///                 which is the largest permitted by some standards including
+    ///                 FIPS 186-4 §5.5.
+    /// \param sig      The buffer to hold the signature. This must be a writable
+    ///                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus. A buffer length of
+    ///                 #MBEDTLS_MPI_MAX_SIZE is always safe.
+    ///
+    /// \return         \c 0 if the signing operation was successful.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_rsassa_pss_sign_ext(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        md_alg: mbedtls_md_type_t,
+        hashlen: crate::c_types::c_uint,
+        hash: *const crate::c_types::c_uchar,
+        saltlen: crate::c_types::c_int,
+        sig: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs a PKCS#1 v2.1 PSS signature
+    ///                 operation (RSASSA-PSS-SIGN).
+    ///
+    /// \note           The \c hash_id set in \p ctx by calling
+    ///                 mbedtls_rsa_set_padding() selects the hash used for the
+    ///                 encoding operation and for the mask generation function
+    ///                 (MGF1). For more details on the encoding operation and the
+    ///                 mask generation function, consult <em>RFC-3447: Public-Key
+    ///                 Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography
+    ///                 Specifications</em>.
+    ///
+    /// \note           This function always uses the maximum possible salt size,
+    ///                 up to the length of the payload hash. This choice of salt
+    ///                 size complies with FIPS 186-4 §5.5 (e) and RFC 8017 (PKCS#1
+    ///                 v2.2) §9.1.1 step 3. Furthermore this function enforces a
+    ///                 minimum salt size which is the hash size minus 2 bytes. If
+    ///                 this minimum size is too large given the key size (the salt
+    ///                 size, plus the hash size, plus 2 bytes must be no more than
+    ///                 the key size in bytes), this function returns
+    ///                 #MBEDTLS_ERR_RSA_BAD_INPUT_DATA.
+    ///
+    /// \param ctx      The initialized RSA context to use.
+    /// \param f_rng    The RNG function. It is mandatory and must not be \c NULL.
+    /// \param p_rng    The RNG context to be passed to \p f_rng. This may be \c NULL
+    ///                 if \p f_rng doesn't need a context argument.
+    /// \param md_alg   The message-digest algorithm used to hash the original data.
+    ///                 Use #MBEDTLS_MD_NONE for signing raw data.
+    /// \param hashlen  The length of the message digest or raw data in Bytes.
+    ///                 If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+    ///                 output length of the corresponding hash algorithm.
+    /// \param hash     The buffer holding the message digest or raw data.
+    ///                 This must be a readable buffer of at least \p hashlen Bytes.
+    /// \param sig      The buffer to hold the signature. This must be a writable
+    ///                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus. A buffer length of
+    ///                 #MBEDTLS_MPI_MAX_SIZE is always safe.
+    ///
+    /// \return         \c 0 if the signing operation was successful.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_rsassa_pss_sign(
+        ctx: *mut mbedtls_rsa_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        md_alg: mbedtls_md_type_t,
+        hashlen: crate::c_types::c_uint,
+        hash: *const crate::c_types::c_uchar,
+        sig: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs a public RSA operation and checks
+    ///                 the message digest.
+    ///
+    ///                 This is the generic wrapper for performing a PKCS#1
+    ///                 verification.
+    ///
+    /// \note           For PKCS#1 v2.1 encoding, see comments on
+    ///                 mbedtls_rsa_rsassa_pss_verify() about \p md_alg and
+    ///                 \p hash_id.
+    ///
+    /// \param ctx      The initialized RSA public key context to use.
+    /// \param md_alg   The message-digest algorithm used to hash the original data.
+    ///                 Use #MBEDTLS_MD_NONE for signing raw data.
+    /// \param hashlen  The length of the message digest or raw data in Bytes.
+    ///                 If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+    ///                 output length of the corresponding hash algorithm.
+    /// \param hash     The buffer holding the message digest or raw data.
+    ///                 This must be a readable buffer of at least \p hashlen Bytes.
+    /// \param sig      The buffer holding the signature. This must be a readable
+    ///                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    ///
+    /// \return         \c 0 if the verify operation was successful.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_pkcs1_verify(
+        ctx: *mut mbedtls_rsa_context,
+        md_alg: mbedtls_md_type_t,
+        hashlen: crate::c_types::c_uint,
+        hash: *const crate::c_types::c_uchar,
+        sig: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs a PKCS#1 v1.5 verification
+    ///                 operation (RSASSA-PKCS1-v1_5-VERIFY).
+    ///
+    /// \param ctx      The initialized RSA public key context to use.
+    /// \param md_alg   The message-digest algorithm used to hash the original data.
+    ///                 Use #MBEDTLS_MD_NONE for signing raw data.
+    /// \param hashlen  The length of the message digest or raw data in Bytes.
+    ///                 If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+    ///                 output length of the corresponding hash algorithm.
+    /// \param hash     The buffer holding the message digest or raw data.
+    ///                 This must be a readable buffer of at least \p hashlen Bytes.
+    /// \param sig      The buffer holding the signature. This must be a readable
+    ///                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    ///
+    /// \return         \c 0 if the verify operation was successful.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_rsassa_pkcs1_v15_verify(
+        ctx: *mut mbedtls_rsa_context,
+        md_alg: mbedtls_md_type_t,
+        hashlen: crate::c_types::c_uint,
+        hash: *const crate::c_types::c_uchar,
+        sig: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs a PKCS#1 v2.1 PSS verification
+    ///                 operation (RSASSA-PSS-VERIFY).
+    ///
+    /// \note           The \c hash_id set in \p ctx by calling
+    ///                 mbedtls_rsa_set_padding() selects the hash used for the
+    ///                 encoding operation and for the mask generation function
+    ///                 (MGF1). For more details on the encoding operation and the
+    ///                 mask generation function, consult <em>RFC-3447: Public-Key
+    ///                 Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography
+    ///                 Specifications</em>. If the \c hash_id set in \p ctx by
+    ///                 mbedtls_rsa_set_padding() is #MBEDTLS_MD_NONE, the \p md_alg
+    ///                 parameter is used.
+    ///
+    /// \param ctx      The initialized RSA public key context to use.
+    /// \param md_alg   The message-digest algorithm used to hash the original data.
+    ///                 Use #MBEDTLS_MD_NONE for signing raw data.
+    /// \param hashlen  The length of the message digest or raw data in Bytes.
+    ///                 If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+    ///                 output length of the corresponding hash algorithm.
+    /// \param hash     The buffer holding the message digest or raw data.
+    ///                 This must be a readable buffer of at least \p hashlen Bytes.
+    /// \param sig      The buffer holding the signature. This must be a readable
+    ///                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    ///
+    /// \return         \c 0 if the verify operation was successful.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_rsassa_pss_verify(
+        ctx: *mut mbedtls_rsa_context,
+        md_alg: mbedtls_md_type_t,
+        hashlen: crate::c_types::c_uint,
+        hash: *const crate::c_types::c_uchar,
+        sig: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs a PKCS#1 v2.1 PSS verification
+    ///                 operation (RSASSA-PSS-VERIFY).
+    ///
+    /// \note           The \p sig buffer must be as large as the size
+    ///                 of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
+    ///
+    /// \note           The \c hash_id set in \p ctx by mbedtls_rsa_set_padding() is
+    ///                 ignored.
+    ///
+    /// \param ctx      The initialized RSA public key context to use.
+    /// \param md_alg   The message-digest algorithm used to hash the original data.
+    ///                 Use #MBEDTLS_MD_NONE for signing raw data.
+    /// \param hashlen  The length of the message digest or raw data in Bytes.
+    ///                 If \p md_alg is not #MBEDTLS_MD_NONE, this must match the
+    ///                 output length of the corresponding hash algorithm.
+    /// \param hash     The buffer holding the message digest or raw data.
+    ///                 This must be a readable buffer of at least \p hashlen Bytes.
+    /// \param mgf1_hash_id      The message digest algorithm used for the
+    ///                          verification operation and the mask generation
+    ///                          function (MGF1). For more details on the encoding
+    ///                          operation and the mask generation function, consult
+    ///                          <em>RFC-3447: Public-Key Cryptography Standards
+    ///                          (PKCS) #1 v2.1: RSA Cryptography
+    ///                          Specifications</em>.
+    /// \param expected_salt_len The length of the salt used in padding. Use
+    ///                          #MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length.
+    /// \param sig      The buffer holding the signature. This must be a readable
+    ///                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
+    ///                 for an 2048-bit RSA modulus.
+    ///
+    /// \return         \c 0 if the verify operation was successful.
+    /// \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
+    pub fn mbedtls_rsa_rsassa_pss_verify_ext(
+        ctx: *mut mbedtls_rsa_context,
+        md_alg: mbedtls_md_type_t,
+        hashlen: crate::c_types::c_uint,
+        hash: *const crate::c_types::c_uchar,
+        mgf1_hash_id: mbedtls_md_type_t,
+        expected_salt_len: crate::c_types::c_int,
+        sig: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function copies the components of an RSA context.
+    ///
+    /// \param dst      The destination context. This must be initialized.
+    /// \param src      The source context. This must be initialized.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure.
+    pub fn mbedtls_rsa_copy(
+        dst: *mut mbedtls_rsa_context,
+        src: *const mbedtls_rsa_context,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function frees the components of an RSA key.
+    ///
+    /// \param ctx      The RSA context to free. May be \c NULL, in which case
+    ///                 this function is a no-op. If it is not \c NULL, it must
+    ///                 point to an initialized RSA context.
+    pub fn mbedtls_rsa_free(ctx: *mut mbedtls_rsa_context);
+}
+extern "C" {
+    /// \brief          The RSA checkup routine.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_rsa_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+/// \brief           The ECDSA context structure.
+///
+/// \warning         Performing multiple operations concurrently on the same
+///                  ECDSA context is not supported; objects of this type
+///                  should not be shared between multiple threads.
+///
+/// \note            pk_wrap module assumes that "ecdsa_context" is identical
+///                  to "ecp_keypair" (see for example structure
+///                  "mbedtls_eckey_info" where ECDSA sign/verify functions
+///                  are used also for EC key)
+pub type mbedtls_ecdsa_context = mbedtls_ecp_keypair;
+pub type mbedtls_ecdsa_restart_ctx = crate::c_types::c_void;
+extern "C" {
+    /// \brief          This function checks whether a given group can be used
+    ///                 for ECDSA.
+    ///
+    /// \param gid      The ECP group ID to check.
+    ///
+    /// \return         \c 1 if the group can be used, \c 0 otherwise
+    pub fn mbedtls_ecdsa_can_do(gid: mbedtls_ecp_group_id) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function computes the ECDSA signature of a
+    ///                  previously-hashed message.
+    ///
+    /// \note            The deterministic version implemented in
+    ///                  mbedtls_ecdsa_sign_det_ext() is usually preferred.
+    ///
+    /// \note            If the bitlength of the message hash is larger than the
+    ///                  bitlength of the group order, then the hash is truncated
+    ///                  as defined in <em>Standards for Efficient Cryptography Group
+    ///                  (SECG): SEC1 Elliptic Curve Cryptography</em>, section
+    ///                  4.1.3, step 5.
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param grp       The context for the elliptic curve to use.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param r         The MPI context in which to store the first part
+    ///                  the signature. This must be initialized.
+    /// \param s         The MPI context in which to store the second part
+    ///                  the signature. This must be initialized.
+    /// \param d         The private signing key. This must be initialized.
+    /// \param buf       The content to be signed. This is usually the hash of
+    ///                  the original data to be signed. This must be a readable
+    ///                  buffer of length \p blen Bytes. It may be \c NULL if
+    ///                  \p blen is zero.
+    /// \param blen      The length of \p buf in Bytes.
+    /// \param f_rng     The RNG function. This must not be \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may be
+    ///                  \c NULL if \p f_rng doesn't need a context parameter.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX
+    ///                  or \c MBEDTLS_MPI_XXX error code on failure.
+    pub fn mbedtls_ecdsa_sign(
+        grp: *mut mbedtls_ecp_group,
+        r: *mut mbedtls_mpi,
+        s: *mut mbedtls_mpi,
+        d: *const mbedtls_mpi,
+        buf: *const crate::c_types::c_uchar,
+        blen: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function computes the ECDSA signature of a
+    ///                  previously-hashed message, deterministic version.
+    ///
+    ///                  For more information, see <em>RFC-6979: Deterministic
+    ///                  Usage of the Digital Signature Algorithm (DSA) and Elliptic
+    ///                  Curve Digital Signature Algorithm (ECDSA)</em>.
+    ///
+    /// \note            If the bitlength of the message hash is larger than the
+    ///                  bitlength of the group order, then the hash is truncated as
+    ///                  defined in <em>Standards for Efficient Cryptography Group
+    ///                  (SECG): SEC1 Elliptic Curve Cryptography</em>, section
+    ///                  4.1.3, step 5.
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param grp           The context for the elliptic curve to use.
+    ///                      This must be initialized and have group parameters
+    ///                      set, for example through mbedtls_ecp_group_load().
+    /// \param r             The MPI context in which to store the first part
+    ///                      the signature. This must be initialized.
+    /// \param s             The MPI context in which to store the second part
+    ///                      the signature. This must be initialized.
+    /// \param d             The private signing key. This must be initialized
+    ///                      and setup, for example through mbedtls_ecp_gen_privkey().
+    /// \param buf           The hashed content to be signed. This must be a readable
+    ///                      buffer of length \p blen Bytes. It may be \c NULL if
+    ///                      \p blen is zero.
+    /// \param blen          The length of \p buf in Bytes.
+    /// \param md_alg        The hash algorithm used to hash the original data.
+    /// \param f_rng_blind   The RNG function used for blinding. This must not be
+    ///                      \c NULL.
+    /// \param p_rng_blind   The RNG context to be passed to \p f_rng. This may be
+    ///                      \c NULL if \p f_rng doesn't need a context parameter.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
+    ///                  error code on failure.
+    pub fn mbedtls_ecdsa_sign_det_ext(
+        grp: *mut mbedtls_ecp_group,
+        r: *mut mbedtls_mpi,
+        s: *mut mbedtls_mpi,
+        d: *const mbedtls_mpi,
+        buf: *const crate::c_types::c_uchar,
+        blen: usize,
+        md_alg: mbedtls_md_type_t,
+        f_rng_blind: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng_blind: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function computes the ECDSA signature of a
+    ///                      previously-hashed message, in a restartable way.
+    ///
+    /// \note                The deterministic version implemented in
+    ///                      mbedtls_ecdsa_sign_det_restartable() is usually
+    ///                      preferred.
+    ///
+    /// \note                This function is like \c mbedtls_ecdsa_sign() but
+    ///                      it can return early and restart according to the
+    ///                      limit set with \c mbedtls_ecp_set_max_ops() to
+    ///                      reduce blocking.
+    ///
+    /// \note                If the bitlength of the message hash is larger
+    ///                      than the bitlength of the group order, then the
+    ///                      hash is truncated as defined in <em>Standards for
+    ///                      Efficient Cryptography Group (SECG): SEC1 Elliptic
+    ///                      Curve Cryptography</em>, section 4.1.3, step 5.
+    ///
+    /// \see                 ecp.h
+    ///
+    /// \param grp           The context for the elliptic curve to use.
+    ///                      This must be initialized and have group parameters
+    ///                      set, for example through mbedtls_ecp_group_load().
+    /// \param r             The MPI context in which to store the first part
+    ///                      the signature. This must be initialized.
+    /// \param s             The MPI context in which to store the second part
+    ///                      the signature. This must be initialized.
+    /// \param d             The private signing key. This must be initialized
+    ///                      and setup, for example through
+    ///                      mbedtls_ecp_gen_privkey().
+    /// \param buf           The hashed content to be signed. This must be a readable
+    ///                      buffer of length \p blen Bytes. It may be \c NULL if
+    ///                      \p blen is zero.
+    /// \param blen          The length of \p buf in Bytes.
+    /// \param f_rng         The RNG function. This must not be \c NULL.
+    /// \param p_rng         The RNG context to be passed to \p f_rng. This may be
+    ///                      \c NULL if \p f_rng doesn't need a context parameter.
+    /// \param f_rng_blind   The RNG function used for blinding. This must not be
+    ///                      \c NULL.
+    /// \param p_rng_blind   The RNG context to be passed to \p f_rng. This may be
+    ///                      \c NULL if \p f_rng doesn't need a context parameter.
+    /// \param rs_ctx        The restart context to use. This may be \c NULL
+    ///                      to disable restarting. If it is not \c NULL, it
+    ///                      must point to an initialized restart context.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                      operations was reached: see \c
+    ///                      mbedtls_ecp_set_max_ops().
+    /// \return              Another \c MBEDTLS_ERR_ECP_XXX, \c
+    ///                      MBEDTLS_ERR_MPI_XXX or \c MBEDTLS_ERR_ASN1_XXX
+    ///                      error code on failure.
+    pub fn mbedtls_ecdsa_sign_restartable(
+        grp: *mut mbedtls_ecp_group,
+        r: *mut mbedtls_mpi,
+        s: *mut mbedtls_mpi,
+        d: *const mbedtls_mpi,
+        buf: *const crate::c_types::c_uchar,
+        blen: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        f_rng_blind: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng_blind: *mut crate::c_types::c_void,
+        rs_ctx: *mut mbedtls_ecdsa_restart_ctx,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function computes the ECDSA signature of a
+    ///                      previously-hashed message, in a restartable way.
+    ///
+    /// \note                This function is like \c
+    ///                      mbedtls_ecdsa_sign_det_ext() but it can return
+    ///                      early and restart according to the limit set with
+    ///                      \c mbedtls_ecp_set_max_ops() to reduce blocking.
+    ///
+    /// \note                If the bitlength of the message hash is larger
+    ///                      than the bitlength of the group order, then the
+    ///                      hash is truncated as defined in <em>Standards for
+    ///                      Efficient Cryptography Group (SECG): SEC1 Elliptic
+    ///                      Curve Cryptography</em>, section 4.1.3, step 5.
+    ///
+    /// \see                 ecp.h
+    ///
+    /// \param grp           The context for the elliptic curve to use.
+    ///                      This must be initialized and have group parameters
+    ///                      set, for example through mbedtls_ecp_group_load().
+    /// \param r             The MPI context in which to store the first part
+    ///                      the signature. This must be initialized.
+    /// \param s             The MPI context in which to store the second part
+    ///                      the signature. This must be initialized.
+    /// \param d             The private signing key. This must be initialized
+    ///                      and setup, for example through
+    ///                      mbedtls_ecp_gen_privkey().
+    /// \param buf           The hashed content to be signed. This must be a readable
+    ///                      buffer of length \p blen Bytes. It may be \c NULL if
+    ///                      \p blen is zero.
+    /// \param blen          The length of \p buf in Bytes.
+    /// \param f_rng_blind   The RNG function used for blinding. This must not be
+    ///                      \c NULL.
+    /// \param p_rng_blind   The RNG context to be passed to \p f_rng. This may be
+    ///                      \c NULL if \p f_rng doesn't need a context parameter.
+    /// \param rs_ctx        The restart context to use. This may be \c NULL
+    ///                      to disable restarting. If it is not \c NULL, it
+    ///                      must point to an initialized restart context.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                      operations was reached: see \c
+    ///                      mbedtls_ecp_set_max_ops().
+    /// \return              Another \c MBEDTLS_ERR_ECP_XXX, \c
+    ///                      MBEDTLS_ERR_MPI_XXX or \c MBEDTLS_ERR_ASN1_XXX
+    ///                      error code on failure.
+    pub fn mbedtls_ecdsa_sign_det_restartable(
+        grp: *mut mbedtls_ecp_group,
+        r: *mut mbedtls_mpi,
+        s: *mut mbedtls_mpi,
+        d: *const mbedtls_mpi,
+        buf: *const crate::c_types::c_uchar,
+        blen: usize,
+        md_alg: mbedtls_md_type_t,
+        f_rng_blind: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng_blind: *mut crate::c_types::c_void,
+        rs_ctx: *mut mbedtls_ecdsa_restart_ctx,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function verifies the ECDSA signature of a
+    ///                  previously-hashed message.
+    ///
+    /// \note            If the bitlength of the message hash is larger than the
+    ///                  bitlength of the group order, then the hash is truncated as
+    ///                  defined in <em>Standards for Efficient Cryptography Group
+    ///                  (SECG): SEC1 Elliptic Curve Cryptography</em>, section
+    ///                  4.1.4, step 3.
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param grp       The ECP group to use.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param buf       The hashed content that was signed. This must be a readable
+    ///                  buffer of length \p blen Bytes. It may be \c NULL if
+    ///                  \p blen is zero.
+    /// \param blen      The length of \p buf in Bytes.
+    /// \param Q         The public key to use for verification. This must be
+    ///                  initialized and setup.
+    /// \param r         The first integer of the signature.
+    ///                  This must be initialized.
+    /// \param s         The second integer of the signature.
+    ///                  This must be initialized.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
+    ///                  error code on failure.
+    pub fn mbedtls_ecdsa_verify(
+        grp: *mut mbedtls_ecp_group,
+        buf: *const crate::c_types::c_uchar,
+        blen: usize,
+        Q: *const mbedtls_ecp_point,
+        r: *const mbedtls_mpi,
+        s: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function verifies the ECDSA signature of a
+    ///                  previously-hashed message, in a restartable manner
+    ///
+    /// \note            If the bitlength of the message hash is larger than the
+    ///                  bitlength of the group order, then the hash is truncated as
+    ///                  defined in <em>Standards for Efficient Cryptography Group
+    ///                  (SECG): SEC1 Elliptic Curve Cryptography</em>, section
+    ///                  4.1.4, step 3.
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param grp       The ECP group to use.
+    ///                  This must be initialized and have group parameters
+    ///                  set, for example through mbedtls_ecp_group_load().
+    /// \param buf       The hashed content that was signed. This must be a readable
+    ///                  buffer of length \p blen Bytes. It may be \c NULL if
+    ///                  \p blen is zero.
+    /// \param blen      The length of \p buf in Bytes.
+    /// \param Q         The public key to use for verification. This must be
+    ///                  initialized and setup.
+    /// \param r         The first integer of the signature.
+    ///                  This must be initialized.
+    /// \param s         The second integer of the signature.
+    ///                  This must be initialized.
+    /// \param rs_ctx    The restart context to use. This may be \c NULL to disable
+    ///                  restarting. If it is not \c NULL, it must point to an
+    ///                  initialized restart context.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                  operations was reached: see \c mbedtls_ecp_set_max_ops().
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
+    ///                  error code on failure.
+    pub fn mbedtls_ecdsa_verify_restartable(
+        grp: *mut mbedtls_ecp_group,
+        buf: *const crate::c_types::c_uchar,
+        blen: usize,
+        Q: *const mbedtls_ecp_point,
+        r: *const mbedtls_mpi,
+        s: *const mbedtls_mpi,
+        rs_ctx: *mut mbedtls_ecdsa_restart_ctx,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function computes the ECDSA signature and writes it
+    ///                  to a buffer, serialized as defined in <em>RFC-4492:
+    ///                  Elliptic Curve Cryptography (ECC) Cipher Suites for
+    ///                  Transport Layer Security (TLS)</em>.
+    ///
+    /// \warning         It is not thread-safe to use the same context in
+    ///                  multiple threads.
+    ///
+    /// \note            The deterministic version is used if
+    ///                  #MBEDTLS_ECDSA_DETERMINISTIC is defined. For more
+    ///                  information, see <em>RFC-6979: Deterministic Usage
+    ///                  of the Digital Signature Algorithm (DSA) and Elliptic
+    ///                  Curve Digital Signature Algorithm (ECDSA)</em>.
+    ///
+    /// \note            If the bitlength of the message hash is larger than the
+    ///                  bitlength of the group order, then the hash is truncated as
+    ///                  defined in <em>Standards for Efficient Cryptography Group
+    ///                  (SECG): SEC1 Elliptic Curve Cryptography</em>, section
+    ///                  4.1.3, step 5.
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param ctx       The ECDSA context to use. This must be initialized
+    ///                  and have a group and private key bound to it, for example
+    ///                  via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair().
+    /// \param md_alg    The message digest that was used to hash the message.
+    /// \param hash      The message hash to be signed. This must be a readable
+    ///                  buffer of length \p blen Bytes.
+    /// \param hlen      The length of the hash \p hash in Bytes.
+    /// \param sig       The buffer to which to write the signature. This must be a
+    ///                  writable buffer of length at least twice as large as the
+    ///                  size of the curve used, plus 9. For example, 73 Bytes if
+    ///                  a 256-bit curve is used. A buffer length of
+    ///                  #MBEDTLS_ECDSA_MAX_LEN is always safe.
+    /// \param sig_size  The size of the \p sig buffer in bytes.
+    /// \param slen      The address at which to store the actual length of
+    ///                  the signature written. Must not be \c NULL.
+    /// \param f_rng     The RNG function. This must not be \c NULL if
+    ///                  #MBEDTLS_ECDSA_DETERMINISTIC is unset. Otherwise,
+    ///                  it is used only for blinding and may be set to \c NULL, but
+    ///                  doing so is DEPRECATED.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may be
+    ///                  \c NULL if \p f_rng is \c NULL or doesn't use a context.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
+    ///                  \c MBEDTLS_ERR_ASN1_XXX error code on failure.
+    pub fn mbedtls_ecdsa_write_signature(
+        ctx: *mut mbedtls_ecdsa_context,
+        md_alg: mbedtls_md_type_t,
+        hash: *const crate::c_types::c_uchar,
+        hlen: usize,
+        sig: *mut crate::c_types::c_uchar,
+        sig_size: usize,
+        slen: *mut usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function computes the ECDSA signature and writes it
+    ///                  to a buffer, in a restartable way.
+    ///
+    /// \see             \c mbedtls_ecdsa_write_signature()
+    ///
+    /// \note            This function is like \c mbedtls_ecdsa_write_signature()
+    ///                  but it can return early and restart according to the limit
+    ///                  set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
+    ///
+    /// \param ctx       The ECDSA context to use. This must be initialized
+    ///                  and have a group and private key bound to it, for example
+    ///                  via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair().
+    /// \param md_alg    The message digest that was used to hash the message.
+    /// \param hash      The message hash to be signed. This must be a readable
+    ///                  buffer of length \p blen Bytes.
+    /// \param hlen      The length of the hash \p hash in Bytes.
+    /// \param sig       The buffer to which to write the signature. This must be a
+    ///                  writable buffer of length at least twice as large as the
+    ///                  size of the curve used, plus 9. For example, 73 Bytes if
+    ///                  a 256-bit curve is used. A buffer length of
+    ///                  #MBEDTLS_ECDSA_MAX_LEN is always safe.
+    /// \param sig_size  The size of the \p sig buffer in bytes.
+    /// \param slen      The address at which to store the actual length of
+    ///                  the signature written. Must not be \c NULL.
+    /// \param f_rng     The RNG function. This must not be \c NULL if
+    ///                  #MBEDTLS_ECDSA_DETERMINISTIC is unset. Otherwise,
+    ///                  it is unused and may be set to \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may be
+    ///                  \c NULL if \p f_rng is \c NULL or doesn't use a context.
+    /// \param rs_ctx    The restart context to use. This may be \c NULL to disable
+    ///                  restarting. If it is not \c NULL, it must point to an
+    ///                  initialized restart context.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                  operations was reached: see \c mbedtls_ecp_set_max_ops().
+    /// \return          Another \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
+    ///                  \c MBEDTLS_ERR_ASN1_XXX error code on failure.
+    pub fn mbedtls_ecdsa_write_signature_restartable(
+        ctx: *mut mbedtls_ecdsa_context,
+        md_alg: mbedtls_md_type_t,
+        hash: *const crate::c_types::c_uchar,
+        hlen: usize,
+        sig: *mut crate::c_types::c_uchar,
+        sig_size: usize,
+        slen: *mut usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        rs_ctx: *mut mbedtls_ecdsa_restart_ctx,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function reads and verifies an ECDSA signature.
+    ///
+    /// \note            If the bitlength of the message hash is larger than the
+    ///                  bitlength of the group order, then the hash is truncated as
+    ///                  defined in <em>Standards for Efficient Cryptography Group
+    ///                  (SECG): SEC1 Elliptic Curve Cryptography</em>, section
+    ///                  4.1.4, step 3.
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param ctx       The ECDSA context to use. This must be initialized
+    ///                  and have a group and public key bound to it.
+    /// \param hash      The message hash that was signed. This must be a readable
+    ///                  buffer of length \p size Bytes.
+    /// \param hlen      The size of the hash \p hash.
+    /// \param sig       The signature to read and verify. This must be a readable
+    ///                  buffer of length \p slen Bytes.
+    /// \param slen      The size of \p sig in Bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid.
+    /// \return          #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if there is a valid
+    ///                  signature in \p sig, but its length is less than \p siglen.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
+    ///                  error code on failure for any other reason.
+    pub fn mbedtls_ecdsa_read_signature(
+        ctx: *mut mbedtls_ecdsa_context,
+        hash: *const crate::c_types::c_uchar,
+        hlen: usize,
+        sig: *const crate::c_types::c_uchar,
+        slen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function reads and verifies an ECDSA signature,
+    ///                  in a restartable way.
+    ///
+    /// \see             \c mbedtls_ecdsa_read_signature()
+    ///
+    /// \note            This function is like \c mbedtls_ecdsa_read_signature()
+    ///                  but it can return early and restart according to the limit
+    ///                  set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
+    ///
+    /// \param ctx       The ECDSA context to use. This must be initialized
+    ///                  and have a group and public key bound to it.
+    /// \param hash      The message hash that was signed. This must be a readable
+    ///                  buffer of length \p size Bytes.
+    /// \param hlen      The size of the hash \p hash.
+    /// \param sig       The signature to read and verify. This must be a readable
+    ///                  buffer of length \p slen Bytes.
+    /// \param slen      The size of \p sig in Bytes.
+    /// \param rs_ctx    The restart context to use. This may be \c NULL to disable
+    ///                  restarting. If it is not \c NULL, it must point to an
+    ///                  initialized restart context.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid.
+    /// \return          #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if there is a valid
+    ///                  signature in \p sig, but its length is less than \p siglen.
+    /// \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                  operations was reached: see \c mbedtls_ecp_set_max_ops().
+    /// \return          Another \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
+    ///                  error code on failure for any other reason.
+    pub fn mbedtls_ecdsa_read_signature_restartable(
+        ctx: *mut mbedtls_ecdsa_context,
+        hash: *const crate::c_types::c_uchar,
+        hlen: usize,
+        sig: *const crate::c_types::c_uchar,
+        slen: usize,
+        rs_ctx: *mut mbedtls_ecdsa_restart_ctx,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function generates an ECDSA keypair on the given curve.
+    ///
+    /// \see            ecp.h
+    ///
+    /// \param ctx      The ECDSA context to store the keypair in.
+    ///                 This must be initialized.
+    /// \param gid      The elliptic curve to use. One of the various
+    ///                 \c MBEDTLS_ECP_DP_XXX macros depending on configuration.
+    /// \param f_rng    The RNG function to use. This must not be \c NULL.
+    /// \param p_rng    The RNG context to be passed to \p f_rng. This may be
+    ///                 \c NULL if \p f_rng doesn't need a context argument.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_ECP_XXX code on failure.
+    pub fn mbedtls_ecdsa_genkey(
+        ctx: *mut mbedtls_ecdsa_context,
+        gid: mbedtls_ecp_group_id,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function sets up an ECDSA context from an EC key pair.
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param ctx       The ECDSA context to setup. This must be initialized.
+    /// \param key       The EC key to use. This must be initialized and hold
+    ///                  a private-public key pair or a public key. In the former
+    ///                  case, the ECDSA context may be used for signature creation
+    ///                  and verification after this call. In the latter case, it
+    ///                  may be used for signature verification.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX code on failure.
+    pub fn mbedtls_ecdsa_from_keypair(
+        ctx: *mut mbedtls_ecdsa_context,
+        key: *const mbedtls_ecp_keypair,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function initializes an ECDSA context.
+    ///
+    /// \param ctx       The ECDSA context to initialize.
+    ///                  This must not be \c NULL.
+    pub fn mbedtls_ecdsa_init(ctx: *mut mbedtls_ecdsa_context);
+}
+extern "C" {
+    /// \brief           This function frees an ECDSA context.
+    ///
+    /// \param ctx       The ECDSA context to free. This may be \c NULL,
+    ///                  in which case this function does nothing. If it
+    ///                  is not \c NULL, it must be initialized.
+    pub fn mbedtls_ecdsa_free(ctx: *mut mbedtls_ecdsa_context);
+}
+pub const mbedtls_pk_type_t_MBEDTLS_PK_NONE: mbedtls_pk_type_t = 0;
+pub const mbedtls_pk_type_t_MBEDTLS_PK_RSA: mbedtls_pk_type_t = 1;
+pub const mbedtls_pk_type_t_MBEDTLS_PK_ECKEY: mbedtls_pk_type_t = 2;
+pub const mbedtls_pk_type_t_MBEDTLS_PK_ECKEY_DH: mbedtls_pk_type_t = 3;
+pub const mbedtls_pk_type_t_MBEDTLS_PK_ECDSA: mbedtls_pk_type_t = 4;
+pub const mbedtls_pk_type_t_MBEDTLS_PK_RSA_ALT: mbedtls_pk_type_t = 5;
+pub const mbedtls_pk_type_t_MBEDTLS_PK_RSASSA_PSS: mbedtls_pk_type_t = 6;
+pub const mbedtls_pk_type_t_MBEDTLS_PK_OPAQUE: mbedtls_pk_type_t = 7;
+/// \brief          Public key types
+pub type mbedtls_pk_type_t = crate::c_types::c_uint;
+/// \brief           Options for RSASSA-PSS signature verification.
+///                  See \c mbedtls_rsa_rsassa_pss_verify_ext()
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_pk_rsassa_pss_options {
+    /// The digest to use for MGF1 in PSS.
+    ///
+    /// \note When #MBEDTLS_USE_PSA_CRYPTO is enabled and #MBEDTLS_RSA_C is
+    ///       disabled, this must be equal to the \c md_alg argument passed
+    ///       to mbedtls_pk_verify_ext(). In a future version of the library,
+    ///       this constraint may apply whenever #MBEDTLS_USE_PSA_CRYPTO is
+    ///       enabled regardless of the status of #MBEDTLS_RSA_C.
+    pub mgf1_hash_id: mbedtls_md_type_t,
+    /// The expected length of the salt, in bytes. This may be
+    /// #MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length.
+    ///
+    /// \note When #MBEDTLS_USE_PSA_CRYPTO is enabled, only
+    ///       #MBEDTLS_RSA_SALT_LEN_ANY is valid. Any other value may be
+    ///       ignored (allowing any salt length).
+    pub expected_salt_len: crate::c_types::c_int,
+}
+pub const mbedtls_pk_debug_type_MBEDTLS_PK_DEBUG_NONE: mbedtls_pk_debug_type = 0;
+pub const mbedtls_pk_debug_type_MBEDTLS_PK_DEBUG_MPI: mbedtls_pk_debug_type = 1;
+pub const mbedtls_pk_debug_type_MBEDTLS_PK_DEBUG_ECP: mbedtls_pk_debug_type = 2;
+/// \brief           Types for interfacing with the debug module
+pub type mbedtls_pk_debug_type = crate::c_types::c_uint;
+/// \brief           Item to send to the debug module
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_pk_debug_item {
+    pub private_type: mbedtls_pk_debug_type,
+    pub private_name: *const crate::c_types::c_char,
+    pub private_value: *mut crate::c_types::c_void,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_pk_info_t {
+    _unused: [u8; 0],
+}
+/// \brief           Public key container
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_pk_context {
+    pub private_pk_info: *const mbedtls_pk_info_t,
+    pub private_pk_ctx: *mut crate::c_types::c_void,
+}
+pub type mbedtls_pk_restart_ctx = crate::c_types::c_void;
+/// \brief           Types for RSA-alt abstraction
+pub type mbedtls_pk_rsa_alt_decrypt_func = ::core::option::Option<
+    unsafe extern "C" fn(
+        ctx: *mut crate::c_types::c_void,
+        olen: *mut usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+        output_max_len: usize,
+    ) -> crate::c_types::c_int,
+>;
+pub type mbedtls_pk_rsa_alt_sign_func = ::core::option::Option<
+    unsafe extern "C" fn(
+        ctx: *mut crate::c_types::c_void,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        md_alg: mbedtls_md_type_t,
+        hashlen: crate::c_types::c_uint,
+        hash: *const crate::c_types::c_uchar,
+        sig: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int,
+>;
+pub type mbedtls_pk_rsa_alt_key_len_func =
+    ::core::option::Option<unsafe extern "C" fn(ctx: *mut crate::c_types::c_void) -> usize>;
+extern "C" {
+    /// \brief           Return information associated with the given PK type
+    ///
+    /// \param pk_type   PK type to search for.
+    ///
+    /// \return          The PK info associated with the type or NULL if not found.
+    pub fn mbedtls_pk_info_from_type(pk_type: mbedtls_pk_type_t) -> *const mbedtls_pk_info_t;
+}
+extern "C" {
+    /// \brief           Initialize a #mbedtls_pk_context (as NONE).
+    ///
+    /// \param ctx       The context to initialize.
+    ///                  This must not be \c NULL.
+    pub fn mbedtls_pk_init(ctx: *mut mbedtls_pk_context);
+}
+extern "C" {
+    /// \brief           Free the components of a #mbedtls_pk_context.
+    ///
+    /// \param ctx       The context to clear. It must have been initialized.
+    ///                  If this is \c NULL, this function does nothing.
+    ///
+    /// \note            For contexts that have been set up with
+    ///                  mbedtls_pk_setup_opaque(), this does not free the underlying
+    ///                  PSA key and you still need to call psa_destroy_key()
+    ///                  independently if you want to destroy that key.
+    pub fn mbedtls_pk_free(ctx: *mut mbedtls_pk_context);
+}
+extern "C" {
+    /// \brief           Initialize a PK context with the information given
+    ///                  and allocates the type-specific PK subcontext.
+    ///
+    /// \param ctx       Context to initialize. It must not have been set
+    ///                  up yet (type #MBEDTLS_PK_NONE).
+    /// \param info      Information to use
+    ///
+    /// \return          0 on success,
+    ///                  MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input,
+    ///                  MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure.
+    ///
+    /// \note            For contexts holding an RSA-alt key, use
+    ///                  \c mbedtls_pk_setup_rsa_alt() instead.
+    pub fn mbedtls_pk_setup(
+        ctx: *mut mbedtls_pk_context,
+        info: *const mbedtls_pk_info_t,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Initialize an RSA-alt context
+    ///
+    /// \param ctx       Context to initialize. It must not have been set
+    ///                  up yet (type #MBEDTLS_PK_NONE).
+    /// \param key       RSA key pointer
+    /// \param decrypt_func  Decryption function
+    /// \param sign_func     Signing function
+    /// \param key_len_func  Function returning key length in bytes
+    ///
+    /// \return          0 on success, or MBEDTLS_ERR_PK_BAD_INPUT_DATA if the
+    ///                  context wasn't already initialized as RSA_ALT.
+    ///
+    /// \note            This function replaces \c mbedtls_pk_setup() for RSA-alt.
+    pub fn mbedtls_pk_setup_rsa_alt(
+        ctx: *mut mbedtls_pk_context,
+        key: *mut crate::c_types::c_void,
+        decrypt_func: mbedtls_pk_rsa_alt_decrypt_func,
+        sign_func: mbedtls_pk_rsa_alt_sign_func,
+        key_len_func: mbedtls_pk_rsa_alt_key_len_func,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Get the size in bits of the underlying key
+    ///
+    /// \param ctx       The context to query. It must have been initialized.
+    ///
+    /// \return          Key size in bits, or 0 on error
+    pub fn mbedtls_pk_get_bitlen(ctx: *const mbedtls_pk_context) -> usize;
+}
+extern "C" {
+    /// \brief           Tell if a context can do the operation given by type
+    ///
+    /// \param ctx       The context to query. It must have been initialized.
+    /// \param type      The desired type.
+    ///
+    /// \return          1 if the context can do operations on the given type.
+    /// \return          0 if the context cannot do the operations on the given
+    ///                  type. This is always the case for a context that has
+    ///                  been initialized but not set up, or that has been
+    ///                  cleared with mbedtls_pk_free().
+    pub fn mbedtls_pk_can_do(
+        ctx: *const mbedtls_pk_context,
+        type_: mbedtls_pk_type_t,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Verify signature (including padding if relevant).
+    ///
+    /// \param ctx       The PK context to use. It must have been set up.
+    /// \param md_alg    Hash algorithm used.
+    ///                  This can be #MBEDTLS_MD_NONE if the signature algorithm
+    ///                  does not rely on a hash algorithm (non-deterministic
+    ///                  ECDSA, RSA PKCS#1 v1.5).
+    ///                  For PKCS#1 v1.5, if \p md_alg is #MBEDTLS_MD_NONE, then
+    ///                  \p hash is the DigestInfo structure used by RFC 8017
+    ///                  &sect;9.2 steps 3&ndash;6. If \p md_alg is a valid hash
+    ///                  algorithm then \p hash is the digest itself, and this
+    ///                  function calculates the DigestInfo encoding internally.
+    /// \param hash      Hash of the message to sign
+    /// \param hash_len  Hash length
+    /// \param sig       Signature to verify
+    /// \param sig_len   Signature length
+    ///
+    /// \return          0 on success (signature is valid),
+    ///                  #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid
+    ///                  signature in sig but its length is less than \p siglen,
+    ///                  or a specific error code.
+    ///
+    /// \note            For RSA keys, the default padding type is PKCS#1 v1.5.
+    ///                  Use \c mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, ... )
+    ///                  to verify RSASSA_PSS signatures.
+    pub fn mbedtls_pk_verify(
+        ctx: *mut mbedtls_pk_context,
+        md_alg: mbedtls_md_type_t,
+        hash: *const crate::c_types::c_uchar,
+        hash_len: usize,
+        sig: *const crate::c_types::c_uchar,
+        sig_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Restartable version of \c mbedtls_pk_verify()
+    ///
+    /// \note            Performs the same job as \c mbedtls_pk_verify(), but can
+    ///                  return early and restart according to the limit set with
+    ///                  \c mbedtls_ecp_set_max_ops() to reduce blocking for ECC
+    ///                  operations. For RSA, same as \c mbedtls_pk_verify().
+    ///
+    /// \param ctx       The PK context to use. It must have been set up.
+    /// \param md_alg    Hash algorithm used (see notes)
+    /// \param hash      Hash of the message to sign
+    /// \param hash_len  Hash length or 0 (see notes)
+    /// \param sig       Signature to verify
+    /// \param sig_len   Signature length
+    /// \param rs_ctx    Restart context (NULL to disable restart)
+    ///
+    /// \return          See \c mbedtls_pk_verify(), or
+    /// \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                  operations was reached: see \c mbedtls_ecp_set_max_ops().
+    pub fn mbedtls_pk_verify_restartable(
+        ctx: *mut mbedtls_pk_context,
+        md_alg: mbedtls_md_type_t,
+        hash: *const crate::c_types::c_uchar,
+        hash_len: usize,
+        sig: *const crate::c_types::c_uchar,
+        sig_len: usize,
+        rs_ctx: *mut mbedtls_pk_restart_ctx,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Verify signature, with options.
+    ///                  (Includes verification of the padding depending on type.)
+    ///
+    /// \param type      Signature type (inc. possible padding type) to verify
+    /// \param options   Pointer to type-specific options, or NULL
+    /// \param ctx       The PK context to use. It must have been set up.
+    /// \param md_alg    Hash algorithm used (see notes)
+    /// \param hash      Hash of the message to sign
+    /// \param hash_len  Hash length or 0 (see notes)
+    /// \param sig       Signature to verify
+    /// \param sig_len   Signature length
+    ///
+    /// \return          0 on success (signature is valid),
+    ///                  #MBEDTLS_ERR_PK_TYPE_MISMATCH if the PK context can't be
+    ///                  used for this type of signatures,
+    ///                  #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid
+    ///                  signature in sig but its length is less than \p siglen,
+    ///                  or a specific error code.
+    ///
+    /// \note            If hash_len is 0, then the length associated with md_alg
+    ///                  is used instead, or an error returned if it is invalid.
+    ///
+    /// \note            md_alg may be MBEDTLS_MD_NONE, only if hash_len != 0
+    ///
+    /// \note            If type is MBEDTLS_PK_RSASSA_PSS, then options must point
+    ///                  to a mbedtls_pk_rsassa_pss_options structure,
+    ///                  otherwise it must be NULL. Note that if
+    ///                  #MBEDTLS_USE_PSA_CRYPTO is defined, the salt length is not
+    ///                  verified as PSA_ALG_RSA_PSS_ANY_SALT is used.
+    pub fn mbedtls_pk_verify_ext(
+        type_: mbedtls_pk_type_t,
+        options: *const crate::c_types::c_void,
+        ctx: *mut mbedtls_pk_context,
+        md_alg: mbedtls_md_type_t,
+        hash: *const crate::c_types::c_uchar,
+        hash_len: usize,
+        sig: *const crate::c_types::c_uchar,
+        sig_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Make signature, including padding if relevant.
+    ///
+    /// \param ctx       The PK context to use. It must have been set up
+    ///                  with a private key.
+    /// \param md_alg    Hash algorithm used (see notes)
+    /// \param hash      Hash of the message to sign
+    /// \param hash_len  Hash length
+    /// \param sig       Place to write the signature.
+    ///                  It must have enough room for the signature.
+    ///                  #MBEDTLS_PK_SIGNATURE_MAX_SIZE is always enough.
+    ///                  You may use a smaller buffer if it is large enough
+    ///                  given the key type.
+    /// \param sig_size  The size of the \p sig buffer in bytes.
+    /// \param sig_len   On successful return,
+    ///                  the number of bytes written to \p sig.
+    /// \param f_rng     RNG function, must not be \c NULL.
+    /// \param p_rng     RNG parameter
+    ///
+    /// \return          0 on success, or a specific error code.
+    ///
+    /// \note            For RSA keys, the default padding type is PKCS#1 v1.5.
+    ///                  There is no interface in the PK module to make RSASSA-PSS
+    ///                  signatures yet.
+    ///
+    /// \note            For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0.
+    ///                  For ECDSA, md_alg may never be MBEDTLS_MD_NONE.
+    pub fn mbedtls_pk_sign(
+        ctx: *mut mbedtls_pk_context,
+        md_alg: mbedtls_md_type_t,
+        hash: *const crate::c_types::c_uchar,
+        hash_len: usize,
+        sig: *mut crate::c_types::c_uchar,
+        sig_size: usize,
+        sig_len: *mut usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Make signature given a signature type.
+    ///
+    /// \param pk_type   Signature type.
+    /// \param ctx       The PK context to use. It must have been set up
+    ///                  with a private key.
+    /// \param md_alg    Hash algorithm used (see notes)
+    /// \param hash      Hash of the message to sign
+    /// \param hash_len  Hash length
+    /// \param sig       Place to write the signature.
+    ///                  It must have enough room for the signature.
+    ///                  #MBEDTLS_PK_SIGNATURE_MAX_SIZE is always enough.
+    ///                  You may use a smaller buffer if it is large enough
+    ///                  given the key type.
+    /// \param sig_size  The size of the \p sig buffer in bytes.
+    /// \param sig_len   On successful return,
+    ///                  the number of bytes written to \p sig.
+    /// \param f_rng     RNG function, must not be \c NULL.
+    /// \param p_rng     RNG parameter
+    ///
+    /// \return          0 on success, or a specific error code.
+    ///
+    /// \note            When \p pk_type is #MBEDTLS_PK_RSASSA_PSS,
+    ///                  see #PSA_ALG_RSA_PSS for a description of PSS options used.
+    ///
+    /// \note            For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0.
+    ///                  For ECDSA, md_alg may never be MBEDTLS_MD_NONE.
+    pub fn mbedtls_pk_sign_ext(
+        pk_type: mbedtls_pk_type_t,
+        ctx: *mut mbedtls_pk_context,
+        md_alg: mbedtls_md_type_t,
+        hash: *const crate::c_types::c_uchar,
+        hash_len: usize,
+        sig: *mut crate::c_types::c_uchar,
+        sig_size: usize,
+        sig_len: *mut usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Restartable version of \c mbedtls_pk_sign()
+    ///
+    /// \note            Performs the same job as \c mbedtls_pk_sign(), but can
+    ///                  return early and restart according to the limit set with
+    ///                  \c mbedtls_ecp_set_max_ops() to reduce blocking for ECC
+    ///                  operations. For RSA, same as \c mbedtls_pk_sign().
+    ///
+    /// \param ctx       The PK context to use. It must have been set up
+    ///                  with a private key.
+    /// \param md_alg    Hash algorithm used (see notes for mbedtls_pk_sign())
+    /// \param hash      Hash of the message to sign
+    /// \param hash_len  Hash length
+    /// \param sig       Place to write the signature.
+    ///                  It must have enough room for the signature.
+    ///                  #MBEDTLS_PK_SIGNATURE_MAX_SIZE is always enough.
+    ///                  You may use a smaller buffer if it is large enough
+    ///                  given the key type.
+    /// \param sig_size  The size of the \p sig buffer in bytes.
+    /// \param sig_len   On successful return,
+    ///                  the number of bytes written to \p sig.
+    /// \param f_rng     RNG function, must not be \c NULL.
+    /// \param p_rng     RNG parameter
+    /// \param rs_ctx    Restart context (NULL to disable restart)
+    ///
+    /// \return          See \c mbedtls_pk_sign().
+    /// \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                  operations was reached: see \c mbedtls_ecp_set_max_ops().
+    pub fn mbedtls_pk_sign_restartable(
+        ctx: *mut mbedtls_pk_context,
+        md_alg: mbedtls_md_type_t,
+        hash: *const crate::c_types::c_uchar,
+        hash_len: usize,
+        sig: *mut crate::c_types::c_uchar,
+        sig_size: usize,
+        sig_len: *mut usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+        rs_ctx: *mut mbedtls_pk_restart_ctx,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Decrypt message (including padding if relevant).
+    ///
+    /// \param ctx       The PK context to use. It must have been set up
+    ///                  with a private key.
+    /// \param input     Input to decrypt
+    /// \param ilen      Input size
+    /// \param output    Decrypted output
+    /// \param olen      Decrypted message length
+    /// \param osize     Size of the output buffer
+    /// \param f_rng     RNG function, must not be \c NULL.
+    /// \param p_rng     RNG parameter
+    ///
+    /// \note            For RSA keys, the default padding type is PKCS#1 v1.5.
+    ///
+    /// \return          0 on success, or a specific error code.
+    pub fn mbedtls_pk_decrypt(
+        ctx: *mut mbedtls_pk_context,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+        olen: *mut usize,
+        osize: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Encrypt message (including padding if relevant).
+    ///
+    /// \param ctx       The PK context to use. It must have been set up.
+    /// \param input     Message to encrypt
+    /// \param ilen      Message size
+    /// \param output    Encrypted output
+    /// \param olen      Encrypted output length
+    /// \param osize     Size of the output buffer
+    /// \param f_rng     RNG function, must not be \c NULL.
+    /// \param p_rng     RNG parameter
+    ///
+    /// \note            \p f_rng is used for padding generation.
+    ///
+    /// \note            For RSA keys, the default padding type is PKCS#1 v1.5.
+    ///
+    /// \return          0 on success, or a specific error code.
+    pub fn mbedtls_pk_encrypt(
+        ctx: *mut mbedtls_pk_context,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+        olen: *mut usize,
+        osize: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Check if a public-private pair of keys matches.
+    ///
+    /// \param pub       Context holding a public key.
+    /// \param prv       Context holding a private (and public) key.
+    /// \param f_rng     RNG function, must not be \c NULL.
+    /// \param p_rng     RNG parameter
+    ///
+    /// \return          \c 0 on success (keys were checked and match each other).
+    /// \return          #MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE if the keys could not
+    ///                  be checked - in that case they may or may not match.
+    /// \return          #MBEDTLS_ERR_PK_BAD_INPUT_DATA if a context is invalid.
+    /// \return          Another non-zero value if the keys do not match.
+    pub fn mbedtls_pk_check_pair(
+        pub_: *const mbedtls_pk_context,
+        prv: *const mbedtls_pk_context,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Export debug information
+    ///
+    /// \param ctx       The PK context to use. It must have been initialized.
+    /// \param items     Place to write debug items
+    ///
+    /// \return          0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA
+    pub fn mbedtls_pk_debug(
+        ctx: *const mbedtls_pk_context,
+        items: *mut mbedtls_pk_debug_item,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Access the type name
+    ///
+    /// \param ctx       The PK context to use. It must have been initialized.
+    ///
+    /// \return          Type name on success, or "invalid PK"
+    pub fn mbedtls_pk_get_name(ctx: *const mbedtls_pk_context) -> *const crate::c_types::c_char;
+}
+extern "C" {
+    /// \brief           Get the key type
+    ///
+    /// \param ctx       The PK context to use. It must have been initialized.
+    ///
+    /// \return          Type on success.
+    /// \return          #MBEDTLS_PK_NONE for a context that has not been set up.
+    pub fn mbedtls_pk_get_type(ctx: *const mbedtls_pk_context) -> mbedtls_pk_type_t;
+}
+extern "C" {
+    /// \ingroup pk_module */
+    ////**
+    /// \brief           Parse a private key in PEM or DER format
+    ///
+    /// \note            If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+    ///                  subsystem must have been initialized by calling
+    ///                  psa_crypto_init() before calling this function.
+    ///
+    /// \param ctx       The PK context to fill. It must have been initialized
+    ///                  but not set up.
+    /// \param key       Input buffer to parse.
+    ///                  The buffer must contain the input exactly, with no
+    ///                  extra trailing material. For PEM, the buffer must
+    ///                  contain a null-terminated string.
+    /// \param keylen    Size of \b key in bytes.
+    ///                  For PEM data, this includes the terminating null byte,
+    ///                  so \p keylen must be equal to `strlen(key) + 1`.
+    /// \param pwd       Optional password for decryption.
+    ///                  Pass \c NULL if expecting a non-encrypted key.
+    ///                  Pass a string of \p pwdlen bytes if expecting an encrypted
+    ///                  key; a non-encrypted key will also be accepted.
+    ///                  The empty password is not supported.
+    /// \param pwdlen    Size of the password in bytes.
+    ///                  Ignored if \p pwd is \c NULL.
+    /// \param f_rng     RNG function, must not be \c NULL. Used for blinding.
+    /// \param p_rng     RNG parameter
+    ///
+    /// \note            On entry, ctx must be empty, either freshly initialised
+    ///                  with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
+    ///                  specific key type, check the result with mbedtls_pk_can_do().
+    ///
+    /// \note            The key is also checked for correctness.
+    ///
+    /// \return          0 if successful, or a specific PK or PEM error code
+    pub fn mbedtls_pk_parse_key(
+        ctx: *mut mbedtls_pk_context,
+        key: *const crate::c_types::c_uchar,
+        keylen: usize,
+        pwd: *const crate::c_types::c_uchar,
+        pwdlen: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \ingroup pk_module */
+    ////**
+    /// \brief           Parse a public key in PEM or DER format
+    ///
+    /// \note            If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+    ///                  subsystem must have been initialized by calling
+    ///                  psa_crypto_init() before calling this function.
+    ///
+    /// \param ctx       The PK context to fill. It must have been initialized
+    ///                  but not set up.
+    /// \param key       Input buffer to parse.
+    ///                  The buffer must contain the input exactly, with no
+    ///                  extra trailing material. For PEM, the buffer must
+    ///                  contain a null-terminated string.
+    /// \param keylen    Size of \b key in bytes.
+    ///                  For PEM data, this includes the terminating null byte,
+    ///                  so \p keylen must be equal to `strlen(key) + 1`.
+    ///
+    /// \note            On entry, ctx must be empty, either freshly initialised
+    ///                  with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
+    ///                  specific key type, check the result with mbedtls_pk_can_do().
+    ///
+    /// \note            For compressed points, see #MBEDTLS_ECP_PF_COMPRESSED for
+    ///                  limitations.
+    ///
+    /// \note            The key is also checked for correctness.
+    ///
+    /// \return          0 if successful, or a specific PK or PEM error code
+    pub fn mbedtls_pk_parse_public_key(
+        ctx: *mut mbedtls_pk_context,
+        key: *const crate::c_types::c_uchar,
+        keylen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Write a private key to a PKCS#1 or SEC1 DER structure
+    ///                  Note: data is written at the end of the buffer! Use the
+    ///                        return value to determine where you should start
+    ///                        using the buffer
+    ///
+    /// \param ctx       PK context which must contain a valid private key.
+    /// \param buf       buffer to write to
+    /// \param size      size of the buffer
+    ///
+    /// \return          length of data written if successful, or a specific
+    ///                  error code
+    pub fn mbedtls_pk_write_key_der(
+        ctx: *const mbedtls_pk_context,
+        buf: *mut crate::c_types::c_uchar,
+        size: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Write a public key to a SubjectPublicKeyInfo DER structure
+    ///                  Note: data is written at the end of the buffer! Use the
+    ///                        return value to determine where you should start
+    ///                        using the buffer
+    ///
+    /// \param ctx       PK context which must contain a valid public or private key.
+    /// \param buf       buffer to write to
+    /// \param size      size of the buffer
+    ///
+    /// \return          length of data written if successful, or a specific
+    ///                  error code
+    pub fn mbedtls_pk_write_pubkey_der(
+        ctx: *const mbedtls_pk_context,
+        buf: *mut crate::c_types::c_uchar,
+        size: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Write a public key to a PEM string
+    ///
+    /// \param ctx       PK context which must contain a valid public or private key.
+    /// \param buf       Buffer to write to. The output includes a
+    ///                  terminating null byte.
+    /// \param size      Size of the buffer in bytes.
+    ///
+    /// \return          0 if successful, or a specific error code
+    pub fn mbedtls_pk_write_pubkey_pem(
+        ctx: *const mbedtls_pk_context,
+        buf: *mut crate::c_types::c_uchar,
+        size: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Write a private key to a PKCS#1 or SEC1 PEM string
+    ///
+    /// \param ctx       PK context which must contain a valid private key.
+    /// \param buf       Buffer to write to. The output includes a
+    ///                  terminating null byte.
+    /// \param size      Size of the buffer in bytes.
+    ///
+    /// \return          0 if successful, or a specific error code
+    pub fn mbedtls_pk_write_key_pem(
+        ctx: *const mbedtls_pk_context,
+        buf: *mut crate::c_types::c_uchar,
+        size: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Parse a SubjectPublicKeyInfo DER structure
+    ///
+    /// \param p         the position in the ASN.1 data
+    /// \param end       end of the buffer
+    /// \param pk        The PK context to fill. It must have been initialized
+    ///                  but not set up.
+    ///
+    /// \return          0 if successful, or a specific PK error code
+    pub fn mbedtls_pk_parse_subpubkey(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        pk: *mut mbedtls_pk_context,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Write a subjectPublicKey to ASN.1 data
+    ///                  Note: function works backwards in data buffer
+    ///
+    /// \param p         reference to current position pointer
+    /// \param start     start of the buffer (for bounds-checking)
+    /// \param key       PK context which must contain a valid public or private key.
+    ///
+    /// \return          the length written or a negative error code
+    pub fn mbedtls_pk_write_pubkey(
+        p: *mut *mut crate::c_types::c_uchar,
+        start: *mut crate::c_types::c_uchar,
+        key: *const mbedtls_pk_context,
+    ) -> crate::c_types::c_int;
+}
+///< Placeholder to mark the end of cipher ID lists.
+pub const mbedtls_cipher_id_t_MBEDTLS_CIPHER_ID_NONE: mbedtls_cipher_id_t = 0;
+///< The identity cipher, treated as a stream cipher.
+pub const mbedtls_cipher_id_t_MBEDTLS_CIPHER_ID_NULL: mbedtls_cipher_id_t = 1;
+///< The AES cipher.
+pub const mbedtls_cipher_id_t_MBEDTLS_CIPHER_ID_AES: mbedtls_cipher_id_t = 2;
+///< The DES cipher. \warning DES is considered weak.
+pub const mbedtls_cipher_id_t_MBEDTLS_CIPHER_ID_DES: mbedtls_cipher_id_t = 3;
+///< The Triple DES cipher. \warning 3DES is considered weak.
+pub const mbedtls_cipher_id_t_MBEDTLS_CIPHER_ID_3DES: mbedtls_cipher_id_t = 4;
+///< The Camellia cipher.
+pub const mbedtls_cipher_id_t_MBEDTLS_CIPHER_ID_CAMELLIA: mbedtls_cipher_id_t = 5;
+///< The Aria cipher.
+pub const mbedtls_cipher_id_t_MBEDTLS_CIPHER_ID_ARIA: mbedtls_cipher_id_t = 6;
+///< The ChaCha20 cipher.
+pub const mbedtls_cipher_id_t_MBEDTLS_CIPHER_ID_CHACHA20: mbedtls_cipher_id_t = 7;
+/// \brief     Supported cipher types.
+///
+/// \warning   DES/3DES are considered weak ciphers and their use
+///            constitutes a security risk. We recommend considering stronger
+///            ciphers instead.
+pub type mbedtls_cipher_id_t = crate::c_types::c_uint;
+///< Placeholder to mark the end of cipher-pair lists.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_NONE: mbedtls_cipher_type_t = 0;
+///< The identity stream cipher.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_NULL: mbedtls_cipher_type_t = 1;
+///< AES cipher with 128-bit ECB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_ECB: mbedtls_cipher_type_t = 2;
+///< AES cipher with 192-bit ECB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_ECB: mbedtls_cipher_type_t = 3;
+///< AES cipher with 256-bit ECB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_ECB: mbedtls_cipher_type_t = 4;
+///< AES cipher with 128-bit CBC mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_CBC: mbedtls_cipher_type_t = 5;
+///< AES cipher with 192-bit CBC mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_CBC: mbedtls_cipher_type_t = 6;
+///< AES cipher with 256-bit CBC mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_CBC: mbedtls_cipher_type_t = 7;
+///< AES cipher with 128-bit CFB128 mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_CFB128: mbedtls_cipher_type_t = 8;
+///< AES cipher with 192-bit CFB128 mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_CFB128: mbedtls_cipher_type_t = 9;
+///< AES cipher with 256-bit CFB128 mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_CFB128: mbedtls_cipher_type_t = 10;
+///< AES cipher with 128-bit CTR mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_CTR: mbedtls_cipher_type_t = 11;
+///< AES cipher with 192-bit CTR mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_CTR: mbedtls_cipher_type_t = 12;
+///< AES cipher with 256-bit CTR mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_CTR: mbedtls_cipher_type_t = 13;
+///< AES cipher with 128-bit GCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_GCM: mbedtls_cipher_type_t = 14;
+///< AES cipher with 192-bit GCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_GCM: mbedtls_cipher_type_t = 15;
+///< AES cipher with 256-bit GCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_GCM: mbedtls_cipher_type_t = 16;
+///< Camellia cipher with 128-bit ECB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_128_ECB: mbedtls_cipher_type_t = 17;
+///< Camellia cipher with 192-bit ECB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_192_ECB: mbedtls_cipher_type_t = 18;
+///< Camellia cipher with 256-bit ECB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_256_ECB: mbedtls_cipher_type_t = 19;
+///< Camellia cipher with 128-bit CBC mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_128_CBC: mbedtls_cipher_type_t = 20;
+///< Camellia cipher with 192-bit CBC mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_192_CBC: mbedtls_cipher_type_t = 21;
+///< Camellia cipher with 256-bit CBC mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_256_CBC: mbedtls_cipher_type_t = 22;
+///< Camellia cipher with 128-bit CFB128 mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_128_CFB128: mbedtls_cipher_type_t = 23;
+///< Camellia cipher with 192-bit CFB128 mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_192_CFB128: mbedtls_cipher_type_t = 24;
+///< Camellia cipher with 256-bit CFB128 mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_256_CFB128: mbedtls_cipher_type_t = 25;
+///< Camellia cipher with 128-bit CTR mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_128_CTR: mbedtls_cipher_type_t = 26;
+///< Camellia cipher with 192-bit CTR mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_192_CTR: mbedtls_cipher_type_t = 27;
+///< Camellia cipher with 256-bit CTR mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_256_CTR: mbedtls_cipher_type_t = 28;
+///< Camellia cipher with 128-bit GCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_128_GCM: mbedtls_cipher_type_t = 29;
+///< Camellia cipher with 192-bit GCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_192_GCM: mbedtls_cipher_type_t = 30;
+///< Camellia cipher with 256-bit GCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_256_GCM: mbedtls_cipher_type_t = 31;
+///< DES cipher with ECB mode. \warning DES is considered weak.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_DES_ECB: mbedtls_cipher_type_t = 32;
+///< DES cipher with CBC mode. \warning DES is considered weak.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_DES_CBC: mbedtls_cipher_type_t = 33;
+///< DES cipher with EDE ECB mode. \warning 3DES is considered weak.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_DES_EDE_ECB: mbedtls_cipher_type_t = 34;
+///< DES cipher with EDE CBC mode. \warning 3DES is considered weak.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_DES_EDE_CBC: mbedtls_cipher_type_t = 35;
+///< DES cipher with EDE3 ECB mode. \warning 3DES is considered weak.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_DES_EDE3_ECB: mbedtls_cipher_type_t = 36;
+///< DES cipher with EDE3 CBC mode. \warning 3DES is considered weak.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_DES_EDE3_CBC: mbedtls_cipher_type_t = 37;
+///< AES cipher with 128-bit CCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_CCM: mbedtls_cipher_type_t = 38;
+///< AES cipher with 192-bit CCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_CCM: mbedtls_cipher_type_t = 39;
+///< AES cipher with 256-bit CCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_CCM: mbedtls_cipher_type_t = 40;
+///< AES cipher with 128-bit CCM_STAR_NO_TAG mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG: mbedtls_cipher_type_t = 41;
+///< AES cipher with 192-bit CCM_STAR_NO_TAG mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG: mbedtls_cipher_type_t = 42;
+///< AES cipher with 256-bit CCM_STAR_NO_TAG mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG: mbedtls_cipher_type_t = 43;
+///< Camellia cipher with 128-bit CCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_128_CCM: mbedtls_cipher_type_t = 44;
+///< Camellia cipher with 192-bit CCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_192_CCM: mbedtls_cipher_type_t = 45;
+///< Camellia cipher with 256-bit CCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_256_CCM: mbedtls_cipher_type_t = 46;
+///< Camellia cipher with 128-bit CCM_STAR_NO_TAG mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_128_CCM_STAR_NO_TAG: mbedtls_cipher_type_t =
+    47;
+///< Camellia cipher with 192-bit CCM_STAR_NO_TAG mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_192_CCM_STAR_NO_TAG: mbedtls_cipher_type_t =
+    48;
+///< Camellia cipher with 256-bit CCM_STAR_NO_TAG mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CAMELLIA_256_CCM_STAR_NO_TAG: mbedtls_cipher_type_t =
+    49;
+///< Aria cipher with 128-bit key and ECB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_128_ECB: mbedtls_cipher_type_t = 50;
+///< Aria cipher with 192-bit key and ECB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_192_ECB: mbedtls_cipher_type_t = 51;
+///< Aria cipher with 256-bit key and ECB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_256_ECB: mbedtls_cipher_type_t = 52;
+///< Aria cipher with 128-bit key and CBC mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_128_CBC: mbedtls_cipher_type_t = 53;
+///< Aria cipher with 192-bit key and CBC mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_192_CBC: mbedtls_cipher_type_t = 54;
+///< Aria cipher with 256-bit key and CBC mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_256_CBC: mbedtls_cipher_type_t = 55;
+///< Aria cipher with 128-bit key and CFB-128 mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_128_CFB128: mbedtls_cipher_type_t = 56;
+///< Aria cipher with 192-bit key and CFB-128 mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_192_CFB128: mbedtls_cipher_type_t = 57;
+///< Aria cipher with 256-bit key and CFB-128 mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_256_CFB128: mbedtls_cipher_type_t = 58;
+///< Aria cipher with 128-bit key and CTR mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_128_CTR: mbedtls_cipher_type_t = 59;
+///< Aria cipher with 192-bit key and CTR mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_192_CTR: mbedtls_cipher_type_t = 60;
+///< Aria cipher with 256-bit key and CTR mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_256_CTR: mbedtls_cipher_type_t = 61;
+///< Aria cipher with 128-bit key and GCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_128_GCM: mbedtls_cipher_type_t = 62;
+///< Aria cipher with 192-bit key and GCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_192_GCM: mbedtls_cipher_type_t = 63;
+///< Aria cipher with 256-bit key and GCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_256_GCM: mbedtls_cipher_type_t = 64;
+///< Aria cipher with 128-bit key and CCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_128_CCM: mbedtls_cipher_type_t = 65;
+///< Aria cipher with 192-bit key and CCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_192_CCM: mbedtls_cipher_type_t = 66;
+///< Aria cipher with 256-bit key and CCM mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_256_CCM: mbedtls_cipher_type_t = 67;
+///< Aria cipher with 128-bit key and CCM_STAR_NO_TAG mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG: mbedtls_cipher_type_t = 68;
+///< Aria cipher with 192-bit key and CCM_STAR_NO_TAG mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG: mbedtls_cipher_type_t = 69;
+///< Aria cipher with 256-bit key and CCM_STAR_NO_TAG mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG: mbedtls_cipher_type_t = 70;
+///< AES 128-bit cipher in OFB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_OFB: mbedtls_cipher_type_t = 71;
+///< AES 192-bit cipher in OFB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_OFB: mbedtls_cipher_type_t = 72;
+///< AES 256-bit cipher in OFB mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_OFB: mbedtls_cipher_type_t = 73;
+///< AES 128-bit cipher in XTS block mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_XTS: mbedtls_cipher_type_t = 74;
+///< AES 256-bit cipher in XTS block mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_XTS: mbedtls_cipher_type_t = 75;
+///< ChaCha20 stream cipher.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CHACHA20: mbedtls_cipher_type_t = 76;
+///< ChaCha20-Poly1305 AEAD cipher.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_CHACHA20_POLY1305: mbedtls_cipher_type_t = 77;
+///< AES cipher with 128-bit NIST KW mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_KW: mbedtls_cipher_type_t = 78;
+///< AES cipher with 192-bit NIST KW mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_KW: mbedtls_cipher_type_t = 79;
+///< AES cipher with 256-bit NIST KW mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_KW: mbedtls_cipher_type_t = 80;
+///< AES cipher with 128-bit NIST KWP mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_128_KWP: mbedtls_cipher_type_t = 81;
+///< AES cipher with 192-bit NIST KWP mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_192_KWP: mbedtls_cipher_type_t = 82;
+///< AES cipher with 256-bit NIST KWP mode.
+pub const mbedtls_cipher_type_t_MBEDTLS_CIPHER_AES_256_KWP: mbedtls_cipher_type_t = 83;
+/// \brief     Supported {cipher type, cipher mode} pairs.
+///
+/// \warning   DES/3DES are considered weak ciphers and their use
+///            constitutes a security risk. We recommend considering stronger
+///            ciphers instead.
+pub type mbedtls_cipher_type_t = crate::c_types::c_uint;
+///< None.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_NONE: mbedtls_cipher_mode_t = 0;
+///< The ECB cipher mode.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_ECB: mbedtls_cipher_mode_t = 1;
+///< The CBC cipher mode.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_CBC: mbedtls_cipher_mode_t = 2;
+///< The CFB cipher mode.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_CFB: mbedtls_cipher_mode_t = 3;
+///< The OFB cipher mode.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_OFB: mbedtls_cipher_mode_t = 4;
+///< The CTR cipher mode.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_CTR: mbedtls_cipher_mode_t = 5;
+///< The GCM cipher mode.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_GCM: mbedtls_cipher_mode_t = 6;
+///< The stream cipher mode.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_STREAM: mbedtls_cipher_mode_t = 7;
+///< The CCM cipher mode.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_CCM: mbedtls_cipher_mode_t = 8;
+///< The CCM*-no-tag cipher mode.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_CCM_STAR_NO_TAG: mbedtls_cipher_mode_t = 9;
+///< The XTS cipher mode.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_XTS: mbedtls_cipher_mode_t = 10;
+///< The ChaCha-Poly cipher mode.
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_CHACHAPOLY: mbedtls_cipher_mode_t = 11;
+///< The SP800-38F KW mode
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_KW: mbedtls_cipher_mode_t = 12;
+///< The SP800-38F KWP mode
+pub const mbedtls_cipher_mode_t_MBEDTLS_MODE_KWP: mbedtls_cipher_mode_t = 13;
+/// Supported cipher modes.
+pub type mbedtls_cipher_mode_t = crate::c_types::c_uint;
+///< PKCS7 padding (default).
+pub const mbedtls_cipher_padding_t_MBEDTLS_PADDING_PKCS7: mbedtls_cipher_padding_t = 0;
+///< ISO/IEC 7816-4 padding.
+pub const mbedtls_cipher_padding_t_MBEDTLS_PADDING_ONE_AND_ZEROS: mbedtls_cipher_padding_t = 1;
+///< ANSI X.923 padding.
+pub const mbedtls_cipher_padding_t_MBEDTLS_PADDING_ZEROS_AND_LEN: mbedtls_cipher_padding_t = 2;
+///< Zero padding (not reversible).
+pub const mbedtls_cipher_padding_t_MBEDTLS_PADDING_ZEROS: mbedtls_cipher_padding_t = 3;
+///< Never pad (full blocks only).
+pub const mbedtls_cipher_padding_t_MBEDTLS_PADDING_NONE: mbedtls_cipher_padding_t = 4;
+/// Supported cipher padding types.
+pub type mbedtls_cipher_padding_t = crate::c_types::c_uint;
+pub const mbedtls_operation_t_MBEDTLS_OPERATION_NONE: mbedtls_operation_t = -1;
+pub const mbedtls_operation_t_MBEDTLS_DECRYPT: mbedtls_operation_t = 0;
+pub const mbedtls_operation_t_MBEDTLS_ENCRYPT: mbedtls_operation_t = 1;
+/// Type of operation.
+pub type mbedtls_operation_t = crate::c_types::c_int;
+/// Undefined key length.
+pub const MBEDTLS_KEY_LENGTH_NONE: _bindgen_ty_1 = 0;
+/// Key length, in bits (including parity), for DES keys. \warning DES is considered weak.
+pub const MBEDTLS_KEY_LENGTH_DES: _bindgen_ty_1 = 64;
+/// Key length in bits, including parity, for DES in two-key EDE. \warning 3DES is considered weak.
+pub const MBEDTLS_KEY_LENGTH_DES_EDE: _bindgen_ty_1 = 128;
+/// Key length in bits, including parity, for DES in three-key EDE. \warning 3DES is considered weak.
+pub const MBEDTLS_KEY_LENGTH_DES_EDE3: _bindgen_ty_1 = 192;
+pub type _bindgen_ty_1 = crate::c_types::c_uint;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_cipher_base_t {
+    _unused: [u8; 0],
+}
+/// Cipher information. Allows calling cipher functions
+/// in a generic way.
+///
+/// \note        The library does not support custom cipher info structures,
+///              only built-in structures returned by the functions
+///              mbedtls_cipher_info_from_string(),
+///              mbedtls_cipher_info_from_type(),
+///              mbedtls_cipher_info_from_values(),
+///              mbedtls_cipher_info_from_psa().
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_cipher_info_t {
+    pub private_type: mbedtls_cipher_type_t,
+    pub private_mode: mbedtls_cipher_mode_t,
+    pub private_key_bitlen: crate::c_types::c_uint,
+    pub private_name: *const crate::c_types::c_char,
+    pub private_iv_size: crate::c_types::c_uint,
+    pub private_flags: crate::c_types::c_int,
+    pub private_block_size: crate::c_types::c_uint,
+    pub private_base: *const mbedtls_cipher_base_t,
+}
+/// Generic cipher context.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_cipher_context_t {
+    pub private_cipher_info: *const mbedtls_cipher_info_t,
+    pub private_key_bitlen: crate::c_types::c_int,
+    pub private_operation: mbedtls_operation_t,
+    pub private_add_padding: ::core::option::Option<
+        unsafe extern "C" fn(output: *mut crate::c_types::c_uchar, olen: usize, data_len: usize),
+    >,
+    pub private_get_padding: ::core::option::Option<
+        unsafe extern "C" fn(
+            input: *mut crate::c_types::c_uchar,
+            ilen: usize,
+            data_len: *mut usize,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_unprocessed_data: [crate::c_types::c_uchar; 16usize],
+    pub private_unprocessed_len: usize,
+    pub private_iv: [crate::c_types::c_uchar; 16usize],
+    pub private_iv_size: usize,
+    pub private_cipher_ctx: *mut crate::c_types::c_void,
+    pub private_cmac_ctx: *mut mbedtls_cmac_context_t,
+}
+extern "C" {
+    /// \brief This function retrieves the list of ciphers supported
+    ///        by the generic cipher module.
+    ///
+    ///        For any cipher identifier in the returned list, you can
+    ///        obtain the corresponding generic cipher information structure
+    ///        via mbedtls_cipher_info_from_type(), which can then be used
+    ///        to prepare a cipher context via mbedtls_cipher_setup().
+    ///
+    ///
+    /// \return      A statically-allocated array of cipher identifiers
+    ///              of type cipher_type_t. The last entry is zero.
+    pub fn mbedtls_cipher_list() -> *const crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function retrieves the cipher-information
+    ///                      structure associated with the given cipher name.
+    ///
+    /// \param cipher_name   Name of the cipher to search for. This must not be
+    ///                      \c NULL.
+    ///
+    /// \return              The cipher information structure associated with the
+    ///                      given \p cipher_name.
+    /// \return              \c NULL if the associated cipher information is not found.
+    pub fn mbedtls_cipher_info_from_string(
+        cipher_name: *const crate::c_types::c_char,
+    ) -> *const mbedtls_cipher_info_t;
+}
+extern "C" {
+    /// \brief               This function retrieves the cipher-information
+    ///                      structure associated with the given cipher type.
+    ///
+    /// \param cipher_type   Type of the cipher to search for.
+    ///
+    /// \return              The cipher information structure associated with the
+    ///                      given \p cipher_type.
+    /// \return              \c NULL if the associated cipher information is not found.
+    pub fn mbedtls_cipher_info_from_type(
+        cipher_type: mbedtls_cipher_type_t,
+    ) -> *const mbedtls_cipher_info_t;
+}
+extern "C" {
+    /// \brief               This function retrieves the cipher-information
+    ///                      structure associated with the given cipher ID,
+    ///                      key size and mode.
+    ///
+    /// \param cipher_id     The ID of the cipher to search for. For example,
+    ///                      #MBEDTLS_CIPHER_ID_AES.
+    /// \param key_bitlen    The length of the key in bits.
+    /// \param mode          The cipher mode. For example, #MBEDTLS_MODE_CBC.
+    ///
+    /// \return              The cipher information structure associated with the
+    ///                      given \p cipher_id.
+    /// \return              \c NULL if the associated cipher information is not found.
+    pub fn mbedtls_cipher_info_from_values(
+        cipher_id: mbedtls_cipher_id_t,
+        key_bitlen: crate::c_types::c_int,
+        mode: mbedtls_cipher_mode_t,
+    ) -> *const mbedtls_cipher_info_t;
+}
+extern "C" {
+    /// \brief               This function initializes a \p cipher_context as NONE.
+    ///
+    /// \param ctx           The context to be initialized. This must not be \c NULL.
+    pub fn mbedtls_cipher_init(ctx: *mut mbedtls_cipher_context_t);
+}
+extern "C" {
+    /// \brief               This function frees and clears the cipher-specific
+    ///                      context of \p ctx. Freeing \p ctx itself remains the
+    ///                      responsibility of the caller.
+    ///
+    /// \param ctx           The context to be freed. If this is \c NULL, the
+    ///                      function has no effect, otherwise this must point to an
+    ///                      initialized context.
+    pub fn mbedtls_cipher_free(ctx: *mut mbedtls_cipher_context_t);
+}
+extern "C" {
+    /// \brief               This function prepares a cipher context for
+    ///                      use with the given cipher primitive.
+    ///
+    /// \note                After calling this function, you should call
+    ///                      mbedtls_cipher_setkey() and, if the mode uses padding,
+    ///                      mbedtls_cipher_set_padding_mode(), then for each
+    ///                      message to encrypt or decrypt with this key, either:
+    ///                      - mbedtls_cipher_crypt() for one-shot processing with
+    ///                      non-AEAD modes;
+    ///                      - mbedtls_cipher_auth_encrypt_ext() or
+    ///                      mbedtls_cipher_auth_decrypt_ext() for one-shot
+    ///                      processing with AEAD modes or NIST_KW;
+    ///                      - for multi-part processing, see the documentation of
+    ///                      mbedtls_cipher_reset().
+    ///
+    /// \param ctx           The context to prepare. This must be initialized by
+    ///                      a call to mbedtls_cipher_init() first.
+    /// \param cipher_info   The cipher to use.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+    ///                      parameter-verification failure.
+    /// \return              #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
+    ///                      cipher-specific context fails.
+    pub fn mbedtls_cipher_setup(
+        ctx: *mut mbedtls_cipher_context_t,
+        cipher_info: *const mbedtls_cipher_info_t,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function sets the key to use with the given context.
+    ///
+    /// \param ctx           The generic cipher context. This must be initialized and
+    ///                      bound to a cipher information structure.
+    /// \param key           The key to use. This must be a readable buffer of at
+    ///                      least \p key_bitlen Bits.
+    /// \param key_bitlen    The key length to use, in Bits.
+    /// \param operation     The operation that the key will be used for:
+    ///                      #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+    ///                      parameter-verification failure.
+    /// \return              A cipher-specific error code on failure.
+    pub fn mbedtls_cipher_setkey(
+        ctx: *mut mbedtls_cipher_context_t,
+        key: *const crate::c_types::c_uchar,
+        key_bitlen: crate::c_types::c_int,
+        operation: mbedtls_operation_t,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function sets the padding mode, for cipher modes
+    ///                      that use padding.
+    ///
+    ///                      The default passing mode is PKCS7 padding.
+    ///
+    /// \param ctx           The generic cipher context. This must be initialized and
+    ///                      bound to a cipher information structure.
+    /// \param mode          The padding mode.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
+    ///                      if the selected padding mode is not supported.
+    /// \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode
+    ///                      does not support padding.
+    pub fn mbedtls_cipher_set_padding_mode(
+        ctx: *mut mbedtls_cipher_context_t,
+        mode: mbedtls_cipher_padding_t,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function sets the initialization vector (IV)
+    ///                  or nonce.
+    ///
+    /// \note            Some ciphers do not use IVs nor nonce. For these
+    ///                  ciphers, this function has no effect.
+    ///
+    /// \note            For #MBEDTLS_CIPHER_CHACHA20, the nonce length must
+    ///                  be 12, and the initial counter value is 0.
+    ///
+    /// \note            For #MBEDTLS_CIPHER_CHACHA20_POLY1305, the nonce length
+    ///                  must be 12.
+    ///
+    /// \param ctx       The generic cipher context. This must be initialized and
+    ///                  bound to a cipher information structure.
+    /// \param iv        The IV to use, or NONCE_COUNTER for CTR-mode ciphers. This
+    ///                  must be a readable buffer of at least \p iv_len Bytes.
+    /// \param iv_len    The IV length for ciphers with variable-size IV.
+    ///                  This parameter is discarded by ciphers with fixed-size IV.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+    ///                  parameter-verification failure.
+    pub fn mbedtls_cipher_set_iv(
+        ctx: *mut mbedtls_cipher_context_t,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief         This function resets the cipher state.
+    ///
+    /// \note          With non-AEAD ciphers, the order of calls for each message
+    ///                is as follows:
+    ///                1. mbedtls_cipher_set_iv() if the mode uses an IV/nonce.
+    ///                2. mbedtls_cipher_reset()
+    ///                3. mbedtls_cipher_update() one or more times
+    ///                4. mbedtls_cipher_finish()
+    ///                .
+    ///                This sequence can be repeated to encrypt or decrypt multiple
+    ///                messages with the same key.
+    ///
+    /// \note          With AEAD ciphers, the order of calls for each message
+    ///                is as follows:
+    ///                1. mbedtls_cipher_set_iv() if the mode uses an IV/nonce.
+    ///                2. mbedtls_cipher_reset()
+    ///                3. mbedtls_cipher_update_ad()
+    ///                4. mbedtls_cipher_update() one or more times
+    ///                5. mbedtls_cipher_finish()
+    ///                6. mbedtls_cipher_check_tag() (for decryption) or
+    ///                mbedtls_cipher_write_tag() (for encryption).
+    ///                .
+    ///                This sequence can be repeated to encrypt or decrypt multiple
+    ///                messages with the same key.
+    ///
+    /// \param ctx     The generic cipher context. This must be bound to a key.
+    ///
+    /// \return        \c 0 on success.
+    /// \return        #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+    ///                parameter-verification failure.
+    pub fn mbedtls_cipher_reset(ctx: *mut mbedtls_cipher_context_t) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function adds additional data for AEAD ciphers.
+    ///                      Currently supported with GCM and ChaCha20+Poly1305.
+    ///
+    /// \param ctx           The generic cipher context. This must be initialized.
+    /// \param ad            The additional data to use. This must be a readable
+    ///                      buffer of at least \p ad_len Bytes.
+    /// \param ad_len        The length of \p ad in Bytes.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              A specific error code on failure.
+    pub fn mbedtls_cipher_update_ad(
+        ctx: *mut mbedtls_cipher_context_t,
+        ad: *const crate::c_types::c_uchar,
+        ad_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               The generic cipher update function. It encrypts or
+    ///                      decrypts using the given cipher context. Writes as
+    ///                      many block-sized blocks of data as possible to output.
+    ///                      Any data that cannot be written immediately is either
+    ///                      added to the next block, or flushed when
+    ///                      mbedtls_cipher_finish() is called.
+    ///                      Exception: For MBEDTLS_MODE_ECB, expects a single block
+    ///                      in size. For example, 16 Bytes for AES.
+    ///
+    /// \param ctx           The generic cipher context. This must be initialized and
+    ///                      bound to a key.
+    /// \param input         The buffer holding the input data. This must be a
+    ///                      readable buffer of at least \p ilen Bytes.
+    /// \param ilen          The length of the input data.
+    /// \param output        The buffer for the output data. This must be able to
+    ///                      hold at least `ilen + block_size`. This must not be the
+    ///                      same buffer as \p input.
+    /// \param olen          The length of the output data, to be updated with the
+    ///                      actual number of Bytes written. This must not be
+    ///                      \c NULL.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+    ///                      parameter-verification failure.
+    /// \return              #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an
+    ///                      unsupported mode for a cipher.
+    /// \return              A cipher-specific error code on failure.
+    pub fn mbedtls_cipher_update(
+        ctx: *mut mbedtls_cipher_context_t,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+        olen: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               The generic cipher finalization function. If data still
+    ///                      needs to be flushed from an incomplete block, the data
+    ///                      contained in it is padded to the size of
+    ///                      the last block, and written to the \p output buffer.
+    ///
+    /// \param ctx           The generic cipher context. This must be initialized and
+    ///                      bound to a key.
+    /// \param output        The buffer to write data to. This needs to be a writable
+    ///                      buffer of at least \p block_size Bytes.
+    /// \param olen          The length of the data written to the \p output buffer.
+    ///                      This may not be \c NULL.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+    ///                      parameter-verification failure.
+    /// \return              #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED on decryption
+    ///                      expecting a full block but not receiving one.
+    /// \return              #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
+    ///                      while decrypting.
+    /// \return              A cipher-specific error code on failure.
+    pub fn mbedtls_cipher_finish(
+        ctx: *mut mbedtls_cipher_context_t,
+        output: *mut crate::c_types::c_uchar,
+        olen: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function writes a tag for AEAD ciphers.
+    ///                      Currently supported with GCM and ChaCha20+Poly1305.
+    ///                      This must be called after mbedtls_cipher_finish().
+    ///
+    /// \param ctx           The generic cipher context. This must be initialized,
+    ///                      bound to a key, and have just completed a cipher
+    ///                      operation through mbedtls_cipher_finish() the tag for
+    ///                      which should be written.
+    /// \param tag           The buffer to write the tag to. This must be a writable
+    ///                      buffer of at least \p tag_len Bytes.
+    /// \param tag_len       The length of the tag to write.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              A specific error code on failure.
+    pub fn mbedtls_cipher_write_tag(
+        ctx: *mut mbedtls_cipher_context_t,
+        tag: *mut crate::c_types::c_uchar,
+        tag_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function checks the tag for AEAD ciphers.
+    ///                      Currently supported with GCM and ChaCha20+Poly1305.
+    ///                      This must be called after mbedtls_cipher_finish().
+    ///
+    /// \param ctx           The generic cipher context. This must be initialized.
+    /// \param tag           The buffer holding the tag. This must be a readable
+    ///                      buffer of at least \p tag_len Bytes.
+    /// \param tag_len       The length of the tag to check.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              A specific error code on failure.
+    pub fn mbedtls_cipher_check_tag(
+        ctx: *mut mbedtls_cipher_context_t,
+        tag: *const crate::c_types::c_uchar,
+        tag_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               The generic all-in-one encryption/decryption function,
+    ///                      for all ciphers except AEAD constructs.
+    ///
+    /// \param ctx           The generic cipher context. This must be initialized.
+    /// \param iv            The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
+    ///                      This must be a readable buffer of at least \p iv_len
+    ///                      Bytes.
+    /// \param iv_len        The IV length for ciphers with variable-size IV.
+    ///                      This parameter is discarded by ciphers with fixed-size
+    ///                      IV.
+    /// \param input         The buffer holding the input data. This must be a
+    ///                      readable buffer of at least \p ilen Bytes.
+    /// \param ilen          The length of the input data in Bytes.
+    /// \param output        The buffer for the output data. This must be able to
+    ///                      hold at least `ilen + block_size`. This must not be the
+    ///                      same buffer as \p input.
+    /// \param olen          The length of the output data, to be updated with the
+    ///                      actual number of Bytes written. This must not be
+    ///                      \c NULL.
+    ///
+    /// \note                Some ciphers do not use IVs nor nonce. For these
+    ///                      ciphers, use \p iv = NULL and \p iv_len = 0.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+    ///                      parameter-verification failure.
+    /// \return              #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED on decryption
+    ///                      expecting a full block but not receiving one.
+    /// \return              #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
+    ///                      while decrypting.
+    /// \return              A cipher-specific error code on failure.
+    pub fn mbedtls_cipher_crypt(
+        ctx: *mut mbedtls_cipher_context_t,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+        olen: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               The authenticated encryption (AEAD/NIST_KW) function.
+    ///
+    /// \note                For AEAD modes, the tag will be appended to the
+    ///                      ciphertext, as recommended by RFC 5116.
+    ///                      (NIST_KW doesn't have a separate tag.)
+    ///
+    /// \param ctx           The generic cipher context. This must be initialized and
+    ///                      bound to a key, with an AEAD algorithm or NIST_KW.
+    /// \param iv            The nonce to use. This must be a readable buffer of
+    ///                      at least \p iv_len Bytes and may be \c NULL if \p
+    ///                      iv_len is \c 0.
+    /// \param iv_len        The length of the nonce. For AEAD ciphers, this must
+    ///                      satisfy the constraints imposed by the cipher used.
+    ///                      For NIST_KW, this must be \c 0.
+    /// \param ad            The additional data to authenticate. This must be a
+    ///                      readable buffer of at least \p ad_len Bytes, and may
+    ///                      be \c NULL is \p ad_len is \c 0.
+    /// \param ad_len        The length of \p ad. For NIST_KW, this must be \c 0.
+    /// \param input         The buffer holding the input data. This must be a
+    ///                      readable buffer of at least \p ilen Bytes, and may be
+    ///                      \c NULL if \p ilen is \c 0.
+    /// \param ilen          The length of the input data.
+    /// \param output        The buffer for the output data. This must be a
+    ///                      writable buffer of at least \p output_len Bytes, and
+    ///                      must not be \c NULL.
+    /// \param output_len    The length of the \p output buffer in Bytes. For AEAD
+    ///                      ciphers, this must be at least \p ilen + \p tag_len.
+    ///                      For NIST_KW, this must be at least \p ilen + 8
+    ///                      (rounded up to a multiple of 8 if KWP is used);
+    ///                      \p ilen + 15 is always a safe value.
+    /// \param olen          This will be filled with the actual number of Bytes
+    ///                      written to the \p output buffer. This must point to a
+    ///                      writable object of type \c size_t.
+    /// \param tag_len       The desired length of the authentication tag. For AEAD
+    ///                      ciphers, this must match the constraints imposed by
+    ///                      the cipher used, and in particular must not be \c 0.
+    ///                      For NIST_KW, this must be \c 0.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+    ///                      parameter-verification failure.
+    /// \return              A cipher-specific error code on failure.
+    pub fn mbedtls_cipher_auth_encrypt_ext(
+        ctx: *mut mbedtls_cipher_context_t,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+        ad: *const crate::c_types::c_uchar,
+        ad_len: usize,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+        output_len: usize,
+        olen: *mut usize,
+        tag_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               The authenticated encryption (AEAD/NIST_KW) function.
+    ///
+    /// \note                If the data is not authentic, then the output buffer
+    ///                      is zeroed out to prevent the unauthentic plaintext being
+    ///                      used, making this interface safer.
+    ///
+    /// \note                For AEAD modes, the tag must be appended to the
+    ///                      ciphertext, as recommended by RFC 5116.
+    ///                      (NIST_KW doesn't have a separate tag.)
+    ///
+    /// \param ctx           The generic cipher context. This must be initialized and
+    ///                      bound to a key, with an AEAD algorithm or NIST_KW.
+    /// \param iv            The nonce to use. This must be a readable buffer of
+    ///                      at least \p iv_len Bytes and may be \c NULL if \p
+    ///                      iv_len is \c 0.
+    /// \param iv_len        The length of the nonce. For AEAD ciphers, this must
+    ///                      satisfy the constraints imposed by the cipher used.
+    ///                      For NIST_KW, this must be \c 0.
+    /// \param ad            The additional data to authenticate. This must be a
+    ///                      readable buffer of at least \p ad_len Bytes, and may
+    ///                      be \c NULL is \p ad_len is \c 0.
+    /// \param ad_len        The length of \p ad. For NIST_KW, this must be \c 0.
+    /// \param input         The buffer holding the input data. This must be a
+    ///                      readable buffer of at least \p ilen Bytes, and may be
+    ///                      \c NULL if \p ilen is \c 0.
+    /// \param ilen          The length of the input data. For AEAD ciphers this
+    ///                      must be at least \p tag_len. For NIST_KW this must be
+    ///                      at least \c 8.
+    /// \param output        The buffer for the output data. This must be a
+    ///                      writable buffer of at least \p output_len Bytes, and
+    ///                      may be \c NULL if \p output_len is \c 0.
+    /// \param output_len    The length of the \p output buffer in Bytes. For AEAD
+    ///                      ciphers, this must be at least \p ilen - \p tag_len.
+    ///                      For NIST_KW, this must be at least \p ilen - 8.
+    /// \param olen          This will be filled with the actual number of Bytes
+    ///                      written to the \p output buffer. This must point to a
+    ///                      writable object of type \c size_t.
+    /// \param tag_len       The actual length of the authentication tag. For AEAD
+    ///                      ciphers, this must match the constraints imposed by
+    ///                      the cipher used, and in particular must not be \c 0.
+    ///                      For NIST_KW, this must be \c 0.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
+    ///                      parameter-verification failure.
+    /// \return              #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic.
+    /// \return              A cipher-specific error code on failure.
+    pub fn mbedtls_cipher_auth_decrypt_ext(
+        ctx: *mut mbedtls_cipher_context_t,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+        ad: *const crate::c_types::c_uchar,
+        ad_len: usize,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+        output_len: usize,
+        olen: *mut usize,
+        tag_len: usize,
+    ) -> crate::c_types::c_int;
+}
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_NONE: mbedtls_key_exchange_type_t = 0;
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_RSA: mbedtls_key_exchange_type_t = 1;
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_DHE_RSA: mbedtls_key_exchange_type_t = 2;
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: mbedtls_key_exchange_type_t =
+    3;
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
+    mbedtls_key_exchange_type_t = 4;
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_PSK: mbedtls_key_exchange_type_t = 5;
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_DHE_PSK: mbedtls_key_exchange_type_t = 6;
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_RSA_PSK: mbedtls_key_exchange_type_t = 7;
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: mbedtls_key_exchange_type_t =
+    8;
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_ECDH_RSA: mbedtls_key_exchange_type_t =
+    9;
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: mbedtls_key_exchange_type_t =
+    10;
+pub const mbedtls_key_exchange_type_t_MBEDTLS_KEY_EXCHANGE_ECJPAKE: mbedtls_key_exchange_type_t =
+    11;
+pub type mbedtls_key_exchange_type_t = crate::c_types::c_uint;
+/// \brief   This structure is used for storing ciphersuite information
+///
+/// \note    members are defined using integral types instead of enums
+///          in order to pack structure and reduce memory usage by internal
+///          \c ciphersuite_definitions[]
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ssl_ciphersuite_t {
+    pub private_id: crate::c_types::c_int,
+    pub private_name: *const crate::c_types::c_char,
+    pub private_cipher: u8,
+    pub private_mac: u8,
+    pub private_key_exchange: u8,
+    pub private_flags: u8,
+    pub private_min_tls_version: u16,
+    pub private_max_tls_version: u16,
+}
+extern "C" {
+    pub fn mbedtls_ssl_list_ciphersuites() -> *const crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_ssl_ciphersuite_from_string(
+        ciphersuite_name: *const crate::c_types::c_char,
+    ) -> *const mbedtls_ssl_ciphersuite_t;
+}
+extern "C" {
+    pub fn mbedtls_ssl_ciphersuite_from_id(
+        ciphersuite_id: crate::c_types::c_int,
+    ) -> *const mbedtls_ssl_ciphersuite_t;
+}
+extern "C" {
+    pub fn mbedtls_ssl_get_ciphersuite_sig_pk_alg(
+        info: *const mbedtls_ssl_ciphersuite_t,
+    ) -> mbedtls_pk_type_t;
+}
+extern "C" {
+    pub fn mbedtls_ssl_get_ciphersuite_sig_alg(
+        info: *const mbedtls_ssl_ciphersuite_t,
+    ) -> mbedtls_pk_type_t;
+}
+extern "C" {
+    pub fn mbedtls_ssl_ciphersuite_uses_ec(
+        info: *const mbedtls_ssl_ciphersuite_t,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_ssl_ciphersuite_uses_psk(
+        info: *const mbedtls_ssl_ciphersuite_t,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(
+        info: *const mbedtls_ssl_ciphersuite_t,
+    ) -> usize;
+}
+/// The type of the context passed to mbedtls_psa_external_get_random().
+///
+/// Mbed TLS initializes the context to all-bits-zero before calling
+/// mbedtls_psa_external_get_random() for the first time.
+///
+/// The definition of this type in the Mbed TLS source code is for
+/// demonstration purposes. Implementers of mbedtls_psa_external_get_random()
+/// are expected to replace it with a custom definition.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_psa_external_random_context_t {
+    pub private_opaque: [usize; 2usize],
+}
+pub type psa_status_t = i32;
+/// \brief Encoding of a key type.
+///
+/// Values of this type are generally constructed by macros called
+/// `PSA_KEY_TYPE_xxx`.
+///
+/// \note Values of this type are encoded in the persistent key store.
+///       Any changes to existing values will require bumping the storage
+///       format version and providing a translation when reading the old
+///       format.
+pub type psa_key_type_t = u16;
+/// The type of PSA elliptic curve family identifiers.
+///
+/// Values of this type are generally constructed by macros called
+/// `PSA_ECC_FAMILY_xxx`.
+///
+/// The curve identifier is required to create an ECC key using the
+/// PSA_KEY_TYPE_ECC_KEY_PAIR() or PSA_KEY_TYPE_ECC_PUBLIC_KEY()
+/// macros.
+///
+/// Values defined by this standard will never be in the range 0x80-0xff.
+/// Vendors who define additional families must use an encoding in this range.
+///
+/// \note Values of this type are encoded in the persistent key store.
+///       Any changes to existing values will require bumping the storage
+///       format version and providing a translation when reading the old
+///       format.
+pub type psa_ecc_family_t = u8;
+/// The type of PSA Diffie-Hellman group family identifiers.
+///
+/// Values of this type are generally constructed by macros called
+/// `PSA_DH_FAMILY_xxx`.
+///
+/// The group identifier is required to create a Diffie-Hellman key using the
+/// PSA_KEY_TYPE_DH_KEY_PAIR() or PSA_KEY_TYPE_DH_PUBLIC_KEY()
+/// macros.
+///
+/// Values defined by this standard will never be in the range 0x80-0xff.
+/// Vendors who define additional families must use an encoding in this range.
+///
+/// \note Values of this type are encoded in the persistent key store.
+///       Any changes to existing values will require bumping the storage
+///       format version and providing a translation when reading the old
+///       format.
+pub type psa_dh_family_t = u8;
+/// \brief Encoding of a cryptographic algorithm.
+///
+/// Values of this type are generally constructed by macros called
+/// `PSA_ALG_xxx`.
+///
+/// For algorithms that can be applied to multiple key types, this type
+/// does not encode the key type. For example, for symmetric ciphers
+/// based on a block cipher, #psa_algorithm_t encodes the block cipher
+/// mode and the padding mode while the block cipher itself is encoded
+/// via #psa_key_type_t.
+///
+/// \note Values of this type are encoded in the persistent key store.
+///       Any changes to existing values will require bumping the storage
+///       format version and providing a translation when reading the old
+///       format.
+pub type psa_algorithm_t = u32;
+/// Encoding of key lifetimes.
+///
+/// The lifetime of a key indicates where it is stored and what system actions
+/// may create and destroy it.
+///
+/// Lifetime values have the following structure:
+/// - Bits 0-7 (#PSA_KEY_LIFETIME_GET_PERSISTENCE(\c lifetime)):
+///   persistence level. This value indicates what device management
+///   actions can cause it to be destroyed. In particular, it indicates
+///   whether the key is _volatile_ or _persistent_.
+///   See ::psa_key_persistence_t for more information.
+/// - Bits 8-31 (#PSA_KEY_LIFETIME_GET_LOCATION(\c lifetime)):
+///   location indicator. This value indicates which part of the system
+///   has access to the key material and can perform operations using the key.
+///   See ::psa_key_location_t for more information.
+///
+/// Volatile keys are automatically destroyed when the application instance
+/// terminates or on a power reset of the device. Persistent keys are
+/// preserved until the application explicitly destroys them or until an
+/// integration-specific device management event occurs (for example,
+/// a factory reset).
+///
+/// Persistent keys have a key identifier of type #mbedtls_svc_key_id_t.
+/// This identifier remains valid throughout the lifetime of the key,
+/// even if the application instance that created the key terminates.
+/// The application can call psa_open_key() to open a persistent key that
+/// it created previously.
+///
+/// The default lifetime of a key is #PSA_KEY_LIFETIME_VOLATILE. The lifetime
+/// #PSA_KEY_LIFETIME_PERSISTENT is supported if persistent storage is
+/// available. Other lifetime values may be supported depending on the
+/// library configuration.
+///
+/// Values of this type are generally constructed by macros called
+/// `PSA_KEY_LIFETIME_xxx`.
+///
+/// \note Values of this type are encoded in the persistent key store.
+///       Any changes to existing values will require bumping the storage
+///       format version and providing a translation when reading the old
+///       format.
+pub type psa_key_lifetime_t = u32;
+/// Encoding of key persistence levels.
+///
+/// What distinguishes different persistence levels is what device management
+/// events may cause keys to be destroyed. _Volatile_ keys are destroyed
+/// by a power reset. Persistent keys may be destroyed by events such as
+/// a transfer of ownership or a factory reset. What management events
+/// actually affect persistent keys at different levels is outside the
+/// scope of the PSA Cryptography specification.
+///
+/// The PSA Cryptography specification defines the following values of
+/// persistence levels:
+/// - \c 0 = #PSA_KEY_PERSISTENCE_VOLATILE: volatile key.
+///   A volatile key is automatically destroyed by the implementation when
+///   the application instance terminates. In particular, a volatile key
+///   is automatically destroyed on a power reset of the device.
+/// - \c 1 = #PSA_KEY_PERSISTENCE_DEFAULT:
+///   persistent key with a default lifetime.
+/// - \c 2-254: currently not supported by Mbed TLS.
+/// - \c 255 = #PSA_KEY_PERSISTENCE_READ_ONLY:
+///   read-only or write-once key.
+///   A key with this persistence level cannot be destroyed.
+///   Mbed TLS does not currently offer a way to create such keys, but
+///   integrations of Mbed TLS can use it for built-in keys that the
+///   application cannot modify (for example, a hardware unique key (HUK)).
+///
+/// \note Key persistence levels are 8-bit values. Key management
+///       interfaces operate on lifetimes (type ::psa_key_lifetime_t) which
+///       encode the persistence as the lower 8 bits of a 32-bit value.
+///
+/// \note Values of this type are encoded in the persistent key store.
+///       Any changes to existing values will require bumping the storage
+///       format version and providing a translation when reading the old
+///       format.
+pub type psa_key_persistence_t = u8;
+/// Encoding of key location indicators.
+///
+/// If an integration of Mbed TLS can make calls to external
+/// cryptoprocessors such as secure elements, the location of a key
+/// indicates which secure element performs the operations on the key.
+/// Depending on the design of the secure element, the key
+/// material may be stored either in the secure element, or
+/// in wrapped (encrypted) form alongside the key metadata in the
+/// primary local storage.
+///
+/// The PSA Cryptography API specification defines the following values of
+/// location indicators:
+/// - \c 0: primary local storage.
+///   This location is always available.
+///   The primary local storage is typically the same storage area that
+///   contains the key metadata.
+/// - \c 1: primary secure element.
+///   Integrations of Mbed TLS should support this value if there is a secure
+///   element attached to the operating environment.
+///   As a guideline, secure elements may provide higher resistance against
+///   side channel and physical attacks than the primary local storage, but may
+///   have restrictions on supported key types, sizes, policies and operations
+///   and may have different performance characteristics.
+/// - \c 2-0x7fffff: other locations defined by a PSA specification.
+///   The PSA Cryptography API does not currently assign any meaning to these
+///   locations, but future versions of that specification or other PSA
+///   specifications may do so.
+/// - \c 0x800000-0xffffff: vendor-defined locations.
+///   No PSA specification will assign a meaning to locations in this range.
+///
+/// \note Key location indicators are 24-bit values. Key management
+///       interfaces operate on lifetimes (type ::psa_key_lifetime_t) which
+///       encode the location as the upper 24 bits of a 32-bit value.
+///
+/// \note Values of this type are encoded in the persistent key store.
+///       Any changes to existing values will require bumping the storage
+///       format version and providing a translation when reading the old
+///       format.
+pub type psa_key_location_t = u32;
+/// Encoding of identifiers of persistent keys.
+///
+/// - Applications may freely choose key identifiers in the range
+///   #PSA_KEY_ID_USER_MIN to #PSA_KEY_ID_USER_MAX.
+/// - The implementation may define additional key identifiers in the range
+///   #PSA_KEY_ID_VENDOR_MIN to #PSA_KEY_ID_VENDOR_MAX.
+/// - 0 is reserved as an invalid key identifier.
+/// - Key identifiers outside these ranges are reserved for future use.
+///
+/// \note Values of this type are encoded in the persistent key store.
+///       Any changes to how values are allocated must require careful
+///       consideration to allow backward compatibility.
+pub type psa_key_id_t = u32;
+pub type mbedtls_svc_key_id_t = psa_key_id_t;
+/// \brief Encoding of permitted usage on a key.
+///
+/// Values of this type are generally constructed as bitwise-ors of macros
+/// called `PSA_KEY_USAGE_xxx`.
+///
+/// \note Values of this type are encoded in the persistent key store.
+///       Any changes to existing values will require bumping the storage
+///       format version and providing a translation when reading the old
+///       format.
+pub type psa_key_usage_t = u32;
+/// The type of a structure containing key attributes.
+///
+/// This is an opaque structure that can represent the metadata of a key
+/// object. Metadata that can be stored in attributes includes:
+/// - The location of the key in storage, indicated by its key identifier
+///   and its lifetime.
+/// - The key's policy, comprising usage flags and a specification of
+///   the permitted algorithm(s).
+/// - Information about the key itself: the key type and its size.
+/// - Additional implementation-defined attributes.
+///
+/// The actual key material is not considered an attribute of a key.
+/// Key attributes do not contain information that is generally considered
+/// highly confidential.
+///
+/// An attribute structure works like a simple data structure where each function
+/// `psa_set_key_xxx` sets a field and the corresponding function
+/// `psa_get_key_xxx` retrieves the value of the corresponding field.
+/// However, a future version of the library  may report values that are
+/// equivalent to the original one, but have a different encoding. Invalid
+/// values may be mapped to different, also invalid values.
+///
+/// An attribute structure may contain references to auxiliary resources,
+/// for example pointers to allocated memory or indirect references to
+/// pre-calculated values. In order to free such resources, the application
+/// must call psa_reset_key_attributes(). As an exception, calling
+/// psa_reset_key_attributes() on an attribute structure is optional if
+/// the structure has only been modified by the following functions
+/// since it was initialized or last reset with psa_reset_key_attributes():
+/// - psa_set_key_id()
+/// - psa_set_key_lifetime()
+/// - psa_set_key_type()
+/// - psa_set_key_bits()
+/// - psa_set_key_usage_flags()
+/// - psa_set_key_algorithm()
+///
+/// Before calling any function on a key attribute structure, the application
+/// must initialize it by any of the following means:
+/// - Set the structure to all-bits-zero, for example:
+///   \code
+///   psa_key_attributes_t attributes;
+///   memset(&attributes, 0, sizeof(attributes));
+///   \endcode
+/// - Initialize the structure to logical zero values, for example:
+///   \code
+///   psa_key_attributes_t attributes = {0};
+///   \endcode
+/// - Initialize the structure to the initializer #PSA_KEY_ATTRIBUTES_INIT,
+///   for example:
+///   \code
+///   psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+///   \endcode
+/// - Assign the result of the function psa_key_attributes_init()
+///   to the structure, for example:
+///   \code
+///   psa_key_attributes_t attributes;
+///   attributes = psa_key_attributes_init();
+///   \endcode
+///
+/// A freshly initialized attribute structure contains the following
+/// values:
+///
+/// - lifetime: #PSA_KEY_LIFETIME_VOLATILE.
+/// - key identifier: 0 (which is not a valid key identifier).
+/// - type: \c 0 (meaning that the type is unspecified).
+/// - key size: \c 0 (meaning that the size is unspecified).
+/// - usage flags: \c 0 (which allows no usage except exporting a public key).
+/// - algorithm: \c 0 (which allows no cryptographic usage, but allows
+///   exporting).
+///
+/// A typical sequence to create a key is as follows:
+/// -# Create and initialize an attribute structure.
+/// -# If the key is persistent, call psa_set_key_id().
+///    Also call psa_set_key_lifetime() to place the key in a non-default
+///    location.
+/// -# Set the key policy with psa_set_key_usage_flags() and
+///    psa_set_key_algorithm().
+/// -# Set the key type with psa_set_key_type().
+///    Skip this step if copying an existing key with psa_copy_key().
+/// -# When generating a random key with psa_generate_key() or deriving a key
+///    with psa_key_derivation_output_key(), set the desired key size with
+///    psa_set_key_bits().
+/// -# Call a key creation function: psa_import_key(), psa_generate_key(),
+///    psa_key_derivation_output_key() or psa_copy_key(). This function reads
+///    the attribute structure, creates a key with these attributes, and
+///    outputs a key identifier to the newly created key.
+/// -# The attribute structure is now no longer necessary.
+///    You may call psa_reset_key_attributes(), although this is optional
+///    with the workflow presented here because the attributes currently
+///    defined in this specification do not require any additional resources
+///    beyond the structure itself.
+///
+/// A typical sequence to query a key's attributes is as follows:
+/// -# Call psa_get_key_attributes().
+/// -# Call `psa_get_key_xxx` functions to retrieve the attribute(s) that
+///    you are interested in.
+/// -# Call psa_reset_key_attributes() to free any resources that may be
+///    used by the attribute structure.
+///
+/// Once a key has been created, it is impossible to change its attributes.
+pub type psa_key_attributes_t = psa_key_attributes_s;
+/// \brief Encoding of the step of a key derivation.
+///
+/// Values of this type are generally constructed by macros called
+/// `PSA_KEY_DERIVATION_INPUT_xxx`.
+pub type psa_key_derivation_step_t = u16;
+extern "C" {
+    /// \brief Library initialization.
+    ///
+    /// Applications must call this function before calling any other
+    /// function in this module.
+    ///
+    /// Applications may call this function more than once. Once a call
+    /// succeeds, subsequent calls are guaranteed to succeed.
+    ///
+    /// If the application calls other functions before calling psa_crypto_init(),
+    /// the behavior is undefined. Implementations are encouraged to either perform
+    /// the operation as if the library had been initialized or to return
+    /// #PSA_ERROR_BAD_STATE or some other applicable error. In particular,
+    /// implementations should not return a success status if the lack of
+    /// initialization may have security implications, for example due to improper
+    /// seeding of the random number generator.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    pub fn psa_crypto_init() -> psa_status_t;
+}
+extern "C" {
+    /// Retrieve the attributes of a key.
+    ///
+    /// This function first resets the attribute structure as with
+    /// psa_reset_key_attributes(). It then copies the attributes of
+    /// the given key into the given attribute structure.
+    ///
+    /// \note This function may allocate memory or other resources.
+    ///       Once you have called this function on an attribute structure,
+    ///       you must call psa_reset_key_attributes() to free these resources.
+    ///
+    /// \param[in] key               Identifier of the key to query.
+    /// \param[in,out] attributes    On success, the attributes of the key.
+    ///                              On failure, equivalent to a
+    ///                              freshly-initialized structure.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_get_key_attributes(
+        key: mbedtls_svc_key_id_t,
+        attributes: *mut psa_key_attributes_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Reset a key attribute structure to a freshly initialized state.
+    ///
+    /// You must initialize the attribute structure as described in the
+    /// documentation of the type #psa_key_attributes_t before calling this
+    /// function. Once the structure has been initialized, you may call this
+    /// function at any time.
+    ///
+    /// This function frees any auxiliary resources that the structure
+    /// may contain.
+    ///
+    /// \param[in,out] attributes    The attribute structure to reset.
+    pub fn psa_reset_key_attributes(attributes: *mut psa_key_attributes_t);
+}
+extern "C" {
+    /// Remove non-essential copies of key material from memory.
+    ///
+    /// If the key identifier designates a volatile key, this functions does not do
+    /// anything and returns successfully.
+    ///
+    /// If the key identifier designates a persistent key, then this function will
+    /// free all resources associated with the key in volatile memory. The key
+    /// data in persistent storage is not affected and the key can still be used.
+    ///
+    /// \param key Identifier of the key to purge.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         The key material will have been removed from memory if it is not
+    ///         currently required.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not a valid key identifier.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_purge_key(key: mbedtls_svc_key_id_t) -> psa_status_t;
+}
+extern "C" {
+    /// Make a copy of a key.
+    ///
+    /// Copy key material from one location to another.
+    ///
+    /// This function is primarily useful to copy a key from one location
+    /// to another, since it populates a key using the material from
+    /// another key which may have a different lifetime.
+    ///
+    /// This function may be used to share a key with a different party,
+    /// subject to implementation-defined restrictions on key sharing.
+    ///
+    /// The policy on the source key must have the usage flag
+    /// #PSA_KEY_USAGE_COPY set.
+    /// This flag is sufficient to permit the copy if the key has the lifetime
+    /// #PSA_KEY_LIFETIME_VOLATILE or #PSA_KEY_LIFETIME_PERSISTENT.
+    /// Some secure elements do not provide a way to copy a key without
+    /// making it extractable from the secure element. If a key is located
+    /// in such a secure element, then the key must have both usage flags
+    /// #PSA_KEY_USAGE_COPY and #PSA_KEY_USAGE_EXPORT in order to make
+    /// a copy of the key outside the secure element.
+    ///
+    /// The resulting key may only be used in a way that conforms to
+    /// both the policy of the original key and the policy specified in
+    /// the \p attributes parameter:
+    /// - The usage flags on the resulting key are the bitwise-and of the
+    ///   usage flags on the source policy and the usage flags in \p attributes.
+    /// - If both allow the same algorithm or wildcard-based
+    ///   algorithm policy, the resulting key has the same algorithm policy.
+    /// - If either of the policies allows an algorithm and the other policy
+    ///   allows a wildcard-based algorithm policy that includes this algorithm,
+    ///   the resulting key allows the same algorithm.
+    /// - If the policies do not allow any algorithm in common, this function
+    ///   fails with the status #PSA_ERROR_INVALID_ARGUMENT.
+    ///
+    /// The effect of this function on implementation-defined attributes is
+    /// implementation-defined.
+    ///
+    /// \param source_key        The key to copy. It must allow the usage
+    ///                          #PSA_KEY_USAGE_COPY. If a private or secret key is
+    ///                          being copied outside of a secure element it must
+    ///                          also allow #PSA_KEY_USAGE_EXPORT.
+    /// \param[in] attributes    The attributes for the new key.
+    ///                          They are used as follows:
+    ///                          - The key type and size may be 0. If either is
+    ///                            nonzero, it must match the corresponding
+    ///                            attribute of the source key.
+    ///                          - The key location (the lifetime and, for
+    ///                            persistent keys, the key identifier) is
+    ///                            used directly.
+    ///                          - The policy constraints (usage flags and
+    ///                            algorithm policy) are combined from
+    ///                            the source key and \p attributes so that
+    ///                            both sets of restrictions apply, as
+    ///                            described in the documentation of this function.
+    /// \param[out] target_key   On success, an identifier for the newly created
+    ///                          key. For persistent keys, this is the key
+    ///                          identifier defined in \p attributes.
+    ///                          \c 0 on failure.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_HANDLE
+    ///         \p source_key is invalid.
+    /// \retval #PSA_ERROR_ALREADY_EXISTS
+    ///         This is an attempt to create a persistent key, and there is
+    ///         already a persistent key with the given identifier.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The lifetime or identifier in \p attributes are invalid, or
+    ///         the policy constraints on the source and specified in
+    ///         \p attributes are incompatible, or
+    ///         \p attributes specifies a key type or key size
+    ///         which does not match the attributes of the source key.
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The source key does not have the #PSA_KEY_USAGE_COPY usage flag, or
+    ///         the source key is not exportable and its lifetime does not
+    ///         allow copying it to the target's lifetime.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_copy_key(
+        source_key: mbedtls_svc_key_id_t,
+        attributes: *const psa_key_attributes_t,
+        target_key: *mut mbedtls_svc_key_id_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Destroy a key.
+    ///
+    /// This function destroys a key from both volatile
+    /// memory and, if applicable, non-volatile storage. Implementations shall
+    /// make a best effort to ensure that the key material cannot be recovered.
+    ///
+    /// This function also erases any metadata such as policies and frees
+    /// resources associated with the key.
+    ///
+    /// If a key is currently in use in a multipart operation, then destroying the
+    /// key will cause the multipart operation to fail.
+    ///
+    /// \param key  Identifier of the key to erase. If this is \c 0, do nothing and
+    ///             return #PSA_SUCCESS.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         \p key was a valid identifier and the key material that it
+    ///         referred to has been erased. Alternatively, \p key is \c 0.
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The key cannot be erased because it is
+    ///         read-only, either due to a policy or due to physical restrictions.
+    /// \retval #PSA_ERROR_INVALID_HANDLE
+    ///         \p key is not a valid identifier nor \c 0.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE
+    ///         There was a failure in communication with the cryptoprocessor.
+    ///         The key material may still be present in the cryptoprocessor.
+    /// \retval #PSA_ERROR_DATA_INVALID
+    ///         This error is typically a result of either storage corruption on a
+    ///         cleartext storage backend, or an attempt to read data that was
+    ///         written by an incompatible version of the library.
+    /// \retval #PSA_ERROR_STORAGE_FAILURE
+    ///         The storage is corrupted. Implementations shall make a best effort
+    ///         to erase key material even in this stage, however applications
+    ///         should be aware that it may be impossible to guarantee that the
+    ///         key material is not recoverable in such cases.
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED
+    ///         An unexpected condition which is not a storage corruption or
+    ///         a communication failure occurred. The cryptoprocessor may have
+    ///         been compromised.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_destroy_key(key: mbedtls_svc_key_id_t) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Import a key in binary format.
+    ///
+    /// This function supports any output from psa_export_key(). Refer to the
+    /// documentation of psa_export_public_key() for the format of public keys
+    /// and to the documentation of psa_export_key() for the format for
+    /// other key types.
+    ///
+    /// The key data determines the key size. The attributes may optionally
+    /// specify a key size; in this case it must match the size determined
+    /// from the key data. A key size of 0 in \p attributes indicates that
+    /// the key size is solely determined by the key data.
+    ///
+    /// Implementations must reject an attempt to import a key of size 0.
+    ///
+    /// This specification supports a single format for each key type.
+    /// Implementations may support other formats as long as the standard
+    /// format is supported. Implementations that support other formats
+    /// should ensure that the formats are clearly unambiguous so as to
+    /// minimize the risk that an invalid input is accidentally interpreted
+    /// according to a different format.
+    ///
+    /// \param[in] attributes    The attributes for the new key.
+    ///                          The key size is always determined from the
+    ///                          \p data buffer.
+    ///                          If the key size in \p attributes is nonzero,
+    ///                          it must be equal to the size from \p data.
+    /// \param[out] key          On success, an identifier to the newly created key.
+    ///                          For persistent keys, this is the key identifier
+    ///                          defined in \p attributes.
+    ///                          \c 0 on failure.
+    /// \param[in] data    Buffer containing the key data. The content of this
+    ///                    buffer is interpreted according to the type declared
+    ///                    in \p attributes.
+    ///                    All implementations must support at least the format
+    ///                    described in the documentation
+    ///                    of psa_export_key() or psa_export_public_key() for
+    ///                    the chosen type. Implementations may allow other
+    ///                    formats, but should be conservative: implementations
+    ///                    should err on the side of rejecting content if it
+    ///                    may be erroneous (e.g. wrong type or truncated data).
+    /// \param data_length Size of the \p data buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    ///         If the key is persistent, the key material and the key's metadata
+    ///         have been saved to persistent storage.
+    /// \retval #PSA_ERROR_ALREADY_EXISTS
+    ///         This is an attempt to create a persistent key, and there is
+    ///         already a persistent key with the given identifier.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         The key type or key size is not supported, either by the
+    ///         implementation in general or in this particular persistent location.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The key attributes, as a whole, are invalid, or
+    ///         the key data is not correctly formatted, or
+    ///         the size in \p attributes is nonzero and does not match the size
+    ///         of the key data.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_import_key(
+        attributes: *const psa_key_attributes_t,
+        data: *const u8,
+        data_length: usize,
+        key: *mut mbedtls_svc_key_id_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Export a key in binary format.
+    ///
+    /// The output of this function can be passed to psa_import_key() to
+    /// create an equivalent object.
+    ///
+    /// If the implementation of psa_import_key() supports other formats
+    /// beyond the format specified here, the output from psa_export_key()
+    /// must use the representation specified here, not the original
+    /// representation.
+    ///
+    /// For standard key types, the output format is as follows:
+    ///
+    /// - For symmetric keys (including MAC keys), the format is the
+    ///   raw bytes of the key.
+    /// - For DES, the key data consists of 8 bytes. The parity bits must be
+    ///   correct.
+    /// - For Triple-DES, the format is the concatenation of the
+    ///   two or three DES keys.
+    /// - For RSA key pairs (#PSA_KEY_TYPE_RSA_KEY_PAIR), the format
+    ///   is the non-encrypted DER encoding of the representation defined by
+    ///   PKCS\#1 (RFC 8017) as `RSAPrivateKey`, version 0.
+    ///   ```
+    ///   RSAPrivateKey ::= SEQUENCE {
+    ///       version             INTEGER,  -- must be 0
+    ///       modulus             INTEGER,  -- n
+    ///       publicExponent      INTEGER,  -- e
+    ///       privateExponent     INTEGER,  -- d
+    ///       prime1              INTEGER,  -- p
+    ///       prime2              INTEGER,  -- q
+    ///       exponent1           INTEGER,  -- d mod (p-1)
+    ///       exponent2           INTEGER,  -- d mod (q-1)
+    ///       coefficient         INTEGER,  -- (inverse of q) mod p
+    ///   }
+    ///   ```
+    /// - For elliptic curve key pairs (key types for which
+    ///   #PSA_KEY_TYPE_IS_ECC_KEY_PAIR is true), the format is
+    ///   a representation of the private value as a `ceiling(m/8)`-byte string
+    ///   where `m` is the bit size associated with the curve, i.e. the bit size
+    ///   of the order of the curve's coordinate field. This byte string is
+    ///   in little-endian order for Montgomery curves (curve types
+    ///   `PSA_ECC_FAMILY_CURVEXXX`), and in big-endian order for Weierstrass
+    ///   curves (curve types `PSA_ECC_FAMILY_SECTXXX`, `PSA_ECC_FAMILY_SECPXXX`
+    ///   and `PSA_ECC_FAMILY_BRAINPOOL_PXXX`).
+    ///   For Weierstrass curves, this is the content of the `privateKey` field of
+    ///   the `ECPrivateKey` format defined by RFC 5915.  For Montgomery curves,
+    ///   the format is defined by RFC 7748, and output is masked according to §5.
+    ///   For twisted Edwards curves, the private key is as defined by RFC 8032
+    ///   (a 32-byte string for Edwards25519, a 57-byte string for Edwards448).
+    /// - For Diffie-Hellman key exchange key pairs (key types for which
+    ///   #PSA_KEY_TYPE_IS_DH_KEY_PAIR is true), the
+    ///   format is the representation of the private key `x` as a big-endian byte
+    ///   string. The length of the byte string is the private key size in bytes
+    ///   (leading zeroes are not stripped).
+    /// - For public keys (key types for which #PSA_KEY_TYPE_IS_PUBLIC_KEY is
+    ///   true), the format is the same as for psa_export_public_key().
+    ///
+    /// The policy on the key must have the usage flag #PSA_KEY_USAGE_EXPORT set.
+    ///
+    /// \param key               Identifier of the key to export. It must allow the
+    ///                          usage #PSA_KEY_USAGE_EXPORT, unless it is a public
+    ///                          key.
+    /// \param[out] data         Buffer where the key data is to be written.
+    /// \param data_size         Size of the \p data buffer in bytes.
+    /// \param[out] data_length  On success, the number of bytes
+    ///                          that make up the key data.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The key does not have the #PSA_KEY_USAGE_EXPORT flag.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p data buffer is too small. You can determine a
+    ///         sufficient buffer size by calling
+    ///         #PSA_EXPORT_KEY_OUTPUT_SIZE(\c type, \c bits)
+    ///         where \c type is the key type
+    ///         and \c bits is the key size in bits.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_export_key(
+        key: mbedtls_svc_key_id_t,
+        data: *mut u8,
+        data_size: usize,
+        data_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Export a public key or the public part of a key pair in binary format.
+    ///
+    /// The output of this function can be passed to psa_import_key() to
+    /// create an object that is equivalent to the public key.
+    ///
+    /// This specification supports a single format for each key type.
+    /// Implementations may support other formats as long as the standard
+    /// format is supported. Implementations that support other formats
+    /// should ensure that the formats are clearly unambiguous so as to
+    /// minimize the risk that an invalid input is accidentally interpreted
+    /// according to a different format.
+    ///
+    /// For standard key types, the output format is as follows:
+    /// - For RSA public keys (#PSA_KEY_TYPE_RSA_PUBLIC_KEY), the DER encoding of
+    ///   the representation defined by RFC 3279 &sect;2.3.1 as `RSAPublicKey`.
+    ///   ```
+    ///   RSAPublicKey ::= SEQUENCE {
+    ///      modulus            INTEGER,    -- n
+    ///      publicExponent     INTEGER  }  -- e
+    ///   ```
+    /// - For elliptic curve keys on a twisted Edwards curve (key types for which
+    ///   #PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY is true and #PSA_KEY_TYPE_ECC_GET_FAMILY
+    ///   returns #PSA_ECC_FAMILY_TWISTED_EDWARDS), the public key is as defined
+    ///   by RFC 8032
+    ///   (a 32-byte string for Edwards25519, a 57-byte string for Edwards448).
+    /// - For other elliptic curve public keys (key types for which
+    ///   #PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY is true), the format is the uncompressed
+    ///   representation defined by SEC1 &sect;2.3.3 as the content of an ECPoint.
+    ///   Let `m` be the bit size associated with the curve, i.e. the bit size of
+    ///   `q` for a curve over `F_q`. The representation consists of:
+    ///      - The byte 0x04;
+    ///      - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
+    ///      - `y_P` as a `ceiling(m/8)`-byte string, big-endian.
+    /// - For Diffie-Hellman key exchange public keys (key types for which
+    ///   #PSA_KEY_TYPE_IS_DH_PUBLIC_KEY is true),
+    ///   the format is the representation of the public key `y = g^x mod p` as a
+    ///   big-endian byte string. The length of the byte string is the length of the
+    ///   base prime `p` in bytes.
+    ///
+    /// Exporting a public key object or the public part of a key pair is
+    /// always permitted, regardless of the key's usage flags.
+    ///
+    /// \param key               Identifier of the key to export.
+    /// \param[out] data         Buffer where the key data is to be written.
+    /// \param data_size         Size of the \p data buffer in bytes.
+    /// \param[out] data_length  On success, the number of bytes
+    ///                          that make up the key data.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The key is neither a public key nor a key pair.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p data buffer is too small. You can determine a
+    ///         sufficient buffer size by calling
+    ///         #PSA_EXPORT_KEY_OUTPUT_SIZE(#PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(\c type), \c bits)
+    ///         where \c type is the key type
+    ///         and \c bits is the key size in bits.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_export_public_key(
+        key: mbedtls_svc_key_id_t,
+        data: *mut u8,
+        data_size: usize,
+        data_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Calculate the hash (digest) of a message.
+    ///
+    /// \note To verify the hash of a message against an
+    ///       expected value, use psa_hash_compare() instead.
+    ///
+    /// \param alg               The hash algorithm to compute (\c PSA_ALG_XXX value
+    ///                          such that #PSA_ALG_IS_HASH(\p alg) is true).
+    /// \param[in] input         Buffer containing the message to hash.
+    /// \param input_length      Size of the \p input buffer in bytes.
+    /// \param[out] hash         Buffer where the hash is to be written.
+    /// \param hash_size         Size of the \p hash buffer in bytes.
+    /// \param[out] hash_length  On success, the number of bytes
+    ///                          that make up the hash value. This is always
+    ///                          #PSA_HASH_LENGTH(\p alg).
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not a hash algorithm.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         \p hash_size is too small
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_hash_compute(
+        alg: psa_algorithm_t,
+        input: *const u8,
+        input_length: usize,
+        hash: *mut u8,
+        hash_size: usize,
+        hash_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Calculate the hash (digest) of a message and compare it with a
+    /// reference value.
+    ///
+    /// \param alg               The hash algorithm to compute (\c PSA_ALG_XXX value
+    ///                          such that #PSA_ALG_IS_HASH(\p alg) is true).
+    /// \param[in] input         Buffer containing the message to hash.
+    /// \param input_length      Size of the \p input buffer in bytes.
+    /// \param[out] hash         Buffer containing the expected hash value.
+    /// \param hash_length       Size of the \p hash buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         The expected hash is identical to the actual hash of the input.
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The hash of the message was calculated successfully, but it
+    ///         differs from the expected hash.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not a hash algorithm.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p input_length or \p hash_length do not match the hash size for \p alg
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_hash_compare(
+        alg: psa_algorithm_t,
+        input: *const u8,
+        input_length: usize,
+        hash: *const u8,
+        hash_length: usize,
+    ) -> psa_status_t;
+}
+/// The type of the state data structure for multipart hash operations.
+///
+/// Before calling any function on a hash operation object, the application must
+/// initialize it by any of the following means:
+/// - Set the structure to all-bits-zero, for example:
+///   \code
+///   psa_hash_operation_t operation;
+///   memset(&operation, 0, sizeof(operation));
+///   \endcode
+/// - Initialize the structure to logical zero values, for example:
+///   \code
+///   psa_hash_operation_t operation = {0};
+///   \endcode
+/// - Initialize the structure to the initializer #PSA_HASH_OPERATION_INIT,
+///   for example:
+///   \code
+///   psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
+///   \endcode
+/// - Assign the result of the function psa_hash_operation_init()
+///   to the structure, for example:
+///   \code
+///   psa_hash_operation_t operation;
+///   operation = psa_hash_operation_init();
+///   \endcode
+///
+/// This is an implementation-defined \c struct. Applications should not
+/// make any assumptions about the content of this structure.
+/// Implementation details can change in future versions without notice.
+pub type psa_hash_operation_t = psa_hash_operation_s;
+extern "C" {
+    /// Set up a multipart hash operation.
+    ///
+    /// The sequence of operations to calculate a hash (message digest)
+    /// is as follows:
+    /// -# Allocate an operation object which will be passed to all the functions
+    ///    listed here.
+    /// -# Initialize the operation object with one of the methods described in the
+    ///    documentation for #psa_hash_operation_t, e.g. #PSA_HASH_OPERATION_INIT.
+    /// -# Call psa_hash_setup() to specify the algorithm.
+    /// -# Call psa_hash_update() zero, one or more times, passing a fragment
+    ///    of the message each time. The hash that is calculated is the hash
+    ///    of the concatenation of these messages in order.
+    /// -# To calculate the hash, call psa_hash_finish().
+    ///    To compare the hash with an expected value, call psa_hash_verify().
+    ///
+    /// If an error occurs at any step after a call to psa_hash_setup(), the
+    /// operation will need to be reset by a call to psa_hash_abort(). The
+    /// application may call psa_hash_abort() at any time after the operation
+    /// has been initialized.
+    ///
+    /// After a successful call to psa_hash_setup(), the application must
+    /// eventually terminate the operation. The following events terminate an
+    /// operation:
+    /// - A successful call to psa_hash_finish() or psa_hash_verify().
+    /// - A call to psa_hash_abort().
+    ///
+    /// \param[in,out] operation The operation object to set up. It must have
+    ///                          been initialized as per the documentation for
+    ///                          #psa_hash_operation_t and not yet in use.
+    /// \param alg               The hash algorithm to compute (\c PSA_ALG_XXX value
+    ///                          such that #PSA_ALG_IS_HASH(\p alg) is true).
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not a supported hash algorithm.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p alg is not a hash algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be inactive), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_hash_setup(
+        operation: *mut psa_hash_operation_t,
+        alg: psa_algorithm_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Add a message fragment to a multipart hash operation.
+    ///
+    /// The application must call psa_hash_setup() before calling this function.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_hash_abort().
+    ///
+    /// \param[in,out] operation Active hash operation.
+    /// \param[in] input         Buffer containing the message fragment to hash.
+    /// \param input_length      Size of the \p input buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_hash_update(
+        operation: *mut psa_hash_operation_t,
+        input: *const u8,
+        input_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Finish the calculation of the hash of a message.
+    ///
+    /// The application must call psa_hash_setup() before calling this function.
+    /// This function calculates the hash of the message formed by concatenating
+    /// the inputs passed to preceding calls to psa_hash_update().
+    ///
+    /// When this function returns successfully, the operation becomes inactive.
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_hash_abort().
+    ///
+    /// \warning Applications should not call this function if they expect
+    ///          a specific value for the hash. Call psa_hash_verify() instead.
+    ///          Beware that comparing integrity or authenticity data such as
+    ///          hash values with a function such as \c memcmp is risky
+    ///          because the time taken by the comparison may leak information
+    ///          about the hashed data which could allow an attacker to guess
+    ///          a valid hash and thereby bypass security controls.
+    ///
+    /// \param[in,out] operation     Active hash operation.
+    /// \param[out] hash             Buffer where the hash is to be written.
+    /// \param hash_size             Size of the \p hash buffer in bytes.
+    /// \param[out] hash_length      On success, the number of bytes
+    ///                              that make up the hash value. This is always
+    ///                              #PSA_HASH_LENGTH(\c alg) where \c alg is the
+    ///                              hash algorithm that is calculated.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p hash buffer is too small. You can determine a
+    ///         sufficient buffer size by calling #PSA_HASH_LENGTH(\c alg)
+    ///         where \c alg is the hash algorithm that is calculated.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_hash_finish(
+        operation: *mut psa_hash_operation_t,
+        hash: *mut u8,
+        hash_size: usize,
+        hash_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Finish the calculation of the hash of a message and compare it with
+    /// an expected value.
+    ///
+    /// The application must call psa_hash_setup() before calling this function.
+    /// This function calculates the hash of the message formed by concatenating
+    /// the inputs passed to preceding calls to psa_hash_update(). It then
+    /// compares the calculated hash with the expected hash passed as a
+    /// parameter to this function.
+    ///
+    /// When this function returns successfully, the operation becomes inactive.
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_hash_abort().
+    ///
+    /// \note Implementations shall make the best effort to ensure that the
+    /// comparison between the actual hash and the expected hash is performed
+    /// in constant time.
+    ///
+    /// \param[in,out] operation     Active hash operation.
+    /// \param[in] hash              Buffer containing the expected hash value.
+    /// \param hash_length           Size of the \p hash buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         The expected hash is identical to the actual hash of the message.
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The hash of the message was calculated successfully, but it
+    ///         differs from the expected hash.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_hash_verify(
+        operation: *mut psa_hash_operation_t,
+        hash: *const u8,
+        hash_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Abort a hash operation.
+    ///
+    /// Aborting an operation frees all associated resources except for the
+    /// \p operation structure itself. Once aborted, the operation object
+    /// can be reused for another operation by calling
+    /// psa_hash_setup() again.
+    ///
+    /// You may call this function any time after the operation object has
+    /// been initialized by one of the methods described in #psa_hash_operation_t.
+    ///
+    /// In particular, calling psa_hash_abort() after the operation has been
+    /// terminated by a call to psa_hash_abort(), psa_hash_finish() or
+    /// psa_hash_verify() is safe and has no effect.
+    ///
+    /// \param[in,out] operation     Initialized hash operation.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_hash_abort(operation: *mut psa_hash_operation_t) -> psa_status_t;
+}
+extern "C" {
+    /// Clone a hash operation.
+    ///
+    /// This function copies the state of an ongoing hash operation to
+    /// a new operation object. In other words, this function is equivalent
+    /// to calling psa_hash_setup() on \p target_operation with the same
+    /// algorithm that \p source_operation was set up for, then
+    /// psa_hash_update() on \p target_operation with the same input that
+    /// that was passed to \p source_operation. After this function returns, the
+    /// two objects are independent, i.e. subsequent calls involving one of
+    /// the objects do not affect the other object.
+    ///
+    /// \param[in] source_operation      The active hash operation to clone.
+    /// \param[in,out] target_operation  The operation object to set up.
+    ///                                  It must be initialized but not active.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The \p source_operation state is not valid (it must be active), or
+    ///         the \p target_operation state is not valid (it must be inactive), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_hash_clone(
+        source_operation: *const psa_hash_operation_t,
+        target_operation: *mut psa_hash_operation_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Calculate the MAC (message authentication code) of a message.
+    ///
+    /// \note To verify the MAC of a message against an
+    ///       expected value, use psa_mac_verify() instead.
+    ///       Beware that comparing integrity or authenticity data such as
+    ///       MAC values with a function such as \c memcmp is risky
+    ///       because the time taken by the comparison may leak information
+    ///       about the MAC value which could allow an attacker to guess
+    ///       a valid MAC and thereby bypass security controls.
+    ///
+    /// \param key               Identifier of the key to use for the operation. It
+    ///                          must allow the usage PSA_KEY_USAGE_SIGN_MESSAGE.
+    /// \param alg               The MAC algorithm to compute (\c PSA_ALG_XXX value
+    ///                          such that #PSA_ALG_IS_MAC(\p alg) is true).
+    /// \param[in] input         Buffer containing the input message.
+    /// \param input_length      Size of the \p input buffer in bytes.
+    /// \param[out] mac          Buffer where the MAC value is to be written.
+    /// \param mac_size          Size of the \p mac buffer in bytes.
+    /// \param[out] mac_length   On success, the number of bytes
+    ///                          that make up the MAC value.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not compatible with \p alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not a MAC algorithm.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         \p mac_size is too small
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE
+    ///         The key could not be retrieved from storage.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_mac_compute(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        input: *const u8,
+        input_length: usize,
+        mac: *mut u8,
+        mac_size: usize,
+        mac_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Calculate the MAC of a message and compare it with a reference value.
+    ///
+    /// \param key               Identifier of the key to use for the operation. It
+    ///                          must allow the usage PSA_KEY_USAGE_VERIFY_MESSAGE.
+    /// \param alg               The MAC algorithm to compute (\c PSA_ALG_XXX value
+    ///                          such that #PSA_ALG_IS_MAC(\p alg) is true).
+    /// \param[in] input         Buffer containing the input message.
+    /// \param input_length      Size of the \p input buffer in bytes.
+    /// \param[out] mac          Buffer containing the expected MAC value.
+    /// \param mac_length        Size of the \p mac buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         The expected MAC is identical to the actual MAC of the input.
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The MAC of the message was calculated successfully, but it
+    ///         differs from the expected value.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not compatible with \p alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not a MAC algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE
+    ///         The key could not be retrieved from storage.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_mac_verify(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        input: *const u8,
+        input_length: usize,
+        mac: *const u8,
+        mac_length: usize,
+    ) -> psa_status_t;
+}
+/// The type of the state data structure for multipart MAC operations.
+///
+/// Before calling any function on a MAC operation object, the application must
+/// initialize it by any of the following means:
+/// - Set the structure to all-bits-zero, for example:
+///   \code
+///   psa_mac_operation_t operation;
+///   memset(&operation, 0, sizeof(operation));
+///   \endcode
+/// - Initialize the structure to logical zero values, for example:
+///   \code
+///   psa_mac_operation_t operation = {0};
+///   \endcode
+/// - Initialize the structure to the initializer #PSA_MAC_OPERATION_INIT,
+///   for example:
+///   \code
+///   psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+///   \endcode
+/// - Assign the result of the function psa_mac_operation_init()
+///   to the structure, for example:
+///   \code
+///   psa_mac_operation_t operation;
+///   operation = psa_mac_operation_init();
+///   \endcode
+///
+///
+/// This is an implementation-defined \c struct. Applications should not
+/// make any assumptions about the content of this structure.
+/// Implementation details can change in future versions without notice.
+pub type psa_mac_operation_t = psa_mac_operation_s;
+extern "C" {
+    /// Set up a multipart MAC calculation operation.
+    ///
+    /// This function sets up the calculation of the MAC
+    /// (message authentication code) of a byte string.
+    /// To verify the MAC of a message against an
+    /// expected value, use psa_mac_verify_setup() instead.
+    ///
+    /// The sequence of operations to calculate a MAC is as follows:
+    /// -# Allocate an operation object which will be passed to all the functions
+    ///    listed here.
+    /// -# Initialize the operation object with one of the methods described in the
+    ///    documentation for #psa_mac_operation_t, e.g. #PSA_MAC_OPERATION_INIT.
+    /// -# Call psa_mac_sign_setup() to specify the algorithm and key.
+    /// -# Call psa_mac_update() zero, one or more times, passing a fragment
+    ///    of the message each time. The MAC that is calculated is the MAC
+    ///    of the concatenation of these messages in order.
+    /// -# At the end of the message, call psa_mac_sign_finish() to finish
+    ///    calculating the MAC value and retrieve it.
+    ///
+    /// If an error occurs at any step after a call to psa_mac_sign_setup(), the
+    /// operation will need to be reset by a call to psa_mac_abort(). The
+    /// application may call psa_mac_abort() at any time after the operation
+    /// has been initialized.
+    ///
+    /// After a successful call to psa_mac_sign_setup(), the application must
+    /// eventually terminate the operation through one of the following methods:
+    /// - A successful call to psa_mac_sign_finish().
+    /// - A call to psa_mac_abort().
+    ///
+    /// \param[in,out] operation The operation object to set up. It must have
+    ///                          been initialized as per the documentation for
+    ///                          #psa_mac_operation_t and not yet in use.
+    /// \param key               Identifier of the key to use for the operation. It
+    ///                          must remain valid until the operation terminates.
+    ///                          It must allow the usage PSA_KEY_USAGE_SIGN_MESSAGE.
+    /// \param alg               The MAC algorithm to compute (\c PSA_ALG_XXX value
+    ///                          such that #PSA_ALG_IS_MAC(\p alg) is true).
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not compatible with \p alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not a MAC algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE
+    ///         The key could not be retrieved from storage.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be inactive), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_mac_sign_setup(
+        operation: *mut psa_mac_operation_t,
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Set up a multipart MAC verification operation.
+    ///
+    /// This function sets up the verification of the MAC
+    /// (message authentication code) of a byte string against an expected value.
+    ///
+    /// The sequence of operations to verify a MAC is as follows:
+    /// -# Allocate an operation object which will be passed to all the functions
+    ///    listed here.
+    /// -# Initialize the operation object with one of the methods described in the
+    ///    documentation for #psa_mac_operation_t, e.g. #PSA_MAC_OPERATION_INIT.
+    /// -# Call psa_mac_verify_setup() to specify the algorithm and key.
+    /// -# Call psa_mac_update() zero, one or more times, passing a fragment
+    ///    of the message each time. The MAC that is calculated is the MAC
+    ///    of the concatenation of these messages in order.
+    /// -# At the end of the message, call psa_mac_verify_finish() to finish
+    ///    calculating the actual MAC of the message and verify it against
+    ///    the expected value.
+    ///
+    /// If an error occurs at any step after a call to psa_mac_verify_setup(), the
+    /// operation will need to be reset by a call to psa_mac_abort(). The
+    /// application may call psa_mac_abort() at any time after the operation
+    /// has been initialized.
+    ///
+    /// After a successful call to psa_mac_verify_setup(), the application must
+    /// eventually terminate the operation through one of the following methods:
+    /// - A successful call to psa_mac_verify_finish().
+    /// - A call to psa_mac_abort().
+    ///
+    /// \param[in,out] operation The operation object to set up. It must have
+    ///                          been initialized as per the documentation for
+    ///                          #psa_mac_operation_t and not yet in use.
+    /// \param key               Identifier of the key to use for the operation. It
+    ///                          must remain valid until the operation terminates.
+    ///                          It must allow the usage
+    ///                          PSA_KEY_USAGE_VERIFY_MESSAGE.
+    /// \param alg               The MAC algorithm to compute (\c PSA_ALG_XXX value
+    ///                          such that #PSA_ALG_IS_MAC(\p alg) is true).
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \c key is not compatible with \c alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \c alg is not supported or is not a MAC algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE
+    ///         The key could not be retrieved from storage.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be inactive), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_mac_verify_setup(
+        operation: *mut psa_mac_operation_t,
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Add a message fragment to a multipart MAC operation.
+    ///
+    /// The application must call psa_mac_sign_setup() or psa_mac_verify_setup()
+    /// before calling this function.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_mac_abort().
+    ///
+    /// \param[in,out] operation Active MAC operation.
+    /// \param[in] input         Buffer containing the message fragment to add to
+    ///                          the MAC calculation.
+    /// \param input_length      Size of the \p input buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_mac_update(
+        operation: *mut psa_mac_operation_t,
+        input: *const u8,
+        input_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Finish the calculation of the MAC of a message.
+    ///
+    /// The application must call psa_mac_sign_setup() before calling this function.
+    /// This function calculates the MAC of the message formed by concatenating
+    /// the inputs passed to preceding calls to psa_mac_update().
+    ///
+    /// When this function returns successfully, the operation becomes inactive.
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_mac_abort().
+    ///
+    /// \warning Applications should not call this function if they expect
+    ///          a specific value for the MAC. Call psa_mac_verify_finish() instead.
+    ///          Beware that comparing integrity or authenticity data such as
+    ///          MAC values with a function such as \c memcmp is risky
+    ///          because the time taken by the comparison may leak information
+    ///          about the MAC value which could allow an attacker to guess
+    ///          a valid MAC and thereby bypass security controls.
+    ///
+    /// \param[in,out] operation Active MAC operation.
+    /// \param[out] mac          Buffer where the MAC value is to be written.
+    /// \param mac_size          Size of the \p mac buffer in bytes.
+    /// \param[out] mac_length   On success, the number of bytes
+    ///                          that make up the MAC value. This is always
+    ///                          #PSA_MAC_LENGTH(\c key_type, \c key_bits, \c alg)
+    ///                          where \c key_type and \c key_bits are the type and
+    ///                          bit-size respectively of the key and \c alg is the
+    ///                          MAC algorithm that is calculated.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p mac buffer is too small. You can determine a
+    ///         sufficient buffer size by calling PSA_MAC_LENGTH().
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be an active mac sign
+    ///         operation), or the library has not been previously initialized
+    ///         by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_mac_sign_finish(
+        operation: *mut psa_mac_operation_t,
+        mac: *mut u8,
+        mac_size: usize,
+        mac_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Finish the calculation of the MAC of a message and compare it with
+    /// an expected value.
+    ///
+    /// The application must call psa_mac_verify_setup() before calling this function.
+    /// This function calculates the MAC of the message formed by concatenating
+    /// the inputs passed to preceding calls to psa_mac_update(). It then
+    /// compares the calculated MAC with the expected MAC passed as a
+    /// parameter to this function.
+    ///
+    /// When this function returns successfully, the operation becomes inactive.
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_mac_abort().
+    ///
+    /// \note Implementations shall make the best effort to ensure that the
+    /// comparison between the actual MAC and the expected MAC is performed
+    /// in constant time.
+    ///
+    /// \param[in,out] operation Active MAC operation.
+    /// \param[in] mac           Buffer containing the expected MAC value.
+    /// \param mac_length        Size of the \p mac buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         The expected MAC is identical to the actual MAC of the message.
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The MAC of the message was calculated successfully, but it
+    ///         differs from the expected MAC.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be an active mac verify
+    ///         operation), or the library has not been previously initialized
+    ///         by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_mac_verify_finish(
+        operation: *mut psa_mac_operation_t,
+        mac: *const u8,
+        mac_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Abort a MAC operation.
+    ///
+    /// Aborting an operation frees all associated resources except for the
+    /// \p operation structure itself. Once aborted, the operation object
+    /// can be reused for another operation by calling
+    /// psa_mac_sign_setup() or psa_mac_verify_setup() again.
+    ///
+    /// You may call this function any time after the operation object has
+    /// been initialized by one of the methods described in #psa_mac_operation_t.
+    ///
+    /// In particular, calling psa_mac_abort() after the operation has been
+    /// terminated by a call to psa_mac_abort(), psa_mac_sign_finish() or
+    /// psa_mac_verify_finish() is safe and has no effect.
+    ///
+    /// \param[in,out] operation Initialized MAC operation.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_mac_abort(operation: *mut psa_mac_operation_t) -> psa_status_t;
+}
+extern "C" {
+    /// Encrypt a message using a symmetric cipher.
+    ///
+    /// This function encrypts a message with a random IV (initialization
+    /// vector). Use the multipart operation interface with a
+    /// #psa_cipher_operation_t object to provide other forms of IV.
+    ///
+    /// \param key                   Identifier of the key to use for the operation.
+    ///                              It must allow the usage #PSA_KEY_USAGE_ENCRYPT.
+    /// \param alg                   The cipher algorithm to compute
+    ///                              (\c PSA_ALG_XXX value such that
+    ///                              #PSA_ALG_IS_CIPHER(\p alg) is true).
+    /// \param[in] input             Buffer containing the message to encrypt.
+    /// \param input_length          Size of the \p input buffer in bytes.
+    /// \param[out] output           Buffer where the output is to be written.
+    ///                              The output contains the IV followed by
+    ///                              the ciphertext proper.
+    /// \param output_size           Size of the \p output buffer in bytes.
+    /// \param[out] output_length    On success, the number of bytes
+    ///                              that make up the output.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not compatible with \p alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not a cipher algorithm.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_cipher_encrypt(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        input: *const u8,
+        input_length: usize,
+        output: *mut u8,
+        output_size: usize,
+        output_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Decrypt a message using a symmetric cipher.
+    ///
+    /// This function decrypts a message encrypted with a symmetric cipher.
+    ///
+    /// \param key                   Identifier of the key to use for the operation.
+    ///                              It must remain valid until the operation
+    ///                              terminates. It must allow the usage
+    ///                              #PSA_KEY_USAGE_DECRYPT.
+    /// \param alg                   The cipher algorithm to compute
+    ///                              (\c PSA_ALG_XXX value such that
+    ///                              #PSA_ALG_IS_CIPHER(\p alg) is true).
+    /// \param[in] input             Buffer containing the message to decrypt.
+    ///                              This consists of the IV followed by the
+    ///                              ciphertext proper.
+    /// \param input_length          Size of the \p input buffer in bytes.
+    /// \param[out] output           Buffer where the plaintext is to be written.
+    /// \param output_size           Size of the \p output buffer in bytes.
+    /// \param[out] output_length    On success, the number of bytes
+    ///                              that make up the output.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not compatible with \p alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not a cipher algorithm.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_cipher_decrypt(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        input: *const u8,
+        input_length: usize,
+        output: *mut u8,
+        output_size: usize,
+        output_length: *mut usize,
+    ) -> psa_status_t;
+}
+/// The type of the state data structure for multipart cipher operations.
+///
+/// Before calling any function on a cipher operation object, the application
+/// must initialize it by any of the following means:
+/// - Set the structure to all-bits-zero, for example:
+///   \code
+///   psa_cipher_operation_t operation;
+///   memset(&operation, 0, sizeof(operation));
+///   \endcode
+/// - Initialize the structure to logical zero values, for example:
+///   \code
+///   psa_cipher_operation_t operation = {0};
+///   \endcode
+/// - Initialize the structure to the initializer #PSA_CIPHER_OPERATION_INIT,
+///   for example:
+///   \code
+///   psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+///   \endcode
+/// - Assign the result of the function psa_cipher_operation_init()
+///   to the structure, for example:
+///   \code
+///   psa_cipher_operation_t operation;
+///   operation = psa_cipher_operation_init();
+///   \endcode
+///
+/// This is an implementation-defined \c struct. Applications should not
+/// make any assumptions about the content of this structure.
+/// Implementation details can change in future versions without notice.
+pub type psa_cipher_operation_t = psa_cipher_operation_s;
+extern "C" {
+    /// Set the key for a multipart symmetric encryption operation.
+    ///
+    /// The sequence of operations to encrypt a message with a symmetric cipher
+    /// is as follows:
+    /// -# Allocate an operation object which will be passed to all the functions
+    ///    listed here.
+    /// -# Initialize the operation object with one of the methods described in the
+    ///    documentation for #psa_cipher_operation_t, e.g.
+    ///    #PSA_CIPHER_OPERATION_INIT.
+    /// -# Call psa_cipher_encrypt_setup() to specify the algorithm and key.
+    /// -# Call either psa_cipher_generate_iv() or psa_cipher_set_iv() to
+    ///    generate or set the IV (initialization vector). You should use
+    ///    psa_cipher_generate_iv() unless the protocol you are implementing
+    ///    requires a specific IV value.
+    /// -# Call psa_cipher_update() zero, one or more times, passing a fragment
+    ///    of the message each time.
+    /// -# Call psa_cipher_finish().
+    ///
+    /// If an error occurs at any step after a call to psa_cipher_encrypt_setup(),
+    /// the operation will need to be reset by a call to psa_cipher_abort(). The
+    /// application may call psa_cipher_abort() at any time after the operation
+    /// has been initialized.
+    ///
+    /// After a successful call to psa_cipher_encrypt_setup(), the application must
+    /// eventually terminate the operation. The following events terminate an
+    /// operation:
+    /// - A successful call to psa_cipher_finish().
+    /// - A call to psa_cipher_abort().
+    ///
+    /// \param[in,out] operation     The operation object to set up. It must have
+    ///                              been initialized as per the documentation for
+    ///                              #psa_cipher_operation_t and not yet in use.
+    /// \param key                   Identifier of the key to use for the operation.
+    ///                              It must remain valid until the operation
+    ///                              terminates. It must allow the usage
+    ///                              #PSA_KEY_USAGE_ENCRYPT.
+    /// \param alg                   The cipher algorithm to compute
+    ///                              (\c PSA_ALG_XXX value such that
+    ///                              #PSA_ALG_IS_CIPHER(\p alg) is true).
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not compatible with \p alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not a cipher algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be inactive), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_cipher_encrypt_setup(
+        operation: *mut psa_cipher_operation_t,
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Set the key for a multipart symmetric decryption operation.
+    ///
+    /// The sequence of operations to decrypt a message with a symmetric cipher
+    /// is as follows:
+    /// -# Allocate an operation object which will be passed to all the functions
+    ///    listed here.
+    /// -# Initialize the operation object with one of the methods described in the
+    ///    documentation for #psa_cipher_operation_t, e.g.
+    ///    #PSA_CIPHER_OPERATION_INIT.
+    /// -# Call psa_cipher_decrypt_setup() to specify the algorithm and key.
+    /// -# Call psa_cipher_set_iv() with the IV (initialization vector) for the
+    ///    decryption. If the IV is prepended to the ciphertext, you can call
+    ///    psa_cipher_update() on a buffer containing the IV followed by the
+    ///    beginning of the message.
+    /// -# Call psa_cipher_update() zero, one or more times, passing a fragment
+    ///    of the message each time.
+    /// -# Call psa_cipher_finish().
+    ///
+    /// If an error occurs at any step after a call to psa_cipher_decrypt_setup(),
+    /// the operation will need to be reset by a call to psa_cipher_abort(). The
+    /// application may call psa_cipher_abort() at any time after the operation
+    /// has been initialized.
+    ///
+    /// After a successful call to psa_cipher_decrypt_setup(), the application must
+    /// eventually terminate the operation. The following events terminate an
+    /// operation:
+    /// - A successful call to psa_cipher_finish().
+    /// - A call to psa_cipher_abort().
+    ///
+    /// \param[in,out] operation     The operation object to set up. It must have
+    ///                              been initialized as per the documentation for
+    ///                              #psa_cipher_operation_t and not yet in use.
+    /// \param key                   Identifier of the key to use for the operation.
+    ///                              It must remain valid until the operation
+    ///                              terminates. It must allow the usage
+    ///                              #PSA_KEY_USAGE_DECRYPT.
+    /// \param alg                   The cipher algorithm to compute
+    ///                              (\c PSA_ALG_XXX value such that
+    ///                              #PSA_ALG_IS_CIPHER(\p alg) is true).
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not compatible with \p alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not a cipher algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be inactive), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_cipher_decrypt_setup(
+        operation: *mut psa_cipher_operation_t,
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Generate an IV for a symmetric encryption operation.
+    ///
+    /// This function generates a random IV (initialization vector), nonce
+    /// or initial counter value for the encryption operation as appropriate
+    /// for the chosen algorithm, key type and key size.
+    ///
+    /// The application must call psa_cipher_encrypt_setup() before
+    /// calling this function.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_cipher_abort().
+    ///
+    /// \param[in,out] operation     Active cipher operation.
+    /// \param[out] iv               Buffer where the generated IV is to be written.
+    /// \param iv_size               Size of the \p iv buffer in bytes.
+    /// \param[out] iv_length        On success, the number of bytes of the
+    ///                              generated IV.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p iv buffer is too small.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active, with no IV set),
+    ///         or the library has not been previously initialized
+    ///         by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_cipher_generate_iv(
+        operation: *mut psa_cipher_operation_t,
+        iv: *mut u8,
+        iv_size: usize,
+        iv_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Set the IV for a symmetric encryption or decryption operation.
+    ///
+    /// This function sets the IV (initialization vector), nonce
+    /// or initial counter value for the encryption or decryption operation.
+    ///
+    /// The application must call psa_cipher_encrypt_setup() before
+    /// calling this function.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_cipher_abort().
+    ///
+    /// \note When encrypting, applications should use psa_cipher_generate_iv()
+    /// instead of this function, unless implementing a protocol that requires
+    /// a non-random IV.
+    ///
+    /// \param[in,out] operation     Active cipher operation.
+    /// \param[in] iv                Buffer containing the IV to use.
+    /// \param iv_length             Size of the IV in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The size of \p iv is not acceptable for the chosen algorithm,
+    ///         or the chosen algorithm does not use an IV.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be an active cipher
+    ///         encrypt operation, with no IV set), or the library has not been
+    ///         previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_cipher_set_iv(
+        operation: *mut psa_cipher_operation_t,
+        iv: *const u8,
+        iv_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Encrypt or decrypt a message fragment in an active cipher operation.
+    ///
+    /// Before calling this function, you must:
+    /// 1. Call either psa_cipher_encrypt_setup() or psa_cipher_decrypt_setup().
+    ///    The choice of setup function determines whether this function
+    ///    encrypts or decrypts its input.
+    /// 2. If the algorithm requires an IV, call psa_cipher_generate_iv()
+    ///    (recommended when encrypting) or psa_cipher_set_iv().
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_cipher_abort().
+    ///
+    /// \param[in,out] operation     Active cipher operation.
+    /// \param[in] input             Buffer containing the message fragment to
+    ///                              encrypt or decrypt.
+    /// \param input_length          Size of the \p input buffer in bytes.
+    /// \param[out] output           Buffer where the output is to be written.
+    /// \param output_size           Size of the \p output buffer in bytes.
+    /// \param[out] output_length    On success, the number of bytes
+    ///                              that make up the returned output.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p output buffer is too small.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active, with an IV set
+    ///         if required for the algorithm), or the library has not been
+    ///         previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_cipher_update(
+        operation: *mut psa_cipher_operation_t,
+        input: *const u8,
+        input_length: usize,
+        output: *mut u8,
+        output_size: usize,
+        output_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Finish encrypting or decrypting a message in a cipher operation.
+    ///
+    /// The application must call psa_cipher_encrypt_setup() or
+    /// psa_cipher_decrypt_setup() before calling this function. The choice
+    /// of setup function determines whether this function encrypts or
+    /// decrypts its input.
+    ///
+    /// This function finishes the encryption or decryption of the message
+    /// formed by concatenating the inputs passed to preceding calls to
+    /// psa_cipher_update().
+    ///
+    /// When this function returns successfully, the operation becomes inactive.
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_cipher_abort().
+    ///
+    /// \param[in,out] operation     Active cipher operation.
+    /// \param[out] output           Buffer where the output is to be written.
+    /// \param output_size           Size of the \p output buffer in bytes.
+    /// \param[out] output_length    On success, the number of bytes
+    ///                              that make up the returned output.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The total input size passed to this operation is not valid for
+    ///         this particular algorithm. For example, the algorithm is a based
+    ///         on block cipher and requires a whole number of blocks, but the
+    ///         total input size is not a multiple of the block size.
+    /// \retval #PSA_ERROR_INVALID_PADDING
+    ///         This is a decryption operation for an algorithm that includes
+    ///         padding, and the ciphertext does not contain valid padding.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p output buffer is too small.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active, with an IV set
+    ///         if required for the algorithm), or the library has not been
+    ///         previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_cipher_finish(
+        operation: *mut psa_cipher_operation_t,
+        output: *mut u8,
+        output_size: usize,
+        output_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Abort a cipher operation.
+    ///
+    /// Aborting an operation frees all associated resources except for the
+    /// \p operation structure itself. Once aborted, the operation object
+    /// can be reused for another operation by calling
+    /// psa_cipher_encrypt_setup() or psa_cipher_decrypt_setup() again.
+    ///
+    /// You may call this function any time after the operation object has
+    /// been initialized as described in #psa_cipher_operation_t.
+    ///
+    /// In particular, calling psa_cipher_abort() after the operation has been
+    /// terminated by a call to psa_cipher_abort() or psa_cipher_finish()
+    /// is safe and has no effect.
+    ///
+    /// \param[in,out] operation     Initialized cipher operation.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_cipher_abort(operation: *mut psa_cipher_operation_t) -> psa_status_t;
+}
+extern "C" {
+    /// Process an authenticated encryption operation.
+    ///
+    /// \param key                     Identifier of the key to use for the
+    ///                                operation. It must allow the usage
+    ///                                #PSA_KEY_USAGE_ENCRYPT.
+    /// \param alg                     The AEAD algorithm to compute
+    ///                                (\c PSA_ALG_XXX value such that
+    ///                                #PSA_ALG_IS_AEAD(\p alg) is true).
+    /// \param[in] nonce               Nonce or IV to use.
+    /// \param nonce_length            Size of the \p nonce buffer in bytes.
+    /// \param[in] additional_data     Additional data that will be authenticated
+    ///                                but not encrypted.
+    /// \param additional_data_length  Size of \p additional_data in bytes.
+    /// \param[in] plaintext           Data that will be authenticated and
+    ///                                encrypted.
+    /// \param plaintext_length        Size of \p plaintext in bytes.
+    /// \param[out] ciphertext         Output buffer for the authenticated and
+    ///                                encrypted data. The additional data is not
+    ///                                part of this output. For algorithms where the
+    ///                                encrypted data and the authentication tag
+    ///                                are defined as separate outputs, the
+    ///                                authentication tag is appended to the
+    ///                                encrypted data.
+    /// \param ciphertext_size         Size of the \p ciphertext buffer in bytes.
+    ///                                This must be appropriate for the selected
+    ///                                algorithm and key:
+    ///                                - A sufficient output size is
+    ///                                  #PSA_AEAD_ENCRYPT_OUTPUT_SIZE(\c key_type,
+    ///                                  \p alg, \p plaintext_length) where
+    ///                                  \c key_type is the type of \p key.
+    ///                                - #PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(\p
+    ///                                  plaintext_length) evaluates to the maximum
+    ///                                  ciphertext size of any supported AEAD
+    ///                                  encryption.
+    /// \param[out] ciphertext_length  On success, the size of the output
+    ///                                in the \p ciphertext buffer.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not compatible with \p alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not an AEAD algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         \p ciphertext_size is too small.
+    ///         #PSA_AEAD_ENCRYPT_OUTPUT_SIZE(\c key_type, \p alg,
+    ///         \p plaintext_length) or
+    ///         #PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(\p plaintext_length) can be used to
+    ///         determine the required buffer size.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_encrypt(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        nonce: *const u8,
+        nonce_length: usize,
+        additional_data: *const u8,
+        additional_data_length: usize,
+        plaintext: *const u8,
+        plaintext_length: usize,
+        ciphertext: *mut u8,
+        ciphertext_size: usize,
+        ciphertext_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Process an authenticated decryption operation.
+    ///
+    /// \param key                     Identifier of the key to use for the
+    ///                                operation. It must allow the usage
+    ///                                #PSA_KEY_USAGE_DECRYPT.
+    /// \param alg                     The AEAD algorithm to compute
+    ///                                (\c PSA_ALG_XXX value such that
+    ///                                #PSA_ALG_IS_AEAD(\p alg) is true).
+    /// \param[in] nonce               Nonce or IV to use.
+    /// \param nonce_length            Size of the \p nonce buffer in bytes.
+    /// \param[in] additional_data     Additional data that has been authenticated
+    ///                                but not encrypted.
+    /// \param additional_data_length  Size of \p additional_data in bytes.
+    /// \param[in] ciphertext          Data that has been authenticated and
+    ///                                encrypted. For algorithms where the
+    ///                                encrypted data and the authentication tag
+    ///                                are defined as separate inputs, the buffer
+    ///                                must contain the encrypted data followed
+    ///                                by the authentication tag.
+    /// \param ciphertext_length       Size of \p ciphertext in bytes.
+    /// \param[out] plaintext          Output buffer for the decrypted data.
+    /// \param plaintext_size          Size of the \p plaintext buffer in bytes.
+    ///                                This must be appropriate for the selected
+    ///                                algorithm and key:
+    ///                                - A sufficient output size is
+    ///                                  #PSA_AEAD_DECRYPT_OUTPUT_SIZE(\c key_type,
+    ///                                  \p alg, \p ciphertext_length) where
+    ///                                  \c key_type is the type of \p key.
+    ///                                - #PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(\p
+    ///                                  ciphertext_length) evaluates to the maximum
+    ///                                  plaintext size of any supported AEAD
+    ///                                  decryption.
+    /// \param[out] plaintext_length   On success, the size of the output
+    ///                                in the \p plaintext buffer.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The ciphertext is not authentic.
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not compatible with \p alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not an AEAD algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         \p plaintext_size is too small.
+    ///         #PSA_AEAD_DECRYPT_OUTPUT_SIZE(\c key_type, \p alg,
+    ///         \p ciphertext_length) or
+    ///         #PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(\p ciphertext_length) can be used
+    ///         to determine the required buffer size.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_decrypt(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        nonce: *const u8,
+        nonce_length: usize,
+        additional_data: *const u8,
+        additional_data_length: usize,
+        ciphertext: *const u8,
+        ciphertext_length: usize,
+        plaintext: *mut u8,
+        plaintext_size: usize,
+        plaintext_length: *mut usize,
+    ) -> psa_status_t;
+}
+/// The type of the state data structure for multipart AEAD operations.
+///
+/// Before calling any function on an AEAD operation object, the application
+/// must initialize it by any of the following means:
+/// - Set the structure to all-bits-zero, for example:
+///   \code
+///   psa_aead_operation_t operation;
+///   memset(&operation, 0, sizeof(operation));
+///   \endcode
+/// - Initialize the structure to logical zero values, for example:
+///   \code
+///   psa_aead_operation_t operation = {0};
+///   \endcode
+/// - Initialize the structure to the initializer #PSA_AEAD_OPERATION_INIT,
+///   for example:
+///   \code
+///   psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
+///   \endcode
+/// - Assign the result of the function psa_aead_operation_init()
+///   to the structure, for example:
+///   \code
+///   psa_aead_operation_t operation;
+///   operation = psa_aead_operation_init();
+///   \endcode
+///
+/// This is an implementation-defined \c struct. Applications should not
+/// make any assumptions about the content of this structure.
+/// Implementation details can change in future versions without notice.
+pub type psa_aead_operation_t = psa_aead_operation_s;
+extern "C" {
+    /// Set the key for a multipart authenticated encryption operation.
+    ///
+    /// The sequence of operations to encrypt a message with authentication
+    /// is as follows:
+    /// -# Allocate an operation object which will be passed to all the functions
+    ///    listed here.
+    /// -# Initialize the operation object with one of the methods described in the
+    ///    documentation for #psa_aead_operation_t, e.g.
+    ///    #PSA_AEAD_OPERATION_INIT.
+    /// -# Call psa_aead_encrypt_setup() to specify the algorithm and key.
+    /// -# If needed, call psa_aead_set_lengths() to specify the length of the
+    ///    inputs to the subsequent calls to psa_aead_update_ad() and
+    ///    psa_aead_update(). See the documentation of psa_aead_set_lengths()
+    ///    for details.
+    /// -# Call either psa_aead_generate_nonce() or psa_aead_set_nonce() to
+    ///    generate or set the nonce. You should use
+    ///    psa_aead_generate_nonce() unless the protocol you are implementing
+    ///    requires a specific nonce value.
+    /// -# Call psa_aead_update_ad() zero, one or more times, passing a fragment
+    ///    of the non-encrypted additional authenticated data each time.
+    /// -# Call psa_aead_update() zero, one or more times, passing a fragment
+    ///    of the message to encrypt each time.
+    /// -# Call psa_aead_finish().
+    ///
+    /// If an error occurs at any step after a call to psa_aead_encrypt_setup(),
+    /// the operation will need to be reset by a call to psa_aead_abort(). The
+    /// application may call psa_aead_abort() at any time after the operation
+    /// has been initialized.
+    ///
+    /// After a successful call to psa_aead_encrypt_setup(), the application must
+    /// eventually terminate the operation. The following events terminate an
+    /// operation:
+    /// - A successful call to psa_aead_finish().
+    /// - A call to psa_aead_abort().
+    ///
+    /// \param[in,out] operation     The operation object to set up. It must have
+    ///                              been initialized as per the documentation for
+    ///                              #psa_aead_operation_t and not yet in use.
+    /// \param key                   Identifier of the key to use for the operation.
+    ///                              It must remain valid until the operation
+    ///                              terminates. It must allow the usage
+    ///                              #PSA_KEY_USAGE_ENCRYPT.
+    /// \param alg                   The AEAD algorithm to compute
+    ///                              (\c PSA_ALG_XXX value such that
+    ///                              #PSA_ALG_IS_AEAD(\p alg) is true).
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be inactive), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not compatible with \p alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not an AEAD algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_encrypt_setup(
+        operation: *mut psa_aead_operation_t,
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Set the key for a multipart authenticated decryption operation.
+    ///
+    /// The sequence of operations to decrypt a message with authentication
+    /// is as follows:
+    /// -# Allocate an operation object which will be passed to all the functions
+    ///    listed here.
+    /// -# Initialize the operation object with one of the methods described in the
+    ///    documentation for #psa_aead_operation_t, e.g.
+    ///    #PSA_AEAD_OPERATION_INIT.
+    /// -# Call psa_aead_decrypt_setup() to specify the algorithm and key.
+    /// -# If needed, call psa_aead_set_lengths() to specify the length of the
+    ///    inputs to the subsequent calls to psa_aead_update_ad() and
+    ///    psa_aead_update(). See the documentation of psa_aead_set_lengths()
+    ///    for details.
+    /// -# Call psa_aead_set_nonce() with the nonce for the decryption.
+    /// -# Call psa_aead_update_ad() zero, one or more times, passing a fragment
+    ///    of the non-encrypted additional authenticated data each time.
+    /// -# Call psa_aead_update() zero, one or more times, passing a fragment
+    ///    of the ciphertext to decrypt each time.
+    /// -# Call psa_aead_verify().
+    ///
+    /// If an error occurs at any step after a call to psa_aead_decrypt_setup(),
+    /// the operation will need to be reset by a call to psa_aead_abort(). The
+    /// application may call psa_aead_abort() at any time after the operation
+    /// has been initialized.
+    ///
+    /// After a successful call to psa_aead_decrypt_setup(), the application must
+    /// eventually terminate the operation. The following events terminate an
+    /// operation:
+    /// - A successful call to psa_aead_verify().
+    /// - A call to psa_aead_abort().
+    ///
+    /// \param[in,out] operation     The operation object to set up. It must have
+    ///                              been initialized as per the documentation for
+    ///                              #psa_aead_operation_t and not yet in use.
+    /// \param key                   Identifier of the key to use for the operation.
+    ///                              It must remain valid until the operation
+    ///                              terminates. It must allow the usage
+    ///                              #PSA_KEY_USAGE_DECRYPT.
+    /// \param alg                   The AEAD algorithm to compute
+    ///                              (\c PSA_ALG_XXX value such that
+    ///                              #PSA_ALG_IS_AEAD(\p alg) is true).
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not compatible with \p alg.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not supported or is not an AEAD algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be inactive), or the
+    ///         library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_decrypt_setup(
+        operation: *mut psa_aead_operation_t,
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Generate a random nonce for an authenticated encryption operation.
+    ///
+    /// This function generates a random nonce for the authenticated encryption
+    /// operation with an appropriate size for the chosen algorithm, key type
+    /// and key size.
+    ///
+    /// The application must call psa_aead_encrypt_setup() before
+    /// calling this function.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_aead_abort().
+    ///
+    /// \param[in,out] operation     Active AEAD operation.
+    /// \param[out] nonce            Buffer where the generated nonce is to be
+    ///                              written.
+    /// \param nonce_size            Size of the \p nonce buffer in bytes.
+    /// \param[out] nonce_length     On success, the number of bytes of the
+    ///                              generated nonce.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p nonce buffer is too small.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be an active aead encrypt
+    ///         operation, with no nonce set), or the library has not been
+    ///         previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_generate_nonce(
+        operation: *mut psa_aead_operation_t,
+        nonce: *mut u8,
+        nonce_size: usize,
+        nonce_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Set the nonce for an authenticated encryption or decryption operation.
+    ///
+    /// This function sets the nonce for the authenticated
+    /// encryption or decryption operation.
+    ///
+    /// The application must call psa_aead_encrypt_setup() or
+    /// psa_aead_decrypt_setup() before calling this function.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_aead_abort().
+    ///
+    /// \note When encrypting, applications should use psa_aead_generate_nonce()
+    /// instead of this function, unless implementing a protocol that requires
+    /// a non-random IV.
+    ///
+    /// \param[in,out] operation     Active AEAD operation.
+    /// \param[in] nonce             Buffer containing the nonce to use.
+    /// \param nonce_length          Size of the nonce in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The size of \p nonce is not acceptable for the chosen algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active, with no nonce
+    ///         set), or the library has not been previously initialized
+    ///         by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_set_nonce(
+        operation: *mut psa_aead_operation_t,
+        nonce: *const u8,
+        nonce_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Declare the lengths of the message and additional data for AEAD.
+    ///
+    /// The application must call this function before calling
+    /// psa_aead_update_ad() or psa_aead_update() if the algorithm for
+    /// the operation requires it. If the algorithm does not require it,
+    /// calling this function is optional, but if this function is called
+    /// then the implementation must enforce the lengths.
+    ///
+    /// You may call this function before or after setting the nonce with
+    /// psa_aead_set_nonce() or psa_aead_generate_nonce().
+    ///
+    /// - For #PSA_ALG_CCM, calling this function is required.
+    /// - For the other AEAD algorithms defined in this specification, calling
+    ///   this function is not required.
+    /// - For vendor-defined algorithm, refer to the vendor documentation.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_aead_abort().
+    ///
+    /// \param[in,out] operation     Active AEAD operation.
+    /// \param ad_length             Size of the non-encrypted additional
+    ///                              authenticated data in bytes.
+    /// \param plaintext_length      Size of the plaintext to encrypt in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         At least one of the lengths is not acceptable for the chosen
+    ///         algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active, and
+    ///         psa_aead_update_ad() and psa_aead_update() must not have been
+    ///         called yet), or the library has not been previously initialized
+    ///         by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_set_lengths(
+        operation: *mut psa_aead_operation_t,
+        ad_length: usize,
+        plaintext_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Pass additional data to an active AEAD operation.
+    ///
+    /// Additional data is authenticated, but not encrypted.
+    ///
+    /// You may call this function multiple times to pass successive fragments
+    /// of the additional data. You may not call this function after passing
+    /// data to encrypt or decrypt with psa_aead_update().
+    ///
+    /// Before calling this function, you must:
+    /// 1. Call either psa_aead_encrypt_setup() or psa_aead_decrypt_setup().
+    /// 2. Set the nonce with psa_aead_generate_nonce() or psa_aead_set_nonce().
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_aead_abort().
+    ///
+    /// \warning When decrypting, until psa_aead_verify() has returned #PSA_SUCCESS,
+    ///          there is no guarantee that the input is valid. Therefore, until
+    ///          you have called psa_aead_verify() and it has returned #PSA_SUCCESS,
+    ///          treat the input as untrusted and prepare to undo any action that
+    ///          depends on the input if psa_aead_verify() returns an error status.
+    ///
+    /// \param[in,out] operation     Active AEAD operation.
+    /// \param[in] input             Buffer containing the fragment of
+    ///                              additional data.
+    /// \param input_length          Size of the \p input buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The total input length overflows the additional data length that
+    ///         was previously specified with psa_aead_set_lengths().
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active, have a nonce
+    ///         set, have lengths set if required by the algorithm, and
+    ///         psa_aead_update() must not have been called yet), or the library
+    ///         has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_update_ad(
+        operation: *mut psa_aead_operation_t,
+        input: *const u8,
+        input_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Encrypt or decrypt a message fragment in an active AEAD operation.
+    ///
+    /// Before calling this function, you must:
+    /// 1. Call either psa_aead_encrypt_setup() or psa_aead_decrypt_setup().
+    ///    The choice of setup function determines whether this function
+    ///    encrypts or decrypts its input.
+    /// 2. Set the nonce with psa_aead_generate_nonce() or psa_aead_set_nonce().
+    /// 3. Call psa_aead_update_ad() to pass all the additional data.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_aead_abort().
+    ///
+    /// \warning When decrypting, until psa_aead_verify() has returned #PSA_SUCCESS,
+    ///          there is no guarantee that the input is valid. Therefore, until
+    ///          you have called psa_aead_verify() and it has returned #PSA_SUCCESS:
+    ///          - Do not use the output in any way other than storing it in a
+    ///            confidential location. If you take any action that depends
+    ///            on the tentative decrypted data, this action will need to be
+    ///            undone if the input turns out not to be valid. Furthermore,
+    ///            if an adversary can observe that this action took place
+    ///            (for example through timing), they may be able to use this
+    ///            fact as an oracle to decrypt any message encrypted with the
+    ///            same key.
+    ///          - In particular, do not copy the output anywhere but to a
+    ///            memory or storage space that you have exclusive access to.
+    ///
+    /// This function does not require the input to be aligned to any
+    /// particular block boundary. If the implementation can only process
+    /// a whole block at a time, it must consume all the input provided, but
+    /// it may delay the end of the corresponding output until a subsequent
+    /// call to psa_aead_update(), psa_aead_finish() or psa_aead_verify()
+    /// provides sufficient input. The amount of data that can be delayed
+    /// in this way is bounded by #PSA_AEAD_UPDATE_OUTPUT_SIZE.
+    ///
+    /// \param[in,out] operation     Active AEAD operation.
+    /// \param[in] input             Buffer containing the message fragment to
+    ///                              encrypt or decrypt.
+    /// \param input_length          Size of the \p input buffer in bytes.
+    /// \param[out] output           Buffer where the output is to be written.
+    /// \param output_size           Size of the \p output buffer in bytes.
+    ///                              This must be appropriate for the selected
+    ///                                algorithm and key:
+    ///                                - A sufficient output size is
+    ///                                  #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c key_type,
+    ///                                  \c alg, \p input_length) where
+    ///                                  \c key_type is the type of key and \c alg is
+    ///                                  the algorithm that were used to set up the
+    ///                                  operation.
+    ///                                - #PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(\p
+    ///                                  input_length) evaluates to the maximum
+    ///                                  output size of any supported AEAD
+    ///                                  algorithm.
+    /// \param[out] output_length    On success, the number of bytes
+    ///                              that make up the returned output.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p output buffer is too small.
+    ///         #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c key_type, \c alg, \p input_length) or
+    ///         #PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(\p input_length) can be used to
+    ///         determine the required buffer size.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The total length of input to psa_aead_update_ad() so far is
+    ///         less than the additional data length that was previously
+    ///         specified with psa_aead_set_lengths(), or
+    ///         the total input length overflows the plaintext length that
+    ///         was previously specified with psa_aead_set_lengths().
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active, have a nonce
+    ///         set, and have lengths set if required by the algorithm), or the
+    ///         library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_update(
+        operation: *mut psa_aead_operation_t,
+        input: *const u8,
+        input_length: usize,
+        output: *mut u8,
+        output_size: usize,
+        output_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Finish encrypting a message in an AEAD operation.
+    ///
+    /// The operation must have been set up with psa_aead_encrypt_setup().
+    ///
+    /// This function finishes the authentication of the additional data
+    /// formed by concatenating the inputs passed to preceding calls to
+    /// psa_aead_update_ad() with the plaintext formed by concatenating the
+    /// inputs passed to preceding calls to psa_aead_update().
+    ///
+    /// This function has two output buffers:
+    /// - \p ciphertext contains trailing ciphertext that was buffered from
+    ///   preceding calls to psa_aead_update().
+    /// - \p tag contains the authentication tag.
+    ///
+    /// When this function returns successfully, the operation becomes inactive.
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_aead_abort().
+    ///
+    /// \param[in,out] operation     Active AEAD operation.
+    /// \param[out] ciphertext       Buffer where the last part of the ciphertext
+    ///                              is to be written.
+    /// \param ciphertext_size       Size of the \p ciphertext buffer in bytes.
+    ///                              This must be appropriate for the selected
+    ///                              algorithm and key:
+    ///                              - A sufficient output size is
+    ///                                #PSA_AEAD_FINISH_OUTPUT_SIZE(\c key_type,
+    ///                                \c alg) where \c key_type is the type of key
+    ///                                and \c alg is the algorithm that were used to
+    ///                                set up the operation.
+    ///                              - #PSA_AEAD_FINISH_OUTPUT_MAX_SIZE evaluates to
+    ///                                the maximum output size of any supported AEAD
+    ///                                algorithm.
+    /// \param[out] ciphertext_length On success, the number of bytes of
+    ///                              returned ciphertext.
+    /// \param[out] tag              Buffer where the authentication tag is
+    ///                              to be written.
+    /// \param tag_size              Size of the \p tag buffer in bytes.
+    ///                              This must be appropriate for the selected
+    ///                              algorithm and key:
+    ///                              - The exact tag size is #PSA_AEAD_TAG_LENGTH(\c
+    ///                                key_type, \c key_bits, \c alg) where
+    ///                                \c key_type and \c key_bits are the type and
+    ///                                bit-size of the key, and \c alg is the
+    ///                                algorithm that were used in the call to
+    ///                                psa_aead_encrypt_setup().
+    ///                              - #PSA_AEAD_TAG_MAX_SIZE evaluates to the
+    ///                                maximum tag size of any supported AEAD
+    ///                                algorithm.
+    /// \param[out] tag_length       On success, the number of bytes
+    ///                              that make up the returned tag.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p ciphertext or \p tag buffer is too small.
+    ///         #PSA_AEAD_FINISH_OUTPUT_SIZE(\c key_type, \c alg) or
+    ///         #PSA_AEAD_FINISH_OUTPUT_MAX_SIZE can be used to determine the
+    ///         required \p ciphertext buffer size. #PSA_AEAD_TAG_LENGTH(\c key_type,
+    ///         \c key_bits, \c alg) or #PSA_AEAD_TAG_MAX_SIZE can be used to
+    ///         determine the required \p tag buffer size.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The total length of input to psa_aead_update_ad() so far is
+    ///         less than the additional data length that was previously
+    ///         specified with psa_aead_set_lengths(), or
+    ///         the total length of input to psa_aead_update() so far is
+    ///         less than the plaintext length that was previously
+    ///         specified with psa_aead_set_lengths().
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be an active encryption
+    ///         operation with a nonce set), or the library has not been previously
+    ///         initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_finish(
+        operation: *mut psa_aead_operation_t,
+        ciphertext: *mut u8,
+        ciphertext_size: usize,
+        ciphertext_length: *mut usize,
+        tag: *mut u8,
+        tag_size: usize,
+        tag_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Finish authenticating and decrypting a message in an AEAD operation.
+    ///
+    /// The operation must have been set up with psa_aead_decrypt_setup().
+    ///
+    /// This function finishes the authenticated decryption of the message
+    /// components:
+    ///
+    /// -  The additional data consisting of the concatenation of the inputs
+    ///    passed to preceding calls to psa_aead_update_ad().
+    /// -  The ciphertext consisting of the concatenation of the inputs passed to
+    ///    preceding calls to psa_aead_update().
+    /// -  The tag passed to this function call.
+    ///
+    /// If the authentication tag is correct, this function outputs any remaining
+    /// plaintext and reports success. If the authentication tag is not correct,
+    /// this function returns #PSA_ERROR_INVALID_SIGNATURE.
+    ///
+    /// When this function returns successfully, the operation becomes inactive.
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_aead_abort().
+    ///
+    /// \note Implementations shall make the best effort to ensure that the
+    /// comparison between the actual tag and the expected tag is performed
+    /// in constant time.
+    ///
+    /// \param[in,out] operation     Active AEAD operation.
+    /// \param[out] plaintext        Buffer where the last part of the plaintext
+    ///                              is to be written. This is the remaining data
+    ///                              from previous calls to psa_aead_update()
+    ///                              that could not be processed until the end
+    ///                              of the input.
+    /// \param plaintext_size        Size of the \p plaintext buffer in bytes.
+    ///                              This must be appropriate for the selected algorithm and key:
+    ///                              - A sufficient output size is
+    ///                                #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c key_type,
+    ///                                \c alg) where \c key_type is the type of key
+    ///                                and \c alg is the algorithm that were used to
+    ///                                set up the operation.
+    ///                              - #PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE evaluates to
+    ///                                the maximum output size of any supported AEAD
+    ///                                algorithm.
+    /// \param[out] plaintext_length On success, the number of bytes of
+    ///                              returned plaintext.
+    /// \param[in] tag               Buffer containing the authentication tag.
+    /// \param tag_length            Size of the \p tag buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The calculations were successful, but the authentication tag is
+    ///         not correct.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p plaintext buffer is too small.
+    ///         #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c key_type, \c alg) or
+    ///         #PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE can be used to determine the
+    ///         required buffer size.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The total length of input to psa_aead_update_ad() so far is
+    ///         less than the additional data length that was previously
+    ///         specified with psa_aead_set_lengths(), or
+    ///         the total length of input to psa_aead_update() so far is
+    ///         less than the plaintext length that was previously
+    ///         specified with psa_aead_set_lengths().
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be an active decryption
+    ///         operation with a nonce set), or the library has not been previously
+    ///         initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_verify(
+        operation: *mut psa_aead_operation_t,
+        plaintext: *mut u8,
+        plaintext_size: usize,
+        plaintext_length: *mut usize,
+        tag: *const u8,
+        tag_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Abort an AEAD operation.
+    ///
+    /// Aborting an operation frees all associated resources except for the
+    /// \p operation structure itself. Once aborted, the operation object
+    /// can be reused for another operation by calling
+    /// psa_aead_encrypt_setup() or psa_aead_decrypt_setup() again.
+    ///
+    /// You may call this function any time after the operation object has
+    /// been initialized as described in #psa_aead_operation_t.
+    ///
+    /// In particular, calling psa_aead_abort() after the operation has been
+    /// terminated by a call to psa_aead_abort(), psa_aead_finish() or
+    /// psa_aead_verify() is safe and has no effect.
+    ///
+    /// \param[in,out] operation     Initialized AEAD operation.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_aead_abort(operation: *mut psa_aead_operation_t) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Sign a message with a private key. For hash-and-sign algorithms,
+    ///        this includes the hashing step.
+    ///
+    /// \note To perform a multi-part hash-and-sign signature algorithm, first use
+    ///       a multi-part hash operation and then pass the resulting hash to
+    ///       psa_sign_hash(). PSA_ALG_GET_HASH(\p alg) can be used to determine the
+    ///       hash algorithm to use.
+    ///
+    /// \param[in]  key              Identifier of the key to use for the operation.
+    ///                              It must be an asymmetric key pair. The key must
+    ///                              allow the usage #PSA_KEY_USAGE_SIGN_MESSAGE.
+    /// \param[in]  alg              An asymmetric signature algorithm (PSA_ALG_XXX
+    ///                              value such that #PSA_ALG_IS_SIGN_MESSAGE(\p alg)
+    ///                              is true), that is compatible with the type of
+    ///                              \p key.
+    /// \param[in]  input            The input message to sign.
+    /// \param[in]  input_length     Size of the \p input buffer in bytes.
+    /// \param[out] signature        Buffer where the signature is to be written.
+    /// \param[in]  signature_size   Size of the \p signature buffer in bytes. This
+    ///                              must be appropriate for the selected
+    ///                              algorithm and key:
+    ///                              - The required signature size is
+    ///                                #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
+    ///                                where \c key_type and \c key_bits are the type and
+    ///                                bit-size respectively of key.
+    ///                              - #PSA_SIGNATURE_MAX_SIZE evaluates to the
+    ///                                maximum signature size of any supported
+    ///                                signature algorithm.
+    /// \param[out] signature_length On success, the number of bytes that make up
+    ///                              the returned signature value.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The key does not have the #PSA_KEY_USAGE_SIGN_MESSAGE flag,
+    ///         or it does not permit the requested algorithm.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p signature buffer is too small. You can
+    ///         determine a sufficient buffer size by calling
+    ///         #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
+    ///         where \c key_type and \c key_bits are the type and bit-size
+    ///         respectively of \p key.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_sign_message(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        input: *const u8,
+        input_length: usize,
+        signature: *mut u8,
+        signature_size: usize,
+        signature_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Verify the signature of a message with a public key, using
+    ///         a hash-and-sign verification algorithm.
+    ///
+    /// \note To perform a multi-part hash-and-sign signature verification
+    ///       algorithm, first use a multi-part hash operation to hash the message
+    ///       and then pass the resulting hash to psa_verify_hash().
+    ///       PSA_ALG_GET_HASH(\p alg) can be used to determine the hash algorithm
+    ///       to use.
+    ///
+    /// \param[in]  key              Identifier of the key to use for the operation.
+    ///                              It must be a public key or an asymmetric key
+    ///                              pair. The key must allow the usage
+    ///                              #PSA_KEY_USAGE_VERIFY_MESSAGE.
+    /// \param[in]  alg              An asymmetric signature algorithm (PSA_ALG_XXX
+    ///                              value such that #PSA_ALG_IS_SIGN_MESSAGE(\p alg)
+    ///                              is true), that is compatible with the type of
+    ///                              \p key.
+    /// \param[in]  input            The message whose signature is to be verified.
+    /// \param[in]  input_length     Size of the \p input buffer in bytes.
+    /// \param[out] signature        Buffer containing the signature to verify.
+    /// \param[in]  signature_length Size of the \p signature buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The key does not have the #PSA_KEY_USAGE_SIGN_MESSAGE flag,
+    ///         or it does not permit the requested algorithm.
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The calculation was performed successfully, but the passed signature
+    ///         is not a valid signature.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_verify_message(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        input: *const u8,
+        input_length: usize,
+        signature: *const u8,
+        signature_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Sign a hash or short message with a private key.
+    ///
+    /// Note that to perform a hash-and-sign signature algorithm, you must
+    /// first calculate the hash by calling psa_hash_setup(), psa_hash_update()
+    /// and psa_hash_finish(), or alternatively by calling psa_hash_compute().
+    /// Then pass the resulting hash as the \p hash
+    /// parameter to this function. You can use #PSA_ALG_SIGN_GET_HASH(\p alg)
+    /// to determine the hash algorithm to use.
+    ///
+    /// \param key                   Identifier of the key to use for the operation.
+    ///                              It must be an asymmetric key pair. The key must
+    ///                              allow the usage #PSA_KEY_USAGE_SIGN_HASH.
+    /// \param alg                   A signature algorithm (PSA_ALG_XXX
+    ///                              value such that #PSA_ALG_IS_SIGN_HASH(\p alg)
+    ///                              is true), that is compatible with
+    ///                              the type of \p key.
+    /// \param[in] hash              The hash or message to sign.
+    /// \param hash_length           Size of the \p hash buffer in bytes.
+    /// \param[out] signature        Buffer where the signature is to be written.
+    /// \param signature_size        Size of the \p signature buffer in bytes.
+    /// \param[out] signature_length On success, the number of bytes
+    ///                              that make up the returned signature value.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p signature buffer is too small. You can
+    ///         determine a sufficient buffer size by calling
+    ///         #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
+    ///         where \c key_type and \c key_bits are the type and bit-size
+    ///         respectively of \p key.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_sign_hash(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        hash: *const u8,
+        hash_length: usize,
+        signature: *mut u8,
+        signature_size: usize,
+        signature_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Verify the signature of a hash or short message using a public key.
+    ///
+    /// Note that to perform a hash-and-sign signature algorithm, you must
+    /// first calculate the hash by calling psa_hash_setup(), psa_hash_update()
+    /// and psa_hash_finish(), or alternatively by calling psa_hash_compute().
+    /// Then pass the resulting hash as the \p hash
+    /// parameter to this function. You can use #PSA_ALG_SIGN_GET_HASH(\p alg)
+    /// to determine the hash algorithm to use.
+    ///
+    /// \param key               Identifier of the key to use for the operation. It
+    ///                          must be a public key or an asymmetric key pair. The
+    ///                          key must allow the usage
+    ///                          #PSA_KEY_USAGE_VERIFY_HASH.
+    /// \param alg               A signature algorithm (PSA_ALG_XXX
+    ///                          value such that #PSA_ALG_IS_SIGN_HASH(\p alg)
+    ///                          is true), that is compatible with
+    ///                          the type of \p key.
+    /// \param[in] hash          The hash or message whose signature is to be
+    ///                          verified.
+    /// \param hash_length       Size of the \p hash buffer in bytes.
+    /// \param[in] signature     Buffer containing the signature to verify.
+    /// \param signature_length  Size of the \p signature buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         The signature is valid.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The calculation was performed successfully, but the passed
+    ///         signature is not a valid signature.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_verify_hash(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        hash: *const u8,
+        hash_length: usize,
+        signature: *const u8,
+        signature_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Encrypt a short message with a public key.
+    ///
+    /// \param key                   Identifier of the key to use for the operation.
+    ///                              It must be a public key or an asymmetric key
+    ///                              pair. It must allow the usage
+    ///                              #PSA_KEY_USAGE_ENCRYPT.
+    /// \param alg                   An asymmetric encryption algorithm that is
+    ///                              compatible with the type of \p key.
+    /// \param[in] input             The message to encrypt.
+    /// \param input_length          Size of the \p input buffer in bytes.
+    /// \param[in] salt              A salt or label, if supported by the
+    ///                              encryption algorithm.
+    ///                              If the algorithm does not support a
+    ///                              salt, pass \c NULL.
+    ///                              If the algorithm supports an optional
+    ///                              salt and you do not want to pass a salt,
+    ///                              pass \c NULL.
+    ///
+    ///                              - For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is
+    ///                                supported.
+    /// \param salt_length           Size of the \p salt buffer in bytes.
+    ///                              If \p salt is \c NULL, pass 0.
+    /// \param[out] output           Buffer where the encrypted message is to
+    ///                              be written.
+    /// \param output_size           Size of the \p output buffer in bytes.
+    /// \param[out] output_length    On success, the number of bytes
+    ///                              that make up the returned output.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p output buffer is too small. You can
+    ///         determine a sufficient buffer size by calling
+    ///         #PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
+    ///         where \c key_type and \c key_bits are the type and bit-size
+    ///         respectively of \p key.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_asymmetric_encrypt(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        input: *const u8,
+        input_length: usize,
+        salt: *const u8,
+        salt_length: usize,
+        output: *mut u8,
+        output_size: usize,
+        output_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Decrypt a short message with a private key.
+    ///
+    /// \param key                   Identifier of the key to use for the operation.
+    ///                              It must be an asymmetric key pair. It must
+    ///                              allow the usage #PSA_KEY_USAGE_DECRYPT.
+    /// \param alg                   An asymmetric encryption algorithm that is
+    ///                              compatible with the type of \p key.
+    /// \param[in] input             The message to decrypt.
+    /// \param input_length          Size of the \p input buffer in bytes.
+    /// \param[in] salt              A salt or label, if supported by the
+    ///                              encryption algorithm.
+    ///                              If the algorithm does not support a
+    ///                              salt, pass \c NULL.
+    ///                              If the algorithm supports an optional
+    ///                              salt and you do not want to pass a salt,
+    ///                              pass \c NULL.
+    ///
+    ///                              - For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is
+    ///                                supported.
+    /// \param salt_length           Size of the \p salt buffer in bytes.
+    ///                              If \p salt is \c NULL, pass 0.
+    /// \param[out] output           Buffer where the decrypted message is to
+    ///                              be written.
+    /// \param output_size           Size of the \c output buffer in bytes.
+    /// \param[out] output_length    On success, the number of bytes
+    ///                              that make up the returned output.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p output buffer is too small. You can
+    ///         determine a sufficient buffer size by calling
+    ///         #PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
+    ///         where \c key_type and \c key_bits are the type and bit-size
+    ///         respectively of \p key.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+    /// \retval #PSA_ERROR_INVALID_PADDING \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_asymmetric_decrypt(
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        input: *const u8,
+        input_length: usize,
+        salt: *const u8,
+        salt_length: usize,
+        output: *mut u8,
+        output_size: usize,
+        output_length: *mut usize,
+    ) -> psa_status_t;
+}
+/// The type of the state data structure for key derivation operations.
+///
+/// Before calling any function on a key derivation operation object, the
+/// application must initialize it by any of the following means:
+/// - Set the structure to all-bits-zero, for example:
+///   \code
+///   psa_key_derivation_operation_t operation;
+///   memset(&operation, 0, sizeof(operation));
+///   \endcode
+/// - Initialize the structure to logical zero values, for example:
+///   \code
+///   psa_key_derivation_operation_t operation = {0};
+///   \endcode
+/// - Initialize the structure to the initializer #PSA_KEY_DERIVATION_OPERATION_INIT,
+///   for example:
+///   \code
+///   psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+///   \endcode
+/// - Assign the result of the function psa_key_derivation_operation_init()
+///   to the structure, for example:
+///   \code
+///   psa_key_derivation_operation_t operation;
+///   operation = psa_key_derivation_operation_init();
+///   \endcode
+///
+/// This is an implementation-defined \c struct. Applications should not
+/// make any assumptions about the content of this structure.
+/// Implementation details can change in future versions without notice.
+pub type psa_key_derivation_operation_t = psa_key_derivation_s;
+extern "C" {
+    /// Set up a key derivation operation.
+    ///
+    /// A key derivation algorithm takes some inputs and uses them to generate
+    /// a byte stream in a deterministic way.
+    /// This byte stream can be used to produce keys and other
+    /// cryptographic material.
+    ///
+    /// To derive a key:
+    /// -# Start with an initialized object of type #psa_key_derivation_operation_t.
+    /// -# Call psa_key_derivation_setup() to select the algorithm.
+    /// -# Provide the inputs for the key derivation by calling
+    ///    psa_key_derivation_input_bytes() or psa_key_derivation_input_key()
+    ///    as appropriate. Which inputs are needed, in what order, and whether
+    ///    they may be keys and if so of what type depends on the algorithm.
+    /// -# Optionally set the operation's maximum capacity with
+    ///    psa_key_derivation_set_capacity(). You may do this before, in the middle
+    ///    of or after providing inputs. For some algorithms, this step is mandatory
+    ///    because the output depends on the maximum capacity.
+    /// -# To derive a key, call psa_key_derivation_output_key().
+    ///    To derive a byte string for a different purpose, call
+    ///    psa_key_derivation_output_bytes().
+    ///    Successive calls to these functions use successive output bytes
+    ///    calculated by the key derivation algorithm.
+    /// -# Clean up the key derivation operation object with
+    ///    psa_key_derivation_abort().
+    ///
+    /// If this function returns an error, the key derivation operation object is
+    /// not changed.
+    ///
+    /// If an error occurs at any step after a call to psa_key_derivation_setup(),
+    /// the operation will need to be reset by a call to psa_key_derivation_abort().
+    ///
+    /// Implementations must reject an attempt to derive a key of size 0.
+    ///
+    /// \param[in,out] operation       The key derivation operation object
+    ///                                to set up. It must
+    ///                                have been initialized but not set up yet.
+    /// \param alg                     The key derivation algorithm to compute
+    ///                                (\c PSA_ALG_XXX value such that
+    ///                                #PSA_ALG_IS_KEY_DERIVATION(\p alg) is true).
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \c alg is not a key derivation algorithm.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \c alg is not supported or is not a key derivation algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be inactive), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_setup(
+        operation: *mut psa_key_derivation_operation_t,
+        alg: psa_algorithm_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Retrieve the current capacity of a key derivation operation.
+    ///
+    /// The capacity of a key derivation is the maximum number of bytes that it can
+    /// return. When you get *N* bytes of output from a key derivation operation,
+    /// this reduces its capacity by *N*.
+    ///
+    /// \param[in] operation     The operation to query.
+    /// \param[out] capacity     On success, the capacity of the operation.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_get_capacity(
+        operation: *const psa_key_derivation_operation_t,
+        capacity: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Set the maximum capacity of a key derivation operation.
+    ///
+    /// The capacity of a key derivation operation is the maximum number of bytes
+    /// that the key derivation operation can return from this point onwards.
+    ///
+    /// \param[in,out] operation The key derivation operation object to modify.
+    /// \param capacity          The new capacity of the operation.
+    ///                          It must be less or equal to the operation's
+    ///                          current capacity.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p capacity is larger than the operation's current capacity.
+    ///         In this case, the operation object remains valid and its capacity
+    ///         remains unchanged.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active), or the
+    ///         library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_set_capacity(
+        operation: *mut psa_key_derivation_operation_t,
+        capacity: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Provide an input for key derivation or key agreement.
+    ///
+    /// Which inputs are required and in what order depends on the algorithm.
+    /// Refer to the documentation of each key derivation or key agreement
+    /// algorithm for information.
+    ///
+    /// This function passes direct inputs, which is usually correct for
+    /// non-secret inputs. To pass a secret input, which should be in a key
+    /// object, call psa_key_derivation_input_key() instead of this function.
+    /// Refer to the documentation of individual step types
+    /// (`PSA_KEY_DERIVATION_INPUT_xxx` values of type ::psa_key_derivation_step_t)
+    /// for more information.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_key_derivation_abort().
+    ///
+    /// \param[in,out] operation       The key derivation operation object to use.
+    ///                                It must have been set up with
+    ///                                psa_key_derivation_setup() and must not
+    ///                                have produced any output yet.
+    /// \param step                    Which step the input data is for.
+    /// \param[in] data                Input data to use.
+    /// \param data_length             Size of the \p data buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \c step is not compatible with the operation's algorithm, or
+    ///         \c step does not allow direct inputs.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid for this input \p step, or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_input_bytes(
+        operation: *mut psa_key_derivation_operation_t,
+        step: psa_key_derivation_step_t,
+        data: *const u8,
+        data_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Provide a numeric input for key derivation or key agreement.
+    ///
+    /// Which inputs are required and in what order depends on the algorithm.
+    /// However, when an algorithm requires a particular order, numeric inputs
+    /// usually come first as they tend to be configuration parameters.
+    /// Refer to the documentation of each key derivation or key agreement
+    /// algorithm for information.
+    ///
+    /// This function is used for inputs which are fixed-size non-negative
+    /// integers.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_key_derivation_abort().
+    ///
+    /// \param[in,out] operation       The key derivation operation object to use.
+    ///                                It must have been set up with
+    ///                                psa_key_derivation_setup() and must not
+    ///                                have produced any output yet.
+    /// \param step                    Which step the input data is for.
+    /// \param[in] value               The value of the numeric input.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \c step is not compatible with the operation's algorithm, or
+    ///         \c step does not allow numeric inputs.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid for this input \p step, or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_input_integer(
+        operation: *mut psa_key_derivation_operation_t,
+        step: psa_key_derivation_step_t,
+        value: u64,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Provide an input for key derivation in the form of a key.
+    ///
+    /// Which inputs are required and in what order depends on the algorithm.
+    /// Refer to the documentation of each key derivation or key agreement
+    /// algorithm for information.
+    ///
+    /// This function obtains input from a key object, which is usually correct for
+    /// secret inputs or for non-secret personalization strings kept in the key
+    /// store. To pass a non-secret parameter which is not in the key store,
+    /// call psa_key_derivation_input_bytes() instead of this function.
+    /// Refer to the documentation of individual step types
+    /// (`PSA_KEY_DERIVATION_INPUT_xxx` values of type ::psa_key_derivation_step_t)
+    /// for more information.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_key_derivation_abort().
+    ///
+    /// \param[in,out] operation       The key derivation operation object to use.
+    ///                                It must have been set up with
+    ///                                psa_key_derivation_setup() and must not
+    ///                                have produced any output yet.
+    /// \param step                    Which step the input data is for.
+    /// \param key                     Identifier of the key. It must have an
+    ///                                appropriate type for step and must allow the
+    ///                                usage #PSA_KEY_USAGE_DERIVE or
+    ///                                #PSA_KEY_USAGE_VERIFY_DERIVATION (see note)
+    ///                                and the algorithm used by the operation.
+    ///
+    /// \note Once all inputs steps are completed, the operations will allow:
+    /// - psa_key_derivation_output_bytes() if each input was either a direct input
+    ///   or  a key with #PSA_KEY_USAGE_DERIVE set;
+    /// - psa_key_derivation_output_key() if the input for step
+    ///   #PSA_KEY_DERIVATION_INPUT_SECRET or #PSA_KEY_DERIVATION_INPUT_PASSWORD
+    ///   was from a key slot with #PSA_KEY_USAGE_DERIVE and each other input was
+    ///   either a direct input or a key with #PSA_KEY_USAGE_DERIVE set;
+    /// - psa_key_derivation_verify_bytes() if each input was either a direct input
+    ///   or  a key with #PSA_KEY_USAGE_VERIFY_DERIVATION set;
+    /// - psa_key_derivation_verify_key() under the same conditions as
+    ///   psa_key_derivation_verify_bytes().
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The key allows neither #PSA_KEY_USAGE_DERIVE nor
+    ///         #PSA_KEY_USAGE_VERIFY_DERIVATION, or it doesn't allow this
+    ///         algorithm.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \c step is not compatible with the operation's algorithm, or
+    ///         \c step does not allow key inputs of the given type
+    ///         or does not allow key inputs at all.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid for this input \p step, or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_input_key(
+        operation: *mut psa_key_derivation_operation_t,
+        step: psa_key_derivation_step_t,
+        key: mbedtls_svc_key_id_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Perform a key agreement and use the shared secret as input to a key
+    /// derivation.
+    ///
+    /// A key agreement algorithm takes two inputs: a private key \p private_key
+    /// a public key \p peer_key.
+    /// The result of this function is passed as input to a key derivation.
+    /// The output of this key derivation can be extracted by reading from the
+    /// resulting operation to produce keys and other cryptographic material.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_key_derivation_abort().
+    ///
+    /// \param[in,out] operation       The key derivation operation object to use.
+    ///                                It must have been set up with
+    ///                                psa_key_derivation_setup() with a
+    ///                                key agreement and derivation algorithm
+    ///                                \c alg (\c PSA_ALG_XXX value such that
+    ///                                #PSA_ALG_IS_KEY_AGREEMENT(\c alg) is true
+    ///                                and #PSA_ALG_IS_RAW_KEY_AGREEMENT(\c alg)
+    ///                                is false).
+    ///                                The operation must be ready for an
+    ///                                input of the type given by \p step.
+    /// \param step                    Which step the input data is for.
+    /// \param private_key             Identifier of the private key to use. It must
+    ///                                allow the usage #PSA_KEY_USAGE_DERIVE.
+    /// \param[in] peer_key      Public key of the peer. The peer key must be in the
+    ///                          same format that psa_import_key() accepts for the
+    ///                          public key type corresponding to the type of
+    ///                          private_key. That is, this function performs the
+    ///                          equivalent of
+    ///                          #psa_import_key(...,
+    ///                          `peer_key`, `peer_key_length`) where
+    ///                          with key attributes indicating the public key
+    ///                          type corresponding to the type of `private_key`.
+    ///                          For example, for EC keys, this means that peer_key
+    ///                          is interpreted as a point on the curve that the
+    ///                          private key is on. The standard formats for public
+    ///                          keys are documented in the documentation of
+    ///                          psa_export_public_key().
+    /// \param peer_key_length         Size of \p peer_key in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \c private_key is not compatible with \c alg,
+    ///         or \p peer_key is not valid for \c alg or not compatible with
+    ///         \c private_key, or \c step does not allow an input resulting
+    ///         from a key agreement.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \c alg is not supported or is not a key derivation algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid for this key agreement \p step,
+    ///         or the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_key_agreement(
+        operation: *mut psa_key_derivation_operation_t,
+        step: psa_key_derivation_step_t,
+        private_key: mbedtls_svc_key_id_t,
+        peer_key: *const u8,
+        peer_key_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Read some data from a key derivation operation.
+    ///
+    /// This function calculates output bytes from a key derivation algorithm and
+    /// return those bytes.
+    /// If you view the key derivation's output as a stream of bytes, this
+    /// function destructively reads the requested number of bytes from the
+    /// stream.
+    /// The operation's capacity decreases by the number of bytes read.
+    ///
+    /// If this function returns an error status other than
+    /// #PSA_ERROR_INSUFFICIENT_DATA, the operation enters an error
+    /// state and must be aborted by calling psa_key_derivation_abort().
+    ///
+    /// \param[in,out] operation The key derivation operation object to read from.
+    /// \param[out] output       Buffer where the output will be written.
+    /// \param output_length     Number of bytes to output.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         One of the inputs was a key whose policy didn't allow
+    ///         #PSA_KEY_USAGE_DERIVE.
+    /// \retval #PSA_ERROR_INSUFFICIENT_DATA
+    ///                          The operation's capacity was less than
+    ///                          \p output_length bytes. Note that in this case,
+    ///                          no output is written to the output buffer.
+    ///                          The operation's capacity is set to 0, thus
+    ///                          subsequent calls to this function will not
+    ///                          succeed, even with a smaller output buffer.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active and completed
+    ///         all required input steps), or the library has not been previously
+    ///         initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_output_bytes(
+        operation: *mut psa_key_derivation_operation_t,
+        output: *mut u8,
+        output_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Derive a key from an ongoing key derivation operation.
+    ///
+    /// This function calculates output bytes from a key derivation algorithm
+    /// and uses those bytes to generate a key deterministically.
+    /// The key's location, usage policy, type and size are taken from
+    /// \p attributes.
+    ///
+    /// If you view the key derivation's output as a stream of bytes, this
+    /// function destructively reads as many bytes as required from the
+    /// stream.
+    /// The operation's capacity decreases by the number of bytes read.
+    ///
+    /// If this function returns an error status other than
+    /// #PSA_ERROR_INSUFFICIENT_DATA, the operation enters an error
+    /// state and must be aborted by calling psa_key_derivation_abort().
+    ///
+    /// How much output is produced and consumed from the operation, and how
+    /// the key is derived, depends on the key type and on the key size
+    /// (denoted \c bits below):
+    ///
+    /// - For key types for which the key is an arbitrary sequence of bytes
+    ///   of a given size, this function is functionally equivalent to
+    ///   calling #psa_key_derivation_output_bytes
+    ///   and passing the resulting output to #psa_import_key.
+    ///   However, this function has a security benefit:
+    ///   if the implementation provides an isolation boundary then
+    ///   the key material is not exposed outside the isolation boundary.
+    ///   As a consequence, for these key types, this function always consumes
+    ///   exactly (\c bits / 8) bytes from the operation.
+    ///   The following key types defined in this specification follow this scheme:
+    ///
+    ///     - #PSA_KEY_TYPE_AES;
+    ///     - #PSA_KEY_TYPE_ARIA;
+    ///     - #PSA_KEY_TYPE_CAMELLIA;
+    ///     - #PSA_KEY_TYPE_DERIVE;
+    ///     - #PSA_KEY_TYPE_HMAC;
+    ///     - #PSA_KEY_TYPE_PASSWORD_HASH.
+    ///
+    /// - For ECC keys on a Montgomery elliptic curve
+    ///   (#PSA_KEY_TYPE_ECC_KEY_PAIR(\c curve) where \c curve designates a
+    ///   Montgomery curve), this function always draws a byte string whose
+    ///   length is determined by the curve, and sets the mandatory bits
+    ///   accordingly. That is:
+    ///
+    ///     - Curve25519 (#PSA_ECC_FAMILY_MONTGOMERY, 255 bits): draw a 32-byte
+    ///       string and process it as specified in RFC 7748 &sect;5.
+    ///     - Curve448 (#PSA_ECC_FAMILY_MONTGOMERY, 448 bits): draw a 56-byte
+    ///       string and process it as specified in RFC 7748 &sect;5.
+    ///
+    /// - For key types for which the key is represented by a single sequence of
+    ///   \c bits bits with constraints as to which bit sequences are acceptable,
+    ///   this function draws a byte string of length (\c bits / 8) bytes rounded
+    ///   up to the nearest whole number of bytes. If the resulting byte string
+    ///   is acceptable, it becomes the key, otherwise the drawn bytes are discarded.
+    ///   This process is repeated until an acceptable byte string is drawn.
+    ///   The byte string drawn from the operation is interpreted as specified
+    ///   for the output produced by psa_export_key().
+    ///   The following key types defined in this specification follow this scheme:
+    ///
+    ///     - #PSA_KEY_TYPE_DES.
+    ///       Force-set the parity bits, but discard forbidden weak keys.
+    ///       For 2-key and 3-key triple-DES, the three keys are generated
+    ///       successively (for example, for 3-key triple-DES,
+    ///       if the first 8 bytes specify a weak key and the next 8 bytes do not,
+    ///       discard the first 8 bytes, use the next 8 bytes as the first key,
+    ///       and continue reading output from the operation to derive the other
+    ///       two keys).
+    ///     - Finite-field Diffie-Hellman keys (#PSA_KEY_TYPE_DH_KEY_PAIR(\c group)
+    ///       where \c group designates any Diffie-Hellman group) and
+    ///       ECC keys on a Weierstrass elliptic curve
+    ///       (#PSA_KEY_TYPE_ECC_KEY_PAIR(\c curve) where \c curve designates a
+    ///       Weierstrass curve).
+    ///       For these key types, interpret the byte string as integer
+    ///       in big-endian order. Discard it if it is not in the range
+    ///       [0, *N* - 2] where *N* is the boundary of the private key domain
+    ///       (the prime *p* for Diffie-Hellman, the subprime *q* for DSA,
+    ///       or the order of the curve's base point for ECC).
+    ///       Add 1 to the resulting integer and use this as the private key *x*.
+    ///       This method allows compliance to NIST standards, specifically
+    ///       the methods titled "key-pair generation by testing candidates"
+    ///       in NIST SP 800-56A &sect;5.6.1.1.4 for Diffie-Hellman,
+    ///       in FIPS 186-4 &sect;B.1.2 for DSA, and
+    ///       in NIST SP 800-56A &sect;5.6.1.2.2 or
+    ///       FIPS 186-4 &sect;B.4.2 for elliptic curve keys.
+    ///
+    /// - For other key types, including #PSA_KEY_TYPE_RSA_KEY_PAIR,
+    ///   the way in which the operation output is consumed is
+    ///   implementation-defined.
+    ///
+    /// In all cases, the data that is read is discarded from the operation.
+    /// The operation's capacity is decreased by the number of bytes read.
+    ///
+    /// For algorithms that take an input step #PSA_KEY_DERIVATION_INPUT_SECRET,
+    /// the input to that step must be provided with psa_key_derivation_input_key().
+    /// Future versions of this specification may include additional restrictions
+    /// on the derived key based on the attributes and strength of the secret key.
+    ///
+    /// \param[in] attributes    The attributes for the new key.
+    ///                          If the key type to be created is
+    ///                          #PSA_KEY_TYPE_PASSWORD_HASH then the algorithm in
+    ///                          the policy must be the same as in the current
+    ///                          operation.
+    /// \param[in,out] operation The key derivation operation object to read from.
+    /// \param[out] key          On success, an identifier for the newly created
+    ///                          key. For persistent keys, this is the key
+    ///                          identifier defined in \p attributes.
+    ///                          \c 0 on failure.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    ///         If the key is persistent, the key material and the key's metadata
+    ///         have been saved to persistent storage.
+    /// \retval #PSA_ERROR_ALREADY_EXISTS
+    ///         This is an attempt to create a persistent key, and there is
+    ///         already a persistent key with the given identifier.
+    /// \retval #PSA_ERROR_INSUFFICIENT_DATA
+    ///         There was not enough data to create the desired key.
+    ///         Note that in this case, no output is written to the output buffer.
+    ///         The operation's capacity is set to 0, thus subsequent calls to
+    ///         this function will not succeed, even with a smaller output buffer.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         The key type or key size is not supported, either by the
+    ///         implementation in general or in this particular location.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The provided key attributes are not valid for the operation.
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The #PSA_KEY_DERIVATION_INPUT_SECRET or
+    ///         #PSA_KEY_DERIVATION_INPUT_PASSWORD input was not provided through a
+    ///         key; or one of the inputs was a key whose policy didn't allow
+    ///         #PSA_KEY_USAGE_DERIVE.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active and completed
+    ///         all required input steps), or the library has not been previously
+    ///         initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_output_key(
+        attributes: *const psa_key_attributes_t,
+        operation: *mut psa_key_derivation_operation_t,
+        key: *mut mbedtls_svc_key_id_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Compare output data from a key derivation operation to an expected value.
+    ///
+    /// This function calculates output bytes from a key derivation algorithm and
+    /// compares those bytes to an expected value in constant time.
+    /// If you view the key derivation's output as a stream of bytes, this
+    /// function destructively reads the expected number of bytes from the
+    /// stream before comparing them.
+    /// The operation's capacity decreases by the number of bytes read.
+    ///
+    /// This is functionally equivalent to the following code:
+    /// \code
+    /// psa_key_derivation_output_bytes(operation, tmp, output_length);
+    /// if (memcmp(output, tmp, output_length) != 0)
+    ///     return PSA_ERROR_INVALID_SIGNATURE;
+    /// \endcode
+    /// except (1) it works even if the key's policy does not allow outputting the
+    /// bytes, and (2) the comparison will be done in constant time.
+    ///
+    /// If this function returns an error status other than
+    /// #PSA_ERROR_INSUFFICIENT_DATA or #PSA_ERROR_INVALID_SIGNATURE,
+    /// the operation enters an error state and must be aborted by calling
+    /// psa_key_derivation_abort().
+    ///
+    /// \param[in,out] operation The key derivation operation object to read from.
+    /// \param[in] expected_output Buffer containing the expected derivation output.
+    /// \param output_length     Length of the expected output; this is also the
+    ///                          number of bytes that will be read.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The output was read successfully, but it differs from the expected
+    ///         output.
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         One of the inputs was a key whose policy didn't allow
+    ///         #PSA_KEY_USAGE_VERIFY_DERIVATION.
+    /// \retval #PSA_ERROR_INSUFFICIENT_DATA
+    ///                          The operation's capacity was less than
+    ///                          \p output_length bytes. Note that in this case,
+    ///                          the operation's capacity is set to 0, thus
+    ///                          subsequent calls to this function will not
+    ///                          succeed, even with a smaller expected output.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active and completed
+    ///         all required input steps), or the library has not been previously
+    ///         initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_verify_bytes(
+        operation: *mut psa_key_derivation_operation_t,
+        expected_output: *const u8,
+        output_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Compare output data from a key derivation operation to an expected value
+    /// stored in a key object.
+    ///
+    /// This function calculates output bytes from a key derivation algorithm and
+    /// compares those bytes to an expected value, provided as key of type
+    /// #PSA_KEY_TYPE_PASSWORD_HASH.
+    /// If you view the key derivation's output as a stream of bytes, this
+    /// function destructively reads the number of bytes corresponding to the
+    /// length of the expected value from the stream before comparing them.
+    /// The operation's capacity decreases by the number of bytes read.
+    ///
+    /// This is functionally equivalent to exporting the key and calling
+    /// psa_key_derivation_verify_bytes() on the result, except that it
+    /// works even if the key cannot be exported.
+    ///
+    /// If this function returns an error status other than
+    /// #PSA_ERROR_INSUFFICIENT_DATA or #PSA_ERROR_INVALID_SIGNATURE,
+    /// the operation enters an error state and must be aborted by calling
+    /// psa_key_derivation_abort().
+    ///
+    /// \param[in,out] operation The key derivation operation object to read from.
+    /// \param[in] expected      A key of type #PSA_KEY_TYPE_PASSWORD_HASH
+    ///                          containing the expected output. Its policy must
+    ///                          include the #PSA_KEY_USAGE_VERIFY_DERIVATION flag
+    ///                          and the permitted algorithm must match the
+    ///                          operation. The value of this key was likely
+    ///                          computed by a previous call to
+    ///                          psa_key_derivation_output_key().
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The output was read successfully, but if differs from the expected
+    ///         output.
+    /// \retval #PSA_ERROR_INVALID_HANDLE
+    ///         The key passed as the expected value does not exist.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The key passed as the expected value has an invalid type.
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The key passed as the expected value does not allow this usage or
+    ///         this algorithm; or one of the inputs was a key whose policy didn't
+    ///         allow #PSA_KEY_USAGE_VERIFY_DERIVATION.
+    /// \retval #PSA_ERROR_INSUFFICIENT_DATA
+    ///                          The operation's capacity was less than
+    ///                          the length of the expected value. In this case,
+    ///                          the operation's capacity is set to 0, thus
+    ///                          subsequent calls to this function will not
+    ///                          succeed, even with a smaller expected output.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active and completed
+    ///         all required input steps), or the library has not been previously
+    ///         initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_verify_key(
+        operation: *mut psa_key_derivation_operation_t,
+        expected: psa_key_id_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Abort a key derivation operation.
+    ///
+    /// Aborting an operation frees all associated resources except for the \c
+    /// operation structure itself. Once aborted, the operation object can be reused
+    /// for another operation by calling psa_key_derivation_setup() again.
+    ///
+    /// This function may be called at any time after the operation
+    /// object has been initialized as described in #psa_key_derivation_operation_t.
+    ///
+    /// In particular, it is valid to call psa_key_derivation_abort() twice, or to
+    /// call psa_key_derivation_abort() on an operation that has not been set up.
+    ///
+    /// \param[in,out] operation    The operation to abort.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_key_derivation_abort(operation: *mut psa_key_derivation_operation_t)
+        -> psa_status_t;
+}
+extern "C" {
+    /// Perform a key agreement and return the raw shared secret.
+    ///
+    /// \warning The raw result of a key agreement algorithm such as finite-field
+    /// Diffie-Hellman or elliptic curve Diffie-Hellman has biases and should
+    /// not be used directly as key material. It should instead be passed as
+    /// input to a key derivation algorithm. To chain a key agreement with
+    /// a key derivation, use psa_key_derivation_key_agreement() and other
+    /// functions from the key derivation interface.
+    ///
+    /// \param alg                     The key agreement algorithm to compute
+    ///                                (\c PSA_ALG_XXX value such that
+    ///                                #PSA_ALG_IS_RAW_KEY_AGREEMENT(\p alg)
+    ///                                is true).
+    /// \param private_key             Identifier of the private key to use. It must
+    ///                                allow the usage #PSA_KEY_USAGE_DERIVE.
+    /// \param[in] peer_key            Public key of the peer. It must be
+    ///                                in the same format that psa_import_key()
+    ///                                accepts. The standard formats for public
+    ///                                keys are documented in the documentation
+    ///                                of psa_export_public_key().
+    /// \param peer_key_length         Size of \p peer_key in bytes.
+    /// \param[out] output             Buffer where the decrypted message is to
+    ///                                be written.
+    /// \param output_size             Size of the \c output buffer in bytes.
+    /// \param[out] output_length      On success, the number of bytes
+    ///                                that make up the returned output.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p alg is not a key agreement algorithm, or
+    ///         \p private_key is not compatible with \p alg,
+    ///         or \p peer_key is not valid for \p alg or not compatible with
+    ///         \p private_key.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         \p output_size is too small
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p alg is not a supported key agreement algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_raw_key_agreement(
+        alg: psa_algorithm_t,
+        private_key: mbedtls_svc_key_id_t,
+        peer_key: *const u8,
+        peer_key_length: usize,
+        output: *mut u8,
+        output_size: usize,
+        output_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Generate random bytes.
+    ///
+    /// \warning This function **can** fail! Callers MUST check the return status
+    ///          and MUST NOT use the content of the output buffer if the return
+    ///          status is not #PSA_SUCCESS.
+    ///
+    /// \note    To generate a key, use psa_generate_key() instead.
+    ///
+    /// \param[out] output       Output buffer for the generated data.
+    /// \param output_size       Number of bytes to generate and output.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_generate_random(output: *mut u8, output_size: usize) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Generate a key or key pair.
+    ///
+    /// The key is generated randomly.
+    /// Its location, usage policy, type and size are taken from \p attributes.
+    ///
+    /// Implementations must reject an attempt to generate a key of size 0.
+    ///
+    /// The following type-specific considerations apply:
+    /// - For RSA keys (#PSA_KEY_TYPE_RSA_KEY_PAIR),
+    ///   the public exponent is 65537.
+    ///   The modulus is a product of two probabilistic primes
+    ///   between 2^{n-1} and 2^n where n is the bit size specified in the
+    ///   attributes.
+    ///
+    /// \param[in] attributes    The attributes for the new key.
+    /// \param[out] key          On success, an identifier for the newly created
+    ///                          key. For persistent keys, this is the key
+    ///                          identifier defined in \p attributes.
+    ///                          \c 0 on failure.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    ///         If the key is persistent, the key material and the key's metadata
+    ///         have been saved to persistent storage.
+    /// \retval #PSA_ERROR_ALREADY_EXISTS
+    ///         This is an attempt to create a persistent key, and there is
+    ///         already a persistent key with the given identifier.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_generate_key(
+        attributes: *const psa_key_attributes_t,
+        key: *mut mbedtls_svc_key_id_t,
+    ) -> psa_status_t;
+}
+/// The type of the state data structure for interruptible hash
+///  signing operations.
+///
+/// Before calling any function on a sign hash operation object, the
+/// application must initialize it by any of the following means:
+/// - Set the structure to all-bits-zero, for example:
+///   \code
+///   psa_sign_hash_interruptible_operation_t operation;
+///   memset(&operation, 0, sizeof(operation));
+///   \endcode
+/// - Initialize the structure to logical zero values, for example:
+///   \code
+///   psa_sign_hash_interruptible_operation_t operation = {0};
+///   \endcode
+/// - Initialize the structure to the initializer
+///   #PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT, for example:
+///   \code
+///   psa_sign_hash_interruptible_operation_t operation =
+///   PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT;
+///   \endcode
+/// - Assign the result of the function
+///   psa_sign_hash_interruptible_operation_init() to the structure, for
+///   example:
+///   \code
+///   psa_sign_hash_interruptible_operation_t operation;
+///   operation = psa_sign_hash_interruptible_operation_init();
+///   \endcode
+///
+/// This is an implementation-defined \c struct. Applications should not
+/// make any assumptions about the content of this structure.
+/// Implementation details can change in future versions without notice.
+pub type psa_sign_hash_interruptible_operation_t = psa_sign_hash_interruptible_operation_s;
+/// The type of the state data structure for interruptible hash
+///  verification operations.
+///
+/// Before calling any function on a sign hash operation object, the
+/// application must initialize it by any of the following means:
+/// - Set the structure to all-bits-zero, for example:
+///   \code
+///   psa_verify_hash_interruptible_operation_t operation;
+///   memset(&operation, 0, sizeof(operation));
+///   \endcode
+/// - Initialize the structure to logical zero values, for example:
+///   \code
+///   psa_verify_hash_interruptible_operation_t operation = {0};
+///   \endcode
+/// - Initialize the structure to the initializer
+///   #PSA_VERIFY_HASH_INTERRUPTIBLE_OPERATION_INIT, for example:
+///   \code
+///   psa_verify_hash_interruptible_operation_t operation =
+///   PSA_VERIFY_HASH_INTERRUPTIBLE_OPERATION_INIT;
+///   \endcode
+/// - Assign the result of the function
+///   psa_verify_hash_interruptible_operation_init() to the structure, for
+///   example:
+///   \code
+///   psa_verify_hash_interruptible_operation_t operation;
+///   operation = psa_verify_hash_interruptible_operation_init();
+///   \endcode
+///
+/// This is an implementation-defined \c struct. Applications should not
+/// make any assumptions about the content of this structure.
+/// Implementation details can change in future versions without notice.
+pub type psa_verify_hash_interruptible_operation_t = psa_verify_hash_interruptible_operation_s;
+extern "C" {
+    /// \brief                       Set the maximum number of ops allowed to be
+    ///                              executed by an interruptible function in a
+    ///                              single call.
+    ///
+    /// \warning                     This is a beta API, and thus subject to change
+    ///                              at any point. It is not bound by the usual
+    ///                              interface stability promises.
+    ///
+    /// \note                        The time taken to execute a single op is
+    ///                              implementation specific and depends on
+    ///                              software, hardware, the algorithm, key type and
+    ///                              curve chosen. Even within a single operation,
+    ///                              successive ops can take differing amounts of
+    ///                              time. The only guarantee is that lower values
+    ///                              for \p max_ops means functions will block for a
+    ///                              lesser maximum amount of time. The functions
+    ///                              \c psa_sign_interruptible_get_num_ops() and
+    ///                              \c psa_verify_interruptible_get_num_ops() are
+    ///                              provided to help with tuning this value.
+    ///
+    /// \note                        This value defaults to
+    ///                              #PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED, which
+    ///                              means the whole operation will be done in one
+    ///                              go, regardless of the number of ops required.
+    ///
+    /// \note                        If more ops are needed to complete a
+    ///                              computation, #PSA_OPERATION_INCOMPLETE will be
+    ///                              returned by the function performing the
+    ///                              computation. It is then the caller's
+    ///                              responsibility to either call again with the
+    ///                              same operation context until it returns 0 or an
+    ///                              error code; or to call the relevant abort
+    ///                              function if the answer is no longer required.
+    ///
+    /// \note                        The interpretation of \p max_ops is also
+    ///                              implementation defined. On a hard real time
+    ///                              system, this can indicate a hard deadline, as a
+    ///                              real-time system needs a guarantee of not
+    ///                              spending more than X time, however care must be
+    ///                              taken in such an implementation to avoid the
+    ///                              situation whereby calls just return, not being
+    ///                              able to do any actual work within the allotted
+    ///                              time.  On a non-real-time system, the
+    ///                              implementation can be more relaxed, but again
+    ///                              whether this number should be interpreted as as
+    ///                              hard or soft limit or even whether a less than
+    ///                              or equals as regards to ops executed in a
+    ///                              single call is implementation defined.
+    ///
+    /// \note                        For keys in local storage when no accelerator
+    ///                              driver applies, please see also the
+    ///                              documentation for \c mbedtls_ecp_set_max_ops(),
+    ///                              which is the internal implementation in these
+    ///                              cases.
+    ///
+    /// \warning                     With implementations that interpret this number
+    ///                              as a hard limit, setting this number too small
+    ///                              may result in an infinite loop, whereby each
+    ///                              call results in immediate return with no ops
+    ///                              done (as there is not enough time to execute
+    ///                              any), and thus no result will ever be achieved.
+    ///
+    /// \note                        This only applies to functions whose
+    ///                              documentation mentions they may return
+    ///                              #PSA_OPERATION_INCOMPLETE.
+    ///
+    /// \param max_ops               The maximum number of ops to be executed in a
+    ///                              single call. This can be a number from 0 to
+    ///                              #PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED, where 0
+    ///                              is the least amount of work done per call.
+    pub fn psa_interruptible_set_max_ops(max_ops: u32);
+}
+extern "C" {
+    /// \brief                       Get the maximum number of ops allowed to be
+    ///                              executed by an interruptible function in a
+    ///                              single call. This will return the last
+    ///                              value set by
+    ///                              \c psa_interruptible_set_max_ops() or
+    ///                              #PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED if
+    ///                              that function has never been called.
+    ///
+    /// \warning                     This is a beta API, and thus subject to change
+    ///                              at any point. It is not bound by the usual
+    ///                              interface stability promises.
+    ///
+    /// \return                      Maximum number of ops allowed to be
+    ///                              executed by an interruptible function in a
+    ///                              single call.
+    pub fn psa_interruptible_get_max_ops() -> u32;
+}
+extern "C" {
+    /// \brief                       Get the number of ops that a hash signing
+    ///                              operation has taken so far. If the operation
+    ///                              has completed, then this will represent the
+    ///                              number of ops required for the entire
+    ///                              operation. After initialization or calling
+    ///                              \c psa_sign_hash_interruptible_abort() on
+    ///                              the operation, a value of 0 will be returned.
+    ///
+    /// \note                        This interface is guaranteed re-entrant and
+    ///                              thus may be called from driver code.
+    ///
+    /// \warning                     This is a beta API, and thus subject to change
+    ///                              at any point. It is not bound by the usual
+    ///                              interface stability promises.
+    ///
+    ///                              This is a helper provided to help you tune the
+    ///                              value passed to \c
+    ///                              psa_interruptible_set_max_ops().
+    ///
+    /// \param operation             The \c psa_sign_hash_interruptible_operation_t
+    ///                              to use. This must be initialized first.
+    ///
+    /// \return                      Number of ops that the operation has taken so
+    ///                              far.
+    pub fn psa_sign_hash_get_num_ops(
+        operation: *const psa_sign_hash_interruptible_operation_t,
+    ) -> u32;
+}
+extern "C" {
+    /// \brief                       Get the number of ops that a hash verification
+    ///                              operation has taken so far. If the operation
+    ///                              has completed, then this will represent the
+    ///                              number of ops required for the entire
+    ///                              operation. After initialization or calling \c
+    ///                              psa_verify_hash_interruptible_abort() on the
+    ///                              operation, a value of 0 will be returned.
+    ///
+    /// \warning                     This is a beta API, and thus subject to change
+    ///                              at any point. It is not bound by the usual
+    ///                              interface stability promises.
+    ///
+    ///                              This is a helper provided to help you tune the
+    ///                              value passed to \c
+    ///                              psa_interruptible_set_max_ops().
+    ///
+    /// \param operation             The \c
+    ///                              psa_verify_hash_interruptible_operation_t to
+    ///                              use. This must be initialized first.
+    ///
+    /// \return                      Number of ops that the operation has taken so
+    ///                              far.
+    pub fn psa_verify_hash_get_num_ops(
+        operation: *const psa_verify_hash_interruptible_operation_t,
+    ) -> u32;
+}
+extern "C" {
+    /// \brief                       Start signing a hash or short message with a
+    ///                              private key, in an interruptible manner.
+    ///
+    /// \see                         \c psa_sign_hash_complete()
+    ///
+    /// \warning                     This is a beta API, and thus subject to change
+    ///                              at any point. It is not bound by the usual
+    ///                              interface stability promises.
+    ///
+    /// \note                        This function combined with \c
+    ///                              psa_sign_hash_complete() is equivalent to
+    ///                              \c psa_sign_hash() but
+    ///                              \c psa_sign_hash_complete() can return early and
+    ///                              resume according to the limit set with \c
+    ///                              psa_interruptible_set_max_ops() to reduce the
+    ///                              maximum time spent in a function call.
+    ///
+    /// \note                        Users should call \c psa_sign_hash_complete()
+    ///                              repeatedly on the same context after a
+    ///                              successful call to this function until \c
+    ///                              psa_sign_hash_complete() either returns 0 or an
+    ///                              error. \c psa_sign_hash_complete() will return
+    ///                              #PSA_OPERATION_INCOMPLETE if there is more work
+    ///                              to do. Alternatively users can call
+    ///                              \c psa_sign_hash_abort() at any point if they no
+    ///                              longer want the result.
+    ///
+    /// \note                        If this function returns an error status, the
+    ///                              operation enters an error state and must be
+    ///                              aborted by calling \c psa_sign_hash_abort().
+    ///
+    /// \param[in, out] operation    The \c psa_sign_hash_interruptible_operation_t
+    ///                              to use. This must be initialized first.
+    ///
+    /// \param key                   Identifier of the key to use for the operation.
+    ///                              It must be an asymmetric key pair. The key must
+    ///                              allow the usage #PSA_KEY_USAGE_SIGN_HASH.
+    /// \param alg                   A signature algorithm (\c PSA_ALG_XXX
+    ///                              value such that #PSA_ALG_IS_SIGN_HASH(\p alg)
+    ///                              is true), that is compatible with
+    ///                              the type of \p key.
+    /// \param[in] hash              The hash or message to sign.
+    /// \param hash_length           Size of the \p hash buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         The operation started successfully - call \c psa_sign_hash_complete()
+    ///         with the same context to complete the operation
+    ///
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The key does not have the #PSA_KEY_USAGE_SIGN_HASH flag, or it does
+    ///         not permit the requested algorithm.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         An operation has previously been started on this context, and is
+    ///         still in progress.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_sign_hash_start(
+        operation: *mut psa_sign_hash_interruptible_operation_t,
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        hash: *const u8,
+        hash_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief                       Continue and eventually complete the action of
+    ///                              signing a hash or short message with a private
+    ///                              key, in an interruptible manner.
+    ///
+    /// \see                         \c psa_sign_hash_start()
+    ///
+    /// \warning                     This is a beta API, and thus subject to change
+    ///                              at any point. It is not bound by the usual
+    ///                              interface stability promises.
+    ///
+    /// \note                        This function combined with \c
+    ///                              psa_sign_hash_start() is equivalent to
+    ///                              \c psa_sign_hash() but this function can return
+    ///                              early and resume according to the limit set with
+    ///                              \c psa_interruptible_set_max_ops() to reduce the
+    ///                              maximum time spent in a function call.
+    ///
+    /// \note                        Users should call this function on the same
+    ///                              operation object repeatedly until it either
+    ///                              returns 0 or an error. This function will return
+    ///                              #PSA_OPERATION_INCOMPLETE if there is more work
+    ///                              to do. Alternatively users can call
+    ///                              \c psa_sign_hash_abort() at any point if they no
+    ///                              longer want the result.
+    ///
+    /// \note                        When this function returns successfully, the
+    ///                              operation becomes inactive. If this function
+    ///                              returns an error status, the operation enters an
+    ///                              error state and must be aborted by calling
+    ///                              \c psa_sign_hash_abort().
+    ///
+    /// \param[in, out] operation    The \c psa_sign_hash_interruptible_operation_t
+    ///                              to use. This must be initialized first, and have
+    ///                              had \c psa_sign_hash_start() called with it
+    ///                              first.
+    ///
+    /// \param[out] signature        Buffer where the signature is to be written.
+    /// \param signature_size        Size of the \p signature buffer in bytes. This
+    ///                              must be appropriate for the selected
+    ///                              algorithm and key:
+    ///                              - The required signature size is
+    ///                                #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c
+    ///                                key_bits, \c alg) where \c key_type and \c
+    ///                                key_bits are the type and bit-size
+    ///                                respectively of key.
+    ///                              - #PSA_SIGNATURE_MAX_SIZE evaluates to the
+    ///                                maximum signature size of any supported
+    ///                                signature algorithm.
+    /// \param[out] signature_length On success, the number of bytes that make up
+    ///                              the returned signature value.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Operation completed successfully
+    ///
+    /// \retval #PSA_OPERATION_INCOMPLETE
+    ///         Operation was interrupted due to the setting of \c
+    ///         psa_interruptible_set_max_ops(). There is still work to be done.
+    ///         Call this function again with the same operation object.
+    ///
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p signature buffer is too small. You can
+    ///         determine a sufficient buffer size by calling
+    ///         #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
+    ///         where \c key_type and \c key_bits are the type and bit-size
+    ///         respectively of \p key.
+    ///
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         An operation was not previously started on this context via
+    ///         \c psa_sign_hash_start().
+    ///
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has either not been previously initialized by
+    ///         psa_crypto_init() or you did not previously call
+    ///         psa_sign_hash_start() with this operation object. It is
+    ///         implementation-dependent whether a failure to initialize results in
+    ///         this error code.
+    pub fn psa_sign_hash_complete(
+        operation: *mut psa_sign_hash_interruptible_operation_t,
+        signature: *mut u8,
+        signature_size: usize,
+        signature_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief                       Abort a sign hash operation.
+    ///
+    /// \warning                     This is a beta API, and thus subject to change
+    ///                              at any point. It is not bound by the usual
+    ///                              interface stability promises.
+    ///
+    /// \note                        This function is the only function that clears
+    ///                              the number of ops completed as part of the
+    ///                              operation. Please ensure you copy this value via
+    ///                              \c psa_sign_hash_get_num_ops() if required
+    ///                              before calling.
+    ///
+    /// \note                        Aborting an operation frees all associated
+    ///                              resources except for the \p operation structure
+    ///                              itself. Once aborted, the operation object can
+    ///                              be reused for another operation by calling \c
+    ///                              psa_sign_hash_start() again.
+    ///
+    /// \note                        You may call this function any time after the
+    ///                              operation object has been initialized. In
+    ///                              particular, calling \c psa_sign_hash_abort()
+    ///                              after the operation has already been terminated
+    ///                              by a call to \c psa_sign_hash_abort() or
+    ///                              psa_sign_hash_complete() is safe.
+    ///
+    /// \param[in,out] operation     Initialized sign hash operation.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         The operation was aborted successfully.
+    ///
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_sign_hash_abort(
+        operation: *mut psa_sign_hash_interruptible_operation_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief                       Start reading and verifying a hash or short
+    ///                              message, in an interruptible manner.
+    ///
+    /// \see                         \c psa_verify_hash_complete()
+    ///
+    /// \warning                     This is a beta API, and thus subject to change
+    ///                              at any point. It is not bound by the usual
+    ///                              interface stability promises.
+    ///
+    /// \note                        This function combined with \c
+    ///                              psa_verify_hash_complete() is equivalent to
+    ///                              \c psa_verify_hash() but \c
+    ///                              psa_verify_hash_complete() can return early and
+    ///                              resume according to the limit set with \c
+    ///                              psa_interruptible_set_max_ops() to reduce the
+    ///                              maximum time spent in a function.
+    ///
+    /// \note                        Users should call \c psa_verify_hash_complete()
+    ///                              repeatedly on the same operation object after a
+    ///                              successful call to this function until \c
+    ///                              psa_verify_hash_complete() either returns 0 or
+    ///                              an error. \c psa_verify_hash_complete() will
+    ///                              return #PSA_OPERATION_INCOMPLETE if there is
+    ///                              more work to do. Alternatively users can call
+    ///                              \c psa_verify_hash_abort() at any point if they
+    ///                              no longer want the result.
+    ///
+    /// \note                        If this function returns an error status, the
+    ///                              operation enters an error state and must be
+    ///                              aborted by calling \c psa_verify_hash_abort().
+    ///
+    /// \param[in, out] operation    The \c psa_verify_hash_interruptible_operation_t
+    ///                              to use. This must be initialized first.
+    ///
+    /// \param key                   Identifier of the key to use for the operation.
+    ///                              The key must allow the usage
+    ///                              #PSA_KEY_USAGE_VERIFY_HASH.
+    /// \param alg                   A signature algorithm (\c PSA_ALG_XXX
+    ///                              value such that #PSA_ALG_IS_SIGN_HASH(\p alg)
+    ///                              is true), that is compatible with
+    ///                              the type of \p key.
+    /// \param[in] hash              The hash whose signature is to be verified.
+    /// \param hash_length           Size of the \p hash buffer in bytes.
+    /// \param[in] signature         Buffer containing the signature to verify.
+    /// \param signature_length      Size of the \p signature buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         The operation started successfully - please call \c
+    ///         psa_verify_hash_complete() with the same context to complete the
+    ///         operation.
+    ///
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         Another operation has already been started on this context, and is
+    ///         still in progress.
+    ///
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The key does not have the #PSA_KEY_USAGE_VERIFY_HASH flag, or it does
+    ///         not permit the requested algorithm.
+    ///
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_verify_hash_start(
+        operation: *mut psa_verify_hash_interruptible_operation_t,
+        key: mbedtls_svc_key_id_t,
+        alg: psa_algorithm_t,
+        hash: *const u8,
+        hash_length: usize,
+        signature: *const u8,
+        signature_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief                       Continue and eventually complete the action of
+    ///                              reading and verifying a hash or short message
+    ///                              signed with a private key, in an interruptible
+    ///                              manner.
+    ///
+    /// \see                         \c psa_verify_hash_start()
+    ///
+    /// \warning                     This is a beta API, and thus subject to change
+    ///                              at any point. It is not bound by the usual
+    ///                              interface stability promises.
+    ///
+    /// \note                        This function combined with \c
+    ///                              psa_verify_hash_start() is equivalent to
+    ///                              \c psa_verify_hash() but this function can
+    ///                              return early and resume according to the limit
+    ///                              set with \c psa_interruptible_set_max_ops() to
+    ///                              reduce the maximum time spent in a function
+    ///                              call.
+    ///
+    /// \note                        Users should call this function on the same
+    ///                              operation object repeatedly until it either
+    ///                              returns 0 or an error. This function will return
+    ///                              #PSA_OPERATION_INCOMPLETE if there is more work
+    ///                              to do. Alternatively users can call
+    ///                              \c psa_verify_hash_abort() at any point if they
+    ///                              no longer want the result.
+    ///
+    /// \note                        When this function returns successfully, the
+    ///                              operation becomes inactive. If this function
+    ///                              returns an error status, the operation enters an
+    ///                              error state and must be aborted by calling
+    ///                              \c psa_verify_hash_abort().
+    ///
+    /// \param[in, out] operation    The \c psa_verify_hash_interruptible_operation_t
+    ///                              to use. This must be initialized first, and have
+    ///                              had \c psa_verify_hash_start() called with it
+    ///                              first.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Operation completed successfully, and the passed signature is valid.
+    ///
+    /// \retval #PSA_OPERATION_INCOMPLETE
+    ///         Operation was interrupted due to the setting of \c
+    ///         psa_interruptible_set_max_ops(). There is still work to be done.
+    ///         Call this function again with the same operation object.
+    ///
+    /// \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The calculation was performed successfully, but the passed
+    ///         signature is not a valid signature.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         An operation was not previously started on this context via
+    ///         \c psa_verify_hash_start().
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has either not been previously initialized by
+    ///         psa_crypto_init() or you did not previously call
+    ///         psa_verify_hash_start() on this object. It is
+    ///         implementation-dependent whether a failure to initialize results in
+    ///         this error code.
+    pub fn psa_verify_hash_complete(
+        operation: *mut psa_verify_hash_interruptible_operation_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// \brief                     Abort a verify hash operation.
+    ///
+    /// \warning                   This is a beta API, and thus subject to change at
+    ///                            any point. It is not bound by the usual interface
+    ///                            stability promises.
+    ///
+    /// \note                      This function is the only function that clears the
+    ///                            number of ops completed as part of the operation.
+    ///                            Please ensure you copy this value via
+    ///                            \c psa_verify_hash_get_num_ops() if required
+    ///                            before calling.
+    ///
+    /// \note                      Aborting an operation frees all associated
+    ///                            resources except for the operation structure
+    ///                            itself. Once aborted, the operation object can be
+    ///                            reused for another operation by calling \c
+    ///                            psa_verify_hash_start() again.
+    ///
+    /// \note                      You may call this function any time after the
+    ///                            operation object has been initialized.
+    ///                            In particular, calling \c psa_verify_hash_abort()
+    ///                            after the operation has already been terminated by
+    ///                            a call to \c psa_verify_hash_abort() or
+    ///                            psa_verify_hash_complete() is safe.
+    ///
+    /// \param[in,out] operation   Initialized verify hash operation.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         The operation was aborted successfully.
+    ///
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_verify_hash_abort(
+        operation: *mut psa_verify_hash_interruptible_operation_t,
+    ) -> psa_status_t;
+}
+/// The CMAC context structure.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_cmac_context_t {
+    pub private_state: [crate::c_types::c_uchar; 16usize],
+    pub private_unprocessed_block: [crate::c_types::c_uchar; 16usize],
+    pub private_unprocessed_len: usize,
+}
+extern "C" {
+    /// \brief               This function starts a new CMAC computation
+    ///                      by setting the CMAC key, and preparing to authenticate
+    ///                      the input data.
+    ///                      It must be called with an initialized cipher context.
+    ///
+    ///                      Once this function has completed, data can be supplied
+    ///                      to the CMAC computation by calling
+    ///                      mbedtls_cipher_cmac_update().
+    ///
+    ///                      To start a CMAC computation using the same key as a previous
+    ///                      CMAC computation, use mbedtls_cipher_cmac_finish().
+    ///
+    /// \note                When the CMAC implementation is supplied by an alternate
+    ///                      implementation (through #MBEDTLS_CMAC_ALT), some ciphers
+    ///                      may not be supported by that implementation, and thus
+    ///                      return an error. Alternate implementations must support
+    ///                      AES-128 and AES-256, and may support AES-192 and 3DES.
+    ///
+    /// \param ctx           The cipher context used for the CMAC operation, initialized
+    ///                      as one of the following types: MBEDTLS_CIPHER_AES_128_ECB,
+    ///                      MBEDTLS_CIPHER_AES_192_ECB, MBEDTLS_CIPHER_AES_256_ECB,
+    ///                      or MBEDTLS_CIPHER_DES_EDE3_ECB.
+    /// \param key           The CMAC key.
+    /// \param keybits       The length of the CMAC key in bits.
+    ///                      Must be supported by the cipher.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              A cipher-specific error code on failure.
+    pub fn mbedtls_cipher_cmac_starts(
+        ctx: *mut mbedtls_cipher_context_t,
+        key: *const crate::c_types::c_uchar,
+        keybits: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function feeds an input buffer into an ongoing CMAC
+    ///                      computation.
+    ///
+    ///                      The CMAC computation must have previously been started
+    ///                      by calling mbedtls_cipher_cmac_starts() or
+    ///                      mbedtls_cipher_cmac_reset().
+    ///
+    ///                      Call this function as many times as needed to input the
+    ///                      data to be authenticated.
+    ///                      Once all of the required data has been input,
+    ///                      call mbedtls_cipher_cmac_finish() to obtain the result
+    ///                      of the CMAC operation.
+    ///
+    /// \param ctx           The cipher context used for the CMAC operation.
+    /// \param input         The buffer holding the input data.
+    /// \param ilen          The length of the input data.
+    ///
+    /// \return             \c 0 on success.
+    /// \return             #MBEDTLS_ERR_MD_BAD_INPUT_DATA
+    ///                     if parameter verification fails.
+    pub fn mbedtls_cipher_cmac_update(
+        ctx: *mut mbedtls_cipher_context_t,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function finishes an ongoing CMAC operation, and
+    ///                      writes the result to the output buffer.
+    ///
+    ///                      It should be followed either by
+    ///                      mbedtls_cipher_cmac_reset(), which starts another CMAC
+    ///                      operation with the same key, or mbedtls_cipher_free(),
+    ///                      which clears the cipher context.
+    ///
+    /// \param ctx           The cipher context used for the CMAC operation.
+    /// \param output        The output buffer for the CMAC checksum result.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_MD_BAD_INPUT_DATA
+    ///                      if parameter verification fails.
+    pub fn mbedtls_cipher_cmac_finish(
+        ctx: *mut mbedtls_cipher_context_t,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function starts a new CMAC operation with the same
+    ///                      key as the previous one.
+    ///
+    ///                      It should be called after finishing the previous CMAC
+    ///                      operation with mbedtls_cipher_cmac_finish().
+    ///                      After calling this function,
+    ///                      call mbedtls_cipher_cmac_update() to supply the new
+    ///                      CMAC operation with data.
+    ///
+    /// \param ctx           The cipher context used for the CMAC operation.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_MD_BAD_INPUT_DATA
+    ///                      if parameter verification fails.
+    pub fn mbedtls_cipher_cmac_reset(ctx: *mut mbedtls_cipher_context_t) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function calculates the full generic CMAC
+    ///                      on the input buffer with the provided key.
+    ///
+    ///                      The function allocates the context, performs the
+    ///                      calculation, and frees the context.
+    ///
+    ///                      The CMAC result is calculated as
+    ///                      output = generic CMAC(cmac key, input buffer).
+    ///
+    /// \note                When the CMAC implementation is supplied by an alternate
+    ///                      implementation (through #MBEDTLS_CMAC_ALT), some ciphers
+    ///                      may not be supported by that implementation, and thus
+    ///                      return an error. Alternate implementations must support
+    ///                      AES-128 and AES-256, and may support AES-192 and 3DES.
+    ///
+    /// \param cipher_info   The cipher information.
+    /// \param key           The CMAC key.
+    /// \param keylen        The length of the CMAC key in bits.
+    /// \param input         The buffer holding the input data.
+    /// \param ilen          The length of the input data.
+    /// \param output        The buffer for the generic CMAC result.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_MD_BAD_INPUT_DATA
+    ///                      if parameter verification fails.
+    pub fn mbedtls_cipher_cmac(
+        cipher_info: *const mbedtls_cipher_info_t,
+        key: *const crate::c_types::c_uchar,
+        keylen: usize,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function implements the AES-CMAC-PRF-128 pseudorandom
+    ///                  function, as defined in
+    ///                  <em>RFC-4615: The Advanced Encryption Standard-Cipher-based
+    ///                  Message Authentication Code-Pseudo-Random Function-128
+    ///                  (AES-CMAC-PRF-128) Algorithm for the Internet Key
+    ///                  Exchange Protocol (IKE).</em>
+    ///
+    /// \param key       The key to use.
+    /// \param key_len   The key length in Bytes.
+    /// \param input     The buffer holding the input data.
+    /// \param in_len    The length of the input data in Bytes.
+    /// \param output    The buffer holding the generated 16 Bytes of
+    ///                  pseudorandom output.
+    ///
+    /// \return          \c 0 on success.
+    pub fn mbedtls_aes_cmac_prf_128(
+        key: *const crate::c_types::c_uchar,
+        key_len: usize,
+        input: *const crate::c_types::c_uchar,
+        in_len: usize,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          The CMAC checkup routine.
+    ///
+    /// \note           In case the CMAC routines are provided by an alternative
+    ///                 implementation (i.e. #MBEDTLS_CMAC_ALT is defined), the
+    ///                 checkup routine will succeed even if the implementation does
+    ///                 not support the less widely used AES-192 or 3DES primitives.
+    ///                 The self-test requires at least AES-128 and AES-256 to be
+    ///                 supported by the underlying implementation.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_cmac_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+/// \brief          The GCM context structure.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_gcm_context {
+    pub private_cipher_ctx: mbedtls_cipher_context_t,
+    pub private_HL: [u64; 16usize],
+    pub private_HH: [u64; 16usize],
+    pub private_len: u64,
+    pub private_add_len: u64,
+    pub private_base_ectr: [crate::c_types::c_uchar; 16usize],
+    pub private_y: [crate::c_types::c_uchar; 16usize],
+    pub private_buf: [crate::c_types::c_uchar; 16usize],
+    pub private_mode: crate::c_types::c_int,
+}
+extern "C" {
+    /// \brief           This function initializes the specified GCM context,
+    ///                  to make references valid, and prepares the context
+    ///                  for mbedtls_gcm_setkey() or mbedtls_gcm_free().
+    ///
+    ///                  The function does not bind the GCM context to a particular
+    ///                  cipher, nor set the key. For this purpose, use
+    ///                  mbedtls_gcm_setkey().
+    ///
+    /// \param ctx       The GCM context to initialize. This must not be \c NULL.
+    pub fn mbedtls_gcm_init(ctx: *mut mbedtls_gcm_context);
+}
+extern "C" {
+    /// \brief           This function associates a GCM context with a
+    ///                  cipher algorithm and a key.
+    ///
+    /// \param ctx       The GCM context. This must be initialized.
+    /// \param cipher    The 128-bit block cipher to use.
+    /// \param key       The encryption key. This must be a readable buffer of at
+    ///                  least \p keybits bits.
+    /// \param keybits   The key size in bits. Valid options are:
+    ///                  <ul><li>128 bits</li>
+    ///                  <li>192 bits</li>
+    ///                  <li>256 bits</li></ul>
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A cipher-specific error code on failure.
+    pub fn mbedtls_gcm_setkey(
+        ctx: *mut mbedtls_gcm_context,
+        cipher: mbedtls_cipher_id_t,
+        key: *const crate::c_types::c_uchar,
+        keybits: crate::c_types::c_uint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function performs GCM encryption or decryption of a buffer.
+    ///
+    /// \note            For encryption, the output buffer can be the same as the
+    ///                  input buffer. For decryption, the output buffer cannot be
+    ///                  the same as input buffer. If the buffers overlap, the output
+    ///                  buffer must trail at least 8 Bytes behind the input buffer.
+    ///
+    /// \warning         When this function performs a decryption, it outputs the
+    ///                  authentication tag and does not verify that the data is
+    ///                  authentic. You should use this function to perform encryption
+    ///                  only. For decryption, use mbedtls_gcm_auth_decrypt() instead.
+    ///
+    /// \param ctx       The GCM context to use for encryption or decryption. This
+    ///                  must be initialized.
+    /// \param mode      The operation to perform:
+    ///                  - #MBEDTLS_GCM_ENCRYPT to perform authenticated encryption.
+    ///                    The ciphertext is written to \p output and the
+    ///                    authentication tag is written to \p tag.
+    ///                  - #MBEDTLS_GCM_DECRYPT to perform decryption.
+    ///                    The plaintext is written to \p output and the
+    ///                    authentication tag is written to \p tag.
+    ///                    Note that this mode is not recommended, because it does
+    ///                    not verify the authenticity of the data. For this reason,
+    ///                    you should use mbedtls_gcm_auth_decrypt() instead of
+    ///                    calling this function in decryption mode.
+    /// \param length    The length of the input data, which is equal to the length
+    ///                  of the output data.
+    /// \param iv        The initialization vector. This must be a readable buffer of
+    ///                  at least \p iv_len Bytes.
+    /// \param iv_len    The length of the IV.
+    /// \param add       The buffer holding the additional data. This must be of at
+    ///                  least that size in Bytes.
+    /// \param add_len   The length of the additional data.
+    /// \param input     The buffer holding the input data. If \p length is greater
+    ///                  than zero, this must be a readable buffer of at least that
+    ///                  size in Bytes.
+    /// \param output    The buffer for holding the output data. If \p length is greater
+    ///                  than zero, this must be a writable buffer of at least that
+    ///                  size in Bytes.
+    /// \param tag_len   The length of the tag to generate.
+    /// \param tag       The buffer for holding the tag. This must be a writable
+    ///                  buffer of at least \p tag_len Bytes.
+    ///
+    /// \return          \c 0 if the encryption or decryption was performed
+    ///                  successfully. Note that in #MBEDTLS_GCM_DECRYPT mode,
+    ///                  this does not indicate that the data is authentic.
+    /// \return          #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths or pointers are
+    ///                  not valid or a cipher-specific error code if the encryption
+    ///                  or decryption failed.
+    pub fn mbedtls_gcm_crypt_and_tag(
+        ctx: *mut mbedtls_gcm_context,
+        mode: crate::c_types::c_int,
+        length: usize,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+        add: *const crate::c_types::c_uchar,
+        add_len: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+        tag_len: usize,
+        tag: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function performs a GCM authenticated decryption of a
+    ///                  buffer.
+    ///
+    /// \note            For decryption, the output buffer cannot be the same as
+    ///                  input buffer. If the buffers overlap, the output buffer
+    ///                  must trail at least 8 Bytes behind the input buffer.
+    ///
+    /// \param ctx       The GCM context. This must be initialized.
+    /// \param length    The length of the ciphertext to decrypt, which is also
+    ///                  the length of the decrypted plaintext.
+    /// \param iv        The initialization vector. This must be a readable buffer
+    ///                  of at least \p iv_len Bytes.
+    /// \param iv_len    The length of the IV.
+    /// \param add       The buffer holding the additional data. This must be of at
+    ///                  least that size in Bytes.
+    /// \param add_len   The length of the additional data.
+    /// \param tag       The buffer holding the tag to verify. This must be a
+    ///                  readable buffer of at least \p tag_len Bytes.
+    /// \param tag_len   The length of the tag to verify.
+    /// \param input     The buffer holding the ciphertext. If \p length is greater
+    ///                  than zero, this must be a readable buffer of at least that
+    ///                  size.
+    /// \param output    The buffer for holding the decrypted plaintext. If \p length
+    ///                  is greater than zero, this must be a writable buffer of at
+    ///                  least that size.
+    ///
+    /// \return          \c 0 if successful and authenticated.
+    /// \return          #MBEDTLS_ERR_GCM_AUTH_FAILED if the tag does not match.
+    /// \return          #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths or pointers are
+    ///                  not valid or a cipher-specific error code if the decryption
+    ///                  failed.
+    pub fn mbedtls_gcm_auth_decrypt(
+        ctx: *mut mbedtls_gcm_context,
+        length: usize,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+        add: *const crate::c_types::c_uchar,
+        add_len: usize,
+        tag: *const crate::c_types::c_uchar,
+        tag_len: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function starts a GCM encryption or decryption
+    ///                  operation.
+    ///
+    /// \param ctx       The GCM context. This must be initialized.
+    /// \param mode      The operation to perform: #MBEDTLS_GCM_ENCRYPT or
+    ///                  #MBEDTLS_GCM_DECRYPT.
+    /// \param iv        The initialization vector. This must be a readable buffer of
+    ///                  at least \p iv_len Bytes.
+    /// \param iv_len    The length of the IV.
+    ///
+    /// \return          \c 0 on success.
+    pub fn mbedtls_gcm_starts(
+        ctx: *mut mbedtls_gcm_context,
+        mode: crate::c_types::c_int,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function feeds an input buffer as associated data
+    ///                  (authenticated but not encrypted data) in a GCM
+    ///                  encryption or decryption operation.
+    ///
+    ///                  Call this function after mbedtls_gcm_starts() to pass
+    ///                  the associated data. If the associated data is empty,
+    ///                  you do not need to call this function. You may not
+    ///                  call this function after calling mbedtls_cipher_update().
+    ///
+    /// \param ctx       The GCM context. This must have been started with
+    ///                  mbedtls_gcm_starts() and must not have yet received
+    ///                  any input with mbedtls_gcm_update().
+    /// \param add       The buffer holding the additional data, or \c NULL
+    ///                  if \p add_len is \c 0.
+    /// \param add_len   The length of the additional data. If \c 0,
+    ///                  \p add may be \c NULL.
+    ///
+    /// \return          \c 0 on success.
+    pub fn mbedtls_gcm_update_ad(
+        ctx: *mut mbedtls_gcm_context,
+        add: *const crate::c_types::c_uchar,
+        add_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function feeds an input buffer into an ongoing GCM
+    ///                  encryption or decryption operation.
+    ///
+    ///                  You may call this function zero, one or more times
+    ///                  to pass successive parts of the input: the plaintext to
+    ///                  encrypt, or the ciphertext (not including the tag) to
+    ///                  decrypt. After the last part of the input, call
+    ///                  mbedtls_gcm_finish().
+    ///
+    ///                  This function may produce output in one of the following
+    ///                  ways:
+    ///                  - Immediate output: the output length is always equal
+    ///                    to the input length.
+    ///                  - Buffered output: the output consists of a whole number
+    ///                    of 16-byte blocks. If the total input length so far
+    ///                    (not including associated data) is 16 \* *B* + *A*
+    ///                    with *A* < 16 then the total output length is 16 \* *B*.
+    ///
+    ///                  In particular:
+    ///                  - It is always correct to call this function with
+    ///                    \p output_size >= \p input_length + 15.
+    ///                  - If \p input_length is a multiple of 16 for all the calls
+    ///                    to this function during an operation, then it is
+    ///                    correct to use \p output_size = \p input_length.
+    ///
+    /// \note            For decryption, the output buffer cannot be the same as
+    ///                  input buffer. If the buffers overlap, the output buffer
+    ///                  must trail at least 8 Bytes behind the input buffer.
+    ///
+    /// \param ctx           The GCM context. This must be initialized.
+    /// \param input         The buffer holding the input data. If \p input_length
+    ///                      is greater than zero, this must be a readable buffer
+    ///                      of at least \p input_length bytes.
+    /// \param input_length  The length of the input data in bytes.
+    /// \param output        The buffer for the output data. If \p output_size
+    ///                      is greater than zero, this must be a writable buffer of
+    ///                      of at least \p output_size bytes.
+    /// \param output_size   The size of the output buffer in bytes.
+    ///                      See the function description regarding the output size.
+    /// \param output_length On success, \p *output_length contains the actual
+    ///                      length of the output written in \p output.
+    ///                      On failure, the content of \p *output_length is
+    ///                      unspecified.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_GCM_BAD_INPUT on failure:
+    ///                 total input length too long,
+    ///                 unsupported input/output buffer overlap detected,
+    ///                 or \p output_size too small.
+    pub fn mbedtls_gcm_update(
+        ctx: *mut mbedtls_gcm_context,
+        input: *const crate::c_types::c_uchar,
+        input_length: usize,
+        output: *mut crate::c_types::c_uchar,
+        output_size: usize,
+        output_length: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function finishes the GCM operation and generates
+    ///                  the authentication tag.
+    ///
+    ///                  It wraps up the GCM stream, and generates the
+    ///                  tag. The tag can have a maximum length of 16 Bytes.
+    ///
+    /// \param ctx       The GCM context. This must be initialized.
+    /// \param tag       The buffer for holding the tag. This must be a writable
+    ///                  buffer of at least \p tag_len Bytes.
+    /// \param tag_len   The length of the tag to generate. This must be at least
+    ///                  four.
+    /// \param output    The buffer for the final output.
+    ///                  If \p output_size is nonzero, this must be a writable
+    ///                  buffer of at least \p output_size bytes.
+    /// \param output_size  The size of the \p output buffer in bytes.
+    ///                  This must be large enough for the output that
+    ///                  mbedtls_gcm_update() has not produced. In particular:
+    ///                  - If mbedtls_gcm_update() produces immediate output,
+    ///                    or if the total input size is a multiple of \c 16,
+    ///                    then mbedtls_gcm_finish() never produces any output,
+    ///                    so \p output_size can be \c 0.
+    ///                  - \p output_size never needs to be more than \c 15.
+    /// \param output_length On success, \p *output_length contains the actual
+    ///                      length of the output written in \p output.
+    ///                      On failure, the content of \p *output_length is
+    ///                      unspecified.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_GCM_BAD_INPUT on failure:
+    ///                  invalid value of \p tag_len,
+    ///                  or \p output_size too small.
+    pub fn mbedtls_gcm_finish(
+        ctx: *mut mbedtls_gcm_context,
+        output: *mut crate::c_types::c_uchar,
+        output_size: usize,
+        output_length: *mut usize,
+        tag: *mut crate::c_types::c_uchar,
+        tag_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function clears a GCM context and the underlying
+    ///                  cipher sub-context.
+    ///
+    /// \param ctx       The GCM context to clear. If this is \c NULL, the call has
+    ///                  no effect. Otherwise, this must be initialized.
+    pub fn mbedtls_gcm_free(ctx: *mut mbedtls_gcm_context);
+}
+extern "C" {
+    /// \brief          The GCM checkup routine.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_gcm_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+/// \brief    The CCM context-type definition. The CCM context is passed
+///           to the APIs called.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ccm_context {
+    pub private_y: [crate::c_types::c_uchar; 16usize],
+    pub private_ctr: [crate::c_types::c_uchar; 16usize],
+    pub private_cipher_ctx: mbedtls_cipher_context_t,
+    pub private_plaintext_len: usize,
+    pub private_add_len: usize,
+    pub private_tag_len: usize,
+    pub private_processed: usize,
+    pub private_q: crate::c_types::c_uchar,
+    pub private_mode: crate::c_types::c_uchar,
+    pub private_state: crate::c_types::c_int,
+}
+extern "C" {
+    /// \brief           This function initializes the specified CCM context,
+    ///                  to make references valid, and prepare the context
+    ///                  for mbedtls_ccm_setkey() or mbedtls_ccm_free().
+    ///
+    /// \param ctx       The CCM context to initialize. This must not be \c NULL.
+    pub fn mbedtls_ccm_init(ctx: *mut mbedtls_ccm_context);
+}
+extern "C" {
+    /// \brief           This function initializes the CCM context set in the
+    ///                  \p ctx parameter and sets the encryption key.
+    ///
+    /// \param ctx       The CCM context to initialize. This must be an initialized
+    ///                  context.
+    /// \param cipher    The 128-bit block cipher to use.
+    /// \param key       The encryption key. This must not be \c NULL.
+    /// \param keybits   The key size in bits. This must be acceptable by the cipher.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A CCM or cipher-specific error code on failure.
+    pub fn mbedtls_ccm_setkey(
+        ctx: *mut mbedtls_ccm_context,
+        cipher: mbedtls_cipher_id_t,
+        key: *const crate::c_types::c_uchar,
+        keybits: crate::c_types::c_uint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief   This function releases and clears the specified CCM context
+    ///          and underlying cipher sub-context.
+    ///
+    /// \param ctx       The CCM context to clear. If this is \c NULL, the function
+    ///                  has no effect. Otherwise, this must be initialized.
+    pub fn mbedtls_ccm_free(ctx: *mut mbedtls_ccm_context);
+}
+extern "C" {
+    /// \brief           This function encrypts a buffer using CCM.
+    ///
+    /// \note            The tag is written to a separate buffer. To concatenate
+    ///                  the \p tag with the \p output, as done in <em>RFC-3610:
+    ///                  Counter with CBC-MAC (CCM)</em>, use
+    ///                  \p tag = \p output + \p length, and make sure that the
+    ///                  output buffer is at least \p length + \p tag_len wide.
+    ///
+    /// \param ctx       The CCM context to use for encryption. This must be
+    ///                  initialized and bound to a key.
+    /// \param length    The length of the input data in Bytes.
+    /// \param iv        The initialization vector (nonce). This must be a readable
+    ///                  buffer of at least \p iv_len Bytes.
+    /// \param iv_len    The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
+    ///                  or 13. The length L of the message length field is
+    ///                  15 - \p iv_len.
+    /// \param ad        The additional data field. If \p ad_len is greater than
+    ///                  zero, \p ad must be a readable buffer of at least that
+    ///                  length.
+    /// \param ad_len    The length of additional data in Bytes.
+    ///                  This must be less than `2^16 - 2^8`.
+    /// \param input     The buffer holding the input data. If \p length is greater
+    ///                  than zero, \p input must be a readable buffer of at least
+    ///                  that length.
+    /// \param output    The buffer holding the output data. If \p length is greater
+    ///                  than zero, \p output must be a writable buffer of at least
+    ///                  that length.
+    /// \param tag       The buffer holding the authentication field. This must be a
+    ///                  writable buffer of at least \p tag_len Bytes.
+    /// \param tag_len   The length of the authentication field to generate in Bytes:
+    ///                  4, 6, 8, 10, 12, 14 or 16.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A CCM or cipher-specific error code on failure.
+    pub fn mbedtls_ccm_encrypt_and_tag(
+        ctx: *mut mbedtls_ccm_context,
+        length: usize,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+        ad: *const crate::c_types::c_uchar,
+        ad_len: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+        tag: *mut crate::c_types::c_uchar,
+        tag_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function encrypts a buffer using CCM*.
+    ///
+    /// \note            The tag is written to a separate buffer. To concatenate
+    ///                  the \p tag with the \p output, as done in <em>RFC-3610:
+    ///                  Counter with CBC-MAC (CCM)</em>, use
+    ///                  \p tag = \p output + \p length, and make sure that the
+    ///                  output buffer is at least \p length + \p tag_len wide.
+    ///
+    /// \note            When using this function in a variable tag length context,
+    ///                  the tag length has to be encoded into the \p iv passed to
+    ///                  this function.
+    ///
+    /// \param ctx       The CCM context to use for encryption. This must be
+    ///                  initialized and bound to a key.
+    /// \param length    The length of the input data in Bytes.
+    ///                  For tag length = 0, input length is ignored.
+    /// \param iv        The initialization vector (nonce). This must be a readable
+    ///                  buffer of at least \p iv_len Bytes.
+    /// \param iv_len    The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
+    ///                  or 13. The length L of the message length field is
+    ///                  15 - \p iv_len.
+    /// \param ad        The additional data field. This must be a readable buffer of
+    ///                  at least \p ad_len Bytes.
+    /// \param ad_len    The length of additional data in Bytes.
+    ///                  This must be less than 2^16 - 2^8.
+    /// \param input     The buffer holding the input data. If \p length is greater
+    ///                  than zero, \p input must be a readable buffer of at least
+    ///                  that length.
+    /// \param output    The buffer holding the output data. If \p length is greater
+    ///                  than zero, \p output must be a writable buffer of at least
+    ///                  that length.
+    /// \param tag       The buffer holding the authentication field. This must be a
+    ///                  writable buffer of at least \p tag_len Bytes.
+    /// \param tag_len   The length of the authentication field to generate in Bytes:
+    ///                  0, 4, 6, 8, 10, 12, 14 or 16.
+    ///
+    /// \warning         Passing \c 0 as \p tag_len means that the message is no
+    ///                  longer authenticated.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A CCM or cipher-specific error code on failure.
+    pub fn mbedtls_ccm_star_encrypt_and_tag(
+        ctx: *mut mbedtls_ccm_context,
+        length: usize,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+        ad: *const crate::c_types::c_uchar,
+        ad_len: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+        tag: *mut crate::c_types::c_uchar,
+        tag_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function performs a CCM authenticated decryption of a
+    ///                  buffer.
+    ///
+    /// \param ctx       The CCM context to use for decryption. This must be
+    ///                  initialized and bound to a key.
+    /// \param length    The length of the input data in Bytes.
+    /// \param iv        The initialization vector (nonce). This must be a readable
+    ///                  buffer of at least \p iv_len Bytes.
+    /// \param iv_len    The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
+    ///                  or 13. The length L of the message length field is
+    ///                  15 - \p iv_len.
+    /// \param ad        The additional data field. This must be a readable buffer
+    ///                  of at least that \p ad_len Bytes..
+    /// \param ad_len    The length of additional data in Bytes.
+    ///                  This must be less than 2^16 - 2^8.
+    /// \param input     The buffer holding the input data. If \p length is greater
+    ///                  than zero, \p input must be a readable buffer of at least
+    ///                  that length.
+    /// \param output    The buffer holding the output data. If \p length is greater
+    ///                  than zero, \p output must be a writable buffer of at least
+    ///                  that length.
+    /// \param tag       The buffer holding the authentication field. This must be a
+    ///                  readable buffer of at least \p tag_len Bytes.
+    /// \param tag_len   The length of the authentication field to generate in Bytes:
+    ///                  4, 6, 8, 10, 12, 14 or 16.
+    ///
+    /// \return          \c 0 on success. This indicates that the message is authentic.
+    /// \return          #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match.
+    /// \return          A cipher-specific error code on calculation failure.
+    pub fn mbedtls_ccm_auth_decrypt(
+        ctx: *mut mbedtls_ccm_context,
+        length: usize,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+        ad: *const crate::c_types::c_uchar,
+        ad_len: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+        tag: *const crate::c_types::c_uchar,
+        tag_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function performs a CCM* authenticated decryption of a
+    ///                  buffer.
+    ///
+    /// \note            When using this function in a variable tag length context,
+    ///                  the tag length has to be decoded from \p iv and passed to
+    ///                  this function as \p tag_len. (\p tag needs to be adjusted
+    ///                  accordingly.)
+    ///
+    /// \param ctx       The CCM context to use for decryption. This must be
+    ///                  initialized and bound to a key.
+    /// \param length    The length of the input data in Bytes.
+    ///                  For tag length = 0, input length is ignored.
+    /// \param iv        The initialization vector (nonce). This must be a readable
+    ///                  buffer of at least \p iv_len Bytes.
+    /// \param iv_len    The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
+    ///                  or 13. The length L of the message length field is
+    ///                  15 - \p iv_len.
+    /// \param ad        The additional data field. This must be a readable buffer of
+    ///                  at least that \p ad_len Bytes.
+    /// \param ad_len    The length of additional data in Bytes.
+    ///                  This must be less than 2^16 - 2^8.
+    /// \param input     The buffer holding the input data. If \p length is greater
+    ///                  than zero, \p input must be a readable buffer of at least
+    ///                  that length.
+    /// \param output    The buffer holding the output data. If \p length is greater
+    ///                  than zero, \p output must be a writable buffer of at least
+    ///                  that length.
+    /// \param tag       The buffer holding the authentication field. This must be a
+    ///                  readable buffer of at least \p tag_len Bytes.
+    /// \param tag_len   The length of the authentication field in Bytes.
+    ///                  0, 4, 6, 8, 10, 12, 14 or 16.
+    ///
+    /// \warning         Passing \c 0 as \p tag_len means that the message is nos
+    ///                  longer authenticated.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match.
+    /// \return          A cipher-specific error code on calculation failure.
+    pub fn mbedtls_ccm_star_auth_decrypt(
+        ctx: *mut mbedtls_ccm_context,
+        length: usize,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+        ad: *const crate::c_types::c_uchar,
+        ad_len: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+        tag: *const crate::c_types::c_uchar,
+        tag_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function starts a CCM encryption or decryption
+    ///                  operation.
+    ///
+    ///                  This function and mbedtls_ccm_set_lengths() must be called
+    ///                  before calling mbedtls_ccm_update_ad() or
+    ///                  mbedtls_ccm_update(). This function can be called before
+    ///                  or after mbedtls_ccm_set_lengths().
+    ///
+    /// \note            This function is not implemented in Mbed TLS yet.
+    ///
+    /// \param ctx       The CCM context. This must be initialized.
+    /// \param mode      The operation to perform: #MBEDTLS_CCM_ENCRYPT or
+    ///                  #MBEDTLS_CCM_DECRYPT or #MBEDTLS_CCM_STAR_ENCRYPT or
+    ///                  #MBEDTLS_CCM_STAR_DECRYPT.
+    /// \param iv        The initialization vector. This must be a readable buffer
+    ///                  of at least \p iv_len Bytes.
+    /// \param iv_len    The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
+    ///                  or 13. The length L of the message length field is
+    ///                  15 - \p iv_len.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_CCM_BAD_INPUT on failure:
+    ///                  \p ctx is in an invalid state,
+    ///                  \p mode is invalid,
+    ///                  \p iv_len is invalid (lower than \c 7 or greater than
+    ///                  \c 13).
+    pub fn mbedtls_ccm_starts(
+        ctx: *mut mbedtls_ccm_context,
+        mode: crate::c_types::c_int,
+        iv: *const crate::c_types::c_uchar,
+        iv_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function declares the lengths of the message
+    ///                  and additional data for a CCM encryption or decryption
+    ///                  operation.
+    ///
+    ///                  This function and mbedtls_ccm_starts() must be called
+    ///                  before calling mbedtls_ccm_update_ad() or
+    ///                  mbedtls_ccm_update(). This function can be called before
+    ///                  or after mbedtls_ccm_starts().
+    ///
+    /// \note            This function is not implemented in Mbed TLS yet.
+    ///
+    /// \param ctx       The CCM context. This must be initialized.
+    /// \param total_ad_len   The total length of additional data in bytes.
+    ///                       This must be less than `2^16 - 2^8`.
+    /// \param plaintext_len  The length in bytes of the plaintext to encrypt or
+    ///                       result of the decryption (thus not encompassing the
+    ///                       additional data that are not encrypted).
+    /// \param tag_len   The length of the tag to generate in Bytes:
+    ///                  4, 6, 8, 10, 12, 14 or 16.
+    ///                  For CCM*, zero is also valid.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_CCM_BAD_INPUT on failure:
+    ///                  \p ctx is in an invalid state,
+    ///                  \p total_ad_len is greater than \c 0xFF00.
+    pub fn mbedtls_ccm_set_lengths(
+        ctx: *mut mbedtls_ccm_context,
+        total_ad_len: usize,
+        plaintext_len: usize,
+        tag_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function feeds an input buffer as associated data
+    ///                  (authenticated but not encrypted data) in a CCM
+    ///                  encryption or decryption operation.
+    ///
+    ///                  You may call this function zero, one or more times
+    ///                  to pass successive parts of the additional data. The
+    ///                  lengths \p ad_len of the data parts should eventually add
+    ///                  up exactly to the total length of additional data
+    ///                  \c total_ad_len passed to mbedtls_ccm_set_lengths(). You
+    ///                  may not call this function after calling
+    ///                  mbedtls_ccm_update().
+    ///
+    /// \note            This function is not implemented in Mbed TLS yet.
+    ///
+    /// \param ctx       The CCM context. This must have been started with
+    ///                  mbedtls_ccm_starts(), the lengths of the message and
+    ///                  additional data must have been declared with
+    ///                  mbedtls_ccm_set_lengths() and this must not have yet
+    ///                  received any input with mbedtls_ccm_update().
+    /// \param ad        The buffer holding the additional data, or \c NULL
+    ///                  if \p ad_len is \c 0.
+    /// \param ad_len    The length of the additional data. If \c 0,
+    ///                  \p ad may be \c NULL.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_CCM_BAD_INPUT on failure:
+    ///                  \p ctx is in an invalid state,
+    ///                  total input length too long.
+    pub fn mbedtls_ccm_update_ad(
+        ctx: *mut mbedtls_ccm_context,
+        ad: *const crate::c_types::c_uchar,
+        ad_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function feeds an input buffer into an ongoing CCM
+    ///                  encryption or decryption operation.
+    ///
+    ///                  You may call this function zero, one or more times
+    ///                  to pass successive parts of the input: the plaintext to
+    ///                  encrypt, or the ciphertext (not including the tag) to
+    ///                  decrypt. After the last part of the input, call
+    ///                  mbedtls_ccm_finish(). The lengths \p input_len of the
+    ///                  data parts should eventually add up exactly to the
+    ///                  plaintext length \c plaintext_len passed to
+    ///                  mbedtls_ccm_set_lengths().
+    ///
+    ///                  This function may produce output in one of the following
+    ///                  ways:
+    ///                  - Immediate output: the output length is always equal
+    ///                    to the input length.
+    ///                  - Buffered output: except for the last part of input data,
+    ///                    the output consists of a whole number of 16-byte blocks.
+    ///                    If the total input length so far (not including
+    ///                    associated data) is 16 \* *B* + *A* with *A* < 16 then
+    ///                    the total output length is 16 \* *B*.
+    ///                    For the last part of input data, the output length is
+    ///                    equal to the input length plus the number of bytes (*A*)
+    ///                    buffered in the previous call to the function (if any).
+    ///                    The function uses the plaintext length
+    ///                    \c plaintext_len passed to mbedtls_ccm_set_lengths()
+    ///                    to detect the last part of input data.
+    ///
+    ///                  In particular:
+    ///                  - It is always correct to call this function with
+    ///                    \p output_size >= \p input_len + 15.
+    ///                  - If \p input_len is a multiple of 16 for all the calls
+    ///                    to this function during an operation (not necessary for
+    ///                    the last one) then it is correct to use \p output_size
+    ///                    =\p input_len.
+    ///
+    /// \note            This function is not implemented in Mbed TLS yet.
+    ///
+    /// \param ctx           The CCM context. This must have been started with
+    ///                      mbedtls_ccm_starts() and the lengths of the message and
+    ///                      additional data must have been declared with
+    ///                      mbedtls_ccm_set_lengths().
+    /// \param input         The buffer holding the input data. If \p input_len
+    ///                      is greater than zero, this must be a readable buffer
+    ///                      of at least \p input_len bytes.
+    /// \param input_len     The length of the input data in bytes.
+    /// \param output        The buffer for the output data. If \p output_size
+    ///                      is greater than zero, this must be a writable buffer of
+    ///                      at least \p output_size bytes.
+    /// \param output_size   The size of the output buffer in bytes.
+    ///                      See the function description regarding the output size.
+    /// \param output_len    On success, \p *output_len contains the actual
+    ///                      length of the output written in \p output.
+    ///                      On failure, the content of \p *output_len is
+    ///                      unspecified.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_CCM_BAD_INPUT on failure:
+    ///                 \p ctx is in an invalid state,
+    ///                 total input length too long,
+    ///                 or \p output_size too small.
+    pub fn mbedtls_ccm_update(
+        ctx: *mut mbedtls_ccm_context,
+        input: *const crate::c_types::c_uchar,
+        input_len: usize,
+        output: *mut crate::c_types::c_uchar,
+        output_size: usize,
+        output_len: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function finishes the CCM operation and generates
+    ///                  the authentication tag.
+    ///
+    ///                  It wraps up the CCM stream, and generates the
+    ///                  tag. The tag can have a maximum length of 16 Bytes.
+    ///
+    /// \note            This function is not implemented in Mbed TLS yet.
+    ///
+    /// \param ctx       The CCM context. This must have been started with
+    ///                  mbedtls_ccm_starts() and the lengths of the message and
+    ///                  additional data must have been declared with
+    ///                  mbedtls_ccm_set_lengths().
+    /// \param tag       The buffer for holding the tag. If \p tag_len is greater
+    ///                  than zero, this must be a writable buffer of at least \p
+    ///                  tag_len Bytes.
+    /// \param tag_len   The length of the tag. Must match the tag length passed to
+    ///                  mbedtls_ccm_set_lengths() function.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_CCM_BAD_INPUT on failure:
+    ///                  \p ctx is in an invalid state,
+    ///                  invalid value of \p tag_len,
+    ///                  the total amount of additional data passed to
+    ///                  mbedtls_ccm_update_ad() was lower than the total length of
+    ///                  additional data \c total_ad_len passed to
+    ///                  mbedtls_ccm_set_lengths(),
+    ///                  the total amount of input data passed to
+    ///                  mbedtls_ccm_update() was lower than the plaintext length
+    ///                  \c plaintext_len passed to mbedtls_ccm_set_lengths().
+    pub fn mbedtls_ccm_finish(
+        ctx: *mut mbedtls_ccm_context,
+        tag: *mut crate::c_types::c_uchar,
+        tag_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          The CCM checkup routine.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_ccm_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_poly1305_context {
+    pub private_r: [u32; 4usize],
+    pub private_s: [u32; 4usize],
+    pub private_acc: [u32; 5usize],
+    pub private_queue: [u8; 16usize],
+    pub private_queue_len: usize,
+}
+extern "C" {
+    /// \brief           This function initializes the specified Poly1305 context.
+    ///
+    ///                  It must be the first API called before using
+    ///                  the context.
+    ///
+    ///                  It is usually followed by a call to
+    ///                  \c mbedtls_poly1305_starts(), then one or more calls to
+    ///                  \c mbedtls_poly1305_update(), then one call to
+    ///                  \c mbedtls_poly1305_finish(), then finally
+    ///                  \c mbedtls_poly1305_free().
+    ///
+    /// \param ctx       The Poly1305 context to initialize. This must
+    ///                  not be \c NULL.
+    pub fn mbedtls_poly1305_init(ctx: *mut mbedtls_poly1305_context);
+}
+extern "C" {
+    /// \brief           This function releases and clears the specified
+    ///                  Poly1305 context.
+    ///
+    /// \param ctx       The Poly1305 context to clear. This may be \c NULL, in which
+    ///                  case this function is a no-op. If it is not \c NULL, it must
+    ///                  point to an initialized Poly1305 context.
+    pub fn mbedtls_poly1305_free(ctx: *mut mbedtls_poly1305_context);
+}
+extern "C" {
+    /// \brief           This function sets the one-time authentication key.
+    ///
+    /// \warning         The key must be unique and unpredictable for each
+    ///                  invocation of Poly1305.
+    ///
+    /// \param ctx       The Poly1305 context to which the key should be bound.
+    ///                  This must be initialized.
+    /// \param key       The buffer containing the \c 32 Byte (\c 256 Bit) key.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_poly1305_starts(
+        ctx: *mut mbedtls_poly1305_context,
+        key: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This functions feeds an input buffer into an ongoing
+    ///                  Poly1305 computation.
+    ///
+    ///                  It is called between \c mbedtls_cipher_poly1305_starts() and
+    ///                  \c mbedtls_cipher_poly1305_finish().
+    ///                  It can be called repeatedly to process a stream of data.
+    ///
+    /// \param ctx       The Poly1305 context to use for the Poly1305 operation.
+    ///                  This must be initialized and bound to a key.
+    /// \param ilen      The length of the input data in Bytes.
+    ///                  Any value is accepted.
+    /// \param input     The buffer holding the input data.
+    ///                  This pointer can be \c NULL if `ilen == 0`.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_poly1305_update(
+        ctx: *mut mbedtls_poly1305_context,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function generates the Poly1305 Message
+    ///                  Authentication Code (MAC).
+    ///
+    /// \param ctx       The Poly1305 context to use for the Poly1305 operation.
+    ///                  This must be initialized and bound to a key.
+    /// \param mac       The buffer to where the MAC is written. This must
+    ///                  be a writable buffer of length \c 16 Bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_poly1305_finish(
+        ctx: *mut mbedtls_poly1305_context,
+        mac: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function calculates the Poly1305 MAC of the input
+    ///                  buffer with the provided key.
+    ///
+    /// \warning         The key must be unique and unpredictable for each
+    ///                  invocation of Poly1305.
+    ///
+    /// \param key       The buffer containing the \c 32 Byte (\c 256 Bit) key.
+    /// \param ilen      The length of the input data in Bytes.
+    ///                  Any value is accepted.
+    /// \param input     The buffer holding the input data.
+    ///                  This pointer can be \c NULL if `ilen == 0`.
+    /// \param mac       The buffer to where the MAC is written. This must be
+    ///                  a writable buffer of length \c 16 Bytes.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_poly1305_mac(
+        key: *const crate::c_types::c_uchar,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        mac: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           The Poly1305 checkup routine.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          \c 1 on failure.
+    pub fn mbedtls_poly1305_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+///< The mode value for performing encryption.
+pub const mbedtls_chachapoly_mode_t_MBEDTLS_CHACHAPOLY_ENCRYPT: mbedtls_chachapoly_mode_t = 0;
+///< The mode value for performing decryption.
+pub const mbedtls_chachapoly_mode_t_MBEDTLS_CHACHAPOLY_DECRYPT: mbedtls_chachapoly_mode_t = 1;
+pub type mbedtls_chachapoly_mode_t = crate::c_types::c_uint;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_chacha20_context {
+    pub private_state: [u32; 16usize],
+    pub private_keystream8: [u8; 64usize],
+    pub private_keystream_bytes_used: usize,
+}
+extern "C" {
+    /// \brief           This function initializes the specified ChaCha20 context.
+    ///
+    ///                  It must be the first API called before using
+    ///                  the context.
+    ///
+    ///                  It is usually followed by calls to
+    ///                  \c mbedtls_chacha20_setkey() and
+    ///                  \c mbedtls_chacha20_starts(), then one or more calls to
+    ///                  to \c mbedtls_chacha20_update(), and finally to
+    ///                  \c mbedtls_chacha20_free().
+    ///
+    /// \param ctx       The ChaCha20 context to initialize.
+    ///                  This must not be \c NULL.
+    pub fn mbedtls_chacha20_init(ctx: *mut mbedtls_chacha20_context);
+}
+extern "C" {
+    /// \brief           This function releases and clears the specified
+    ///                  ChaCha20 context.
+    ///
+    /// \param ctx       The ChaCha20 context to clear. This may be \c NULL,
+    ///                  in which case this function is a no-op. If it is not
+    ///                  \c NULL, it must point to an initialized context.
+    pub fn mbedtls_chacha20_free(ctx: *mut mbedtls_chacha20_context);
+}
+extern "C" {
+    /// \brief           This function sets the encryption/decryption key.
+    ///
+    /// \note            After using this function, you must also call
+    ///                  \c mbedtls_chacha20_starts() to set a nonce before you
+    ///                  start encrypting/decrypting data with
+    ///                  \c mbedtls_chacha_update().
+    ///
+    /// \param ctx       The ChaCha20 context to which the key should be bound.
+    ///                  It must be initialized.
+    /// \param key       The encryption/decryption key. This must be \c 32 Bytes
+    ///                  in length.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or key is NULL.
+    pub fn mbedtls_chacha20_setkey(
+        ctx: *mut mbedtls_chacha20_context,
+        key: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function sets the nonce and initial counter value.
+    ///
+    /// \note            A ChaCha20 context can be re-used with the same key by
+    ///                  calling this function to change the nonce.
+    ///
+    /// \warning         You must never use the same nonce twice with the same key.
+    ///                  This would void any confidentiality guarantees for the
+    ///                  messages encrypted with the same nonce and key.
+    ///
+    /// \param ctx       The ChaCha20 context to which the nonce should be bound.
+    ///                  It must be initialized and bound to a key.
+    /// \param nonce     The nonce. This must be \c 12 Bytes in size.
+    /// \param counter   The initial counter value. This is usually \c 0.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or nonce is
+    ///                  NULL.
+    pub fn mbedtls_chacha20_starts(
+        ctx: *mut mbedtls_chacha20_context,
+        nonce: *const crate::c_types::c_uchar,
+        counter: u32,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function encrypts or decrypts data.
+    ///
+    ///                  Since ChaCha20 is a stream cipher, the same operation is
+    ///                  used for encrypting and decrypting data.
+    ///
+    /// \note            The \p input and \p output pointers must either be equal or
+    ///                  point to non-overlapping buffers.
+    ///
+    /// \note            \c mbedtls_chacha20_setkey() and
+    ///                  \c mbedtls_chacha20_starts() must be called at least once
+    ///                  to setup the context before this function can be called.
+    ///
+    /// \note            This function can be called multiple times in a row in
+    ///                  order to encrypt of decrypt data piecewise with the same
+    ///                  key and nonce.
+    ///
+    /// \param ctx       The ChaCha20 context to use for encryption or decryption.
+    ///                  It must be initialized and bound to a key and nonce.
+    /// \param size      The length of the input data in Bytes.
+    /// \param input     The buffer holding the input data.
+    ///                  This pointer can be \c NULL if `size == 0`.
+    /// \param output    The buffer holding the output data.
+    ///                  This must be able to hold \p size Bytes.
+    ///                  This pointer can be \c NULL if `size == 0`.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_chacha20_update(
+        ctx: *mut mbedtls_chacha20_context,
+        size: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function encrypts or decrypts data with ChaCha20 and
+    ///                  the given key and nonce.
+    ///
+    ///                  Since ChaCha20 is a stream cipher, the same operation is
+    ///                  used for encrypting and decrypting data.
+    ///
+    /// \warning         You must never use the same (key, nonce) pair more than
+    ///                  once. This would void any confidentiality guarantees for
+    ///                  the messages encrypted with the same nonce and key.
+    ///
+    /// \note            The \p input and \p output pointers must either be equal or
+    ///                  point to non-overlapping buffers.
+    ///
+    /// \param key       The encryption/decryption key.
+    ///                  This must be \c 32 Bytes in length.
+    /// \param nonce     The nonce. This must be \c 12 Bytes in size.
+    /// \param counter   The initial counter value. This is usually \c 0.
+    /// \param size      The length of the input data in Bytes.
+    /// \param input     The buffer holding the input data.
+    ///                  This pointer can be \c NULL if `size == 0`.
+    /// \param output    The buffer holding the output data.
+    ///                  This must be able to hold \p size Bytes.
+    ///                  This pointer can be \c NULL if `size == 0`.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_chacha20_crypt(
+        key: *const crate::c_types::c_uchar,
+        nonce: *const crate::c_types::c_uchar,
+        counter: u32,
+        size: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           The ChaCha20 checkup routine.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          \c 1 on failure.
+    pub fn mbedtls_chacha20_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_chachapoly_context {
+    pub private_chacha20_ctx: mbedtls_chacha20_context,
+    pub private_poly1305_ctx: mbedtls_poly1305_context,
+    pub private_aad_len: u64,
+    pub private_ciphertext_len: u64,
+    pub private_state: crate::c_types::c_int,
+    pub private_mode: mbedtls_chachapoly_mode_t,
+}
+extern "C" {
+    /// \brief           This function initializes the specified ChaCha20-Poly1305 context.
+    ///
+    ///                  It must be the first API called before using
+    ///                  the context. It must be followed by a call to
+    ///                  \c mbedtls_chachapoly_setkey() before any operation can be
+    ///                  done, and to \c mbedtls_chachapoly_free() once all
+    ///                  operations with that context have been finished.
+    ///
+    ///                  In order to encrypt or decrypt full messages at once, for
+    ///                  each message you should make a single call to
+    ///                  \c mbedtls_chachapoly_crypt_and_tag() or
+    ///                  \c mbedtls_chachapoly_auth_decrypt().
+    ///
+    ///                  In order to encrypt messages piecewise, for each
+    ///                  message you should make a call to
+    ///                  \c mbedtls_chachapoly_starts(), then 0 or more calls to
+    ///                  \c mbedtls_chachapoly_update_aad(), then 0 or more calls to
+    ///                  \c mbedtls_chachapoly_update(), then one call to
+    ///                  \c mbedtls_chachapoly_finish().
+    ///
+    /// \warning         Decryption with the piecewise API is discouraged! Always
+    ///                  use \c mbedtls_chachapoly_auth_decrypt() when possible!
+    ///
+    ///                  If however this is not possible because the data is too
+    ///                  large to fit in memory, you need to:
+    ///
+    ///                  - call \c mbedtls_chachapoly_starts() and (if needed)
+    ///                  \c mbedtls_chachapoly_update_aad() as above,
+    ///                  - call \c mbedtls_chachapoly_update() multiple times and
+    ///                  ensure its output (the plaintext) is NOT used in any other
+    ///                  way than placing it in temporary storage at this point,
+    ///                  - call \c mbedtls_chachapoly_finish() to compute the
+    ///                  authentication tag and compared it in constant time to the
+    ///                  tag received with the ciphertext.
+    ///
+    ///                  If the tags are not equal, you must immediately discard
+    ///                  all previous outputs of \c mbedtls_chachapoly_update(),
+    ///                  otherwise you can now safely use the plaintext.
+    ///
+    /// \param ctx       The ChachaPoly context to initialize. Must not be \c NULL.
+    pub fn mbedtls_chachapoly_init(ctx: *mut mbedtls_chachapoly_context);
+}
+extern "C" {
+    /// \brief           This function releases and clears the specified
+    ///                  ChaCha20-Poly1305 context.
+    ///
+    /// \param ctx       The ChachaPoly context to clear. This may be \c NULL, in which
+    ///                  case this function is a no-op.
+    pub fn mbedtls_chachapoly_free(ctx: *mut mbedtls_chachapoly_context);
+}
+extern "C" {
+    /// \brief           This function sets the ChaCha20-Poly1305
+    ///                  symmetric encryption key.
+    ///
+    /// \param ctx       The ChaCha20-Poly1305 context to which the key should be
+    ///                  bound. This must be initialized.
+    /// \param key       The \c 256 Bit (\c 32 Bytes) key.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_chachapoly_setkey(
+        ctx: *mut mbedtls_chachapoly_context,
+        key: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function starts a ChaCha20-Poly1305 encryption or
+    ///                  decryption operation.
+    ///
+    /// \warning         You must never use the same nonce twice with the same key.
+    ///                  This would void any confidentiality and authenticity
+    ///                  guarantees for the messages encrypted with the same nonce
+    ///                  and key.
+    ///
+    /// \note            If the context is being used for AAD only (no data to
+    ///                  encrypt or decrypt) then \p mode can be set to any value.
+    ///
+    /// \warning         Decryption with the piecewise API is discouraged, see the
+    ///                  warning on \c mbedtls_chachapoly_init().
+    ///
+    /// \param ctx       The ChaCha20-Poly1305 context. This must be initialized
+    ///                  and bound to a key.
+    /// \param nonce     The nonce/IV to use for the message.
+    ///                  This must be a readable buffer of length \c 12 Bytes.
+    /// \param mode      The operation to perform: #MBEDTLS_CHACHAPOLY_ENCRYPT or
+    ///                  #MBEDTLS_CHACHAPOLY_DECRYPT (discouraged, see warning).
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_chachapoly_starts(
+        ctx: *mut mbedtls_chachapoly_context,
+        nonce: *const crate::c_types::c_uchar,
+        mode: mbedtls_chachapoly_mode_t,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function feeds additional data to be authenticated
+    ///                  into an ongoing ChaCha20-Poly1305 operation.
+    ///
+    ///                  The Additional Authenticated Data (AAD), also called
+    ///                  Associated Data (AD) is only authenticated but not
+    ///                  encrypted nor included in the encrypted output. It is
+    ///                  usually transmitted separately from the ciphertext or
+    ///                  computed locally by each party.
+    ///
+    /// \note            This function is called before data is encrypted/decrypted.
+    ///                  I.e. call this function to process the AAD before calling
+    ///                  \c mbedtls_chachapoly_update().
+    ///
+    ///                  You may call this function multiple times to process
+    ///                  an arbitrary amount of AAD. It is permitted to call
+    ///                  this function 0 times, if no AAD is used.
+    ///
+    ///                  This function cannot be called any more if data has
+    ///                  been processed by \c mbedtls_chachapoly_update(),
+    ///                  or if the context has been finished.
+    ///
+    /// \warning         Decryption with the piecewise API is discouraged, see the
+    ///                  warning on \c mbedtls_chachapoly_init().
+    ///
+    /// \param ctx       The ChaCha20-Poly1305 context. This must be initialized
+    ///                  and bound to a key.
+    /// \param aad_len   The length in Bytes of the AAD. The length has no
+    ///                  restrictions.
+    /// \param aad       Buffer containing the AAD.
+    ///                  This pointer can be \c NULL if `aad_len == 0`.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
+    ///                  if \p ctx or \p aad are NULL.
+    /// \return          #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE
+    ///                  if the operations has not been started or has been
+    ///                  finished, or if the AAD has been finished.
+    pub fn mbedtls_chachapoly_update_aad(
+        ctx: *mut mbedtls_chachapoly_context,
+        aad: *const crate::c_types::c_uchar,
+        aad_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Thus function feeds data to be encrypted or decrypted
+    ///                  into an on-going ChaCha20-Poly1305
+    ///                  operation.
+    ///
+    ///                  The direction (encryption or decryption) depends on the
+    ///                  mode that was given when calling
+    ///                  \c mbedtls_chachapoly_starts().
+    ///
+    ///                  You may call this function multiple times to process
+    ///                  an arbitrary amount of data. It is permitted to call
+    ///                  this function 0 times, if no data is to be encrypted
+    ///                  or decrypted.
+    ///
+    /// \warning         Decryption with the piecewise API is discouraged, see the
+    ///                  warning on \c mbedtls_chachapoly_init().
+    ///
+    /// \param ctx       The ChaCha20-Poly1305 context to use. This must be initialized.
+    /// \param len       The length (in bytes) of the data to encrypt or decrypt.
+    /// \param input     The buffer containing the data to encrypt or decrypt.
+    ///                  This pointer can be \c NULL if `len == 0`.
+    /// \param output    The buffer to where the encrypted or decrypted data is
+    ///                  written. This must be able to hold \p len bytes.
+    ///                  This pointer can be \c NULL if `len == 0`.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE
+    ///                  if the operation has not been started or has been
+    ///                  finished.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_chachapoly_update(
+        ctx: *mut mbedtls_chachapoly_context,
+        len: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function finished the ChaCha20-Poly1305 operation and
+    ///                  generates the MAC (authentication tag).
+    ///
+    /// \param ctx       The ChaCha20-Poly1305 context to use. This must be initialized.
+    /// \param mac       The buffer to where the 128-bit (16 bytes) MAC is written.
+    ///
+    /// \warning         Decryption with the piecewise API is discouraged, see the
+    ///                  warning on \c mbedtls_chachapoly_init().
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE
+    ///                  if the operation has not been started or has been
+    ///                  finished.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_chachapoly_finish(
+        ctx: *mut mbedtls_chachapoly_context,
+        mac: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function performs a complete ChaCha20-Poly1305
+    ///                  authenticated encryption with the previously-set key.
+    ///
+    /// \note            Before using this function, you must set the key with
+    ///                  \c mbedtls_chachapoly_setkey().
+    ///
+    /// \warning         You must never use the same nonce twice with the same key.
+    ///                  This would void any confidentiality and authenticity
+    ///                  guarantees for the messages encrypted with the same nonce
+    ///                  and key.
+    ///
+    /// \param ctx       The ChaCha20-Poly1305 context to use (holds the key).
+    ///                  This must be initialized.
+    /// \param length    The length (in bytes) of the data to encrypt or decrypt.
+    /// \param nonce     The 96-bit (12 bytes) nonce/IV to use.
+    /// \param aad       The buffer containing the additional authenticated
+    ///                  data (AAD). This pointer can be \c NULL if `aad_len == 0`.
+    /// \param aad_len   The length (in bytes) of the AAD data to process.
+    /// \param input     The buffer containing the data to encrypt or decrypt.
+    ///                  This pointer can be \c NULL if `ilen == 0`.
+    /// \param output    The buffer to where the encrypted or decrypted data
+    ///                  is written. This pointer can be \c NULL if `ilen == 0`.
+    /// \param tag       The buffer to where the computed 128-bit (16 bytes) MAC
+    ///                  is written. This must not be \c NULL.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_chachapoly_encrypt_and_tag(
+        ctx: *mut mbedtls_chachapoly_context,
+        length: usize,
+        nonce: *const crate::c_types::c_uchar,
+        aad: *const crate::c_types::c_uchar,
+        aad_len: usize,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+        tag: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function performs a complete ChaCha20-Poly1305
+    ///                  authenticated decryption with the previously-set key.
+    ///
+    /// \note            Before using this function, you must set the key with
+    ///                  \c mbedtls_chachapoly_setkey().
+    ///
+    /// \param ctx       The ChaCha20-Poly1305 context to use (holds the key).
+    /// \param length    The length (in Bytes) of the data to decrypt.
+    /// \param nonce     The \c 96 Bit (\c 12 bytes) nonce/IV to use.
+    /// \param aad       The buffer containing the additional authenticated data (AAD).
+    ///                  This pointer can be \c NULL if `aad_len == 0`.
+    /// \param aad_len   The length (in bytes) of the AAD data to process.
+    /// \param tag       The buffer holding the authentication tag.
+    ///                  This must be a readable buffer of length \c 16 Bytes.
+    /// \param input     The buffer containing the data to decrypt.
+    ///                  This pointer can be \c NULL if `ilen == 0`.
+    /// \param output    The buffer to where the decrypted data is written.
+    ///                  This pointer can be \c NULL if `ilen == 0`.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED
+    ///                  if the data was not authentic.
+    /// \return          Another negative error code on other kinds of failure.
+    pub fn mbedtls_chachapoly_auth_decrypt(
+        ctx: *mut mbedtls_chachapoly_context,
+        length: usize,
+        nonce: *const crate::c_types::c_uchar,
+        aad: *const crate::c_types::c_uchar,
+        aad_len: usize,
+        tag: *const crate::c_types::c_uchar,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           The ChaCha20-Poly1305 checkup routine.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          \c 1 on failure.
+    pub fn mbedtls_chachapoly_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+pub const psa_encrypt_or_decrypt_t_PSA_CRYPTO_DRIVER_DECRYPT: psa_encrypt_or_decrypt_t = 0;
+pub const psa_encrypt_or_decrypt_t_PSA_CRYPTO_DRIVER_ENCRYPT: psa_encrypt_or_decrypt_t = 1;
+/// For encrypt-decrypt functions, whether the operation is an encryption
+/// or a decryption.
+pub type psa_encrypt_or_decrypt_t = crate::c_types::c_uint;
+/// \brief          MD5 context structure
+///
+/// \warning        MD5 is considered a weak message digest and its use
+///                 constitutes a security risk. We recommend considering
+///                 stronger message digests instead.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_md5_context {
+    pub private_total: [u32; 2usize],
+    pub private_state: [u32; 4usize],
+    pub private_buffer: [crate::c_types::c_uchar; 64usize],
+}
+extern "C" {
+    /// \brief          Initialize MD5 context
+    ///
+    /// \param ctx      MD5 context to be initialized
+    ///
+    /// \warning        MD5 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    pub fn mbedtls_md5_init(ctx: *mut mbedtls_md5_context);
+}
+extern "C" {
+    /// \brief          Clear MD5 context
+    ///
+    /// \param ctx      MD5 context to be cleared
+    ///
+    /// \warning        MD5 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    pub fn mbedtls_md5_free(ctx: *mut mbedtls_md5_context);
+}
+extern "C" {
+    /// \brief          Clone (the state of) an MD5 context
+    ///
+    /// \param dst      The destination context
+    /// \param src      The context to be cloned
+    ///
+    /// \warning        MD5 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    pub fn mbedtls_md5_clone(dst: *mut mbedtls_md5_context, src: *const mbedtls_md5_context);
+}
+extern "C" {
+    /// \brief          MD5 context setup
+    ///
+    /// \param ctx      context to be initialized
+    ///
+    /// \return         0 if successful
+    ///
+    /// \warning        MD5 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    pub fn mbedtls_md5_starts(ctx: *mut mbedtls_md5_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          MD5 process buffer
+    ///
+    /// \param ctx      MD5 context
+    /// \param input    buffer holding the data
+    /// \param ilen     length of the input data
+    ///
+    /// \return         0 if successful
+    ///
+    /// \warning        MD5 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    pub fn mbedtls_md5_update(
+        ctx: *mut mbedtls_md5_context,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          MD5 final digest
+    ///
+    /// \param ctx      MD5 context
+    /// \param output   MD5 checksum result
+    ///
+    /// \return         0 if successful
+    ///
+    /// \warning        MD5 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    pub fn mbedtls_md5_finish(
+        ctx: *mut mbedtls_md5_context,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          MD5 process data block (internal use only)
+    ///
+    /// \param ctx      MD5 context
+    /// \param data     buffer holding one block of data
+    ///
+    /// \return         0 if successful
+    ///
+    /// \warning        MD5 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    pub fn mbedtls_internal_md5_process(
+        ctx: *mut mbedtls_md5_context,
+        data: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Output = MD5( input buffer )
+    ///
+    /// \param input    buffer holding the data
+    /// \param ilen     length of the input data
+    /// \param output   MD5 checksum result
+    ///
+    /// \return         0 if successful
+    ///
+    /// \warning        MD5 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    pub fn mbedtls_md5(
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Checkup routine
+    ///
+    /// \return         0 if successful, or 1 if the test failed
+    ///
+    /// \warning        MD5 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    pub fn mbedtls_md5_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+/// \brief          RIPEMD-160 context structure
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ripemd160_context {
+    pub private_total: [u32; 2usize],
+    pub private_state: [u32; 5usize],
+    pub private_buffer: [crate::c_types::c_uchar; 64usize],
+}
+extern "C" {
+    /// \brief          Initialize RIPEMD-160 context
+    ///
+    /// \param ctx      RIPEMD-160 context to be initialized
+    pub fn mbedtls_ripemd160_init(ctx: *mut mbedtls_ripemd160_context);
+}
+extern "C" {
+    /// \brief          Clear RIPEMD-160 context
+    ///
+    /// \param ctx      RIPEMD-160 context to be cleared
+    pub fn mbedtls_ripemd160_free(ctx: *mut mbedtls_ripemd160_context);
+}
+extern "C" {
+    /// \brief          Clone (the state of) a RIPEMD-160 context
+    ///
+    /// \param dst      The destination context
+    /// \param src      The context to be cloned
+    pub fn mbedtls_ripemd160_clone(
+        dst: *mut mbedtls_ripemd160_context,
+        src: *const mbedtls_ripemd160_context,
+    );
+}
+extern "C" {
+    /// \brief          RIPEMD-160 context setup
+    ///
+    /// \param ctx      context to be initialized
+    ///
+    /// \return         0 if successful
+    pub fn mbedtls_ripemd160_starts(ctx: *mut mbedtls_ripemd160_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          RIPEMD-160 process buffer
+    ///
+    /// \param ctx      RIPEMD-160 context
+    /// \param input    buffer holding the data
+    /// \param ilen     length of the input data
+    ///
+    /// \return         0 if successful
+    pub fn mbedtls_ripemd160_update(
+        ctx: *mut mbedtls_ripemd160_context,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          RIPEMD-160 final digest
+    ///
+    /// \param ctx      RIPEMD-160 context
+    /// \param output   RIPEMD-160 checksum result
+    ///
+    /// \return         0 if successful
+    pub fn mbedtls_ripemd160_finish(
+        ctx: *mut mbedtls_ripemd160_context,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          RIPEMD-160 process data block (internal use only)
+    ///
+    /// \param ctx      RIPEMD-160 context
+    /// \param data     buffer holding one block of data
+    ///
+    /// \return         0 if successful
+    pub fn mbedtls_internal_ripemd160_process(
+        ctx: *mut mbedtls_ripemd160_context,
+        data: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Output = RIPEMD-160( input buffer )
+    ///
+    /// \param input    buffer holding the data
+    /// \param ilen     length of the input data
+    /// \param output   RIPEMD-160 checksum result
+    ///
+    /// \return         0 if successful
+    pub fn mbedtls_ripemd160(
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Checkup routine
+    ///
+    /// \return         0 if successful, or 1 if the test failed
+    pub fn mbedtls_ripemd160_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+/// \brief          The SHA-1 context structure.
+///
+/// \warning        SHA-1 is considered a weak message digest and its use
+///                 constitutes a security risk. We recommend considering
+///                 stronger message digests instead.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_sha1_context {
+    pub private_total: [u32; 2usize],
+    pub private_state: [u32; 5usize],
+    pub private_buffer: [crate::c_types::c_uchar; 64usize],
+}
+extern "C" {
+    /// \brief          This function initializes a SHA-1 context.
+    ///
+    /// \warning        SHA-1 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    ///
+    /// \param ctx      The SHA-1 context to initialize.
+    ///                 This must not be \c NULL.
+    pub fn mbedtls_sha1_init(ctx: *mut mbedtls_sha1_context);
+}
+extern "C" {
+    /// \brief          This function clears a SHA-1 context.
+    ///
+    /// \warning        SHA-1 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    ///
+    /// \param ctx      The SHA-1 context to clear. This may be \c NULL,
+    ///                 in which case this function does nothing. If it is
+    ///                 not \c NULL, it must point to an initialized
+    ///                 SHA-1 context.
+    pub fn mbedtls_sha1_free(ctx: *mut mbedtls_sha1_context);
+}
+extern "C" {
+    /// \brief          This function clones the state of a SHA-1 context.
+    ///
+    /// \warning        SHA-1 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    ///
+    /// \param dst      The SHA-1 context to clone to. This must be initialized.
+    /// \param src      The SHA-1 context to clone from. This must be initialized.
+    pub fn mbedtls_sha1_clone(dst: *mut mbedtls_sha1_context, src: *const mbedtls_sha1_context);
+}
+extern "C" {
+    /// \brief          This function starts a SHA-1 checksum calculation.
+    ///
+    /// \warning        SHA-1 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    ///
+    /// \param ctx      The SHA-1 context to initialize. This must be initialized.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha1_starts(ctx: *mut mbedtls_sha1_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function feeds an input buffer into an ongoing SHA-1
+    ///                 checksum calculation.
+    ///
+    /// \warning        SHA-1 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    ///
+    /// \param ctx      The SHA-1 context. This must be initialized
+    ///                 and have a hash operation started.
+    /// \param input    The buffer holding the input data.
+    ///                 This must be a readable buffer of length \p ilen Bytes.
+    /// \param ilen     The length of the input data \p input in Bytes.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha1_update(
+        ctx: *mut mbedtls_sha1_context,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function finishes the SHA-1 operation, and writes
+    ///                 the result to the output buffer.
+    ///
+    /// \warning        SHA-1 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    ///
+    /// \param ctx      The SHA-1 context to use. This must be initialized and
+    ///                 have a hash operation started.
+    /// \param output   The SHA-1 checksum result. This must be a writable
+    ///                 buffer of length \c 20 Bytes.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha1_finish(
+        ctx: *mut mbedtls_sha1_context,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          SHA-1 process data block (internal use only).
+    ///
+    /// \warning        SHA-1 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    ///
+    /// \param ctx      The SHA-1 context to use. This must be initialized.
+    /// \param data     The data block being processed. This must be a
+    ///                 readable buffer of length \c 64 Bytes.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_internal_sha1_process(
+        ctx: *mut mbedtls_sha1_context,
+        data: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function calculates the SHA-1 checksum of a buffer.
+    ///
+    ///                 The function allocates the context, performs the
+    ///                 calculation, and frees the context.
+    ///
+    ///                 The SHA-1 result is calculated as
+    ///                 output = SHA-1(input buffer).
+    ///
+    /// \warning        SHA-1 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    ///
+    /// \param input    The buffer holding the input data.
+    ///                 This must be a readable buffer of length \p ilen Bytes.
+    /// \param ilen     The length of the input data \p input in Bytes.
+    /// \param output   The SHA-1 checksum result.
+    ///                 This must be a writable buffer of length \c 20 Bytes.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha1(
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          The SHA-1 checkup routine.
+    ///
+    /// \warning        SHA-1 is considered a weak message digest and its use
+    ///                 constitutes a security risk. We recommend considering
+    ///                 stronger message digests instead.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_sha1_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+/// \brief          The SHA-256 context structure.
+///
+///                 The structure is used both for SHA-256 and for SHA-224
+///                 checksum calculations. The choice between these two is
+///                 made in the call to mbedtls_sha256_starts().
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_sha256_context {
+    pub private_total: [u32; 2usize],
+    pub private_state: [u32; 8usize],
+    pub private_buffer: [crate::c_types::c_uchar; 64usize],
+    pub private_is224: crate::c_types::c_int,
+}
+extern "C" {
+    /// \brief          This function initializes a SHA-256 context.
+    ///
+    /// \param ctx      The SHA-256 context to initialize. This must not be \c NULL.
+    pub fn mbedtls_sha256_init(ctx: *mut mbedtls_sha256_context);
+}
+extern "C" {
+    /// \brief          This function clears a SHA-256 context.
+    ///
+    /// \param ctx      The SHA-256 context to clear. This may be \c NULL, in which
+    ///                 case this function returns immediately. If it is not \c NULL,
+    ///                 it must point to an initialized SHA-256 context.
+    pub fn mbedtls_sha256_free(ctx: *mut mbedtls_sha256_context);
+}
+extern "C" {
+    /// \brief          This function clones the state of a SHA-256 context.
+    ///
+    /// \param dst      The destination context. This must be initialized.
+    /// \param src      The context to clone. This must be initialized.
+    pub fn mbedtls_sha256_clone(
+        dst: *mut mbedtls_sha256_context,
+        src: *const mbedtls_sha256_context,
+    );
+}
+extern "C" {
+    /// \brief          This function starts a SHA-224 or SHA-256 checksum
+    ///                 calculation.
+    ///
+    /// \param ctx      The context to use. This must be initialized.
+    /// \param is224    This determines which function to use. This must be
+    ///                 either \c 0 for SHA-256, or \c 1 for SHA-224.
+    ///
+    /// \note           is224 must be defined accordingly to the enabled
+    ///                 MBEDTLS_SHA224_C/MBEDTLS_SHA256_C symbols otherwise the
+    ///                 function will return #MBEDTLS_ERR_SHA512_BAD_INPUT_DATA.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha256_starts(
+        ctx: *mut mbedtls_sha256_context,
+        is224: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function feeds an input buffer into an ongoing
+    ///                 SHA-256 checksum calculation.
+    ///
+    /// \param ctx      The SHA-256 context. This must be initialized
+    ///                 and have a hash operation started.
+    /// \param input    The buffer holding the data. This must be a readable
+    ///                 buffer of length \p ilen Bytes.
+    /// \param ilen     The length of the input data in Bytes.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha256_update(
+        ctx: *mut mbedtls_sha256_context,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function finishes the SHA-256 operation, and writes
+    ///                 the result to the output buffer.
+    ///
+    /// \param ctx      The SHA-256 context. This must be initialized
+    ///                 and have a hash operation started.
+    /// \param output   The SHA-224 or SHA-256 checksum result.
+    ///                 This must be a writable buffer of length \c 32 bytes
+    ///                 for SHA-256, \c 28 bytes for SHA-224.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha256_finish(
+        ctx: *mut mbedtls_sha256_context,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function processes a single data block within
+    ///                 the ongoing SHA-256 computation. This function is for
+    ///                 internal use only.
+    ///
+    /// \param ctx      The SHA-256 context. This must be initialized.
+    /// \param data     The buffer holding one block of data. This must
+    ///                 be a readable buffer of length \c 64 Bytes.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_internal_sha256_process(
+        ctx: *mut mbedtls_sha256_context,
+        data: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function calculates the SHA-224 or SHA-256
+    ///                 checksum of a buffer.
+    ///
+    ///                 The function allocates the context, performs the
+    ///                 calculation, and frees the context.
+    ///
+    ///                 The SHA-256 result is calculated as
+    ///                 output = SHA-256(input buffer).
+    ///
+    /// \param input    The buffer holding the data. This must be a readable
+    ///                 buffer of length \p ilen Bytes.
+    /// \param ilen     The length of the input data in Bytes.
+    /// \param output   The SHA-224 or SHA-256 checksum result.
+    ///                 This must be a writable buffer of length \c 32 bytes
+    ///                 for SHA-256, \c 28 bytes for SHA-224.
+    /// \param is224    Determines which function to use. This must be
+    ///                 either \c 0 for SHA-256, or \c 1 for SHA-224.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha256(
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+        is224: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          The SHA-224 checkup routine.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_sha224_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          The SHA-256 checkup routine.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_sha256_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+/// \brief          The SHA-512 context structure.
+///
+///                 The structure is used both for SHA-384 and for SHA-512
+///                 checksum calculations. The choice between these two is
+///                 made in the call to mbedtls_sha512_starts().
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_sha512_context {
+    pub private_total: [u64; 2usize],
+    pub private_state: [u64; 8usize],
+    pub private_buffer: [crate::c_types::c_uchar; 128usize],
+    pub private_is384: crate::c_types::c_int,
+}
+extern "C" {
+    /// \brief          This function initializes a SHA-512 context.
+    ///
+    /// \param ctx      The SHA-512 context to initialize. This must
+    ///                 not be \c NULL.
+    pub fn mbedtls_sha512_init(ctx: *mut mbedtls_sha512_context);
+}
+extern "C" {
+    /// \brief          This function clears a SHA-512 context.
+    ///
+    /// \param ctx      The SHA-512 context to clear. This may be \c NULL,
+    ///                 in which case this function does nothing. If it
+    ///                 is not \c NULL, it must point to an initialized
+    ///                 SHA-512 context.
+    pub fn mbedtls_sha512_free(ctx: *mut mbedtls_sha512_context);
+}
+extern "C" {
+    /// \brief          This function clones the state of a SHA-512 context.
+    ///
+    /// \param dst      The destination context. This must be initialized.
+    /// \param src      The context to clone. This must be initialized.
+    pub fn mbedtls_sha512_clone(
+        dst: *mut mbedtls_sha512_context,
+        src: *const mbedtls_sha512_context,
+    );
+}
+extern "C" {
+    /// \brief          This function starts a SHA-384 or SHA-512 checksum
+    ///                 calculation.
+    ///
+    /// \param ctx      The SHA-512 context to use. This must be initialized.
+    /// \param is384    Determines which function to use. This must be
+    ///                 either \c 0 for SHA-512, or \c 1 for SHA-384.
+    ///
+    /// \note           is384 must be defined accordingly to the enabled
+    ///                 MBEDTLS_SHA384_C/MBEDTLS_SHA512_C symbols otherwise the
+    ///                 function will return #MBEDTLS_ERR_SHA512_BAD_INPUT_DATA.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha512_starts(
+        ctx: *mut mbedtls_sha512_context,
+        is384: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function feeds an input buffer into an ongoing
+    ///                 SHA-512 checksum calculation.
+    ///
+    /// \param ctx      The SHA-512 context. This must be initialized
+    ///                 and have a hash operation started.
+    /// \param input    The buffer holding the input data. This must
+    ///                 be a readable buffer of length \p ilen Bytes.
+    /// \param ilen     The length of the input data in Bytes.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha512_update(
+        ctx: *mut mbedtls_sha512_context,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function finishes the SHA-512 operation, and writes
+    ///                 the result to the output buffer.
+    ///
+    /// \param ctx      The SHA-512 context. This must be initialized
+    ///                 and have a hash operation started.
+    /// \param output   The SHA-384 or SHA-512 checksum result.
+    ///                 This must be a writable buffer of length \c 64 bytes
+    ///                 for SHA-512, \c 48 bytes for SHA-384.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha512_finish(
+        ctx: *mut mbedtls_sha512_context,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function processes a single data block within
+    ///                 the ongoing SHA-512 computation.
+    ///                 This function is for internal use only.
+    ///
+    /// \param ctx      The SHA-512 context. This must be initialized.
+    /// \param data     The buffer holding one block of data. This
+    ///                 must be a readable buffer of length \c 128 Bytes.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_internal_sha512_process(
+        ctx: *mut mbedtls_sha512_context,
+        data: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function calculates the SHA-512 or SHA-384
+    ///                 checksum of a buffer.
+    ///
+    ///                 The function allocates the context, performs the
+    ///                 calculation, and frees the context.
+    ///
+    ///                 The SHA-512 result is calculated as
+    ///                 output = SHA-512(input buffer).
+    ///
+    /// \param input    The buffer holding the input data. This must be
+    ///                 a readable buffer of length \p ilen Bytes.
+    /// \param ilen     The length of the input data in Bytes.
+    /// \param output   The SHA-384 or SHA-512 checksum result.
+    ///                 This must be a writable buffer of length \c 64 bytes
+    ///                 for SHA-512, \c 48 bytes for SHA-384.
+    /// \param is384    Determines which function to use. This must be either
+    ///                 \c 0 for SHA-512, or \c 1 for SHA-384.
+    ///
+    /// \note           is384 must be defined accordingly with the supported
+    ///                 symbols in the config file. If:
+    ///                 - is384 is 0, but \c MBEDTLS_SHA384_C is not defined, or
+    ///                 - is384 is 1, but \c MBEDTLS_SHA512_C is not defined
+    ///                 then the function will return
+    ///                 #MBEDTLS_ERR_SHA512_BAD_INPUT_DATA.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_sha512(
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+        output: *mut crate::c_types::c_uchar,
+        is384: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          The SHA-384 checkup routine.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_sha384_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          The SHA-512 checkup routine.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_sha512_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_psa_hash_operation_t {
+    pub private_alg: psa_algorithm_t,
+    pub private_ctx: mbedtls_psa_hash_operation_t__bindgen_ty_1,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union mbedtls_psa_hash_operation_t__bindgen_ty_1 {
+    pub dummy: crate::c_types::c_uint,
+    pub md5: mbedtls_md5_context,
+    pub ripemd160: mbedtls_ripemd160_context,
+    pub sha1: mbedtls_sha1_context,
+    pub sha256: mbedtls_sha256_context,
+    pub sha512: mbedtls_sha512_context,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_psa_cipher_operation_t {
+    pub private_alg: psa_algorithm_t,
+    pub private_iv_length: u8,
+    pub private_block_length: u8,
+    pub private_ctx: mbedtls_psa_cipher_operation_t__bindgen_ty_1,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union mbedtls_psa_cipher_operation_t__bindgen_ty_1 {
+    pub private_dummy: crate::c_types::c_uint,
+    pub private_cipher: mbedtls_cipher_context_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union psa_driver_hash_context_t {
+    pub dummy: crate::c_types::c_uint,
+    pub mbedtls_ctx: mbedtls_psa_hash_operation_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union psa_driver_cipher_context_t {
+    pub dummy: crate::c_types::c_uint,
+    pub mbedtls_ctx: mbedtls_psa_cipher_operation_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_hash_operation_s {
+    pub private_id: crate::c_types::c_uint,
+    pub private_ctx: psa_driver_hash_context_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_cipher_operation_s {
+    pub private_id: crate::c_types::c_uint,
+    pub _bitfield_align_1: [u8; 0],
+    pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>,
+    pub private_default_iv_length: u8,
+    pub private_ctx: psa_driver_cipher_context_t,
+}
+impl psa_cipher_operation_s {
+    #[inline]
+    pub fn private_iv_required(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_iv_required(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(0usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn private_iv_set(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_iv_set(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(1usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn new_bitfield_1(
+        private_iv_required: crate::c_types::c_uint,
+        private_iv_set: crate::c_types::c_uint,
+    ) -> __BindgenBitfieldUnit<[u8; 1usize]> {
+        let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default();
+        __bindgen_bitfield_unit.set(0usize, 1u8, {
+            let private_iv_required: u32 = unsafe { ::core::mem::transmute(private_iv_required) };
+            private_iv_required as u64
+        });
+        __bindgen_bitfield_unit.set(1usize, 1u8, {
+            let private_iv_set: u32 = unsafe { ::core::mem::transmute(private_iv_set) };
+            private_iv_set as u64
+        });
+        __bindgen_bitfield_unit
+    }
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_psa_hmac_operation_t {
+    pub private_alg: psa_algorithm_t,
+    /// The hash context.
+    pub hash_ctx: psa_hash_operation_s,
+    pub private_opad: [u8; 128usize],
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_psa_mac_operation_t {
+    pub private_alg: psa_algorithm_t,
+    pub private_ctx: mbedtls_psa_mac_operation_t__bindgen_ty_1,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union mbedtls_psa_mac_operation_t__bindgen_ty_1 {
+    pub private_dummy: crate::c_types::c_uint,
+    pub private_hmac: mbedtls_psa_hmac_operation_t,
+    pub private_cmac: mbedtls_cipher_context_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_psa_aead_operation_t {
+    pub private_alg: psa_algorithm_t,
+    pub private_key_type: psa_key_type_t,
+    pub _bitfield_align_1: [u8; 0],
+    pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>,
+    pub private_tag_length: u8,
+    pub ctx: mbedtls_psa_aead_operation_t__bindgen_ty_1,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union mbedtls_psa_aead_operation_t__bindgen_ty_1 {
+    pub dummy: crate::c_types::c_uint,
+    pub private_ccm: mbedtls_ccm_context,
+    pub private_gcm: mbedtls_gcm_context,
+    pub private_chachapoly: mbedtls_chachapoly_context,
+}
+impl mbedtls_psa_aead_operation_t {
+    #[inline]
+    pub fn private_is_encrypt(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_is_encrypt(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(0usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn new_bitfield_1(
+        private_is_encrypt: crate::c_types::c_uint,
+    ) -> __BindgenBitfieldUnit<[u8; 1usize]> {
+        let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default();
+        __bindgen_bitfield_unit.set(0usize, 1u8, {
+            let private_is_encrypt: u32 = unsafe { ::core::mem::transmute(private_is_encrypt) };
+            private_is_encrypt as u64
+        });
+        __bindgen_bitfield_unit
+    }
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_psa_sign_hash_interruptible_operation_t {
+    pub private_dummy: crate::c_types::c_uint,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_psa_verify_hash_interruptible_operation_t {
+    pub private_dummy: crate::c_types::c_uint,
+}
+///< Client
+pub const mbedtls_ecjpake_role_MBEDTLS_ECJPAKE_CLIENT: mbedtls_ecjpake_role = 0;
+///< Server
+pub const mbedtls_ecjpake_role_MBEDTLS_ECJPAKE_SERVER: mbedtls_ecjpake_role = 1;
+/// Roles in the EC J-PAKE exchange
+pub type mbedtls_ecjpake_role = crate::c_types::c_uint;
+/// EC J-PAKE context structure.
+///
+/// J-PAKE is a symmetric protocol, except for the identifiers used in
+/// Zero-Knowledge Proofs, and the serialization of the second message
+/// (KeyExchange) as defined by the Thread spec.
+///
+/// In order to benefit from this symmetry, we choose a different naming
+/// convention from the Thread v1.0 spec. Correspondence is indicated in the
+/// description as a pair C: client name, S: server name
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ecjpake_context {
+    pub private_md_type: mbedtls_md_type_t,
+    pub private_grp: mbedtls_ecp_group,
+    pub private_role: mbedtls_ecjpake_role,
+    pub private_point_format: crate::c_types::c_int,
+    pub private_Xm1: mbedtls_ecp_point,
+    pub private_Xm2: mbedtls_ecp_point,
+    pub private_Xp1: mbedtls_ecp_point,
+    pub private_Xp2: mbedtls_ecp_point,
+    pub private_Xp: mbedtls_ecp_point,
+    pub private_xm1: mbedtls_mpi,
+    pub private_xm2: mbedtls_mpi,
+    pub private_s: mbedtls_mpi,
+}
+extern "C" {
+    /// \brief           Initialize an ECJPAKE context.
+    ///
+    /// \param ctx       The ECJPAKE context to initialize.
+    ///                  This must not be \c NULL.
+    pub fn mbedtls_ecjpake_init(ctx: *mut mbedtls_ecjpake_context);
+}
+extern "C" {
+    /// \brief           Set up an ECJPAKE context for use.
+    ///
+    /// \note            Currently the only values for hash/curve allowed by the
+    ///                  standard are #MBEDTLS_MD_SHA256/#MBEDTLS_ECP_DP_SECP256R1.
+    ///
+    /// \param ctx       The ECJPAKE context to set up. This must be initialized.
+    /// \param role      The role of the caller. This must be either
+    ///                  #MBEDTLS_ECJPAKE_CLIENT or #MBEDTLS_ECJPAKE_SERVER.
+    /// \param hash      The identifier of the hash function to use,
+    ///                  for example #MBEDTLS_MD_SHA256.
+    /// \param curve     The identifier of the elliptic curve to use,
+    ///                  for example #MBEDTLS_ECP_DP_SECP256R1.
+    /// \param secret    The pre-shared secret (passphrase). This must be
+    ///                  a readable not empty buffer of length \p len Bytes. It need
+    ///                  only be valid for the duration of this call.
+    /// \param len       The length of the pre-shared secret \p secret.
+    ///
+    /// \return          \c 0 if successful.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_ecjpake_setup(
+        ctx: *mut mbedtls_ecjpake_context,
+        role: mbedtls_ecjpake_role,
+        hash: mbedtls_md_type_t,
+        curve: mbedtls_ecp_group_id,
+        secret: *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               Set the point format for future reads and writes.
+    ///
+    /// \param ctx           The ECJPAKE context to configure.
+    /// \param point_format  The point format to use:
+    ///                      #MBEDTLS_ECP_PF_UNCOMPRESSED (default)
+    ///                      or #MBEDTLS_ECP_PF_COMPRESSED.
+    ///
+    /// \return              \c 0 if successful.
+    /// \return              #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if \p point_format
+    ///                      is invalid.
+    pub fn mbedtls_ecjpake_set_point_format(
+        ctx: *mut mbedtls_ecjpake_context,
+        point_format: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Check if an ECJPAKE context is ready for use.
+    ///
+    /// \param ctx       The ECJPAKE context to check. This must be
+    ///                  initialized.
+    ///
+    /// \return          \c 0 if the context is ready for use.
+    /// \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA otherwise.
+    pub fn mbedtls_ecjpake_check(ctx: *const mbedtls_ecjpake_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Generate and write the first round message
+    ///                  (TLS: contents of the Client/ServerHello extension,
+    ///                  excluding extension type and length bytes).
+    ///
+    /// \param ctx       The ECJPAKE context to use. This must be
+    ///                  initialized and set up.
+    /// \param buf       The buffer to write the contents to. This must be a
+    ///                  writable buffer of length \p len Bytes.
+    /// \param len       The length of \p buf in Bytes.
+    /// \param olen      The address at which to store the total number
+    ///                  of Bytes written to \p buf. This must not be \c NULL.
+    /// \param f_rng     The RNG function to use. This must not be \c NULL.
+    /// \param p_rng     The RNG parameter to be passed to \p f_rng. This
+    ///                  may be \c NULL if \p f_rng doesn't use a context.
+    ///
+    /// \return          \c 0 if successful.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_ecjpake_write_round_one(
+        ctx: *mut mbedtls_ecjpake_context,
+        buf: *mut crate::c_types::c_uchar,
+        len: usize,
+        olen: *mut usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Read and process the first round message
+    ///                  (TLS: contents of the Client/ServerHello extension,
+    ///                  excluding extension type and length bytes).
+    ///
+    /// \param ctx       The ECJPAKE context to use. This must be initialized
+    ///                  and set up.
+    /// \param buf       The buffer holding the first round message. This must
+    ///                  be a readable buffer of length \p len Bytes.
+    /// \param len       The length in Bytes of \p buf.
+    ///
+    /// \return          \c 0 if successful.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_ecjpake_read_round_one(
+        ctx: *mut mbedtls_ecjpake_context,
+        buf: *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Generate and write the second round message
+    ///                  (TLS: contents of the Client/ServerKeyExchange).
+    ///
+    /// \param ctx       The ECJPAKE context to use. This must be initialized,
+    ///                  set up, and already have performed round one.
+    /// \param buf       The buffer to write the round two contents to.
+    ///                  This must be a writable buffer of length \p len Bytes.
+    /// \param len       The size of \p buf in Bytes.
+    /// \param olen      The address at which to store the total number of Bytes
+    ///                  written to \p buf. This must not be \c NULL.
+    /// \param f_rng     The RNG function to use. This must not be \c NULL.
+    /// \param p_rng     The RNG parameter to be passed to \p f_rng. This
+    ///                  may be \c NULL if \p f_rng doesn't use a context.
+    ///
+    /// \return          \c 0 if successful.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_ecjpake_write_round_two(
+        ctx: *mut mbedtls_ecjpake_context,
+        buf: *mut crate::c_types::c_uchar,
+        len: usize,
+        olen: *mut usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Read and process the second round message
+    ///                  (TLS: contents of the Client/ServerKeyExchange).
+    ///
+    /// \param ctx       The ECJPAKE context to use. This must be initialized
+    ///                  and set up and already have performed round one.
+    /// \param buf       The buffer holding the second round message. This must
+    ///                  be a readable buffer of length \p len Bytes.
+    /// \param len       The length in Bytes of \p buf.
+    ///
+    /// \return          \c 0 if successful.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_ecjpake_read_round_two(
+        ctx: *mut mbedtls_ecjpake_context,
+        buf: *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Derive the shared secret
+    ///                  (TLS: Pre-Master Secret).
+    ///
+    /// \param ctx       The ECJPAKE context to use. This must be initialized,
+    ///                  set up and have performed both round one and two.
+    /// \param buf       The buffer to write the derived secret to. This must
+    ///                  be a writable buffer of length \p len Bytes.
+    /// \param len       The length of \p buf in Bytes.
+    /// \param olen      The address at which to store the total number of Bytes
+    ///                  written to \p buf. This must not be \c NULL.
+    /// \param f_rng     The RNG function to use. This must not be \c NULL.
+    /// \param p_rng     The RNG parameter to be passed to \p f_rng. This
+    ///                  may be \c NULL if \p f_rng doesn't use a context.
+    ///
+    /// \return          \c 0 if successful.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_ecjpake_derive_secret(
+        ctx: *mut mbedtls_ecjpake_context,
+        buf: *mut crate::c_types::c_uchar,
+        len: usize,
+        olen: *mut usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Write the shared key material to be passed to a Key
+    ///                  Derivation Function as described in RFC8236.
+    ///
+    /// \param ctx       The ECJPAKE context to use. This must be initialized,
+    ///                  set up and have performed both round one and two.
+    /// \param buf       The buffer to write the derived secret to. This must
+    ///                  be a writable buffer of length \p len Bytes.
+    /// \param len       The length of \p buf in Bytes.
+    /// \param olen      The address at which to store the total number of bytes
+    ///                  written to \p buf. This must not be \c NULL.
+    /// \param f_rng     The RNG function to use. This must not be \c NULL.
+    /// \param p_rng     The RNG parameter to be passed to \p f_rng. This
+    ///                  may be \c NULL if \p f_rng doesn't use a context.
+    ///
+    /// \return          \c 0 if successful.
+    /// \return          A negative error code on failure.
+    pub fn mbedtls_ecjpake_write_shared_key(
+        ctx: *mut mbedtls_ecjpake_context,
+        buf: *mut crate::c_types::c_uchar,
+        len: usize,
+        olen: *mut usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This clears an ECJPAKE context and frees any
+    ///                  embedded data structure.
+    ///
+    /// \param ctx       The ECJPAKE context to free. This may be \c NULL,
+    ///                  in which case this function does nothing. If it is not
+    ///                  \c NULL, it must point to an initialized ECJPAKE context.
+    pub fn mbedtls_ecjpake_free(ctx: *mut mbedtls_ecjpake_context);
+}
+extern "C" {
+    /// \brief          Checkup routine
+    ///
+    /// \return         0 if successful, or 1 if a test failed
+    pub fn mbedtls_ecjpake_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_psa_pake_operation_t {
+    pub private_alg: psa_algorithm_t,
+    pub private_password: *mut u8,
+    pub private_password_len: usize,
+    pub private_role: u8,
+    pub private_buffer: [u8; 336usize],
+    pub private_buffer_length: usize,
+    pub private_buffer_offset: usize,
+    pub private_ctx: mbedtls_psa_pake_operation_t__bindgen_ty_1,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union mbedtls_psa_pake_operation_t__bindgen_ty_1 {
+    pub private_dummy: crate::c_types::c_uint,
+    pub private_jpake: mbedtls_ecjpake_context,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union psa_driver_mac_context_t {
+    pub dummy: crate::c_types::c_uint,
+    pub mbedtls_ctx: mbedtls_psa_mac_operation_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union psa_driver_aead_context_t {
+    pub dummy: crate::c_types::c_uint,
+    pub mbedtls_ctx: mbedtls_psa_aead_operation_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union psa_driver_sign_hash_interruptible_context_t {
+    pub dummy: crate::c_types::c_uint,
+    pub mbedtls_ctx: mbedtls_psa_sign_hash_interruptible_operation_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union psa_driver_verify_hash_interruptible_context_t {
+    pub dummy: crate::c_types::c_uint,
+    pub mbedtls_ctx: mbedtls_psa_verify_hash_interruptible_operation_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union psa_driver_pake_context_t {
+    pub dummy: crate::c_types::c_uint,
+    pub mbedtls_ctx: mbedtls_psa_pake_operation_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_mac_operation_s {
+    pub private_id: crate::c_types::c_uint,
+    pub private_mac_size: u8,
+    pub _bitfield_align_1: [u8; 0],
+    pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>,
+    pub private_ctx: psa_driver_mac_context_t,
+}
+impl psa_mac_operation_s {
+    #[inline]
+    pub fn private_is_sign(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_is_sign(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(0usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn new_bitfield_1(
+        private_is_sign: crate::c_types::c_uint,
+    ) -> __BindgenBitfieldUnit<[u8; 1usize]> {
+        let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default();
+        __bindgen_bitfield_unit.set(0usize, 1u8, {
+            let private_is_sign: u32 = unsafe { ::core::mem::transmute(private_is_sign) };
+            private_is_sign as u64
+        });
+        __bindgen_bitfield_unit
+    }
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_aead_operation_s {
+    pub private_id: crate::c_types::c_uint,
+    pub private_alg: psa_algorithm_t,
+    pub private_key_type: psa_key_type_t,
+    pub private_ad_remaining: usize,
+    pub private_body_remaining: usize,
+    pub _bitfield_align_1: [u8; 0],
+    pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>,
+    pub private_ctx: psa_driver_aead_context_t,
+}
+impl psa_aead_operation_s {
+    #[inline]
+    pub fn private_nonce_set(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_nonce_set(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(0usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn private_lengths_set(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(1usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_lengths_set(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(1usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn private_ad_started(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_ad_started(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(2usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn private_body_started(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(3usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_body_started(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(3usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn private_is_encrypt(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(4usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_is_encrypt(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(4usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn new_bitfield_1(
+        private_nonce_set: crate::c_types::c_uint,
+        private_lengths_set: crate::c_types::c_uint,
+        private_ad_started: crate::c_types::c_uint,
+        private_body_started: crate::c_types::c_uint,
+        private_is_encrypt: crate::c_types::c_uint,
+    ) -> __BindgenBitfieldUnit<[u8; 1usize]> {
+        let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default();
+        __bindgen_bitfield_unit.set(0usize, 1u8, {
+            let private_nonce_set: u32 = unsafe { ::core::mem::transmute(private_nonce_set) };
+            private_nonce_set as u64
+        });
+        __bindgen_bitfield_unit.set(1usize, 1u8, {
+            let private_lengths_set: u32 = unsafe { ::core::mem::transmute(private_lengths_set) };
+            private_lengths_set as u64
+        });
+        __bindgen_bitfield_unit.set(2usize, 1u8, {
+            let private_ad_started: u32 = unsafe { ::core::mem::transmute(private_ad_started) };
+            private_ad_started as u64
+        });
+        __bindgen_bitfield_unit.set(3usize, 1u8, {
+            let private_body_started: u32 = unsafe { ::core::mem::transmute(private_body_started) };
+            private_body_started as u64
+        });
+        __bindgen_bitfield_unit.set(4usize, 1u8, {
+            let private_is_encrypt: u32 = unsafe { ::core::mem::transmute(private_is_encrypt) };
+            private_is_encrypt as u64
+        });
+        __bindgen_bitfield_unit
+    }
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_hkdf_key_derivation_t {
+    pub private_info: *mut u8,
+    pub private_info_length: usize,
+    pub private_offset_in_block: u8,
+    pub private_block_number: u8,
+    pub _bitfield_align_1: [u8; 0],
+    pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>,
+    pub private_output_block: [u8; 64usize],
+    pub private_prk: [u8; 64usize],
+    pub private_hmac: psa_mac_operation_s,
+}
+impl psa_hkdf_key_derivation_t {
+    #[inline]
+    pub fn private_state(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 2u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_state(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(0usize, 2u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn private_info_set(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(2usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_info_set(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(2usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn new_bitfield_1(
+        private_state: crate::c_types::c_uint,
+        private_info_set: crate::c_types::c_uint,
+    ) -> __BindgenBitfieldUnit<[u8; 1usize]> {
+        let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default();
+        __bindgen_bitfield_unit.set(0usize, 2u8, {
+            let private_state: u32 = unsafe { ::core::mem::transmute(private_state) };
+            private_state as u64
+        });
+        __bindgen_bitfield_unit.set(2usize, 1u8, {
+            let private_info_set: u32 = unsafe { ::core::mem::transmute(private_info_set) };
+            private_info_set as u64
+        });
+        __bindgen_bitfield_unit
+    }
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_tls12_ecjpake_to_pms_t {
+    pub private_data: [u8; 32usize],
+}
+pub const psa_tls12_prf_key_derivation_state_t_PSA_TLS12_PRF_STATE_INIT:
+    psa_tls12_prf_key_derivation_state_t = 0;
+pub const psa_tls12_prf_key_derivation_state_t_PSA_TLS12_PRF_STATE_SEED_SET:
+    psa_tls12_prf_key_derivation_state_t = 1;
+pub const psa_tls12_prf_key_derivation_state_t_PSA_TLS12_PRF_STATE_OTHER_KEY_SET:
+    psa_tls12_prf_key_derivation_state_t = 2;
+pub const psa_tls12_prf_key_derivation_state_t_PSA_TLS12_PRF_STATE_KEY_SET:
+    psa_tls12_prf_key_derivation_state_t = 3;
+pub const psa_tls12_prf_key_derivation_state_t_PSA_TLS12_PRF_STATE_LABEL_SET:
+    psa_tls12_prf_key_derivation_state_t = 4;
+pub const psa_tls12_prf_key_derivation_state_t_PSA_TLS12_PRF_STATE_OUTPUT:
+    psa_tls12_prf_key_derivation_state_t = 5;
+pub type psa_tls12_prf_key_derivation_state_t = crate::c_types::c_uint;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_tls12_prf_key_derivation_s {
+    pub private_left_in_block: u8,
+    pub private_block_number: u8,
+    pub private_state: psa_tls12_prf_key_derivation_state_t,
+    pub private_secret: *mut u8,
+    pub private_secret_length: usize,
+    pub private_seed: *mut u8,
+    pub private_seed_length: usize,
+    pub private_label: *mut u8,
+    pub private_label_length: usize,
+    pub private_other_secret: *mut u8,
+    pub private_other_secret_length: usize,
+    pub private_Ai: [u8; 64usize],
+    pub private_output_block: [u8; 64usize],
+}
+pub type psa_tls12_prf_key_derivation_t = psa_tls12_prf_key_derivation_s;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_key_derivation_s {
+    pub private_alg: psa_algorithm_t,
+    pub _bitfield_align_1: [u8; 0],
+    pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>,
+    pub private_capacity: usize,
+    pub private_ctx: psa_key_derivation_s__bindgen_ty_1,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union psa_key_derivation_s__bindgen_ty_1 {
+    pub private_dummy: u8,
+    pub private_hkdf: psa_hkdf_key_derivation_t,
+    pub private_tls12_prf: psa_tls12_prf_key_derivation_t,
+    pub private_tls12_ecjpake_to_pms: psa_tls12_ecjpake_to_pms_t,
+}
+impl psa_key_derivation_s {
+    #[inline]
+    pub fn private_can_output_key(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_can_output_key(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(0usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn new_bitfield_1(
+        private_can_output_key: crate::c_types::c_uint,
+    ) -> __BindgenBitfieldUnit<[u8; 1usize]> {
+        let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default();
+        __bindgen_bitfield_unit.set(0usize, 1u8, {
+            let private_can_output_key: u32 =
+                unsafe { ::core::mem::transmute(private_can_output_key) };
+            private_can_output_key as u64
+        });
+        __bindgen_bitfield_unit
+    }
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_key_policy_s {
+    pub private_usage: psa_key_usage_t,
+    pub private_alg: psa_algorithm_t,
+    pub private_alg2: psa_algorithm_t,
+}
+pub type psa_key_policy_t = psa_key_policy_s;
+pub type psa_key_bits_t = u16;
+/// A mask of flags that can be stored in key attributes.
+///
+/// This type is also used internally to store flags in slots. Internal
+/// flags are defined in library/psa_crypto_core.h. Internal flags may have
+/// the same value as external flags if they are properly handled during
+/// key creation and in psa_get_key_attributes.
+pub type psa_key_attributes_flag_t = u16;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_core_key_attributes_t {
+    pub private_type: psa_key_type_t,
+    pub private_bits: psa_key_bits_t,
+    pub private_lifetime: psa_key_lifetime_t,
+    pub private_id: mbedtls_svc_key_id_t,
+    pub private_policy: psa_key_policy_t,
+    pub private_flags: psa_key_attributes_flag_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_key_attributes_s {
+    pub private_core: psa_core_key_attributes_t,
+    pub private_domain_parameters: *mut crate::c_types::c_void,
+    pub private_domain_parameters_size: usize,
+}
+extern "C" {
+    /// \brief Set domain parameters for a key.
+    ///
+    /// Some key types require additional domain parameters in addition to
+    /// the key type identifier and the key size. Use this function instead
+    /// of psa_set_key_type() when you need to specify domain parameters.
+    ///
+    /// The format for the required domain parameters varies based on the key type.
+    ///
+    /// - For RSA keys (#PSA_KEY_TYPE_RSA_PUBLIC_KEY or #PSA_KEY_TYPE_RSA_KEY_PAIR),
+    ///   the domain parameter data consists of the public exponent,
+    ///   represented as a big-endian integer with no leading zeros.
+    ///   This information is used when generating an RSA key pair.
+    ///   When importing a key, the public exponent is read from the imported
+    ///   key data and the exponent recorded in the attribute structure is ignored.
+    ///   As an exception, the public exponent 65537 is represented by an empty
+    ///   byte string.
+    /// - For DSA keys (#PSA_KEY_TYPE_DSA_PUBLIC_KEY or #PSA_KEY_TYPE_DSA_KEY_PAIR),
+    ///   the `Dss-Params` format as defined by RFC 3279 &sect;2.3.2.
+    ///   ```
+    ///   Dss-Params ::= SEQUENCE  {
+    ///      p       INTEGER,
+    ///      q       INTEGER,
+    ///      g       INTEGER
+    ///   }
+    ///   ```
+    /// - For Diffie-Hellman key exchange keys
+    ///   (#PSA_KEY_TYPE_DH_PUBLIC_KEY(#PSA_DH_FAMILY_CUSTOM) or
+    ///   #PSA_KEY_TYPE_DH_KEY_PAIR(#PSA_DH_FAMILY_CUSTOM)), the
+    ///   `DomainParameters` format as defined by RFC 3279 &sect;2.3.3.
+    ///   ```
+    ///   DomainParameters ::= SEQUENCE {
+    ///      p               INTEGER,                    -- odd prime, p=jq +1
+    ///      g               INTEGER,                    -- generator, g
+    ///      q               INTEGER,                    -- factor of p-1
+    ///      j               INTEGER OPTIONAL,           -- subgroup factor
+    ///      validationParams ValidationParams OPTIONAL
+    ///   }
+    ///   ValidationParams ::= SEQUENCE {
+    ///      seed            BIT STRING,
+    ///      pgenCounter     INTEGER
+    ///   }
+    ///   ```
+    ///
+    /// \note This function may allocate memory or other resources.
+    ///       Once you have called this function on an attribute structure,
+    ///       you must call psa_reset_key_attributes() to free these resources.
+    ///
+    /// \note This is an experimental extension to the interface. It may change
+    ///       in future versions of the library.
+    ///
+    /// \param[in,out] attributes    Attribute structure where the specified domain
+    ///                              parameters will be stored.
+    ///                              If this function fails, the content of
+    ///                              \p attributes is not modified.
+    /// \param type                  Key type (a \c PSA_KEY_TYPE_XXX value).
+    /// \param[in] data              Buffer containing the key domain parameters.
+    ///                              The content of this buffer is interpreted
+    ///                              according to \p type as described above.
+    /// \param data_length           Size of the \p data buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+    /// \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    pub fn psa_set_key_domain_parameters(
+        attributes: *mut psa_key_attributes_t,
+        type_: psa_key_type_t,
+        data: *const u8,
+        data_length: usize,
+    ) -> psa_status_t;
+}
+/// \brief The context for PSA interruptible hash signing.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_sign_hash_interruptible_operation_s {
+    pub private_id: crate::c_types::c_uint,
+    pub private_ctx: psa_driver_sign_hash_interruptible_context_t,
+    pub _bitfield_align_1: [u8; 0],
+    pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>,
+    pub private_num_ops: u32,
+}
+impl psa_sign_hash_interruptible_operation_s {
+    #[inline]
+    pub fn private_error_occurred(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_error_occurred(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(0usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn new_bitfield_1(
+        private_error_occurred: crate::c_types::c_uint,
+    ) -> __BindgenBitfieldUnit<[u8; 1usize]> {
+        let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default();
+        __bindgen_bitfield_unit.set(0usize, 1u8, {
+            let private_error_occurred: u32 =
+                unsafe { ::core::mem::transmute(private_error_occurred) };
+            private_error_occurred as u64
+        });
+        __bindgen_bitfield_unit
+    }
+}
+/// \brief The context for PSA interruptible hash verification.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_verify_hash_interruptible_operation_s {
+    pub private_id: crate::c_types::c_uint,
+    pub private_ctx: psa_driver_verify_hash_interruptible_context_t,
+    pub _bitfield_align_1: [u8; 0],
+    pub _bitfield_1: __BindgenBitfieldUnit<[u8; 1usize]>,
+    pub private_num_ops: u32,
+}
+impl psa_verify_hash_interruptible_operation_s {
+    #[inline]
+    pub fn private_error_occurred(&self) -> crate::c_types::c_uint {
+        unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u32) }
+    }
+    #[inline]
+    pub fn set_private_error_occurred(&mut self, val: crate::c_types::c_uint) {
+        unsafe {
+            let val: u32 = ::core::mem::transmute(val);
+            self._bitfield_1.set(0usize, 1u8, val as u64)
+        }
+    }
+    #[inline]
+    pub fn new_bitfield_1(
+        private_error_occurred: crate::c_types::c_uint,
+    ) -> __BindgenBitfieldUnit<[u8; 1usize]> {
+        let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 1usize]> = Default::default();
+        __bindgen_bitfield_unit.set(0usize, 1u8, {
+            let private_error_occurred: u32 =
+                unsafe { ::core::mem::transmute(private_error_occurred) };
+            private_error_occurred as u64
+        });
+        __bindgen_bitfield_unit
+    }
+}
+pub type psa_key_handle_t = mbedtls_svc_key_id_t;
+extern "C" {
+    /// Open a handle to an existing persistent key.
+    ///
+    /// Open a handle to a persistent key. A key is persistent if it was created
+    /// with a lifetime other than #PSA_KEY_LIFETIME_VOLATILE. A persistent key
+    /// always has a nonzero key identifier, set with psa_set_key_id() when
+    /// creating the key. Implementations may provide additional pre-provisioned
+    /// keys that can be opened with psa_open_key(). Such keys have an application
+    /// key identifier in the vendor range, as documented in the description of
+    /// #psa_key_id_t.
+    ///
+    /// The application must eventually close the handle with psa_close_key() or
+    /// psa_destroy_key() to release associated resources. If the application dies
+    /// without calling one of these functions, the implementation should perform
+    /// the equivalent of a call to psa_close_key().
+    ///
+    /// Some implementations permit an application to open the same key multiple
+    /// times. If this is successful, each call to psa_open_key() will return a
+    /// different key handle.
+    ///
+    /// \note This API is not part of the PSA Cryptography API Release 1.0.0
+    /// specification. It was defined in the 1.0 Beta 3 version of the
+    /// specification but was removed in the 1.0.0 released version. This API is
+    /// kept for the time being to not break applications relying on it. It is not
+    /// deprecated yet but will be in the near future.
+    ///
+    /// \note Applications that rely on opening a key multiple times will not be
+    /// portable to implementations that only permit a single key handle to be
+    /// opened. See also :ref:\`key-handles\`.
+    ///
+    ///
+    /// \param key           The persistent identifier of the key.
+    /// \param[out] handle   On success, a handle to the key.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success. The application can now use the value of `*handle`
+    ///         to access the key.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+    ///         The implementation does not have sufficient resources to open the
+    ///         key. This can be due to reaching an implementation limit on the
+    ///         number of open keys, the number of open key handles, or available
+    ///         memory.
+    /// \retval #PSA_ERROR_DOES_NOT_EXIST
+    ///         There is no persistent key with key identifier \p key.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p key is not a valid persistent key identifier.
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The specified key exists, but the application does not have the
+    ///         permission to access it. Note that this specification does not
+    ///         define any way to create such a key, but it may be possible
+    ///         through implementation-specific means.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_open_key(key: mbedtls_svc_key_id_t, handle: *mut psa_key_handle_t) -> psa_status_t;
+}
+extern "C" {
+    /// Close a key handle.
+    ///
+    /// If the handle designates a volatile key, this will destroy the key material
+    /// and free all associated resources, just like psa_destroy_key().
+    ///
+    /// If this is the last open handle to a persistent key, then closing the handle
+    /// will free all resources associated with the key in volatile memory. The key
+    /// data in persistent storage is not affected and can be opened again later
+    /// with a call to psa_open_key().
+    ///
+    /// Closing the key handle makes the handle invalid, and the key handle
+    /// must not be used again by the application.
+    ///
+    /// \note This API is not part of the PSA Cryptography API Release 1.0.0
+    /// specification. It was defined in the 1.0 Beta 3 version of the
+    /// specification but was removed in the 1.0.0 released version. This API is
+    /// kept for the time being to not break applications relying on it. It is not
+    /// deprecated yet but will be in the near future.
+    ///
+    /// \note If the key handle was used to set up an active
+    /// :ref:\`multipart operation <multipart-operations>\`, then closing the
+    /// key handle can cause the multipart operation to fail. Applications should
+    /// maintain the key handle until after the multipart operation has finished.
+    ///
+    /// \param handle        The key handle to close.
+    ///                      If this is \c 0, do nothing and return \c PSA_SUCCESS.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         \p handle was a valid handle or \c 0. It is now closed.
+    /// \retval #PSA_ERROR_INVALID_HANDLE
+    ///         \p handle is not a valid handle nor \c 0.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_close_key(handle: psa_key_handle_t) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Library deinitialization.
+    ///
+    /// This function clears all data associated with the PSA layer,
+    /// including the whole key store.
+    ///
+    /// This is an Mbed TLS extension.
+    pub fn mbedtls_psa_crypto_free();
+}
+/// \brief Statistics about
+/// resource consumption related to the PSA keystore.
+///
+/// \note The content of this structure is not part of the stable API and ABI
+///       of Mbed Crypto and may change arbitrarily from version to version.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_psa_stats_s {
+    pub private_volatile_slots: usize,
+    pub private_persistent_slots: usize,
+    pub private_external_slots: usize,
+    pub private_half_filled_slots: usize,
+    pub private_cache_slots: usize,
+    pub private_empty_slots: usize,
+    pub private_locked_slots: usize,
+    pub private_max_open_internal_key_id: psa_key_id_t,
+    pub private_max_open_external_key_id: psa_key_id_t,
+}
+/// \brief Statistics about
+/// resource consumption related to the PSA keystore.
+///
+/// \note The content of this structure is not part of the stable API and ABI
+///       of Mbed Crypto and may change arbitrarily from version to version.
+pub type mbedtls_psa_stats_t = mbedtls_psa_stats_s;
+extern "C" {
+    /// \brief Get statistics about
+    /// resource consumption related to the PSA keystore.
+    ///
+    /// \note When Mbed Crypto is built as part of a service, with isolation
+    ///       between the application and the keystore, the service may or
+    ///       may not expose this function.
+    pub fn mbedtls_psa_get_stats(stats: *mut mbedtls_psa_stats_t);
+}
+extern "C" {
+    /// \brief Inject an initial entropy seed for the random generator into
+    ///        secure storage.
+    ///
+    /// This function injects data to be used as a seed for the random generator
+    /// used by the PSA Crypto implementation. On devices that lack a trusted
+    /// entropy source (preferably a hardware random number generator),
+    /// the Mbed PSA Crypto implementation uses this value to seed its
+    /// random generator.
+    ///
+    /// On devices without a trusted entropy source, this function must be
+    /// called exactly once in the lifetime of the device. On devices with
+    /// a trusted entropy source, calling this function is optional.
+    /// In all cases, this function may only be called before calling any
+    /// other function in the PSA Crypto API, including psa_crypto_init().
+    ///
+    /// When this function returns successfully, it populates a file in
+    /// persistent storage. Once the file has been created, this function
+    /// can no longer succeed.
+    ///
+    /// If any error occurs, this function does not change the system state.
+    /// You can call this function again after correcting the reason for the
+    /// error if possible.
+    ///
+    /// \warning This function **can** fail! Callers MUST check the return status.
+    ///
+    /// \warning If you use this function, you should use it as part of a
+    ///          factory provisioning process. The value of the injected seed
+    ///          is critical to the security of the device. It must be
+    ///          *secret*, *unpredictable* and (statistically) *unique per device*.
+    ///          You should be generate it randomly using a cryptographically
+    ///          secure random generator seeded from trusted entropy sources.
+    ///          You should transmit it securely to the device and ensure
+    ///          that its value is not leaked or stored anywhere beyond the
+    ///          needs of transmitting it from the point of generation to
+    ///          the call of this function, and erase all copies of the value
+    ///          once this function returns.
+    ///
+    /// This is an Mbed TLS extension.
+    ///
+    /// \note This function is only available on the following platforms:
+    /// * If the compile-time option MBEDTLS_PSA_INJECT_ENTROPY is enabled.
+    ///   Note that you must provide compatible implementations of
+    ///   mbedtls_nv_seed_read and mbedtls_nv_seed_write.
+    /// * In a client-server integration of PSA Cryptography, on the client side,
+    ///   if the server supports this feature.
+    /// \param[in] seed          Buffer containing the seed value to inject.
+    /// \param[in] seed_size     Size of the \p seed buffer.
+    ///                          The size of the seed in bytes must be greater
+    ///                          or equal to both #MBEDTLS_ENTROPY_BLOCK_SIZE
+    ///                          and the value of \c MBEDTLS_ENTROPY_MIN_PLATFORM
+    ///                          in `library/entropy_poll.h` in the Mbed TLS source
+    ///                          code.
+    ///                          It must be less or equal to
+    ///                          #MBEDTLS_ENTROPY_MAX_SEED_SIZE.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         The seed value was injected successfully. The random generator
+    ///         of the PSA Crypto implementation is now ready for use.
+    ///         You may now call psa_crypto_init() and use the PSA Crypto
+    ///         implementation.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p seed_size is out of range.
+    /// \retval #PSA_ERROR_STORAGE_FAILURE
+    ///         There was a failure reading or writing from storage.
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The library has already been initialized. It is no longer
+    ///         possible to call this function.
+    pub fn mbedtls_psa_inject_entropy(seed: *const u8, seed_size: usize) -> psa_status_t;
+}
+extern "C" {
+    /// \brief Get domain parameters for a key.
+    ///
+    /// Get the domain parameters for a key with this function, if any. The format
+    /// of the domain parameters written to \p data is specified in the
+    /// documentation for psa_set_key_domain_parameters().
+    ///
+    /// \note This is an experimental extension to the interface. It may change
+    ///       in future versions of the library.
+    ///
+    /// \param[in] attributes        The key attribute structure to query.
+    /// \param[out] data             On success, the key domain parameters.
+    /// \param data_size             Size of the \p data buffer in bytes.
+    ///                              The buffer is guaranteed to be large
+    ///                              enough if its size in bytes is at least
+    ///                              the value given by
+    ///                              PSA_KEY_DOMAIN_PARAMETERS_SIZE().
+    /// \param[out] data_length      On success, the number of bytes
+    ///                              that make up the key domain parameters data.
+    ///
+    /// \retval #PSA_SUCCESS \emptydescription
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL \emptydescription
+    pub fn psa_get_key_domain_parameters(
+        attributes: *const psa_key_attributes_t,
+        data: *mut u8,
+        data_size: usize,
+        data_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Convert an ECC curve identifier from the PSA encoding to Mbed TLS.
+    ///
+    /// \note This function is provided solely for the convenience of
+    ///       Mbed TLS and may be removed at any time without notice.
+    ///
+    /// \param curve         A PSA elliptic curve identifier
+    ///                      (`PSA_ECC_FAMILY_xxx`).
+    /// \param bits          The bit-length of a private key on \p curve.
+    /// \param bits_is_sloppy If true, \p bits may be the bit-length rounded up
+    ///                      to the nearest multiple of 8. This allows the caller
+    ///                      to infer the exact curve from the length of a key
+    ///                      which is supplied as a byte string.
+    ///
+    /// \return              The corresponding Mbed TLS elliptic curve identifier
+    ///                      (`MBEDTLS_ECP_DP_xxx`).
+    /// \return              #MBEDTLS_ECP_DP_NONE if \c curve is not recognized.
+    /// \return              #MBEDTLS_ECP_DP_NONE if \p bits is not
+    ///                      correct for \p curve.
+    pub fn mbedtls_ecc_group_of_psa(
+        curve: psa_ecc_family_t,
+        bits: usize,
+        bits_is_sloppy: crate::c_types::c_int,
+    ) -> mbedtls_ecp_group_id;
+}
+extern "C" {
+    /// External random generator function, implemented by the platform.
+    ///
+    /// When the compile-time option #MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled,
+    /// this function replaces Mbed TLS's entropy and DRBG modules for all
+    /// random generation triggered via PSA crypto interfaces.
+    ///
+    /// \note This random generator must deliver random numbers with cryptographic
+    ///       quality and high performance. It must supply unpredictable numbers
+    ///       with a uniform distribution. The implementation of this function
+    ///       is responsible for ensuring that the random generator is seeded
+    ///       with sufficient entropy. If you have a hardware TRNG which is slow
+    ///       or delivers non-uniform output, declare it as an entropy source
+    ///       with mbedtls_entropy_add_source() instead of enabling this option.
+    ///
+    /// \param[in,out] context       Pointer to the random generator context.
+    ///                              This is all-bits-zero on the first call
+    ///                              and preserved between successive calls.
+    /// \param[out] output           Output buffer. On success, this buffer
+    ///                              contains random data with a uniform
+    ///                              distribution.
+    /// \param output_size           The size of the \p output buffer in bytes.
+    /// \param[out] output_length    On success, set this value to \p output_size.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success. The output buffer contains \p output_size bytes of
+    ///         cryptographic-quality random data, and \c *output_length is
+    ///         set to \p output_size.
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
+    ///         The random generator requires extra entropy and there is no
+    ///         way to obtain entropy under current environment conditions.
+    ///         This error should not happen under normal circumstances since
+    ///         this function is responsible for obtaining as much entropy as
+    ///         it needs. However implementations of this function may return
+    ///         #PSA_ERROR_INSUFFICIENT_ENTROPY if there is no way to obtain
+    ///         entropy without blocking indefinitely.
+    /// \retval #PSA_ERROR_HARDWARE_FAILURE
+    ///         A failure of the random generator hardware that isn't covered
+    ///         by #PSA_ERROR_INSUFFICIENT_ENTROPY.
+    pub fn mbedtls_psa_external_get_random(
+        context: *mut mbedtls_psa_external_random_context_t,
+        output: *mut u8,
+        output_size: usize,
+        output_length: *mut usize,
+    ) -> psa_status_t;
+}
+/// A slot number identifying a key in a driver.
+///
+/// Values of this type are used to identify built-in keys.
+pub type psa_drv_slot_number_t = u64;
+/// \brief Encoding of the application role of PAKE
+///
+/// Encodes the application's role in the algorithm is being executed. For more
+/// information see the documentation of individual \c PSA_PAKE_ROLE_XXX
+/// constants.
+pub type psa_pake_role_t = u8;
+/// Encoding of input and output indicators for PAKE.
+///
+/// Some PAKE algorithms need to exchange more data than just a single key share.
+/// This type is for encoding additional input and output data for such
+/// algorithms.
+pub type psa_pake_step_t = u8;
+/// Encoding of the type of the PAKE's primitive.
+///
+/// Values defined by this standard will never be in the range 0x80-0xff.
+/// Vendors who define additional types must use an encoding in this range.
+///
+/// For more information see the documentation of individual
+/// \c PSA_PAKE_PRIMITIVE_TYPE_XXX constants.
+pub type psa_pake_primitive_type_t = u8;
+/// \brief Encoding of the family of the primitive associated with the PAKE.
+///
+/// For more information see the documentation of individual
+/// \c PSA_PAKE_PRIMITIVE_TYPE_XXX constants.
+pub type psa_pake_family_t = u8;
+/// \brief Encoding of the primitive associated with the PAKE.
+///
+/// For more information see the documentation of the #PSA_PAKE_PRIMITIVE macro.
+pub type psa_pake_primitive_t = u32;
+/// The type of the data structure for PAKE cipher suites.
+///
+/// This is an implementation-defined \c struct. Applications should not
+/// make any assumptions about the content of this structure.
+/// Implementation details can change in future versions without notice.
+pub type psa_pake_cipher_suite_t = psa_pake_cipher_suite_s;
+/// The type of the state data structure for PAKE operations.
+///
+/// Before calling any function on a PAKE operation object, the application
+/// must initialize it by any of the following means:
+/// - Set the structure to all-bits-zero, for example:
+///   \code
+///   psa_pake_operation_t operation;
+///   memset(&operation, 0, sizeof(operation));
+///   \endcode
+/// - Initialize the structure to logical zero values, for example:
+///   \code
+///   psa_pake_operation_t operation = {0};
+///   \endcode
+/// - Initialize the structure to the initializer #PSA_PAKE_OPERATION_INIT,
+///   for example:
+///   \code
+///   psa_pake_operation_t operation = PSA_PAKE_OPERATION_INIT;
+///   \endcode
+/// - Assign the result of the function psa_pake_operation_init()
+///   to the structure, for example:
+///   \code
+///   psa_pake_operation_t operation;
+///   operation = psa_pake_operation_init();
+///   \endcode
+///
+/// This is an implementation-defined \c struct. Applications should not
+/// make any assumptions about the content of this structure.
+/// Implementation details can change in future versions without notice.
+pub type psa_pake_operation_t = psa_pake_operation_s;
+/// The type of input values for PAKE operations.
+pub type psa_crypto_driver_pake_inputs_t = psa_crypto_driver_pake_inputs_s;
+/// The type of computation stage for J-PAKE operations.
+pub type psa_jpake_computation_stage_t = psa_jpake_computation_stage_s;
+extern "C" {
+    /// Get the length of the password in bytes from given inputs.
+    ///
+    /// \param[in]  inputs           Operation inputs.
+    /// \param[out] password_len     Password length.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         Password hasn't been set yet.
+    pub fn psa_crypto_driver_pake_get_password_len(
+        inputs: *const psa_crypto_driver_pake_inputs_t,
+        password_len: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Get the password from given inputs.
+    ///
+    /// \param[in]  inputs           Operation inputs.
+    /// \param[out] buffer           Return buffer for password.
+    /// \param      buffer_size      Size of the return buffer in bytes.
+    /// \param[out] buffer_length    Actual size of the password in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         Password hasn't been set yet.
+    pub fn psa_crypto_driver_pake_get_password(
+        inputs: *const psa_crypto_driver_pake_inputs_t,
+        buffer: *mut u8,
+        buffer_size: usize,
+        buffer_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Get the role from given inputs.
+    ///
+    /// \param[in]  inputs           Operation inputs.
+    /// \param[out] role             Return buffer for role.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         Role hasn't been set yet.
+    pub fn psa_crypto_driver_pake_get_role(
+        inputs: *const psa_crypto_driver_pake_inputs_t,
+        role: *mut psa_pake_role_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Get the length of the user id in bytes from given inputs.
+    ///
+    /// \param[in]  inputs           Operation inputs.
+    /// \param[out] user_len         User id length.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         User id hasn't been set yet.
+    pub fn psa_crypto_driver_pake_get_user_len(
+        inputs: *const psa_crypto_driver_pake_inputs_t,
+        user_len: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Get the length of the peer id in bytes from given inputs.
+    ///
+    /// \param[in]  inputs           Operation inputs.
+    /// \param[out] peer_len         Peer id length.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         Peer id hasn't been set yet.
+    pub fn psa_crypto_driver_pake_get_peer_len(
+        inputs: *const psa_crypto_driver_pake_inputs_t,
+        peer_len: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Get the user id from given inputs.
+    ///
+    /// \param[in]  inputs           Operation inputs.
+    /// \param[out] user_id          User id.
+    /// \param      user_id_size     Size of \p user_id in bytes.
+    /// \param[out] user_id_len      Size of the user id in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         User id hasn't been set yet.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p user_id is too small.
+    pub fn psa_crypto_driver_pake_get_user(
+        inputs: *const psa_crypto_driver_pake_inputs_t,
+        user_id: *mut u8,
+        user_id_size: usize,
+        user_id_len: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Get the peer id from given inputs.
+    ///
+    /// \param[in]  inputs           Operation inputs.
+    /// \param[out] peer_id          Peer id.
+    /// \param      peer_id_size     Size of \p peer_id in bytes.
+    /// \param[out] peer_id_length   Size of the peer id in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         Peer id hasn't been set yet.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p peer_id is too small.
+    pub fn psa_crypto_driver_pake_get_peer(
+        inputs: *const psa_crypto_driver_pake_inputs_t,
+        peer_id: *mut u8,
+        peer_id_size: usize,
+        peer_id_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Get the cipher suite from given inputs.
+    ///
+    /// \param[in]  inputs           Operation inputs.
+    /// \param[out] cipher_suite     Return buffer for role.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         Cipher_suite hasn't been set yet.
+    pub fn psa_crypto_driver_pake_get_cipher_suite(
+        inputs: *const psa_crypto_driver_pake_inputs_t,
+        cipher_suite: *mut psa_pake_cipher_suite_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Set the session information for a password-authenticated key exchange.
+    ///
+    /// The sequence of operations to set up a password-authenticated key exchange
+    /// is as follows:
+    /// -# Allocate an operation object which will be passed to all the functions
+    ///    listed here.
+    /// -# Initialize the operation object with one of the methods described in the
+    ///    documentation for #psa_pake_operation_t, e.g.
+    ///    #PSA_PAKE_OPERATION_INIT.
+    /// -# Call psa_pake_setup() to specify the cipher suite.
+    /// -# Call \c psa_pake_set_xxx() functions on the operation to complete the
+    ///    setup. The exact sequence of \c psa_pake_set_xxx() functions that needs
+    ///    to be called depends on the algorithm in use.
+    ///
+    /// Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX`
+    /// values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true)
+    /// for more information.
+    ///
+    /// A typical sequence of calls to perform a password-authenticated key
+    /// exchange:
+    /// -# Call psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...) to get the
+    ///    key share that needs to be sent to the peer.
+    /// -# Call psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...) to provide
+    ///    the key share that was received from the peer.
+    /// -# Depending on the algorithm additional calls to psa_pake_output() and
+    ///    psa_pake_input() might be necessary.
+    /// -# Call psa_pake_get_implicit_key() for accessing the shared secret.
+    ///
+    /// Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX`
+    /// values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true)
+    /// for more information.
+    ///
+    /// If an error occurs at any step after a call to psa_pake_setup(),
+    /// the operation will need to be reset by a call to psa_pake_abort(). The
+    /// application may call psa_pake_abort() at any time after the operation
+    /// has been initialized.
+    ///
+    /// After a successful call to psa_pake_setup(), the application must
+    /// eventually terminate the operation. The following events terminate an
+    /// operation:
+    /// - A call to psa_pake_abort().
+    /// - A successful call to psa_pake_get_implicit_key().
+    ///
+    /// \param[in,out] operation     The operation object to set up. It must have
+    ///                              been initialized but not set up yet.
+    /// \param[in] cipher_suite      The cipher suite to use. (A cipher suite fully
+    ///                              characterizes a PAKE algorithm and determines
+    ///                              the algorithm as well.)
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The algorithm in \p cipher_suite is not a PAKE algorithm, or the
+    ///         PAKE primitive in \p cipher_suite is not compatible with the
+    ///         PAKE algorithm, or the hash algorithm in \p cipher_suite is invalid
+    ///         or not compatible with the PAKE algorithm and primitive.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         The algorithm in \p cipher_suite is not a supported PAKE algorithm,
+    ///         or the PAKE primitive in \p cipher_suite is not supported or not
+    ///         compatible with the PAKE algorithm, or the hash algorithm in
+    ///         \p cipher_suite is not supported or not compatible with the PAKE
+    ///         algorithm and primitive.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid, or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_pake_setup(
+        operation: *mut psa_pake_operation_t,
+        cipher_suite: *const psa_pake_cipher_suite_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Set the password for a password-authenticated key exchange from key ID.
+    ///
+    /// Call this function when the password, or a value derived from the password,
+    /// is already present in the key store.
+    ///
+    /// \param[in,out] operation     The operation object to set the password for. It
+    ///                              must have been set up by psa_pake_setup() and
+    ///                              not yet in use (neither psa_pake_output() nor
+    ///                              psa_pake_input() has been called yet). It must
+    ///                              be on operation for which the password hasn't
+    ///                              been set yet (psa_pake_set_password_key()
+    ///                              hasn't been called yet).
+    /// \param password              Identifier of the key holding the password or a
+    ///                              value derived from the password (eg. by a
+    ///                              memory-hard function).  It must remain valid
+    ///                              until the operation terminates. It must be of
+    ///                              type #PSA_KEY_TYPE_PASSWORD or
+    ///                              #PSA_KEY_TYPE_PASSWORD_HASH. It has to allow
+    ///                              the usage #PSA_KEY_USAGE_DERIVE.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_HANDLE
+    ///         \p password is not a valid key identifier.
+    /// \retval #PSA_ERROR_NOT_PERMITTED
+    ///         The key does not have the #PSA_KEY_USAGE_DERIVE flag, or it does not
+    ///         permit the \p operation's algorithm.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The key type for \p password is not #PSA_KEY_TYPE_PASSWORD or
+    ///         #PSA_KEY_TYPE_PASSWORD_HASH, or \p password is not compatible with
+    ///         the \p operation's cipher suite.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         The key type or key size of \p password is not supported with the
+    ///         \p operation's cipher suite.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must have been set up.), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_pake_set_password_key(
+        operation: *mut psa_pake_operation_t,
+        password: mbedtls_svc_key_id_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Set the user ID for a password-authenticated key exchange.
+    ///
+    /// Call this function to set the user ID. For PAKE algorithms that associate a
+    /// user identifier with each side of the session you need to call
+    /// psa_pake_set_peer() as well. For PAKE algorithms that associate a single
+    /// user identifier with the session, call psa_pake_set_user() only.
+    ///
+    /// Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX`
+    /// values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true)
+    /// for more information.
+    ///
+    /// \param[in,out] operation     The operation object to set the user ID for. It
+    ///                              must have been set up by psa_pake_setup() and
+    ///                              not yet in use (neither psa_pake_output() nor
+    ///                              psa_pake_input() has been called yet). It must
+    ///                              be on operation for which the user ID hasn't
+    ///                              been set (psa_pake_set_user() hasn't been
+    ///                              called yet).
+    /// \param[in] user_id           The user ID to authenticate with.
+    ///                              (temporary limitation: "client" or "server" only)
+    /// \param user_id_len           Size of the \p user_id buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p user_id is not valid for the \p operation's algorithm and cipher
+    ///         suite.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         The value of \p user_id is not supported by the implementation.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid, or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_pake_set_user(
+        operation: *mut psa_pake_operation_t,
+        user_id: *const u8,
+        user_id_len: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Set the peer ID for a password-authenticated key exchange.
+    ///
+    /// Call this function in addition to psa_pake_set_user() for PAKE algorithms
+    /// that associate a user identifier with each side of the session. For PAKE
+    /// algorithms that associate a single user identifier with the session, call
+    /// psa_pake_set_user() only.
+    ///
+    /// Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX`
+    /// values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true)
+    /// for more information.
+    ///
+    /// \param[in,out] operation     The operation object to set the peer ID for. It
+    ///                              must have been set up by psa_pake_setup() and
+    ///                              not yet in use (neither psa_pake_output() nor
+    ///                              psa_pake_input() has been called yet). It must
+    ///                              be on operation for which the peer ID hasn't
+    ///                              been set (psa_pake_set_peer() hasn't been
+    ///                              called yet).
+    /// \param[in] peer_id           The peer's ID to authenticate.
+    ///                              (temporary limitation: "client" or "server" only)
+    /// \param peer_id_len           Size of the \p peer_id buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p user_id is not valid for the \p operation's algorithm and cipher
+    ///         suite.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         The algorithm doesn't associate a second identity with the session.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         Calling psa_pake_set_peer() is invalid with the \p operation's
+    ///         algorithm, the operation state is not valid, or the library has not
+    ///         been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_pake_set_peer(
+        operation: *mut psa_pake_operation_t,
+        peer_id: *const u8,
+        peer_id_len: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Set the application role for a password-authenticated key exchange.
+    ///
+    /// Not all PAKE algorithms need to differentiate the communicating entities.
+    /// It is optional to call this function for PAKEs that don't require a role
+    /// to be specified. For such PAKEs the application role parameter is ignored,
+    /// or #PSA_PAKE_ROLE_NONE can be passed as \c role.
+    ///
+    /// Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX`
+    /// values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true)
+    /// for more information.
+    ///
+    /// \param[in,out] operation     The operation object to specify the
+    ///                              application's role for. It must have been set up
+    ///                              by psa_pake_setup() and not yet in use (neither
+    ///                              psa_pake_output() nor psa_pake_input() has been
+    ///                              called yet). It must be on operation for which
+    ///                              the application's role hasn't been specified
+    ///                              (psa_pake_set_role() hasn't been called yet).
+    /// \param role                  A value of type ::psa_pake_role_t indicating the
+    ///                              application's role in the PAKE the algorithm
+    ///                              that is being set up. For more information see
+    ///                              the documentation of \c PSA_PAKE_ROLE_XXX
+    ///                              constants.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         The \p role is not a valid PAKE role in the \p operation’s algorithm.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         The \p role for this algorithm is not supported or is not valid.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid, or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_pake_set_role(
+        operation: *mut psa_pake_operation_t,
+        role: psa_pake_role_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Get output for a step of a password-authenticated key exchange.
+    ///
+    /// Depending on the algorithm being executed, you might need to call this
+    /// function several times or you might not need to call this at all.
+    ///
+    /// The exact sequence of calls to perform a password-authenticated key
+    /// exchange depends on the algorithm in use.  Refer to the documentation of
+    /// individual PAKE algorithm types (`PSA_ALG_XXX` values of type
+    /// ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more
+    /// information.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_pake_abort().
+    ///
+    /// \param[in,out] operation    Active PAKE operation.
+    /// \param step                 The step of the algorithm for which the output is
+    ///                             requested.
+    /// \param[out] output          Buffer where the output is to be written in the
+    ///                             format appropriate for this \p step. Refer to
+    ///                             the documentation of the individual
+    ///                             \c PSA_PAKE_STEP_XXX constants for more
+    ///                             information.
+    /// \param output_size          Size of the \p output buffer in bytes. This must
+    ///                             be at least #PSA_PAKE_OUTPUT_SIZE(\p alg, \p
+    ///                             primitive, \p step) where \p alg and
+    ///                             \p primitive are the PAKE algorithm and primitive
+    ///                             in the operation's cipher suite, and \p step is
+    ///                             the output step.
+    ///
+    /// \param[out] output_length   On success, the number of bytes of the returned
+    ///                             output.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_BUFFER_TOO_SMALL
+    ///         The size of the \p output buffer is too small.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p step is not compatible with the operation's algorithm.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p step is not supported with the operation's algorithm.
+    /// \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active, and fully set
+    ///         up, and this call must conform to the algorithm's requirements
+    ///         for ordering of input and output steps), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_pake_output(
+        operation: *mut psa_pake_operation_t,
+        step: psa_pake_step_t,
+        output: *mut u8,
+        output_size: usize,
+        output_length: *mut usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Provide input for a step of a password-authenticated key exchange.
+    ///
+    /// Depending on the algorithm being executed, you might need to call this
+    /// function several times or you might not need to call this at all.
+    ///
+    /// The exact sequence of calls to perform a password-authenticated key
+    /// exchange depends on the algorithm in use.  Refer to the documentation of
+    /// individual PAKE algorithm types (`PSA_ALG_XXX` values of type
+    /// ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more
+    /// information.
+    ///
+    /// If this function returns an error status, the operation enters an error
+    /// state and must be aborted by calling psa_pake_abort().
+    ///
+    /// \param[in,out] operation    Active PAKE operation.
+    /// \param step                 The step for which the input is provided.
+    /// \param[in] input            Buffer containing the input in the format
+    ///                             appropriate for this \p step. Refer to the
+    ///                             documentation of the individual
+    ///                             \c PSA_PAKE_STEP_XXX constants for more
+    ///                             information.
+    /// \param input_length         Size of the \p input buffer in bytes.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_SIGNATURE
+    ///         The verification fails for a #PSA_PAKE_STEP_ZK_PROOF input step.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         \p is not compatible with the \p operation’s algorithm, or the
+    ///         \p input is not valid for the \p operation's algorithm, cipher suite
+    ///         or \p step.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         \p step p is not supported with the \p operation's algorithm, or the
+    ///         \p input is not supported for the \p operation's algorithm, cipher
+    ///         suite or \p step.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The operation state is not valid (it must be active, and fully set
+    ///         up, and this call must conform to the algorithm's requirements
+    ///         for ordering of input and output steps), or
+    ///         the library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_pake_input(
+        operation: *mut psa_pake_operation_t,
+        step: psa_pake_step_t,
+        input: *const u8,
+        input_length: usize,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Get implicitly confirmed shared secret from a PAKE.
+    ///
+    /// At this point there is a cryptographic guarantee that only the authenticated
+    /// party who used the same password is able to compute the key. But there is no
+    /// guarantee that the peer is the party it claims to be and was able to do so.
+    ///
+    /// That is, the authentication is only implicit. Since the peer is not
+    /// authenticated yet, no action should be taken yet that assumes that the peer
+    /// is who it claims to be. For example, do not access restricted files on the
+    /// peer's behalf until an explicit authentication has succeeded.
+    ///
+    /// This function can be called after the key exchange phase of the operation
+    /// has completed. It imports the shared secret output of the PAKE into the
+    /// provided derivation operation. The input step
+    /// #PSA_KEY_DERIVATION_INPUT_SECRET is used when placing the shared key
+    /// material in the key derivation operation.
+    ///
+    /// The exact sequence of calls to perform a password-authenticated key
+    /// exchange depends on the algorithm in use.  Refer to the documentation of
+    /// individual PAKE algorithm types (`PSA_ALG_XXX` values of type
+    /// ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more
+    /// information.
+    ///
+    /// When this function returns successfully, \p operation becomes inactive.
+    /// If this function returns an error status, both \p operation
+    /// and \p key_derivation operations enter an error state and must be aborted by
+    /// calling psa_pake_abort() and psa_key_derivation_abort() respectively.
+    ///
+    /// \param[in,out] operation    Active PAKE operation.
+    /// \param[out] output          A key derivation operation that is ready
+    ///                             for an input step of type
+    ///                             #PSA_KEY_DERIVATION_INPUT_SECRET.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_INVALID_ARGUMENT
+    ///         #PSA_KEY_DERIVATION_INPUT_SECRET is not compatible with the
+    ///         algorithm in the \p output key derivation operation.
+    /// \retval #PSA_ERROR_NOT_SUPPORTED
+    ///         Input from a PAKE is not supported by the algorithm in the \p output
+    ///         key derivation operation.
+    /// \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+    /// \retval #PSA_ERROR_DATA_INVALID \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The PAKE operation state is not valid (it must be active, but beyond
+    ///         that validity is specific to the algorithm), or
+    ///         the library has not been previously initialized by psa_crypto_init(),
+    ///         or the state of \p output is not valid for
+    ///         the #PSA_KEY_DERIVATION_INPUT_SECRET step. This can happen if the
+    ///         step is out of order or the application has done this step already
+    ///         and it may not be repeated.
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_pake_get_implicit_key(
+        operation: *mut psa_pake_operation_t,
+        output: *mut psa_key_derivation_operation_t,
+    ) -> psa_status_t;
+}
+extern "C" {
+    /// Abort a PAKE operation.
+    ///
+    /// Aborting an operation frees all associated resources except for the \c
+    /// operation structure itself. Once aborted, the operation object can be reused
+    /// for another operation by calling psa_pake_setup() again.
+    ///
+    /// This function may be called at any time after the operation
+    /// object has been initialized as described in #psa_pake_operation_t.
+    ///
+    /// In particular, calling psa_pake_abort() after the operation has been
+    /// terminated by a call to psa_pake_abort() or psa_pake_get_implicit_key()
+    /// is safe and has no effect.
+    ///
+    /// \param[in,out] operation    The operation to abort.
+    ///
+    /// \retval #PSA_SUCCESS
+    ///         Success.
+    /// \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+    /// \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+    /// \retval #PSA_ERROR_BAD_STATE
+    ///         The library has not been previously initialized by psa_crypto_init().
+    ///         It is implementation-dependent whether a failure to initialize
+    ///         results in this error code.
+    pub fn psa_pake_abort(operation: *mut psa_pake_operation_t) -> psa_status_t;
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_pake_cipher_suite_s {
+    pub algorithm: psa_algorithm_t,
+    pub type_: psa_pake_primitive_type_t,
+    pub family: psa_pake_family_t,
+    pub bits: u16,
+    pub hash: psa_algorithm_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_crypto_driver_pake_inputs_s {
+    pub private_password: *mut u8,
+    pub private_password_len: usize,
+    pub private_role: psa_pake_role_t,
+    pub private_user: *mut u8,
+    pub private_user_len: usize,
+    pub private_peer: *mut u8,
+    pub private_peer_len: usize,
+    pub private_attributes: psa_key_attributes_t,
+    pub private_cipher_suite: psa_pake_cipher_suite_t,
+}
+pub const psa_jpake_step_PSA_PAKE_STEP_INVALID: psa_jpake_step = 0;
+pub const psa_jpake_step_PSA_PAKE_STEP_X1_X2: psa_jpake_step = 1;
+pub const psa_jpake_step_PSA_PAKE_STEP_X2S: psa_jpake_step = 2;
+pub const psa_jpake_step_PSA_PAKE_STEP_DERIVE: psa_jpake_step = 3;
+pub type psa_jpake_step = crate::c_types::c_uint;
+pub use self::psa_jpake_step as psa_jpake_step_t;
+pub const psa_jpake_state_PSA_PAKE_STATE_INVALID: psa_jpake_state = 0;
+pub const psa_jpake_state_PSA_PAKE_STATE_SETUP: psa_jpake_state = 1;
+pub const psa_jpake_state_PSA_PAKE_STATE_READY: psa_jpake_state = 2;
+pub const psa_jpake_state_PSA_PAKE_OUTPUT_X1_X2: psa_jpake_state = 3;
+pub const psa_jpake_state_PSA_PAKE_OUTPUT_X2S: psa_jpake_state = 4;
+pub const psa_jpake_state_PSA_PAKE_INPUT_X1_X2: psa_jpake_state = 5;
+pub const psa_jpake_state_PSA_PAKE_INPUT_X4S: psa_jpake_state = 6;
+pub type psa_jpake_state = crate::c_types::c_uint;
+pub use self::psa_jpake_state as psa_jpake_state_t;
+pub const psa_jpake_sequence_PSA_PAKE_SEQ_INVALID: psa_jpake_sequence = 0;
+pub const psa_jpake_sequence_PSA_PAKE_X1_STEP_KEY_SHARE: psa_jpake_sequence = 1;
+pub const psa_jpake_sequence_PSA_PAKE_X1_STEP_ZK_PUBLIC: psa_jpake_sequence = 2;
+pub const psa_jpake_sequence_PSA_PAKE_X1_STEP_ZK_PROOF: psa_jpake_sequence = 3;
+pub const psa_jpake_sequence_PSA_PAKE_X2_STEP_KEY_SHARE: psa_jpake_sequence = 4;
+pub const psa_jpake_sequence_PSA_PAKE_X2_STEP_ZK_PUBLIC: psa_jpake_sequence = 5;
+pub const psa_jpake_sequence_PSA_PAKE_X2_STEP_ZK_PROOF: psa_jpake_sequence = 6;
+pub const psa_jpake_sequence_PSA_PAKE_SEQ_END: psa_jpake_sequence = 7;
+pub type psa_jpake_sequence = crate::c_types::c_uint;
+pub use self::psa_jpake_sequence as psa_jpake_sequence_t;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_STEP_INVALID: psa_crypto_driver_pake_step = 0;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X1_STEP_KEY_SHARE: psa_crypto_driver_pake_step = 1;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X1_STEP_ZK_PUBLIC: psa_crypto_driver_pake_step = 2;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X1_STEP_ZK_PROOF: psa_crypto_driver_pake_step = 3;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X2_STEP_KEY_SHARE: psa_crypto_driver_pake_step = 4;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X2_STEP_ZK_PUBLIC: psa_crypto_driver_pake_step = 5;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X2_STEP_ZK_PROOF: psa_crypto_driver_pake_step = 6;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X2S_STEP_KEY_SHARE: psa_crypto_driver_pake_step = 7;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X2S_STEP_ZK_PUBLIC: psa_crypto_driver_pake_step = 8;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X2S_STEP_ZK_PROOF: psa_crypto_driver_pake_step = 9;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X4S_STEP_KEY_SHARE: psa_crypto_driver_pake_step =
+    10;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X4S_STEP_ZK_PUBLIC: psa_crypto_driver_pake_step =
+    11;
+pub const psa_crypto_driver_pake_step_PSA_JPAKE_X4S_STEP_ZK_PROOF: psa_crypto_driver_pake_step = 12;
+pub type psa_crypto_driver_pake_step = crate::c_types::c_uint;
+pub use self::psa_crypto_driver_pake_step as psa_crypto_driver_pake_step_t;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_jpake_computation_stage_s {
+    pub private_state: psa_jpake_state_t,
+    pub private_sequence: psa_jpake_sequence_t,
+    pub private_input_step: psa_jpake_step_t,
+    pub private_output_step: psa_jpake_step_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct psa_pake_operation_s {
+    pub private_id: crate::c_types::c_uint,
+    pub private_alg: psa_algorithm_t,
+    pub private_stage: u8,
+    pub private_computation_stage: psa_pake_operation_s__bindgen_ty_1,
+    pub private_data: psa_pake_operation_s__bindgen_ty_2,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union psa_pake_operation_s__bindgen_ty_1 {
+    pub private_dummy: u8,
+    pub private_jpake: psa_jpake_computation_stage_t,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union psa_pake_operation_s__bindgen_ty_2 {
+    pub private_ctx: psa_driver_pake_context_t,
+    pub private_inputs: psa_crypto_driver_pake_inputs_t,
+}
+/// Type-length-value structure that allows for ASN1 using DER.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_asn1_buf {
+    ///< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING.
+    pub tag: crate::c_types::c_int,
+    ///< ASN1 length, in octets.
+    pub len: usize,
+    ///< ASN1 data, e.g. in ASCII.
+    pub p: *mut crate::c_types::c_uchar,
+}
+/// Container for ASN1 bit strings.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_asn1_bitstring {
+    ///< ASN1 length, in octets.
+    pub len: usize,
+    ///< Number of unused bits at the end of the string
+    pub unused_bits: crate::c_types::c_uchar,
+    ///< Raw ASN1 data for the bit string
+    pub p: *mut crate::c_types::c_uchar,
+}
+/// Container for a sequence of ASN.1 items
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_asn1_sequence {
+    ///< Buffer containing the given ASN.1 item.
+    pub buf: mbedtls_asn1_buf,
+    /// The next entry in the sequence.
+    ///
+    /// The details of memory management for sequences are not documented and
+    /// may change in future versions. Set this field to \p NULL when
+    /// initializing a structure, and do not modify it except via Mbed TLS
+    /// library functions.
+    pub next: *mut mbedtls_asn1_sequence,
+}
+/// Container for a sequence or list of 'named' ASN.1 data items
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_asn1_named_data {
+    ///< The object identifier.
+    pub oid: mbedtls_asn1_buf,
+    ///< The named value.
+    pub val: mbedtls_asn1_buf,
+    /// The next entry in the sequence.
+    ///
+    /// The details of memory management for named data sequences are not
+    /// documented and may change in future versions. Set this field to \p NULL
+    /// when initializing a structure, and do not modify it except via Mbed TLS
+    /// library functions.
+    pub next: *mut mbedtls_asn1_named_data,
+    pub private_next_merged: crate::c_types::c_uchar,
+}
+extern "C" {
+    /// \brief       Get the length of an ASN.1 element.
+    ///              Updates the pointer to immediately behind the length.
+    ///
+    /// \param p     On entry, \c *p points to the first byte of the length,
+    ///              i.e. immediately after the tag.
+    ///              On successful completion, \c *p points to the first byte
+    ///              after the length, i.e. the first byte of the content.
+    ///              On error, the value of \c *p is undefined.
+    /// \param end   End of data.
+    /// \param len   On successful completion, \c *len contains the length
+    ///              read from the ASN.1 input.
+    ///
+    /// \return      0 if successful.
+    /// \return      #MBEDTLS_ERR_ASN1_OUT_OF_DATA if the ASN.1 element
+    ///              would end beyond \p end.
+    /// \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparsable.
+    pub fn mbedtls_asn1_get_len(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        len: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       Get the tag and length of the element.
+    ///              Check for the requested tag.
+    ///              Updates the pointer to immediately behind the tag and length.
+    ///
+    /// \param p     On entry, \c *p points to the start of the ASN.1 element.
+    ///              On successful completion, \c *p points to the first byte
+    ///              after the length, i.e. the first byte of the content.
+    ///              On error, the value of \c *p is undefined.
+    /// \param end   End of data.
+    /// \param len   On successful completion, \c *len contains the length
+    ///              read from the ASN.1 input.
+    /// \param tag   The expected tag.
+    ///
+    /// \return      0 if successful.
+    /// \return      #MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if the data does not start
+    ///              with the requested tag.
+    /// \return      #MBEDTLS_ERR_ASN1_OUT_OF_DATA if the ASN.1 element
+    ///              would end beyond \p end.
+    /// \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparsable.
+    pub fn mbedtls_asn1_get_tag(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        len: *mut usize,
+        tag: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       Retrieve a boolean ASN.1 tag and its value.
+    ///              Updates the pointer to immediately behind the full tag.
+    ///
+    /// \param p     On entry, \c *p points to the start of the ASN.1 element.
+    ///              On successful completion, \c *p points to the first byte
+    ///              beyond the ASN.1 element.
+    ///              On error, the value of \c *p is undefined.
+    /// \param end   End of data.
+    /// \param val   On success, the parsed value (\c 0 or \c 1).
+    ///
+    /// \return      0 if successful.
+    /// \return      An ASN.1 error code if the input does not start with
+    ///              a valid ASN.1 BOOLEAN.
+    pub fn mbedtls_asn1_get_bool(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        val: *mut crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       Retrieve an integer ASN.1 tag and its value.
+    ///              Updates the pointer to immediately behind the full tag.
+    ///
+    /// \param p     On entry, \c *p points to the start of the ASN.1 element.
+    ///              On successful completion, \c *p points to the first byte
+    ///              beyond the ASN.1 element.
+    ///              On error, the value of \c *p is undefined.
+    /// \param end   End of data.
+    /// \param val   On success, the parsed value.
+    ///
+    /// \return      0 if successful.
+    /// \return      An ASN.1 error code if the input does not start with
+    ///              a valid ASN.1 INTEGER.
+    /// \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does
+    ///              not fit in an \c int.
+    pub fn mbedtls_asn1_get_int(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        val: *mut crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       Retrieve an enumerated ASN.1 tag and its value.
+    ///              Updates the pointer to immediately behind the full tag.
+    ///
+    /// \param p     On entry, \c *p points to the start of the ASN.1 element.
+    ///              On successful completion, \c *p points to the first byte
+    ///              beyond the ASN.1 element.
+    ///              On error, the value of \c *p is undefined.
+    /// \param end   End of data.
+    /// \param val   On success, the parsed value.
+    ///
+    /// \return      0 if successful.
+    /// \return      An ASN.1 error code if the input does not start with
+    ///              a valid ASN.1 ENUMERATED.
+    /// \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does
+    ///              not fit in an \c int.
+    pub fn mbedtls_asn1_get_enum(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        val: *mut crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       Retrieve a bitstring ASN.1 tag and its value.
+    ///              Updates the pointer to immediately behind the full tag.
+    ///
+    /// \param p     On entry, \c *p points to the start of the ASN.1 element.
+    ///              On successful completion, \c *p is equal to \p end.
+    ///              On error, the value of \c *p is undefined.
+    /// \param end   End of data.
+    /// \param bs    On success, ::mbedtls_asn1_bitstring information about
+    ///              the parsed value.
+    ///
+    /// \return      0 if successful.
+    /// \return      #MBEDTLS_ERR_ASN1_LENGTH_MISMATCH if the input contains
+    ///              extra data after a valid BIT STRING.
+    /// \return      An ASN.1 error code if the input does not start with
+    ///              a valid ASN.1 BIT STRING.
+    pub fn mbedtls_asn1_get_bitstring(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        bs: *mut mbedtls_asn1_bitstring,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       Retrieve a bitstring ASN.1 tag without unused bits and its
+    ///              value.
+    ///              Updates the pointer to the beginning of the bit/octet string.
+    ///
+    /// \param p     On entry, \c *p points to the start of the ASN.1 element.
+    ///              On successful completion, \c *p points to the first byte
+    ///              of the content of the BIT STRING.
+    ///              On error, the value of \c *p is undefined.
+    /// \param end   End of data.
+    /// \param len   On success, \c *len is the length of the content in bytes.
+    ///
+    /// \return      0 if successful.
+    /// \return      #MBEDTLS_ERR_ASN1_INVALID_DATA if the input starts with
+    ///              a valid BIT STRING with a nonzero number of unused bits.
+    /// \return      An ASN.1 error code if the input does not start with
+    ///              a valid ASN.1 BIT STRING.
+    pub fn mbedtls_asn1_get_bitstring_null(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        len: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       Parses and splits an ASN.1 "SEQUENCE OF <tag>".
+    ///              Updates the pointer to immediately behind the full sequence tag.
+    ///
+    /// This function allocates memory for the sequence elements. You can free
+    /// the allocated memory with mbedtls_asn1_sequence_free().
+    ///
+    /// \note        On error, this function may return a partial list in \p cur.
+    ///              You must set `cur->next = NULL` before calling this function!
+    ///              Otherwise it is impossible to distinguish a previously non-null
+    ///              pointer from a pointer to an object allocated by this function.
+    ///
+    /// \note        If the sequence is empty, this function does not modify
+    ///              \c *cur. If the sequence is valid and non-empty, this
+    ///              function sets `cur->buf.tag` to \p tag. This allows
+    ///              callers to distinguish between an empty sequence and
+    ///              a one-element sequence.
+    ///
+    /// \param p     On entry, \c *p points to the start of the ASN.1 element.
+    ///              On successful completion, \c *p is equal to \p end.
+    ///              On error, the value of \c *p is undefined.
+    /// \param end   End of data.
+    /// \param cur   A ::mbedtls_asn1_sequence which this function fills.
+    ///              When this function returns, \c *cur is the head of a linked
+    ///              list. Each node in this list is allocated with
+    ///              mbedtls_calloc() apart from \p cur itself, and should
+    ///              therefore be freed with mbedtls_free().
+    ///              The list describes the content of the sequence.
+    ///              The head of the list (i.e. \c *cur itself) describes the
+    ///              first element, `*cur->next` describes the second element, etc.
+    ///              For each element, `buf.tag == tag`, `buf.len` is the length
+    ///              of the content of the content of the element, and `buf.p`
+    ///              points to the first byte of the content (i.e. immediately
+    ///              past the length of the element).
+    ///              Note that list elements may be allocated even on error.
+    /// \param tag   Each element of the sequence must have this tag.
+    ///
+    /// \return      0 if successful.
+    /// \return      #MBEDTLS_ERR_ASN1_LENGTH_MISMATCH if the input contains
+    ///              extra data after a valid SEQUENCE OF \p tag.
+    /// \return      #MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if the input starts with
+    ///              an ASN.1 SEQUENCE in which an element has a tag that
+    ///              is different from \p tag.
+    /// \return      #MBEDTLS_ERR_ASN1_ALLOC_FAILED if a memory allocation failed.
+    /// \return      An ASN.1 error code if the input does not start with
+    ///              a valid ASN.1 SEQUENCE.
+    pub fn mbedtls_asn1_get_sequence_of(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        cur: *mut mbedtls_asn1_sequence,
+        tag: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Free a heap-allocated linked list presentation of
+    ///                 an ASN.1 sequence, including the first element.
+    ///
+    /// There are two common ways to manage the memory used for the representation
+    /// of a parsed ASN.1 sequence:
+    /// - Allocate a head node `mbedtls_asn1_sequence *head` with mbedtls_calloc().
+    ///   Pass this node as the `cur` argument to mbedtls_asn1_get_sequence_of().
+    ///   When you have finished processing the sequence,
+    ///   call mbedtls_asn1_sequence_free() on `head`.
+    /// - Allocate a head node `mbedtls_asn1_sequence *head` in any manner,
+    ///   for example on the stack. Make sure that `head->next == NULL`.
+    ///   Pass `head` as the `cur` argument to mbedtls_asn1_get_sequence_of().
+    ///   When you have finished processing the sequence,
+    ///   call mbedtls_asn1_sequence_free() on `head->cur`,
+    ///   then free `head` itself in the appropriate manner.
+    ///
+    /// \param seq      The address of the first sequence component. This may
+    ///                 be \c NULL, in which case this functions returns
+    ///                 immediately.
+    pub fn mbedtls_asn1_sequence_free(seq: *mut mbedtls_asn1_sequence);
+}
+extern "C" {
+    /// \brief                Traverse an ASN.1 SEQUENCE container and
+    ///                       call a callback for each entry.
+    ///
+    /// This function checks that the input is a SEQUENCE of elements that
+    /// each have a "must" tag, and calls a callback function on the elements
+    /// that have a "may" tag.
+    ///
+    /// For example, to validate that the input is a SEQUENCE of `tag1` and call
+    /// `cb` on each element, use
+    /// ```
+    /// mbedtls_asn1_traverse_sequence_of(&p, end, 0xff, tag1, 0, 0, cb, ctx);
+    /// ```
+    ///
+    /// To validate that the input is a SEQUENCE of ANY and call `cb` on
+    /// each element, use
+    /// ```
+    /// mbedtls_asn1_traverse_sequence_of(&p, end, 0, 0, 0, 0, cb, ctx);
+    /// ```
+    ///
+    /// To validate that the input is a SEQUENCE of CHOICE {NULL, OCTET STRING}
+    /// and call `cb` on each element that is an OCTET STRING, use
+    /// ```
+    /// mbedtls_asn1_traverse_sequence_of(&p, end, 0xfe, 0x04, 0xff, 0x04, cb, ctx);
+    /// ```
+    ///
+    /// The callback is called on the elements with a "may" tag from left to
+    /// right. If the input is not a valid SEQUENCE of elements with a "must" tag,
+    /// the callback is called on the elements up to the leftmost point where
+    /// the input is invalid.
+    ///
+    /// \warning              This function is still experimental and may change
+    ///                       at any time.
+    ///
+    /// \param p              The address of the pointer to the beginning of
+    ///                       the ASN.1 SEQUENCE header. This is updated to
+    ///                       point to the end of the ASN.1 SEQUENCE container
+    ///                       on a successful invocation.
+    /// \param end            The end of the ASN.1 SEQUENCE container.
+    /// \param tag_must_mask  A mask to be applied to the ASN.1 tags found within
+    ///                       the SEQUENCE before comparing to \p tag_must_value.
+    /// \param tag_must_val   The required value of each ASN.1 tag found in the
+    ///                       SEQUENCE, after masking with \p tag_must_mask.
+    ///                       Mismatching tags lead to an error.
+    ///                       For example, a value of \c 0 for both \p tag_must_mask
+    ///                       and \p tag_must_val means that every tag is allowed,
+    ///                       while a value of \c 0xFF for \p tag_must_mask means
+    ///                       that \p tag_must_val is the only allowed tag.
+    /// \param tag_may_mask   A mask to be applied to the ASN.1 tags found within
+    ///                       the SEQUENCE before comparing to \p tag_may_value.
+    /// \param tag_may_val    The desired value of each ASN.1 tag found in the
+    ///                       SEQUENCE, after masking with \p tag_may_mask.
+    ///                       Mismatching tags will be silently ignored.
+    ///                       For example, a value of \c 0 for \p tag_may_mask and
+    ///                       \p tag_may_val means that any tag will be considered,
+    ///                       while a value of \c 0xFF for \p tag_may_mask means
+    ///                       that all tags with value different from \p tag_may_val
+    ///                       will be ignored.
+    /// \param cb             The callback to trigger for each component
+    ///                       in the ASN.1 SEQUENCE that matches \p tag_may_val.
+    ///                       The callback function is called with the following
+    ///                       parameters:
+    ///                       - \p ctx.
+    ///                       - The tag of the current element.
+    ///                       - A pointer to the start of the current element's
+    ///                         content inside the input.
+    ///                       - The length of the content of the current element.
+    ///                       If the callback returns a non-zero value,
+    ///                       the function stops immediately,
+    ///                       forwarding the callback's return value.
+    /// \param ctx            The context to be passed to the callback \p cb.
+    ///
+    /// \return               \c 0 if successful the entire ASN.1 SEQUENCE
+    ///                       was traversed without parsing or callback errors.
+    /// \return               #MBEDTLS_ERR_ASN1_LENGTH_MISMATCH if the input
+    ///                       contains extra data after a valid SEQUENCE
+    ///                       of elements with an accepted tag.
+    /// \return               #MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if the input starts
+    ///                       with an ASN.1 SEQUENCE in which an element has a tag
+    ///                       that is not accepted.
+    /// \return               An ASN.1 error code if the input does not start with
+    ///                       a valid ASN.1 SEQUENCE.
+    /// \return               A non-zero error code forwarded from the callback
+    ///                       \p cb in case the latter returns a non-zero value.
+    pub fn mbedtls_asn1_traverse_sequence_of(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        tag_must_mask: crate::c_types::c_uchar,
+        tag_must_val: crate::c_types::c_uchar,
+        tag_may_mask: crate::c_types::c_uchar,
+        tag_may_val: crate::c_types::c_uchar,
+        cb: ::core::option::Option<
+            unsafe extern "C" fn(
+                ctx: *mut crate::c_types::c_void,
+                tag: crate::c_types::c_int,
+                start: *mut crate::c_types::c_uchar,
+                len: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        ctx: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       Retrieve an integer ASN.1 tag and its value.
+    ///              Updates the pointer to immediately behind the full tag.
+    ///
+    /// \param p     On entry, \c *p points to the start of the ASN.1 element.
+    ///              On successful completion, \c *p points to the first byte
+    ///              beyond the ASN.1 element.
+    ///              On error, the value of \c *p is undefined.
+    /// \param end   End of data.
+    /// \param X     On success, the parsed value.
+    ///
+    /// \return      0 if successful.
+    /// \return      An ASN.1 error code if the input does not start with
+    ///              a valid ASN.1 INTEGER.
+    /// \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does
+    ///              not fit in an \c int.
+    /// \return      An MPI error code if the parsed value is too large.
+    pub fn mbedtls_asn1_get_mpi(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        X: *mut mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       Retrieve an AlgorithmIdentifier ASN.1 sequence.
+    ///              Updates the pointer to immediately behind the full
+    ///              AlgorithmIdentifier.
+    ///
+    /// \param p     On entry, \c *p points to the start of the ASN.1 element.
+    ///              On successful completion, \c *p points to the first byte
+    ///              beyond the AlgorithmIdentifier element.
+    ///              On error, the value of \c *p is undefined.
+    /// \param end   End of data.
+    /// \param alg   The buffer to receive the OID.
+    /// \param params The buffer to receive the parameters.
+    ///              This is zeroized if there are no parameters.
+    ///
+    /// \return      0 if successful or a specific ASN.1 or MPI error code.
+    pub fn mbedtls_asn1_get_alg(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        alg: *mut mbedtls_asn1_buf,
+        params: *mut mbedtls_asn1_buf,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       Retrieve an AlgorithmIdentifier ASN.1 sequence with NULL or no
+    ///              params.
+    ///              Updates the pointer to immediately behind the full
+    ///              AlgorithmIdentifier.
+    ///
+    /// \param p     On entry, \c *p points to the start of the ASN.1 element.
+    ///              On successful completion, \c *p points to the first byte
+    ///              beyond the AlgorithmIdentifier element.
+    ///              On error, the value of \c *p is undefined.
+    /// \param end   End of data.
+    /// \param alg   The buffer to receive the OID.
+    ///
+    /// \return      0 if successful or a specific ASN.1 or MPI error code.
+    pub fn mbedtls_asn1_get_alg_null(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        alg: *mut mbedtls_asn1_buf,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       Find a specific named_data entry in a sequence or list based on
+    ///              the OID.
+    ///
+    /// \param list  The list to seek through
+    /// \param oid   The OID to look for
+    /// \param len   Size of the OID
+    ///
+    /// \return      NULL if not found, or a pointer to the existing entry.
+    pub fn mbedtls_asn1_find_named_data(
+        list: *const mbedtls_asn1_named_data,
+        oid: *const crate::c_types::c_char,
+        len: usize,
+    ) -> *const mbedtls_asn1_named_data;
+}
+extern "C" {
+    /// \brief       Free a mbedtls_asn1_named_data entry
+    ///
+    /// \deprecated  This function is deprecated and will be removed in a
+    ///              future version of the library.
+    ///              Please use mbedtls_asn1_free_named_data_list()
+    ///              or mbedtls_asn1_free_named_data_list_shallow().
+    ///
+    /// \param entry The named data entry to free.
+    ///              This function calls mbedtls_free() on
+    ///              `entry->oid.p` and `entry->val.p`.
+    pub fn mbedtls_asn1_free_named_data(entry: *mut mbedtls_asn1_named_data);
+}
+extern "C" {
+    /// \brief       Free all entries in a mbedtls_asn1_named_data list.
+    ///
+    /// \param head  Pointer to the head of the list of named data entries to free.
+    ///              This function calls mbedtls_free() on
+    ///              `entry->oid.p` and `entry->val.p` and then on `entry`
+    ///              for each list entry, and sets \c *head to \c NULL.
+    pub fn mbedtls_asn1_free_named_data_list(head: *mut *mut mbedtls_asn1_named_data);
+}
+extern "C" {
+    /// \brief       Free all shallow entries in a mbedtls_asn1_named_data list,
+    ///              but do not free internal pointer targets.
+    ///
+    /// \param name  Head of the list of named data entries to free.
+    ///              This function calls mbedtls_free() on each list element.
+    pub fn mbedtls_asn1_free_named_data_list_shallow(name: *mut mbedtls_asn1_named_data);
+}
+/// Type-length-value structure that allows for ASN1 using DER.
+pub type mbedtls_x509_buf = mbedtls_asn1_buf;
+/// Container for ASN1 bit strings.
+pub type mbedtls_x509_bitstring = mbedtls_asn1_bitstring;
+/// Container for ASN1 named information objects.
+/// It allows for Relative Distinguished Names (e.g. cn=localhost,ou=code,etc.).
+pub type mbedtls_x509_name = mbedtls_asn1_named_data;
+/// Container for a sequence of ASN.1 items
+pub type mbedtls_x509_sequence = mbedtls_asn1_sequence;
+/// Container for date and time (precision in seconds).
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_x509_time {
+    ///< Date.
+    pub year: crate::c_types::c_int,
+    ///< Date.
+    pub mon: crate::c_types::c_int,
+    ///< Date.
+    pub day: crate::c_types::c_int,
+    ///< Time.
+    pub hour: crate::c_types::c_int,
+    ///< Time.
+    pub min: crate::c_types::c_int,
+    ///< Time.
+    pub sec: crate::c_types::c_int,
+}
+/// From RFC 5280 section 4.2.1.6:
+/// OtherName ::= SEQUENCE {
+///      type-id    OBJECT IDENTIFIER,
+///      value      [0] EXPLICIT ANY DEFINED BY type-id }
+///
+/// Future versions of the library may add new fields to this structure or
+/// to its embedded union and structure.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_x509_san_other_name {
+    ///< The type id.
+    pub type_id: mbedtls_x509_buf,
+    pub value: mbedtls_x509_san_other_name__bindgen_ty_1,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union mbedtls_x509_san_other_name__bindgen_ty_1 {
+    pub hardware_module_name: mbedtls_x509_san_other_name__bindgen_ty_1__bindgen_ty_1,
+}
+/// From RFC 4108 section 5:
+/// HardwareModuleName ::= SEQUENCE {
+///                         hwType OBJECT IDENTIFIER,
+///                         hwSerialNum OCTET STRING }
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_x509_san_other_name__bindgen_ty_1__bindgen_ty_1 {
+    ///< The object identifier.
+    pub oid: mbedtls_x509_buf,
+    ///< The named value.
+    pub val: mbedtls_x509_buf,
+}
+/// A structure for holding the parsed Subject Alternative Name,
+/// according to type.
+///
+/// Future versions of the library may add new fields to this structure or
+/// to its embedded union and structure.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_x509_subject_alternative_name {
+    ///< The SAN type, value of MBEDTLS_X509_SAN_XXX.
+    pub type_: crate::c_types::c_int,
+    ///< A union of the supported SAN types
+    pub san: mbedtls_x509_subject_alternative_name__bindgen_ty_1,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union mbedtls_x509_subject_alternative_name__bindgen_ty_1 {
+    ///< The otherName supported type.
+    pub other_name: mbedtls_x509_san_other_name,
+    ///< The buffer for the unconstructed types. Only rfc822Name, dnsName and uniformResourceIdentifier are currently supported
+    pub unstructured_name: mbedtls_x509_buf,
+}
+extern "C" {
+    /// \brief          Store the certificate DN in printable form into buf;
+    ///                 no more than size characters will be written.
+    ///
+    /// \param buf      Buffer to write to
+    /// \param size     Maximum size of buffer
+    /// \param dn       The X509 name to represent
+    ///
+    /// \return         The length of the string written (not including the
+    ///                 terminated nul byte), or a negative error code.
+    pub fn mbedtls_x509_dn_gets(
+        buf: *mut crate::c_types::c_char,
+        size: usize,
+        dn: *const mbedtls_x509_name,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Store the certificate serial in printable form into buf;
+    ///                 no more than size characters will be written.
+    ///
+    /// \param buf      Buffer to write to
+    /// \param size     Maximum size of buffer
+    /// \param serial   The X509 serial to represent
+    ///
+    /// \return         The length of the string written (not including the
+    ///                 terminated nul byte), or a negative error code.
+    pub fn mbedtls_x509_serial_gets(
+        buf: *mut crate::c_types::c_char,
+        size: usize,
+        serial: *const mbedtls_x509_buf,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Check a given mbedtls_x509_time against the system time
+    ///                 and tell if it's in the past.
+    ///
+    /// \note           Intended usage is "if( is_past( valid_to ) ) ERROR".
+    ///                 Hence the return value of 1 if on internal errors.
+    ///
+    /// \param to       mbedtls_x509_time to check
+    ///
+    /// \return         1 if the given time is in the past or an error occurred,
+    ///                 0 otherwise.
+    pub fn mbedtls_x509_time_is_past(to: *const mbedtls_x509_time) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Check a given mbedtls_x509_time against the system time
+    ///                 and tell if it's in the future.
+    ///
+    /// \note           Intended usage is "if( is_future( valid_from ) ) ERROR".
+    ///                 Hence the return value of 1 if on internal errors.
+    ///
+    /// \param from     mbedtls_x509_time to check
+    ///
+    /// \return         1 if the given time is in the future or an error occurred,
+    ///                 0 otherwise.
+    pub fn mbedtls_x509_time_is_future(from: *const mbedtls_x509_time) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function parses an item in the SubjectAlternativeNames
+    ///                 extension.
+    ///
+    /// \param san_buf  The buffer holding the raw data item of the subject
+    ///                 alternative name.
+    /// \param san      The target structure to populate with the parsed presentation
+    ///                 of the subject alternative name encoded in \p san_raw.
+    ///
+    /// \note           Supported GeneralName types, as defined in RFC 5280:
+    ///                 "rfc822Name", "dnsName", "uniformResourceIdentifier" and "hardware_module_name"
+    ///                 of type "otherName", as defined in RFC 4108.
+    ///
+    /// \note           This function should be called on a single raw data of
+    ///                 subject alternative name. For example, after successful
+    ///                 certificate parsing, one must iterate on every item in the
+    ///                 \p crt->subject_alt_names sequence, and pass it to
+    ///                 this function.
+    ///
+    /// \warning        The target structure contains pointers to the raw data of the
+    ///                 parsed certificate, and its lifetime is restricted by the
+    ///                 lifetime of the certificate.
+    ///
+    /// \return         \c 0 on success
+    /// \return         #MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE for an unsupported
+    ///                 SAN type.
+    /// \return         Another negative value for any other failure.
+    pub fn mbedtls_x509_parse_subject_alt_name(
+        san_buf: *const mbedtls_x509_buf,
+        san: *mut mbedtls_x509_subject_alternative_name,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \} addtogroup x509_module
+    pub fn mbedtls_x509_get_name(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        cur: *mut mbedtls_x509_name,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_get_alg_null(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        alg: *mut mbedtls_x509_buf,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_get_alg(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        alg: *mut mbedtls_x509_buf,
+        params: *mut mbedtls_x509_buf,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_get_rsassa_pss_params(
+        params: *const mbedtls_x509_buf,
+        md_alg: *mut mbedtls_md_type_t,
+        mgf_md: *mut mbedtls_md_type_t,
+        salt_len: *mut crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_get_sig(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        sig: *mut mbedtls_x509_buf,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_get_sig_alg(
+        sig_oid: *const mbedtls_x509_buf,
+        sig_params: *const mbedtls_x509_buf,
+        md_alg: *mut mbedtls_md_type_t,
+        pk_alg: *mut mbedtls_pk_type_t,
+        sig_opts: *mut *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_get_time(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        t: *mut mbedtls_x509_time,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_get_serial(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        serial: *mut mbedtls_x509_buf,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_get_ext(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        ext: *mut mbedtls_x509_buf,
+        tag: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_sig_alg_gets(
+        buf: *mut crate::c_types::c_char,
+        size: usize,
+        sig_oid: *const mbedtls_x509_buf,
+        pk_alg: mbedtls_pk_type_t,
+        md_alg: mbedtls_md_type_t,
+        sig_opts: *const crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_key_size_helper(
+        buf: *mut crate::c_types::c_char,
+        buf_size: usize,
+        name: *const crate::c_types::c_char,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_string_to_names(
+        head: *mut *mut mbedtls_asn1_named_data,
+        name: *const crate::c_types::c_char,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_set_extension(
+        head: *mut *mut mbedtls_asn1_named_data,
+        oid: *const crate::c_types::c_char,
+        oid_len: usize,
+        critical: crate::c_types::c_int,
+        val: *const crate::c_types::c_uchar,
+        val_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_write_extensions(
+        p: *mut *mut crate::c_types::c_uchar,
+        start: *mut crate::c_types::c_uchar,
+        first: *mut mbedtls_asn1_named_data,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_write_names(
+        p: *mut *mut crate::c_types::c_uchar,
+        start: *mut crate::c_types::c_uchar,
+        first: *mut mbedtls_asn1_named_data,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_write_sig(
+        p: *mut *mut crate::c_types::c_uchar,
+        start: *mut crate::c_types::c_uchar,
+        oid: *const crate::c_types::c_char,
+        oid_len: usize,
+        sig: *mut crate::c_types::c_uchar,
+        size: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_get_ns_cert_type(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        ns_cert_type: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_get_key_usage(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        key_usage: *mut crate::c_types::c_uint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_get_subject_alt_name(
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        subject_alt_name: *mut mbedtls_x509_sequence,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_info_subject_alt_name(
+        buf: *mut *mut crate::c_types::c_char,
+        size: *mut usize,
+        subject_alt_name: *const mbedtls_x509_sequence,
+        prefix: *const crate::c_types::c_char,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_info_cert_type(
+        buf: *mut *mut crate::c_types::c_char,
+        size: *mut usize,
+        ns_cert_type: crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    pub fn mbedtls_x509_info_key_usage(
+        buf: *mut *mut crate::c_types::c_char,
+        size: *mut usize,
+        key_usage: crate::c_types::c_uint,
+    ) -> crate::c_types::c_int;
+}
+/// Certificate revocation list entry.
+/// Contains the CA-specific serial numbers and revocation dates.
+///
+/// Some fields of this structure are publicly readable. Do not modify
+/// them except via Mbed TLS library functions: the effect of modifying
+/// those fields or the data that those fields points to is unspecified.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_x509_crl_entry {
+    /// Direct access to the whole entry inside the containing buffer.
+    pub raw: mbedtls_x509_buf,
+    /// The serial number of the revoked certificate.
+    pub serial: mbedtls_x509_buf,
+    /// The revocation date of this entry.
+    pub revocation_date: mbedtls_x509_time,
+    /// Direct access to the list of CRL entry extensions
+    /// (an ASN.1 constructed sequence).
+    ///
+    /// If there are no extensions, `entry_ext.len == 0` and
+    /// `entry_ext.p == NULL`.
+    pub entry_ext: mbedtls_x509_buf,
+    /// Next element in the linked list of entries.
+    /// \p NULL indicates the end of the list.
+    /// Do not modify this field directly.
+    pub next: *mut mbedtls_x509_crl_entry,
+}
+/// Certificate revocation list structure.
+/// Every CRL may have multiple entries.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_x509_crl {
+    ///< The raw certificate data (DER).
+    pub raw: mbedtls_x509_buf,
+    ///< The raw certificate body (DER). The part that is To Be Signed.
+    pub tbs: mbedtls_x509_buf,
+    ///< CRL version (1=v1, 2=v2)
+    pub version: crate::c_types::c_int,
+    ///< CRL signature type identifier
+    pub sig_oid: mbedtls_x509_buf,
+    ///< The raw issuer data (DER).
+    pub issuer_raw: mbedtls_x509_buf,
+    ///< The parsed issuer data (named information object).
+    pub issuer: mbedtls_x509_name,
+    pub this_update: mbedtls_x509_time,
+    pub next_update: mbedtls_x509_time,
+    ///< The CRL entries containing the certificate revocation times for this CA.
+    pub entry: mbedtls_x509_crl_entry,
+    pub crl_ext: mbedtls_x509_buf,
+    pub private_sig_oid2: mbedtls_x509_buf,
+    pub private_sig: mbedtls_x509_buf,
+    pub private_sig_md: mbedtls_md_type_t,
+    pub private_sig_pk: mbedtls_pk_type_t,
+    pub private_sig_opts: *mut crate::c_types::c_void,
+    /// Next element in the linked list of CRL.
+    /// \p NULL indicates the end of the list.
+    /// Do not modify this field directly.
+    pub next: *mut mbedtls_x509_crl,
+}
+extern "C" {
+    /// \brief          Parse a DER-encoded CRL and append it to the chained list
+    ///
+    /// \note           If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+    ///                 subsystem must have been initialized by calling
+    ///                 psa_crypto_init() before calling this function.
+    ///
+    /// \param chain    points to the start of the chain
+    /// \param buf      buffer holding the CRL data in DER format
+    /// \param buflen   size of the buffer
+    ///                 (including the terminating null byte for PEM data)
+    ///
+    /// \return         0 if successful, or a specific X509 or PEM error code
+    pub fn mbedtls_x509_crl_parse_der(
+        chain: *mut mbedtls_x509_crl,
+        buf: *const crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Parse one or more CRLs and append them to the chained list
+    ///
+    /// \note           Multiple CRLs are accepted only if using PEM format
+    ///
+    /// \note           If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+    ///                 subsystem must have been initialized by calling
+    ///                 psa_crypto_init() before calling this function.
+    ///
+    /// \param chain    points to the start of the chain
+    /// \param buf      buffer holding the CRL data in PEM or DER format
+    /// \param buflen   size of the buffer
+    ///                 (including the terminating null byte for PEM data)
+    ///
+    /// \return         0 if successful, or a specific X509 or PEM error code
+    pub fn mbedtls_x509_crl_parse(
+        chain: *mut mbedtls_x509_crl,
+        buf: *const crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Returns an informational string about the CRL.
+    ///
+    /// \param buf      Buffer to write to
+    /// \param size     Maximum size of buffer
+    /// \param prefix   A line prefix
+    /// \param crl      The X509 CRL to represent
+    ///
+    /// \return         The length of the string written (not including the
+    ///                 terminated nul byte), or a negative error code.
+    pub fn mbedtls_x509_crl_info(
+        buf: *mut crate::c_types::c_char,
+        size: usize,
+        prefix: *const crate::c_types::c_char,
+        crl: *const mbedtls_x509_crl,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Initialize a CRL (chain)
+    ///
+    /// \param crl      CRL chain to initialize
+    pub fn mbedtls_x509_crl_init(crl: *mut mbedtls_x509_crl);
+}
+extern "C" {
+    /// \brief          Unallocate all CRL data
+    ///
+    /// \param crl      CRL chain to free
+    pub fn mbedtls_x509_crl_free(crl: *mut mbedtls_x509_crl);
+}
+/// Container for an X.509 certificate. The certificate may be chained.
+///
+/// Some fields of this structure are publicly readable. Do not modify
+/// them except via Mbed TLS library functions: the effect of modifying
+/// those fields or the data that those fields points to is unspecified.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_x509_crt {
+    pub private_own_buffer: crate::c_types::c_int,
+    ///< The raw certificate data (DER).
+    pub raw: mbedtls_x509_buf,
+    ///< The raw certificate body (DER). The part that is To Be Signed.
+    pub tbs: mbedtls_x509_buf,
+    ///< The X.509 version. (1=v1, 2=v2, 3=v3)
+    pub version: crate::c_types::c_int,
+    ///< Unique id for certificate issued by a specific CA.
+    pub serial: mbedtls_x509_buf,
+    ///< Signature algorithm, e.g. sha1RSA
+    pub sig_oid: mbedtls_x509_buf,
+    ///< The raw issuer data (DER). Used for quick comparison.
+    pub issuer_raw: mbedtls_x509_buf,
+    ///< The raw subject data (DER). Used for quick comparison.
+    pub subject_raw: mbedtls_x509_buf,
+    ///< The parsed issuer data (named information object).
+    pub issuer: mbedtls_x509_name,
+    ///< The parsed subject data (named information object).
+    pub subject: mbedtls_x509_name,
+    ///< Start time of certificate validity.
+    pub valid_from: mbedtls_x509_time,
+    ///< End time of certificate validity.
+    pub valid_to: mbedtls_x509_time,
+    pub pk_raw: mbedtls_x509_buf,
+    ///< Container for the public key context.
+    pub pk: mbedtls_pk_context,
+    ///< Optional X.509 v2/v3 issuer unique identifier.
+    pub issuer_id: mbedtls_x509_buf,
+    ///< Optional X.509 v2/v3 subject unique identifier.
+    pub subject_id: mbedtls_x509_buf,
+    ///< Optional X.509 v3 extensions.
+    pub v3_ext: mbedtls_x509_buf,
+    ///< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName, uniformResourceIdentifier and OtherName are listed).
+    pub subject_alt_names: mbedtls_x509_sequence,
+    ///< Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed).
+    pub certificate_policies: mbedtls_x509_sequence,
+    pub private_ext_types: crate::c_types::c_int,
+    pub private_ca_istrue: crate::c_types::c_int,
+    pub private_max_pathlen: crate::c_types::c_int,
+    pub private_key_usage: crate::c_types::c_uint,
+    ///< Optional list of extended key usage OIDs.
+    pub ext_key_usage: mbedtls_x509_sequence,
+    pub private_ns_cert_type: crate::c_types::c_uchar,
+    pub private_sig: mbedtls_x509_buf,
+    pub private_sig_md: mbedtls_md_type_t,
+    pub private_sig_pk: mbedtls_pk_type_t,
+    pub private_sig_opts: *mut crate::c_types::c_void,
+    /// Next certificate in the linked list that constitutes the CA chain.
+    /// \p NULL indicates the end of the list.
+    /// Do not modify this field directly.
+    pub next: *mut mbedtls_x509_crt,
+}
+/// Security profile for certificate verification.
+///
+/// All lists are bitfields, built by ORing flags from MBEDTLS_X509_ID_FLAG().
+///
+/// The fields of this structure are part of the public API and can be
+/// manipulated directly by applications. Future versions of the library may
+/// add extra fields or reorder existing fields.
+///
+/// You can create custom profiles by starting from a copy of
+/// an existing profile, such as mbedtls_x509_crt_profile_default or
+/// mbedtls_x509_ctr_profile_none and then tune it to your needs.
+///
+/// For example to allow SHA-224 in addition to the default:
+///
+///  mbedtls_x509_crt_profile my_profile = mbedtls_x509_crt_profile_default;
+///  my_profile.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 );
+///
+/// Or to allow only RSA-3072+ with SHA-256:
+///
+///  mbedtls_x509_crt_profile my_profile = mbedtls_x509_crt_profile_none;
+///  my_profile.allowed_mds = MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 );
+///  my_profile.allowed_pks = MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_RSA );
+///  my_profile.rsa_min_bitlen = 3072;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_x509_crt_profile {
+    ///< MDs for signatures
+    pub allowed_mds: u32,
+    ///< PK algs for public keys;
+    ///   this applies to all certificates
+    ///   in the provided chain.
+    pub allowed_pks: u32,
+    ///< Elliptic curves for ECDSA
+    pub allowed_curves: u32,
+    ///< Minimum size for RSA keys
+    pub rsa_min_bitlen: u32,
+}
+/// Container for writing a certificate (CRT)
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_x509write_cert {
+    pub private_version: crate::c_types::c_int,
+    pub private_serial: [crate::c_types::c_uchar; 20usize],
+    pub private_serial_len: usize,
+    pub private_subject_key: *mut mbedtls_pk_context,
+    pub private_issuer_key: *mut mbedtls_pk_context,
+    pub private_subject: *mut mbedtls_asn1_named_data,
+    pub private_issuer: *mut mbedtls_asn1_named_data,
+    pub private_md_alg: mbedtls_md_type_t,
+    pub private_not_before: [crate::c_types::c_char; 16usize],
+    pub private_not_after: [crate::c_types::c_char; 16usize],
+    pub private_extensions: *mut mbedtls_asn1_named_data,
+}
+/// Item in a verification chain: cert and flags for it
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_x509_crt_verify_chain_item {
+    pub private_crt: *mut mbedtls_x509_crt,
+    pub private_flags: u32,
+}
+/// Verification chain as built by \c mbedtls_crt_verify_chain()
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_x509_crt_verify_chain {
+    pub private_items: [mbedtls_x509_crt_verify_chain_item; 10usize],
+    pub private_len: crate::c_types::c_uint,
+}
+pub type mbedtls_x509_crt_restart_ctx = crate::c_types::c_void;
+extern "C" {
+    /// Default security profile. Should provide a good balance between security
+    /// and compatibility with current deployments.
+    ///
+    /// This profile permits:
+    /// - SHA2 hashes with at least 256 bits: SHA-256, SHA-384, SHA-512.
+    /// - Elliptic curves with 255 bits and above except secp256k1.
+    /// - RSA with 2048 bits and above.
+    ///
+    /// New minor versions of Mbed TLS may extend this profile, for example if
+    /// new algorithms are added to the library. New minor versions of Mbed TLS will
+    /// not reduce this profile unless serious security concerns require it.
+    pub static mbedtls_x509_crt_profile_default: mbedtls_x509_crt_profile;
+}
+extern "C" {
+    /// Expected next default profile. Recommended for new deployments.
+    /// Currently targets a 128-bit security level, except for allowing RSA-2048.
+    /// This profile may change at any time.
+    pub static mbedtls_x509_crt_profile_next: mbedtls_x509_crt_profile;
+}
+extern "C" {
+    /// NSA Suite B profile.
+    pub static mbedtls_x509_crt_profile_suiteb: mbedtls_x509_crt_profile;
+}
+extern "C" {
+    /// Empty profile that allows nothing. Useful as a basis for constructing
+    /// custom profiles.
+    pub static mbedtls_x509_crt_profile_none: mbedtls_x509_crt_profile;
+}
+extern "C" {
+    /// \brief          Parse a single DER formatted certificate and add it
+    ///                 to the end of the provided chained list.
+    ///
+    /// \note           If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+    ///                 subsystem must have been initialized by calling
+    ///                 psa_crypto_init() before calling this function.
+    ///
+    /// \param chain    The pointer to the start of the CRT chain to attach to.
+    ///                 When parsing the first CRT in a chain, this should point
+    ///                 to an instance of ::mbedtls_x509_crt initialized through
+    ///                 mbedtls_x509_crt_init().
+    /// \param buf      The buffer holding the DER encoded certificate.
+    /// \param buflen   The size in Bytes of \p buf.
+    ///
+    /// \note           This function makes an internal copy of the CRT buffer
+    ///                 \p buf. In particular, \p buf may be destroyed or reused
+    ///                 after this call returns. To avoid duplicating the CRT
+    ///                 buffer (at the cost of stricter lifetime constraints),
+    ///                 use mbedtls_x509_crt_parse_der_nocopy() instead.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_x509_crt_parse_der(
+        chain: *mut mbedtls_x509_crt,
+        buf: *const crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+/// \brief          The type of certificate extension callbacks.
+///
+///                 Callbacks of this type are passed to and used by the
+///                 mbedtls_x509_crt_parse_der_with_ext_cb() routine when
+///                 it encounters either an unsupported extension or a
+///                 "certificate policies" extension containing any
+///                 unsupported certificate policies.
+///                 Future versions of the library may invoke the callback
+///                 in other cases, if and when the need arises.
+///
+/// \param p_ctx    An opaque context passed to the callback.
+/// \param crt      The certificate being parsed.
+/// \param oid      The OID of the extension.
+/// \param critical Whether the extension is critical.
+/// \param p        Pointer to the start of the extension value
+///                 (the content of the OCTET STRING).
+/// \param end      End of extension value.
+///
+/// \note           The callback must fail and return a negative error code
+///                 if it can not parse or does not support the extension.
+///                 When the callback fails to parse a critical extension
+///                 mbedtls_x509_crt_parse_der_with_ext_cb() also fails.
+///                 When the callback fails to parse a non critical extension
+///                 mbedtls_x509_crt_parse_der_with_ext_cb() simply skips
+///                 the extension and continues parsing.
+///
+/// \return         \c 0 on success.
+/// \return         A negative error code on failure.
+pub type mbedtls_x509_crt_ext_cb_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        p_ctx: *mut crate::c_types::c_void,
+        crt: *const mbedtls_x509_crt,
+        oid: *const mbedtls_x509_buf,
+        critical: crate::c_types::c_int,
+        p: *const crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int,
+>;
+extern "C" {
+    /// \brief            Parse a single DER formatted certificate and add it
+    ///                   to the end of the provided chained list.
+    ///
+    /// \note             If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+    ///                   subsystem must have been initialized by calling
+    ///                   psa_crypto_init() before calling this function.
+    ///
+    /// \param chain      The pointer to the start of the CRT chain to attach to.
+    ///                   When parsing the first CRT in a chain, this should point
+    ///                   to an instance of ::mbedtls_x509_crt initialized through
+    ///                   mbedtls_x509_crt_init().
+    /// \param buf        The buffer holding the DER encoded certificate.
+    /// \param buflen     The size in Bytes of \p buf.
+    /// \param make_copy  When not zero this function makes an internal copy of the
+    ///                   CRT buffer \p buf. In particular, \p buf may be destroyed
+    ///                   or reused after this call returns.
+    ///                   When zero this function avoids duplicating the CRT buffer
+    ///                   by taking temporary ownership thereof until the CRT
+    ///                   is destroyed (like mbedtls_x509_crt_parse_der_nocopy())
+    /// \param cb         A callback invoked for every unsupported certificate
+    ///                   extension.
+    /// \param p_ctx      An opaque context passed to the callback.
+    ///
+    /// \note             This call is functionally equivalent to
+    ///                   mbedtls_x509_crt_parse_der(), and/or
+    ///                   mbedtls_x509_crt_parse_der_nocopy()
+    ///                   but it calls the callback with every unsupported
+    ///                   certificate extension and additionally the
+    ///                   "certificate policies" extension if it contains any
+    ///                   unsupported certificate policies.
+    ///                   The callback must return a negative error code if it
+    ///                   does not know how to handle such an extension.
+    ///                   When the callback fails to parse a critical extension
+    ///                   mbedtls_x509_crt_parse_der_with_ext_cb() also fails.
+    ///                   When the callback fails to parse a non critical extension
+    ///                   mbedtls_x509_crt_parse_der_with_ext_cb() simply skips
+    ///                   the extension and continues parsing.
+    ///                   Future versions of the library may invoke the callback
+    ///                   in other cases, if and when the need arises.
+    ///
+    /// \return           \c 0 if successful.
+    /// \return           A negative error code on failure.
+    pub fn mbedtls_x509_crt_parse_der_with_ext_cb(
+        chain: *mut mbedtls_x509_crt,
+        buf: *const crate::c_types::c_uchar,
+        buflen: usize,
+        make_copy: crate::c_types::c_int,
+        cb: mbedtls_x509_crt_ext_cb_t,
+        p_ctx: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Parse a single DER formatted certificate and add it
+    ///                 to the end of the provided chained list. This is a
+    ///                 variant of mbedtls_x509_crt_parse_der() which takes
+    ///                 temporary ownership of the CRT buffer until the CRT
+    ///                 is destroyed.
+    ///
+    /// \note           If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+    ///                 subsystem must have been initialized by calling
+    ///                 psa_crypto_init() before calling this function.
+    ///
+    /// \param chain    The pointer to the start of the CRT chain to attach to.
+    ///                 When parsing the first CRT in a chain, this should point
+    ///                 to an instance of ::mbedtls_x509_crt initialized through
+    ///                 mbedtls_x509_crt_init().
+    /// \param buf      The address of the readable buffer holding the DER encoded
+    ///                 certificate to use. On success, this buffer must be
+    ///                 retained and not be changed for the lifetime of the
+    ///                 CRT chain \p chain, that is, until \p chain is destroyed
+    ///                 through a call to mbedtls_x509_crt_free().
+    /// \param buflen   The size in Bytes of \p buf.
+    ///
+    /// \note           This call is functionally equivalent to
+    ///                 mbedtls_x509_crt_parse_der(), but it avoids creating a
+    ///                 copy of the input buffer at the cost of stronger lifetime
+    ///                 constraints. This is useful in constrained environments
+    ///                 where duplication of the CRT cannot be tolerated.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         A negative error code on failure.
+    pub fn mbedtls_x509_crt_parse_der_nocopy(
+        chain: *mut mbedtls_x509_crt,
+        buf: *const crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Parse one DER-encoded or one or more concatenated PEM-encoded
+    ///                 certificates and add them to the chained list.
+    ///
+    ///                 For CRTs in PEM encoding, the function parses permissively:
+    ///                 if at least one certificate can be parsed, the function
+    ///                 returns the number of certificates for which parsing failed
+    ///                 (hence \c 0 if all certificates were parsed successfully).
+    ///                 If no certificate could be parsed, the function returns
+    ///                 the first (negative) error encountered during parsing.
+    ///
+    ///                 PEM encoded certificates may be interleaved by other data
+    ///                 such as human readable descriptions of their content, as
+    ///                 long as the certificates are enclosed in the PEM specific
+    ///                 '-----{BEGIN/END} CERTIFICATE-----' delimiters.
+    ///
+    /// \note           If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+    ///                 subsystem must have been initialized by calling
+    ///                 psa_crypto_init() before calling this function.
+    ///
+    /// \param chain    The chain to which to add the parsed certificates.
+    /// \param buf      The buffer holding the certificate data in PEM or DER format.
+    ///                 For certificates in PEM encoding, this may be a concatenation
+    ///                 of multiple certificates; for DER encoding, the buffer must
+    ///                 comprise exactly one certificate.
+    /// \param buflen   The size of \p buf, including the terminating \c NULL byte
+    ///                 in case of PEM encoded data.
+    ///
+    /// \return         \c 0 if all certificates were parsed successfully.
+    /// \return         The (positive) number of certificates that couldn't
+    ///                 be parsed if parsing was partly successful (see above).
+    /// \return         A negative X509 or PEM error code otherwise.
+    pub fn mbedtls_x509_crt_parse(
+        chain: *mut mbedtls_x509_crt,
+        buf: *const crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Returns an informational string about the
+    ///                 certificate.
+    ///
+    /// \param buf      Buffer to write to
+    /// \param size     Maximum size of buffer
+    /// \param prefix   A line prefix
+    /// \param crt      The X509 certificate to represent
+    ///
+    /// \return         The length of the string written (not including the
+    ///                 terminated nul byte), or a negative error code.
+    pub fn mbedtls_x509_crt_info(
+        buf: *mut crate::c_types::c_char,
+        size: usize,
+        prefix: *const crate::c_types::c_char,
+        crt: *const mbedtls_x509_crt,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Returns an informational string about the
+    ///                 verification status of a certificate.
+    ///
+    /// \param buf      Buffer to write to
+    /// \param size     Maximum size of buffer
+    /// \param prefix   A line prefix
+    /// \param flags    Verification flags created by mbedtls_x509_crt_verify()
+    ///
+    /// \return         The length of the string written (not including the
+    ///                 terminated nul byte), or a negative error code.
+    pub fn mbedtls_x509_crt_verify_info(
+        buf: *mut crate::c_types::c_char,
+        size: usize,
+        prefix: *const crate::c_types::c_char,
+        flags: u32,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Verify a chain of certificates.
+    ///
+    ///                 The verify callback is a user-supplied callback that
+    ///                 can clear / modify / add flags for a certificate. If set,
+    ///                 the verification callback is called for each
+    ///                 certificate in the chain (from the trust-ca down to the
+    ///                 presented crt). The parameters for the callback are:
+    ///                 (void *parameter, mbedtls_x509_crt *crt, int certificate_depth,
+    ///                 int *flags). With the flags representing current flags for
+    ///                 that specific certificate and the certificate depth from
+    ///                 the bottom (Peer cert depth = 0).
+    ///
+    ///                 All flags left after returning from the callback
+    ///                 are also returned to the application. The function should
+    ///                 return 0 for anything (including invalid certificates)
+    ///                 other than fatal error, as a non-zero return code
+    ///                 immediately aborts the verification process. For fatal
+    ///                 errors, a specific error code should be used (different
+    ///                 from MBEDTLS_ERR_X509_CERT_VERIFY_FAILED which should not
+    ///                 be returned at this point), or MBEDTLS_ERR_X509_FATAL_ERROR
+    ///                 can be used if no better code is available.
+    ///
+    /// \note           In case verification failed, the results can be displayed
+    ///                 using \c mbedtls_x509_crt_verify_info()
+    ///
+    /// \note           Same as \c mbedtls_x509_crt_verify_with_profile() with the
+    ///                 default security profile.
+    ///
+    /// \note           It is your responsibility to provide up-to-date CRLs for
+    ///                 all trusted CAs. If no CRL is provided for the CA that was
+    ///                 used to sign the certificate, CRL verification is skipped
+    ///                 silently, that is *without* setting any flag.
+    ///
+    /// \note           The \c trust_ca list can contain two types of certificates:
+    ///                 (1) those of trusted root CAs, so that certificates
+    ///                 chaining up to those CAs will be trusted, and (2)
+    ///                 self-signed end-entity certificates to be trusted (for
+    ///                 specific peers you know) - in that case, the self-signed
+    ///                 certificate doesn't need to have the CA bit set.
+    ///
+    /// \param crt      The certificate chain to be verified.
+    /// \param trust_ca The list of trusted CAs.
+    /// \param ca_crl   The list of CRLs for trusted CAs.
+    /// \param cn       The expected Common Name. This will be checked to be
+    ///                 present in the certificate's subjectAltNames extension or,
+    ///                 if this extension is absent, as a CN component in its
+    ///                 Subject name. Currently only DNS names are supported. This
+    ///                 may be \c NULL if the CN need not be verified.
+    /// \param flags    The address at which to store the result of the verification.
+    ///                 If the verification couldn't be completed, the flag value is
+    ///                 set to (uint32_t) -1.
+    /// \param f_vrfy   The verification callback to use. See the documentation
+    ///                 of mbedtls_x509_crt_verify() for more information.
+    /// \param p_vrfy   The context to be passed to \p f_vrfy.
+    ///
+    /// \return         \c 0 if the chain is valid with respect to the
+    ///                 passed CN, CAs, CRLs and security profile.
+    /// \return         #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the
+    ///                 certificate chain verification failed. In this case,
+    ///                 \c *flags will have one or more
+    ///                 \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX
+    ///                 flags set.
+    /// \return         Another negative error code in case of a fatal error
+    ///                 encountered during the verification process.
+    pub fn mbedtls_x509_crt_verify(
+        crt: *mut mbedtls_x509_crt,
+        trust_ca: *mut mbedtls_x509_crt,
+        ca_crl: *mut mbedtls_x509_crl,
+        cn: *const crate::c_types::c_char,
+        flags: *mut u32,
+        f_vrfy: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut mbedtls_x509_crt,
+                arg3: crate::c_types::c_int,
+                arg4: *mut u32,
+            ) -> crate::c_types::c_int,
+        >,
+        p_vrfy: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Verify a chain of certificates with respect to
+    ///                 a configurable security profile.
+    ///
+    /// \note           Same as \c mbedtls_x509_crt_verify(), but with explicit
+    ///                 security profile.
+    ///
+    /// \note           The restrictions on keys (RSA minimum size, allowed curves
+    ///                 for ECDSA) apply to all certificates: trusted root,
+    ///                 intermediate CAs if any, and end entity certificate.
+    ///
+    /// \param crt      The certificate chain to be verified.
+    /// \param trust_ca The list of trusted CAs.
+    /// \param ca_crl   The list of CRLs for trusted CAs.
+    /// \param profile  The security profile to use for the verification.
+    /// \param cn       The expected Common Name. This may be \c NULL if the
+    ///                 CN need not be verified.
+    /// \param flags    The address at which to store the result of the verification.
+    ///                 If the verification couldn't be completed, the flag value is
+    ///                 set to (uint32_t) -1.
+    /// \param f_vrfy   The verification callback to use. See the documentation
+    ///                 of mbedtls_x509_crt_verify() for more information.
+    /// \param p_vrfy   The context to be passed to \p f_vrfy.
+    ///
+    /// \return         \c 0 if the chain is valid with respect to the
+    ///                 passed CN, CAs, CRLs and security profile.
+    /// \return         #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the
+    ///                 certificate chain verification failed. In this case,
+    ///                 \c *flags will have one or more
+    ///                 \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX
+    ///                 flags set.
+    /// \return         Another negative error code in case of a fatal error
+    ///                 encountered during the verification process.
+    pub fn mbedtls_x509_crt_verify_with_profile(
+        crt: *mut mbedtls_x509_crt,
+        trust_ca: *mut mbedtls_x509_crt,
+        ca_crl: *mut mbedtls_x509_crl,
+        profile: *const mbedtls_x509_crt_profile,
+        cn: *const crate::c_types::c_char,
+        flags: *mut u32,
+        f_vrfy: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut mbedtls_x509_crt,
+                arg3: crate::c_types::c_int,
+                arg4: *mut u32,
+            ) -> crate::c_types::c_int,
+        >,
+        p_vrfy: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Restartable version of \c mbedtls_crt_verify_with_profile()
+    ///
+    /// \note           Performs the same job as \c mbedtls_crt_verify_with_profile()
+    ///                 but can return early and restart according to the limit
+    ///                 set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
+    ///
+    /// \param crt      The certificate chain to be verified.
+    /// \param trust_ca The list of trusted CAs.
+    /// \param ca_crl   The list of CRLs for trusted CAs.
+    /// \param profile  The security profile to use for the verification.
+    /// \param cn       The expected Common Name. This may be \c NULL if the
+    ///                 CN need not be verified.
+    /// \param flags    The address at which to store the result of the verification.
+    ///                 If the verification couldn't be completed, the flag value is
+    ///                 set to (uint32_t) -1.
+    /// \param f_vrfy   The verification callback to use. See the documentation
+    ///                 of mbedtls_x509_crt_verify() for more information.
+    /// \param p_vrfy   The context to be passed to \p f_vrfy.
+    /// \param rs_ctx   The restart context to use. This may be set to \c NULL
+    ///                 to disable restartable ECC.
+    ///
+    /// \return         See \c mbedtls_crt_verify_with_profile(), or
+    /// \return         #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                 operations was reached: see \c mbedtls_ecp_set_max_ops().
+    pub fn mbedtls_x509_crt_verify_restartable(
+        crt: *mut mbedtls_x509_crt,
+        trust_ca: *mut mbedtls_x509_crt,
+        ca_crl: *mut mbedtls_x509_crl,
+        profile: *const mbedtls_x509_crt_profile,
+        cn: *const crate::c_types::c_char,
+        flags: *mut u32,
+        f_vrfy: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut mbedtls_x509_crt,
+                arg3: crate::c_types::c_int,
+                arg4: *mut u32,
+            ) -> crate::c_types::c_int,
+        >,
+        p_vrfy: *mut crate::c_types::c_void,
+        rs_ctx: *mut mbedtls_x509_crt_restart_ctx,
+    ) -> crate::c_types::c_int;
+}
+/// \brief               The type of trusted certificate callbacks.
+///
+///                      Callbacks of this type are passed to and used by the CRT
+///                      verification routine mbedtls_x509_crt_verify_with_ca_cb()
+///                      when looking for trusted signers of a given certificate.
+///
+///                      On success, the callback returns a list of trusted
+///                      certificates to be considered as potential signers
+///                      for the input certificate.
+///
+/// \param p_ctx         An opaque context passed to the callback.
+/// \param child         The certificate for which to search a potential signer.
+///                      This will point to a readable certificate.
+/// \param candidate_cas The address at which to store the address of the first
+///                      entry in the generated linked list of candidate signers.
+///                      This will not be \c NULL.
+///
+/// \note                The callback must only return a non-zero value on a
+///                      fatal error. If, in contrast, the search for a potential
+///                      signer completes without a single candidate, the
+///                      callback must return \c 0 and set \c *candidate_cas
+///                      to \c NULL.
+///
+/// \return              \c 0 on success. In this case, \c *candidate_cas points
+///                      to a heap-allocated linked list of instances of
+///                      ::mbedtls_x509_crt, and ownership of this list is passed
+///                      to the caller.
+/// \return              A negative error code on failure.
+pub type mbedtls_x509_crt_ca_cb_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        p_ctx: *mut crate::c_types::c_void,
+        child: *const mbedtls_x509_crt,
+        candidate_cas: *mut *mut mbedtls_x509_crt,
+    ) -> crate::c_types::c_int,
+>;
+extern "C" {
+    /// \brief          Check usage of certificate against keyUsage extension.
+    ///
+    /// \param crt      Leaf certificate used.
+    /// \param usage    Intended usage(s) (eg MBEDTLS_X509_KU_KEY_ENCIPHERMENT
+    ///                 before using the certificate to perform an RSA key
+    ///                 exchange).
+    ///
+    /// \note           Except for decipherOnly and encipherOnly, a bit set in the
+    ///                 usage argument means this bit MUST be set in the
+    ///                 certificate. For decipherOnly and encipherOnly, it means
+    ///                 that bit MAY be set.
+    ///
+    /// \return         0 is these uses of the certificate are allowed,
+    ///                 MBEDTLS_ERR_X509_BAD_INPUT_DATA if the keyUsage extension
+    ///                 is present but does not match the usage argument.
+    ///
+    /// \note           You should only call this function on leaf certificates, on
+    ///                 (intermediate) CAs the keyUsage extension is automatically
+    ///                 checked by \c mbedtls_x509_crt_verify().
+    pub fn mbedtls_x509_crt_check_key_usage(
+        crt: *const mbedtls_x509_crt,
+        usage: crate::c_types::c_uint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Check usage of certificate against extendedKeyUsage.
+    ///
+    /// \param crt       Leaf certificate used.
+    /// \param usage_oid Intended usage (eg MBEDTLS_OID_SERVER_AUTH or
+    ///                  MBEDTLS_OID_CLIENT_AUTH).
+    /// \param usage_len Length of usage_oid (eg given by MBEDTLS_OID_SIZE()).
+    ///
+    /// \return          0 if this use of the certificate is allowed,
+    ///                  MBEDTLS_ERR_X509_BAD_INPUT_DATA if not.
+    ///
+    /// \note            Usually only makes sense on leaf certificates.
+    pub fn mbedtls_x509_crt_check_extended_key_usage(
+        crt: *const mbedtls_x509_crt,
+        usage_oid: *const crate::c_types::c_char,
+        usage_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Verify the certificate revocation status
+    ///
+    /// \param crt      a certificate to be verified
+    /// \param crl      the CRL to verify against
+    ///
+    /// \return         1 if the certificate is revoked, 0 otherwise
+    pub fn mbedtls_x509_crt_is_revoked(
+        crt: *const mbedtls_x509_crt,
+        crl: *const mbedtls_x509_crl,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Initialize a certificate (chain)
+    ///
+    /// \param crt      Certificate chain to initialize
+    pub fn mbedtls_x509_crt_init(crt: *mut mbedtls_x509_crt);
+}
+extern "C" {
+    /// \brief          Unallocate all certificate data
+    ///
+    /// \param crt      Certificate chain to free
+    pub fn mbedtls_x509_crt_free(crt: *mut mbedtls_x509_crt);
+}
+extern "C" {
+    /// \brief           Initialize a CRT writing context
+    ///
+    /// \param ctx       CRT context to initialize
+    pub fn mbedtls_x509write_crt_init(ctx: *mut mbedtls_x509write_cert);
+}
+extern "C" {
+    /// \brief           Set the version for a Certificate
+    ///                  Default: MBEDTLS_X509_CRT_VERSION_3
+    ///
+    /// \param ctx       CRT context to use
+    /// \param version   version to set (MBEDTLS_X509_CRT_VERSION_1, MBEDTLS_X509_CRT_VERSION_2 or
+    ///                                  MBEDTLS_X509_CRT_VERSION_3)
+    pub fn mbedtls_x509write_crt_set_version(
+        ctx: *mut mbedtls_x509write_cert,
+        version: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief           Set the serial number for a Certificate.
+    ///
+    /// \deprecated      This function is deprecated and will be removed in a
+    ///                  future version of the library. Please use
+    ///                  mbedtls_x509write_crt_set_serial_raw() instead.
+    ///
+    /// \note            Even though the MBEDTLS_BIGNUM_C guard looks redundant since
+    ///                  X509 depends on PK and PK depends on BIGNUM, this emphasizes
+    ///                  a direct dependency between X509 and BIGNUM which is going
+    ///                  to be deprecated in the future.
+    ///
+    /// \param ctx       CRT context to use
+    /// \param serial    serial number to set
+    ///
+    /// \return          0 if successful
+    pub fn mbedtls_x509write_crt_set_serial(
+        ctx: *mut mbedtls_x509write_cert,
+        serial: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Set the serial number for a Certificate.
+    ///
+    /// \param ctx          CRT context to use
+    /// \param serial       A raw array of bytes containing the serial number in big
+    ///                     endian format
+    /// \param serial_len   Length of valid bytes (expressed in bytes) in \p serial
+    ///                     input buffer
+    ///
+    /// \return          0 if successful, or
+    ///                  MBEDTLS_ERR_X509_BAD_INPUT_DATA if the provided input buffer
+    ///                  is too big (longer than MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN)
+    pub fn mbedtls_x509write_crt_set_serial_raw(
+        ctx: *mut mbedtls_x509write_cert,
+        serial: *mut crate::c_types::c_uchar,
+        serial_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Set the validity period for a Certificate
+    ///                  Timestamps should be in string format for UTC timezone
+    ///                  i.e. "YYYYMMDDhhmmss"
+    ///                  e.g. "20131231235959" for December 31st 2013
+    ///                       at 23:59:59
+    ///
+    /// \param ctx       CRT context to use
+    /// \param not_before    not_before timestamp
+    /// \param not_after     not_after timestamp
+    ///
+    /// \return          0 if timestamp was parsed successfully, or
+    ///                  a specific error code
+    pub fn mbedtls_x509write_crt_set_validity(
+        ctx: *mut mbedtls_x509write_cert,
+        not_before: *const crate::c_types::c_char,
+        not_after: *const crate::c_types::c_char,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Set the issuer name for a Certificate
+    ///                  Issuer names should contain a comma-separated list
+    ///                  of OID types and values:
+    ///                  e.g. "C=UK,O=ARM,CN=mbed TLS CA"
+    ///
+    /// \param ctx           CRT context to use
+    /// \param issuer_name   issuer name to set
+    ///
+    /// \return          0 if issuer name was parsed successfully, or
+    ///                  a specific error code
+    pub fn mbedtls_x509write_crt_set_issuer_name(
+        ctx: *mut mbedtls_x509write_cert,
+        issuer_name: *const crate::c_types::c_char,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Set the subject name for a Certificate
+    ///                  Subject names should contain a comma-separated list
+    ///                  of OID types and values:
+    ///                  e.g. "C=UK,O=ARM,CN=mbed TLS Server 1"
+    ///
+    /// \param ctx           CRT context to use
+    /// \param subject_name  subject name to set
+    ///
+    /// \return          0 if subject name was parsed successfully, or
+    ///                  a specific error code
+    pub fn mbedtls_x509write_crt_set_subject_name(
+        ctx: *mut mbedtls_x509write_cert,
+        subject_name: *const crate::c_types::c_char,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Set the subject public key for the certificate
+    ///
+    /// \param ctx       CRT context to use
+    /// \param key       public key to include
+    pub fn mbedtls_x509write_crt_set_subject_key(
+        ctx: *mut mbedtls_x509write_cert,
+        key: *mut mbedtls_pk_context,
+    );
+}
+extern "C" {
+    /// \brief           Set the issuer key used for signing the certificate
+    ///
+    /// \param ctx       CRT context to use
+    /// \param key       private key to sign with
+    pub fn mbedtls_x509write_crt_set_issuer_key(
+        ctx: *mut mbedtls_x509write_cert,
+        key: *mut mbedtls_pk_context,
+    );
+}
+extern "C" {
+    /// \brief           Set the MD algorithm to use for the signature
+    ///                  (e.g. MBEDTLS_MD_SHA1)
+    ///
+    /// \param ctx       CRT context to use
+    /// \param md_alg    MD algorithm to use
+    pub fn mbedtls_x509write_crt_set_md_alg(
+        ctx: *mut mbedtls_x509write_cert,
+        md_alg: mbedtls_md_type_t,
+    );
+}
+extern "C" {
+    /// \brief           Generic function to add to or replace an extension in the
+    ///                  CRT
+    ///
+    /// \param ctx       CRT context to use
+    /// \param oid       OID of the extension
+    /// \param oid_len   length of the OID
+    /// \param critical  if the extension is critical (per the RFC's definition)
+    /// \param val       value of the extension OCTET STRING
+    /// \param val_len   length of the value data
+    ///
+    /// \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
+    pub fn mbedtls_x509write_crt_set_extension(
+        ctx: *mut mbedtls_x509write_cert,
+        oid: *const crate::c_types::c_char,
+        oid_len: usize,
+        critical: crate::c_types::c_int,
+        val: *const crate::c_types::c_uchar,
+        val_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Set the basicConstraints extension for a CRT
+    ///
+    /// \param ctx       CRT context to use
+    /// \param is_ca     is this a CA certificate
+    /// \param max_pathlen   maximum length of certificate chains below this
+    ///                      certificate (only for CA certificates, -1 is
+    ///                      unlimited)
+    ///
+    /// \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
+    pub fn mbedtls_x509write_crt_set_basic_constraints(
+        ctx: *mut mbedtls_x509write_cert,
+        is_ca: crate::c_types::c_int,
+        max_pathlen: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Set the subjectKeyIdentifier extension for a CRT
+    ///                  Requires that mbedtls_x509write_crt_set_subject_key() has been
+    ///                  called before
+    ///
+    /// \param ctx       CRT context to use
+    ///
+    /// \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
+    pub fn mbedtls_x509write_crt_set_subject_key_identifier(
+        ctx: *mut mbedtls_x509write_cert,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Set the authorityKeyIdentifier extension for a CRT
+    ///                  Requires that mbedtls_x509write_crt_set_issuer_key() has been
+    ///                  called before
+    ///
+    /// \param ctx       CRT context to use
+    ///
+    /// \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
+    pub fn mbedtls_x509write_crt_set_authority_key_identifier(
+        ctx: *mut mbedtls_x509write_cert,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Set the Key Usage Extension flags
+    ///                  (e.g. MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_SIGN)
+    ///
+    /// \param ctx       CRT context to use
+    /// \param key_usage key usage flags to set
+    ///
+    /// \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
+    pub fn mbedtls_x509write_crt_set_key_usage(
+        ctx: *mut mbedtls_x509write_cert,
+        key_usage: crate::c_types::c_uint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Set the Extended Key Usage Extension
+    ///                  (e.g. MBEDTLS_OID_SERVER_AUTH)
+    ///
+    /// \param ctx       CRT context to use
+    /// \param exts      extended key usage extensions to set, a sequence of
+    ///                  MBEDTLS_ASN1_OID objects
+    ///
+    /// \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
+    pub fn mbedtls_x509write_crt_set_ext_key_usage(
+        ctx: *mut mbedtls_x509write_cert,
+        exts: *const mbedtls_asn1_sequence,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Set the Netscape Cert Type flags
+    ///                  (e.g. MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT | MBEDTLS_X509_NS_CERT_TYPE_EMAIL)
+    ///
+    /// \param ctx           CRT context to use
+    /// \param ns_cert_type  Netscape Cert Type flags to set
+    ///
+    /// \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
+    pub fn mbedtls_x509write_crt_set_ns_cert_type(
+        ctx: *mut mbedtls_x509write_cert,
+        ns_cert_type: crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Free the contents of a CRT write context
+    ///
+    /// \param ctx       CRT context to free
+    pub fn mbedtls_x509write_crt_free(ctx: *mut mbedtls_x509write_cert);
+}
+extern "C" {
+    /// \brief           Write a built up certificate to a X509 DER structure
+    ///                  Note: data is written at the end of the buffer! Use the
+    ///                        return value to determine where you should start
+    ///                        using the buffer
+    ///
+    /// \param ctx       certificate to write away
+    /// \param buf       buffer to write to
+    /// \param size      size of the buffer
+    /// \param f_rng     RNG function. This must not be \c NULL.
+    /// \param p_rng     RNG parameter
+    ///
+    /// \return          length of data written if successful, or a specific
+    ///                  error code
+    ///
+    /// \note            \p f_rng is used for the signature operation.
+    pub fn mbedtls_x509write_crt_der(
+        ctx: *mut mbedtls_x509write_cert,
+        buf: *mut crate::c_types::c_uchar,
+        size: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Write a built up certificate to a X509 PEM string
+    ///
+    /// \param ctx       certificate to write away
+    /// \param buf       buffer to write to
+    /// \param size      size of the buffer
+    /// \param f_rng     RNG function. This must not be \c NULL.
+    /// \param p_rng     RNG parameter
+    ///
+    /// \return          0 if successful, or a specific error code
+    ///
+    /// \note            \p f_rng is used for the signature operation.
+    pub fn mbedtls_x509write_crt_pem(
+        ctx: *mut mbedtls_x509write_cert,
+        buf: *mut crate::c_types::c_uchar,
+        size: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+///<  The prime modulus.
+pub const mbedtls_dhm_parameter_MBEDTLS_DHM_PARAM_P: mbedtls_dhm_parameter = 0;
+///<  The generator.
+pub const mbedtls_dhm_parameter_MBEDTLS_DHM_PARAM_G: mbedtls_dhm_parameter = 1;
+///<  Our secret value.
+pub const mbedtls_dhm_parameter_MBEDTLS_DHM_PARAM_X: mbedtls_dhm_parameter = 2;
+///<  Our public key = \c G^X mod \c P.
+pub const mbedtls_dhm_parameter_MBEDTLS_DHM_PARAM_GX: mbedtls_dhm_parameter = 3;
+///<  The public key of the peer = \c G^Y mod \c P.
+pub const mbedtls_dhm_parameter_MBEDTLS_DHM_PARAM_GY: mbedtls_dhm_parameter = 4;
+///<  The shared secret = \c G^(XY) mod \c P.
+pub const mbedtls_dhm_parameter_MBEDTLS_DHM_PARAM_K: mbedtls_dhm_parameter = 5;
+/// Which parameter to access in mbedtls_dhm_get_value().
+pub type mbedtls_dhm_parameter = crate::c_types::c_uint;
+/// \brief          The DHM context structure.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_dhm_context {
+    pub private_P: mbedtls_mpi,
+    pub private_G: mbedtls_mpi,
+    pub private_X: mbedtls_mpi,
+    pub private_GX: mbedtls_mpi,
+    pub private_GY: mbedtls_mpi,
+    pub private_K: mbedtls_mpi,
+    pub private_RP: mbedtls_mpi,
+    pub private_Vi: mbedtls_mpi,
+    pub private_Vf: mbedtls_mpi,
+    pub private_pX: mbedtls_mpi,
+}
+extern "C" {
+    /// \brief          This function initializes the DHM context.
+    ///
+    /// \param ctx      The DHM context to initialize.
+    pub fn mbedtls_dhm_init(ctx: *mut mbedtls_dhm_context);
+}
+extern "C" {
+    /// \brief          This function parses the DHM parameters in a
+    ///                 TLS ServerKeyExchange handshake message
+    ///                 (DHM modulus, generator, and public key).
+    ///
+    /// \note           In a TLS handshake, this is the how the client
+    ///                 sets up its DHM context from the server's public
+    ///                 DHM key material.
+    ///
+    /// \param ctx      The DHM context to use. This must be initialized.
+    /// \param p        On input, *p must be the start of the input buffer.
+    ///                 On output, *p is updated to point to the end of the data
+    ///                 that has been read. On success, this is the first byte
+    ///                 past the end of the ServerKeyExchange parameters.
+    ///                 On error, this is the point at which an error has been
+    ///                 detected, which is usually not useful except to debug
+    ///                 failures.
+    /// \param end      The end of the input buffer.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_DHM_XXX error code on failure.
+    pub fn mbedtls_dhm_read_params(
+        ctx: *mut mbedtls_dhm_context,
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function generates a DHM key pair and exports its
+    ///                 public part together with the DHM parameters in the format
+    ///                 used in a TLS ServerKeyExchange handshake message.
+    ///
+    /// \note           This function assumes that the DHM parameters \c ctx->P
+    ///                 and \c ctx->G have already been properly set. For that, use
+    ///                 mbedtls_dhm_set_group() below in conjunction with
+    ///                 mbedtls_mpi_read_binary() and mbedtls_mpi_read_string().
+    ///
+    /// \note           In a TLS handshake, this is the how the server generates
+    ///                 and exports its DHM key material.
+    ///
+    /// \param ctx      The DHM context to use. This must be initialized
+    ///                 and have the DHM parameters set. It may or may not
+    ///                 already have imported the peer's public key.
+    /// \param x_size   The private key size in Bytes.
+    /// \param olen     The address at which to store the number of Bytes
+    ///                 written on success. This must not be \c NULL.
+    /// \param output   The destination buffer. This must be a writable buffer of
+    ///                 sufficient size to hold the reduced binary presentation of
+    ///                 the modulus, the generator and the public key, each wrapped
+    ///                 with a 2-byte length field. It is the responsibility of the
+    ///                 caller to ensure that enough space is available. Refer to
+    ///                 mbedtls_mpi_size() to computing the byte-size of an MPI.
+    /// \param f_rng    The RNG function. Must not be \c NULL.
+    /// \param p_rng    The RNG context to be passed to \p f_rng. This may be
+    ///                 \c NULL if \p f_rng doesn't need a context parameter.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_DHM_XXX error code on failure.
+    pub fn mbedtls_dhm_make_params(
+        ctx: *mut mbedtls_dhm_context,
+        x_size: crate::c_types::c_int,
+        output: *mut crate::c_types::c_uchar,
+        olen: *mut usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function sets the prime modulus and generator.
+    ///
+    /// \note           This function can be used to set \c ctx->P, \c ctx->G
+    ///                 in preparation for mbedtls_dhm_make_params().
+    ///
+    /// \param ctx      The DHM context to configure. This must be initialized.
+    /// \param P        The MPI holding the DHM prime modulus. This must be
+    ///                 an initialized MPI.
+    /// \param G        The MPI holding the DHM generator. This must be an
+    ///                 initialized MPI.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         An \c MBEDTLS_ERR_DHM_XXX error code on failure.
+    pub fn mbedtls_dhm_set_group(
+        ctx: *mut mbedtls_dhm_context,
+        P: *const mbedtls_mpi,
+        G: *const mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function imports the raw public value of the peer.
+    ///
+    /// \note           In a TLS handshake, this is the how the server imports
+    ///                 the Client's public DHM key.
+    ///
+    /// \param ctx      The DHM context to use. This must be initialized and have
+    ///                 its DHM parameters set, e.g. via mbedtls_dhm_set_group().
+    ///                 It may or may not already have generated its own private key.
+    /// \param input    The input buffer containing the \c G^Y value of the peer.
+    ///                 This must be a readable buffer of size \p ilen Bytes.
+    /// \param ilen     The size of the input buffer \p input in Bytes.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_DHM_XXX error code on failure.
+    pub fn mbedtls_dhm_read_public(
+        ctx: *mut mbedtls_dhm_context,
+        input: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function creates a DHM key pair and exports
+    ///                 the raw public key in big-endian format.
+    ///
+    /// \note           The destination buffer is always fully written
+    ///                 so as to contain a big-endian representation of G^X mod P.
+    ///                 If it is larger than \c ctx->len, it is padded accordingly
+    ///                 with zero-bytes at the beginning.
+    ///
+    /// \param ctx      The DHM context to use. This must be initialized and
+    ///                 have the DHM parameters set. It may or may not already
+    ///                 have imported the peer's public key.
+    /// \param x_size   The private key size in Bytes.
+    /// \param output   The destination buffer. This must be a writable buffer of
+    ///                 size \p olen Bytes.
+    /// \param olen     The length of the destination buffer. This must be at least
+    ///                 equal to `ctx->len` (the size of \c P).
+    /// \param f_rng    The RNG function. This must not be \c NULL.
+    /// \param p_rng    The RNG context to be passed to \p f_rng. This may be \c NULL
+    ///                 if \p f_rng doesn't need a context argument.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         An \c MBEDTLS_ERR_DHM_XXX error code on failure.
+    pub fn mbedtls_dhm_make_public(
+        ctx: *mut mbedtls_dhm_context,
+        x_size: crate::c_types::c_int,
+        output: *mut crate::c_types::c_uchar,
+        olen: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function derives and exports the shared secret
+    ///                 \c (G^Y)^X mod \c P.
+    ///
+    /// \note           If \p f_rng is not \c NULL, it is used to blind the input as
+    ///                 a countermeasure against timing attacks. Blinding is used
+    ///                 only if our private key \c X is re-used, and not used
+    ///                 otherwise. We recommend always passing a non-NULL
+    ///                 \p f_rng argument.
+    ///
+    /// \param ctx           The DHM context to use. This must be initialized
+    ///                      and have its own private key generated and the peer's
+    ///                      public key imported.
+    /// \param output        The buffer to write the generated shared key to. This
+    ///                      must be a writable buffer of size \p output_size Bytes.
+    /// \param output_size   The size of the destination buffer. This must be at
+    ///                      least the size of \c ctx->len (the size of \c P).
+    /// \param olen          On exit, holds the actual number of Bytes written.
+    /// \param f_rng         The RNG function. Must not be \c NULL. Used for
+    ///                      blinding.
+    /// \param p_rng         The RNG context to be passed to \p f_rng. This may be
+    ///                      \c NULL if \p f_rng doesn't need a context parameter.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              An \c MBEDTLS_ERR_DHM_XXX error code on failure.
+    pub fn mbedtls_dhm_calc_secret(
+        ctx: *mut mbedtls_dhm_context,
+        output: *mut crate::c_types::c_uchar,
+        output_size: usize,
+        olen: *mut usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function returns the size of the prime modulus in bits.
+    ///
+    /// \param ctx      The DHM context to query.
+    ///
+    /// \return         The size of the prime modulus in bits,
+    ///                 i.e. the number n such that 2^(n-1) <= P < 2^n.
+    pub fn mbedtls_dhm_get_bitlen(ctx: *const mbedtls_dhm_context) -> usize;
+}
+extern "C" {
+    /// \brief          This function returns the size of the prime modulus in bytes.
+    ///
+    /// \param ctx      The DHM context to query.
+    ///
+    /// \return         The size of the prime modulus in bytes,
+    ///                 i.e. the number n such that 2^(8*(n-1)) <= P < 2^(8*n).
+    pub fn mbedtls_dhm_get_len(ctx: *const mbedtls_dhm_context) -> usize;
+}
+extern "C" {
+    /// \brief          This function copies a parameter of a DHM key.
+    ///
+    /// \param ctx      The DHM context to query.
+    /// \param param    The parameter to copy.
+    /// \param dest     The MPI object to copy the value into. It must be
+    ///                 initialized.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_DHM_BAD_INPUT_DATA if \p field is invalid.
+    /// \return         An \c MBEDTLS_ERR_MPI_XXX error code if the copy fails.
+    pub fn mbedtls_dhm_get_value(
+        ctx: *const mbedtls_dhm_context,
+        param: mbedtls_dhm_parameter,
+        dest: *mut mbedtls_mpi,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function frees and clears the components
+    ///                 of a DHM context.
+    ///
+    /// \param ctx      The DHM context to free and clear. This may be \c NULL,
+    ///                 in which case this function is a no-op. If it is not \c NULL,
+    ///                 it must point to an initialized DHM context.
+    pub fn mbedtls_dhm_free(ctx: *mut mbedtls_dhm_context);
+}
+extern "C" {
+    /// \brief             This function parses DHM parameters in PEM or DER format.
+    ///
+    /// \param dhm         The DHM context to import the DHM parameters into.
+    ///                    This must be initialized.
+    /// \param dhmin       The input buffer. This must be a readable buffer of
+    ///                    length \p dhminlen Bytes.
+    /// \param dhminlen    The size of the input buffer \p dhmin, including the
+    ///                    terminating \c NULL Byte for PEM data.
+    ///
+    /// \return            \c 0 on success.
+    /// \return            An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX error
+    ///                    code on failure.
+    pub fn mbedtls_dhm_parse_dhm(
+        dhm: *mut mbedtls_dhm_context,
+        dhmin: *const crate::c_types::c_uchar,
+        dhminlen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          The DMH checkup routine.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_dhm_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+///< Our key.
+pub const mbedtls_ecdh_side_MBEDTLS_ECDH_OURS: mbedtls_ecdh_side = 0;
+///< The key of the peer.
+pub const mbedtls_ecdh_side_MBEDTLS_ECDH_THEIRS: mbedtls_ecdh_side = 1;
+/// Defines the source of the imported EC key.
+pub type mbedtls_ecdh_side = crate::c_types::c_uint;
+///< Implementation not defined.
+pub const mbedtls_ecdh_variant_MBEDTLS_ECDH_VARIANT_NONE: mbedtls_ecdh_variant = 0;
+///< The default Mbed TLS implementation
+pub const mbedtls_ecdh_variant_MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: mbedtls_ecdh_variant = 1;
+/// Defines the ECDH implementation used.
+///
+/// Later versions of the library may add new variants, therefore users should
+/// not make any assumptions about them.
+pub type mbedtls_ecdh_variant = crate::c_types::c_uint;
+/// The context used by the default ECDH implementation.
+///
+/// Later versions might change the structure of this context, therefore users
+/// should not make any assumptions about the structure of
+/// mbedtls_ecdh_context_mbed.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ecdh_context_mbed {
+    pub private_grp: mbedtls_ecp_group,
+    pub private_d: mbedtls_mpi,
+    pub private_Q: mbedtls_ecp_point,
+    pub private_Qp: mbedtls_ecp_point,
+    pub private_z: mbedtls_mpi,
+}
+/// \warning         Performing multiple operations concurrently on the same
+///                  ECDSA context is not supported; objects of this type
+///                  should not be shared between multiple threads.
+/// \brief           The ECDH context structure.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ecdh_context {
+    pub private_point_format: u8,
+    pub private_grp_id: mbedtls_ecp_group_id,
+    pub private_var: mbedtls_ecdh_variant,
+    pub private_ctx: mbedtls_ecdh_context__bindgen_ty_1,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union mbedtls_ecdh_context__bindgen_ty_1 {
+    pub private_mbed_ecdh: mbedtls_ecdh_context_mbed,
+}
+extern "C" {
+    /// \brief          Check whether a given group can be used for ECDH.
+    ///
+    /// \param gid      The ECP group ID to check.
+    ///
+    /// \return         \c 1 if the group can be used, \c 0 otherwise
+    pub fn mbedtls_ecdh_can_do(gid: mbedtls_ecp_group_id) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function generates an ECDH keypair on an elliptic
+    ///                  curve.
+    ///
+    ///                  This function performs the first of two core computations
+    ///                  implemented during the ECDH key exchange. The second core
+    ///                  computation is performed by mbedtls_ecdh_compute_shared().
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param grp       The ECP group to use. This must be initialized and have
+    ///                  domain parameters loaded, for example through
+    ///                  mbedtls_ecp_load() or mbedtls_ecp_tls_read_group().
+    /// \param d         The destination MPI (private key).
+    ///                  This must be initialized.
+    /// \param Q         The destination point (public key).
+    ///                  This must be initialized.
+    /// \param f_rng     The RNG function to use. This must not be \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may be
+    ///                  \c NULL in case \p f_rng doesn't need a context argument.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          Another \c MBEDTLS_ERR_ECP_XXX or
+    ///                  \c MBEDTLS_MPI_XXX error code on failure.
+    pub fn mbedtls_ecdh_gen_public(
+        grp: *mut mbedtls_ecp_group,
+        d: *mut mbedtls_mpi,
+        Q: *mut mbedtls_ecp_point,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function computes the shared secret.
+    ///
+    ///                  This function performs the second of two core computations
+    ///                  implemented during the ECDH key exchange. The first core
+    ///                  computation is performed by mbedtls_ecdh_gen_public().
+    ///
+    /// \see             ecp.h
+    ///
+    /// \note            If \p f_rng is not NULL, it is used to implement
+    ///                  countermeasures against side-channel attacks.
+    ///                  For more information, see mbedtls_ecp_mul().
+    ///
+    /// \param grp       The ECP group to use. This must be initialized and have
+    ///                  domain parameters loaded, for example through
+    ///                  mbedtls_ecp_load() or mbedtls_ecp_tls_read_group().
+    /// \param z         The destination MPI (shared secret).
+    ///                  This must be initialized.
+    /// \param Q         The public key from another party.
+    ///                  This must be initialized.
+    /// \param d         Our secret exponent (private key).
+    ///                  This must be initialized.
+    /// \param f_rng     The RNG function to use. This must not be \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may be
+    ///                  \c NULL if \p f_rng is \c NULL or doesn't need a
+    ///                  context argument.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          Another \c MBEDTLS_ERR_ECP_XXX or
+    ///                  \c MBEDTLS_MPI_XXX error code on failure.
+    pub fn mbedtls_ecdh_compute_shared(
+        grp: *mut mbedtls_ecp_group,
+        z: *mut mbedtls_mpi,
+        Q: *const mbedtls_ecp_point,
+        d: *const mbedtls_mpi,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function initializes an ECDH context.
+    ///
+    /// \param ctx       The ECDH context to initialize. This must not be \c NULL.
+    pub fn mbedtls_ecdh_init(ctx: *mut mbedtls_ecdh_context);
+}
+extern "C" {
+    /// \brief           This function sets up the ECDH context with the information
+    ///                  given.
+    ///
+    ///                  This function should be called after mbedtls_ecdh_init() but
+    ///                  before mbedtls_ecdh_make_params(). There is no need to call
+    ///                  this function before mbedtls_ecdh_read_params().
+    ///
+    ///                  This is the first function used by a TLS server for ECDHE
+    ///                  ciphersuites.
+    ///
+    /// \param ctx       The ECDH context to set up. This must be initialized.
+    /// \param grp_id    The group id of the group to set up the context for.
+    ///
+    /// \return          \c 0 on success.
+    pub fn mbedtls_ecdh_setup(
+        ctx: *mut mbedtls_ecdh_context,
+        grp_id: mbedtls_ecp_group_id,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function frees a context.
+    ///
+    /// \param ctx       The context to free. This may be \c NULL, in which
+    ///                  case this function does nothing. If it is not \c NULL,
+    ///                  it must point to an initialized ECDH context.
+    pub fn mbedtls_ecdh_free(ctx: *mut mbedtls_ecdh_context);
+}
+extern "C" {
+    /// \brief           This function generates an EC key pair and exports its
+    ///                  in the format used in a TLS ServerKeyExchange handshake
+    ///                  message.
+    ///
+    ///                  This is the second function used by a TLS server for ECDHE
+    ///                  ciphersuites. (It is called after mbedtls_ecdh_setup().)
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param ctx       The ECDH context to use. This must be initialized
+    ///                  and bound to a group, for example via mbedtls_ecdh_setup().
+    /// \param olen      The address at which to store the number of Bytes written.
+    /// \param buf       The destination buffer. This must be a writable buffer of
+    ///                  length \p blen Bytes.
+    /// \param blen      The length of the destination buffer \p buf in Bytes.
+    /// \param f_rng     The RNG function to use. This must not be \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may be
+    ///                  \c NULL in case \p f_rng doesn't need a context argument.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                  operations was reached: see \c mbedtls_ecp_set_max_ops().
+    /// \return          Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
+    pub fn mbedtls_ecdh_make_params(
+        ctx: *mut mbedtls_ecdh_context,
+        olen: *mut usize,
+        buf: *mut crate::c_types::c_uchar,
+        blen: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function parses the ECDHE parameters in a
+    ///                  TLS ServerKeyExchange handshake message.
+    ///
+    /// \note            In a TLS handshake, this is the how the client
+    ///                  sets up its ECDHE context from the server's public
+    ///                  ECDHE key material.
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param ctx       The ECDHE context to use. This must be initialized.
+    /// \param buf       On input, \c *buf must be the start of the input buffer.
+    ///                  On output, \c *buf is updated to point to the end of the
+    ///                  data that has been read. On success, this is the first byte
+    ///                  past the end of the ServerKeyExchange parameters.
+    ///                  On error, this is the point at which an error has been
+    ///                  detected, which is usually not useful except to debug
+    ///                  failures.
+    /// \param end       The end of the input buffer.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          An \c MBEDTLS_ERR_ECP_XXX error code on failure.
+    pub fn mbedtls_ecdh_read_params(
+        ctx: *mut mbedtls_ecdh_context,
+        buf: *mut *const crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function sets up an ECDH context from an EC key.
+    ///
+    ///                  It is used by clients and servers in place of the
+    ///                  ServerKeyEchange for static ECDH, and imports ECDH
+    ///                  parameters from the EC key information of a certificate.
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param ctx       The ECDH context to set up. This must be initialized.
+    /// \param key       The EC key to use. This must be initialized.
+    /// \param side      Defines the source of the key. Possible values are:
+    ///                  - #MBEDTLS_ECDH_OURS: The key is ours.
+    ///                  - #MBEDTLS_ECDH_THEIRS: The key is that of the peer.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
+    pub fn mbedtls_ecdh_get_params(
+        ctx: *mut mbedtls_ecdh_context,
+        key: *const mbedtls_ecp_keypair,
+        side: mbedtls_ecdh_side,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function generates a public key and exports it
+    ///                  as a TLS ClientKeyExchange payload.
+    ///
+    ///                  This is the second function used by a TLS client for ECDH(E)
+    ///                  ciphersuites.
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param ctx       The ECDH context to use. This must be initialized
+    ///                  and bound to a group, the latter usually by
+    ///                  mbedtls_ecdh_read_params().
+    /// \param olen      The address at which to store the number of Bytes written.
+    ///                  This must not be \c NULL.
+    /// \param buf       The destination buffer. This must be a writable buffer
+    ///                  of length \p blen Bytes.
+    /// \param blen      The size of the destination buffer \p buf in Bytes.
+    /// \param f_rng     The RNG function to use. This must not be \c NULL.
+    /// \param p_rng     The RNG context to be passed to \p f_rng. This may be
+    ///                  \c NULL in case \p f_rng doesn't need a context argument.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                  operations was reached: see \c mbedtls_ecp_set_max_ops().
+    /// \return          Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
+    pub fn mbedtls_ecdh_make_public(
+        ctx: *mut mbedtls_ecdh_context,
+        olen: *mut usize,
+        buf: *mut crate::c_types::c_uchar,
+        blen: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       This function parses and processes the ECDHE payload of a
+    ///              TLS ClientKeyExchange message.
+    ///
+    ///              This is the third function used by a TLS server for ECDH(E)
+    ///              ciphersuites. (It is called after mbedtls_ecdh_setup() and
+    ///              mbedtls_ecdh_make_params().)
+    ///
+    /// \see         ecp.h
+    ///
+    /// \param ctx   The ECDH context to use. This must be initialized
+    ///              and bound to a group, for example via mbedtls_ecdh_setup().
+    /// \param buf   The pointer to the ClientKeyExchange payload. This must
+    ///              be a readable buffer of length \p blen Bytes.
+    /// \param blen  The length of the input buffer \p buf in Bytes.
+    ///
+    /// \return      \c 0 on success.
+    /// \return      An \c MBEDTLS_ERR_ECP_XXX error code on failure.
+    pub fn mbedtls_ecdh_read_public(
+        ctx: *mut mbedtls_ecdh_context,
+        buf: *const crate::c_types::c_uchar,
+        blen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           This function derives and exports the shared secret.
+    ///
+    ///                  This is the last function used by both TLS client
+    ///                  and servers.
+    ///
+    /// \note            If \p f_rng is not NULL, it is used to implement
+    ///                  countermeasures against side-channel attacks.
+    ///                  For more information, see mbedtls_ecp_mul().
+    ///
+    /// \see             ecp.h
+    ///
+    /// \param ctx       The ECDH context to use. This must be initialized
+    ///                  and have its own private key generated and the peer's
+    ///                  public key imported.
+    /// \param olen      The address at which to store the total number of
+    ///                  Bytes written on success. This must not be \c NULL.
+    /// \param buf       The buffer to write the generated shared key to. This
+    ///                  must be a writable buffer of size \p blen Bytes.
+    /// \param blen      The length of the destination buffer \p buf in Bytes.
+    /// \param f_rng     The RNG function to use. This must not be \c NULL.
+    /// \param p_rng     The RNG context. This may be \c NULL if \p f_rng
+    ///                  doesn't need a context argument.
+    ///
+    /// \return          \c 0 on success.
+    /// \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
+    ///                  operations was reached: see \c mbedtls_ecp_set_max_ops().
+    /// \return          Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
+    pub fn mbedtls_ecdh_calc_secret(
+        ctx: *mut mbedtls_ecdh_context,
+        olen: *mut usize,
+        buf: *mut crate::c_types::c_uchar,
+        blen: usize,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    ) -> crate::c_types::c_int;
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union mbedtls_ssl_premaster_secret {
+    pub _pms_rsa: [crate::c_types::c_uchar; 48usize],
+    pub _pms_dhm: [crate::c_types::c_uchar; 1024usize],
+    pub _pms_ecdh: [crate::c_types::c_uchar; 66usize],
+    pub _pms_psk: [crate::c_types::c_uchar; 100usize],
+    pub _pms_dhe_psk: [crate::c_types::c_uchar; 1076usize],
+    pub _pms_rsa_psk: [crate::c_types::c_uchar; 100usize],
+    pub _pms_ecdhe_psk: [crate::c_types::c_uchar; 118usize],
+}
+pub const mbedtls_ssl_states_MBEDTLS_SSL_HELLO_REQUEST: mbedtls_ssl_states = 0;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_CLIENT_HELLO: mbedtls_ssl_states = 1;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_SERVER_HELLO: mbedtls_ssl_states = 2;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_SERVER_CERTIFICATE: mbedtls_ssl_states = 3;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_SERVER_KEY_EXCHANGE: mbedtls_ssl_states = 4;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_CERTIFICATE_REQUEST: mbedtls_ssl_states = 5;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_SERVER_HELLO_DONE: mbedtls_ssl_states = 6;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_CLIENT_CERTIFICATE: mbedtls_ssl_states = 7;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_CLIENT_KEY_EXCHANGE: mbedtls_ssl_states = 8;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_CERTIFICATE_VERIFY: mbedtls_ssl_states = 9;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC: mbedtls_ssl_states = 10;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_CLIENT_FINISHED: mbedtls_ssl_states = 11;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC: mbedtls_ssl_states = 12;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_SERVER_FINISHED: mbedtls_ssl_states = 13;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_FLUSH_BUFFERS: mbedtls_ssl_states = 14;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_HANDSHAKE_WRAPUP: mbedtls_ssl_states = 15;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_NEW_SESSION_TICKET: mbedtls_ssl_states = 16;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT: mbedtls_ssl_states = 17;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_HELLO_RETRY_REQUEST: mbedtls_ssl_states = 18;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_ENCRYPTED_EXTENSIONS: mbedtls_ssl_states = 19;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_END_OF_EARLY_DATA: mbedtls_ssl_states = 20;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY: mbedtls_ssl_states = 21;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED: mbedtls_ssl_states = 22;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO: mbedtls_ssl_states =
+    23;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO: mbedtls_ssl_states = 24;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO: mbedtls_ssl_states = 25;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST: mbedtls_ssl_states =
+    26;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_HANDSHAKE_OVER: mbedtls_ssl_states = 27;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET: mbedtls_ssl_states = 28;
+pub const mbedtls_ssl_states_MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH: mbedtls_ssl_states = 29;
+pub type mbedtls_ssl_states = crate::c_types::c_uint;
+/// \brief          Callback type: send data on the network.
+///
+/// \note           That callback may be either blocking or non-blocking.
+///
+/// \param ctx      Context for the send callback (typically a file descriptor)
+/// \param buf      Buffer holding the data to send
+/// \param len      Length of the data to send
+///
+/// \return         The callback must return the number of bytes sent if any,
+///                 or a non-zero error code.
+///                 If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_WRITE
+///                 must be returned when the operation would block.
+///
+/// \note           The callback is allowed to send fewer bytes than requested.
+///                 It must always return the number of bytes actually sent.
+pub type mbedtls_ssl_send_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        ctx: *mut crate::c_types::c_void,
+        buf: *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int,
+>;
+/// \brief          Callback type: receive data from the network.
+///
+/// \note           That callback may be either blocking or non-blocking.
+///
+/// \param ctx      Context for the receive callback (typically a file
+///                 descriptor)
+/// \param buf      Buffer to write the received data to
+/// \param len      Length of the receive buffer
+///
+/// \returns        If data has been received, the positive number of bytes received.
+/// \returns        \c 0 if the connection has been closed.
+/// \returns        If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_READ
+///                 must be returned when the operation would block.
+/// \returns        Another negative error code on other kinds of failures.
+///
+/// \note           The callback may receive fewer bytes than the length of the
+///                 buffer. It must always return the number of bytes actually
+///                 received and written to the buffer.
+pub type mbedtls_ssl_recv_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        ctx: *mut crate::c_types::c_void,
+        buf: *mut crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int,
+>;
+/// \brief          Callback type: receive data from the network, with timeout
+///
+/// \note           That callback must block until data is received, or the
+///                 timeout delay expires, or the operation is interrupted by a
+///                 signal.
+///
+/// \param ctx      Context for the receive callback (typically a file descriptor)
+/// \param buf      Buffer to write the received data to
+/// \param len      Length of the receive buffer
+/// \param timeout  Maximum number of milliseconds to wait for data
+///                 0 means no timeout (potentially waiting forever)
+///
+/// \return         The callback must return the number of bytes received,
+///                 or a non-zero error code:
+///                 \c MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out,
+///                 \c MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal.
+///
+/// \note           The callback may receive fewer bytes than the length of the
+///                 buffer. It must always return the number of bytes actually
+///                 received and written to the buffer.
+pub type mbedtls_ssl_recv_timeout_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        ctx: *mut crate::c_types::c_void,
+        buf: *mut crate::c_types::c_uchar,
+        len: usize,
+        timeout: u32,
+    ) -> crate::c_types::c_int,
+>;
+/// \brief          Callback type: set a pair of timers/delays to watch
+///
+/// \param ctx      Context pointer
+/// \param int_ms   Intermediate delay in milliseconds
+/// \param fin_ms   Final delay in milliseconds
+///                 0 cancels the current timer.
+///
+/// \note           This callback must at least store the necessary information
+///                 for the associated \c mbedtls_ssl_get_timer_t callback to
+///                 return correct information.
+///
+/// \note           If using an event-driven style of programming, an event must
+///                 be generated when the final delay is passed. The event must
+///                 cause a call to \c mbedtls_ssl_handshake() with the proper
+///                 SSL context to be scheduled. Care must be taken to ensure
+///                 that at most one such call happens at a time.
+///
+/// \note           Only one timer at a time must be running. Calling this
+///                 function while a timer is running must cancel it. Cancelled
+///                 timers must not generate any event.
+pub type mbedtls_ssl_set_timer_t = ::core::option::Option<
+    unsafe extern "C" fn(ctx: *mut crate::c_types::c_void, int_ms: u32, fin_ms: u32),
+>;
+/// \brief          Callback type: get status of timers/delays
+///
+/// \param ctx      Context pointer
+///
+/// \return         This callback must return:
+///                 -1 if cancelled (fin_ms == 0),
+///                  0 if none of the delays have passed,
+///                  1 if only the intermediate delay has passed,
+///                  2 if the final delay has passed.
+pub type mbedtls_ssl_get_timer_t = ::core::option::Option<
+    unsafe extern "C" fn(ctx: *mut crate::c_types::c_void) -> crate::c_types::c_int,
+>;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ssl_transform {
+    _unused: [u8; 0],
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ssl_handshake_params {
+    _unused: [u8; 0],
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ssl_sig_hash_set_t {
+    _unused: [u8; 0],
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ssl_key_cert {
+    _unused: [u8; 0],
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ssl_flight_item {
+    _unused: [u8; 0],
+}
+/// \brief          Callback type: server-side session cache getter
+///
+///                 The session cache is logically a key value store, with
+///                 keys being session IDs and values being instances of
+///                 mbedtls_ssl_session.
+///
+///                 This callback retrieves an entry in this key-value store.
+///
+/// \param data            The address of the session cache structure to query.
+/// \param session_id      The buffer holding the session ID to query.
+/// \param session_id_len  The length of \p session_id in Bytes.
+/// \param session         The address of the session structure to populate.
+///                        It is initialized with mbdtls_ssl_session_init(),
+///                        and the callback must always leave it in a state
+///                        where it can safely be freed via
+///                        mbedtls_ssl_session_free() independent of the
+///                        return code of this function.
+///
+/// \return                \c 0 on success
+/// \return                A non-zero return value on failure.
+pub type mbedtls_ssl_cache_get_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        data: *mut crate::c_types::c_void,
+        session_id: *const crate::c_types::c_uchar,
+        session_id_len: usize,
+        session: *mut mbedtls_ssl_session,
+    ) -> crate::c_types::c_int,
+>;
+/// \brief          Callback type: server-side session cache setter
+///
+///                 The session cache is logically a key value store, with
+///                 keys being session IDs and values being instances of
+///                 mbedtls_ssl_session.
+///
+///                 This callback sets an entry in this key-value store.
+///
+/// \param data            The address of the session cache structure to modify.
+/// \param session_id      The buffer holding the session ID to query.
+/// \param session_id_len  The length of \p session_id in Bytes.
+/// \param session         The address of the session to be stored in the
+///                        session cache.
+///
+/// \return                \c 0 on success
+/// \return                A non-zero return value on failure.
+pub type mbedtls_ssl_cache_set_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        data: *mut crate::c_types::c_void,
+        session_id: *const crate::c_types::c_uchar,
+        session_id_len: usize,
+        session: *const mbedtls_ssl_session,
+    ) -> crate::c_types::c_int,
+>;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ssl_tls13_application_secrets {
+    pub client_application_traffic_secret_N: [crate::c_types::c_uchar; 64usize],
+    pub server_application_traffic_secret_N: [crate::c_types::c_uchar; 64usize],
+    pub exporter_master_secret: [crate::c_types::c_uchar; 64usize],
+    pub resumption_master_secret: [crate::c_types::c_uchar; 64usize],
+}
+///< Context not in use or version not yet negotiated.
+pub const mbedtls_ssl_protocol_version_MBEDTLS_SSL_VERSION_UNKNOWN: mbedtls_ssl_protocol_version =
+    0;
+///< (D)TLS 1.2
+pub const mbedtls_ssl_protocol_version_MBEDTLS_SSL_VERSION_TLS1_2: mbedtls_ssl_protocol_version =
+    771;
+///< (D)TLS 1.3
+pub const mbedtls_ssl_protocol_version_MBEDTLS_SSL_VERSION_TLS1_3: mbedtls_ssl_protocol_version =
+    772;
+/// Human-friendly representation of the (D)TLS protocol version.
+pub type mbedtls_ssl_protocol_version = crate::c_types::c_uint;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ssl_session {
+    pub private_mfl_code: crate::c_types::c_uchar,
+    pub private_exported: crate::c_types::c_uchar,
+    pub private_tls_version: mbedtls_ssl_protocol_version,
+    pub private_ciphersuite: crate::c_types::c_int,
+    pub private_id_len: usize,
+    pub private_id: [crate::c_types::c_uchar; 32usize],
+    pub private_master: [crate::c_types::c_uchar; 48usize],
+    pub private_peer_cert: *mut mbedtls_x509_crt,
+    pub private_verify_result: u32,
+    pub private_ticket: *mut crate::c_types::c_uchar,
+    pub private_ticket_len: usize,
+    pub private_ticket_lifetime: u32,
+    pub private_endpoint: u8,
+    pub private_ticket_flags: u8,
+    pub private_ticket_age_add: u32,
+    pub private_resumption_key_len: u8,
+    pub private_resumption_key: [crate::c_types::c_uchar; 48usize],
+    pub private_hostname: *mut crate::c_types::c_char,
+    pub private_encrypt_then_mac: crate::c_types::c_int,
+    pub private_app_secrets: mbedtls_ssl_tls13_application_secrets,
+}
+pub const mbedtls_tls_prf_types_MBEDTLS_SSL_TLS_PRF_NONE: mbedtls_tls_prf_types = 0;
+pub const mbedtls_tls_prf_types_MBEDTLS_SSL_TLS_PRF_SHA384: mbedtls_tls_prf_types = 1;
+pub const mbedtls_tls_prf_types_MBEDTLS_SSL_TLS_PRF_SHA256: mbedtls_tls_prf_types = 2;
+pub const mbedtls_tls_prf_types_MBEDTLS_SSL_HKDF_EXPAND_SHA384: mbedtls_tls_prf_types = 3;
+pub const mbedtls_tls_prf_types_MBEDTLS_SSL_HKDF_EXPAND_SHA256: mbedtls_tls_prf_types = 4;
+pub type mbedtls_tls_prf_types = crate::c_types::c_uint;
+pub const mbedtls_ssl_key_export_type_MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET:
+    mbedtls_ssl_key_export_type = 0;
+pub const mbedtls_ssl_key_export_type_MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_EARLY_SECRET:
+    mbedtls_ssl_key_export_type = 1;
+pub const mbedtls_ssl_key_export_type_MBEDTLS_SSL_KEY_EXPORT_TLS1_3_EARLY_EXPORTER_SECRET:
+    mbedtls_ssl_key_export_type = 2;
+pub const mbedtls_ssl_key_export_type_MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_HANDSHAKE_TRAFFIC_SECRET : mbedtls_ssl_key_export_type = 3 ;
+pub const mbedtls_ssl_key_export_type_MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_HANDSHAKE_TRAFFIC_SECRET : mbedtls_ssl_key_export_type = 4 ;
+pub const mbedtls_ssl_key_export_type_MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_APPLICATION_TRAFFIC_SECRET : mbedtls_ssl_key_export_type = 5 ;
+pub const mbedtls_ssl_key_export_type_MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_APPLICATION_TRAFFIC_SECRET : mbedtls_ssl_key_export_type = 6 ;
+pub type mbedtls_ssl_key_export_type = crate::c_types::c_uint;
+/// \brief           Callback type: Export key alongside random values for
+///                                 session identification, and PRF for
+///                                 implementation of TLS key exporters.
+///
+/// \param p_expkey   Context for the callback.
+/// \param type       The type of the key that is being exported.
+/// \param secret     The address of the buffer holding the secret
+///                   that's being exporterd.
+/// \param secret_len The length of \p secret in bytes.
+/// \param client_random The client random bytes.
+/// \param server_random The server random bytes.
+/// \param tls_prf_type The identifier for the PRF used in the handshake
+///                     to which the key belongs.
+pub type mbedtls_ssl_export_keys_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        p_expkey: *mut crate::c_types::c_void,
+        type_: mbedtls_ssl_key_export_type,
+        secret: *const crate::c_types::c_uchar,
+        secret_len: usize,
+        client_random: *const crate::c_types::c_uchar,
+        server_random: *const crate::c_types::c_uchar,
+        tls_prf_type: mbedtls_tls_prf_types,
+    ),
+>;
+/// \brief           Callback type: generic handshake callback
+///
+/// \note            Callbacks may use user_data funcs to set/get app user data.
+///                  See \c mbedtls_ssl_get_user_data_p()
+///                      \c mbedtls_ssl_get_user_data_n()
+///                      \c mbedtls_ssl_conf_get_user_data_p()
+///                      \c mbedtls_ssl_conf_get_user_data_n()
+///
+/// \param ssl       \c mbedtls_ssl_context on which the callback is run
+///
+/// \return          The return value of the callback is 0 if successful,
+///                  or a specific MBEDTLS_ERR_XXX code, which will cause
+///                  the handshake to be aborted.
+pub type mbedtls_ssl_hs_cb_t = ::core::option::Option<
+    unsafe extern "C" fn(ssl: *mut mbedtls_ssl_context) -> crate::c_types::c_int,
+>;
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub union mbedtls_ssl_user_data_t {
+    pub n: usize,
+    pub p: *mut crate::c_types::c_void,
+}
+/// SSL/TLS configuration to be shared between mbedtls_ssl_context structures.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ssl_config {
+    pub private_max_tls_version: mbedtls_ssl_protocol_version,
+    pub private_min_tls_version: mbedtls_ssl_protocol_version,
+    pub private_endpoint: u8,
+    pub private_transport: u8,
+    pub private_authmode: u8,
+    pub private_allow_legacy_renegotiation: u8,
+    pub private_mfl_code: u8,
+    pub private_encrypt_then_mac: u8,
+    pub private_extended_ms: u8,
+    pub private_anti_replay: u8,
+    pub private_disable_renegotiation: u8,
+    pub private_session_tickets: u8,
+    pub private_new_session_tickets_count: u16,
+    pub private_cert_req_ca_list: u8,
+    pub private_respect_cli_pref: u8,
+    pub private_ignore_unexpected_cid: u8,
+    pub private_ciphersuite_list: *const crate::c_types::c_int,
+    pub private_tls13_kex_modes: crate::c_types::c_int,
+    pub private_f_dbg: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut crate::c_types::c_void,
+            arg2: crate::c_types::c_int,
+            arg3: *const crate::c_types::c_char,
+            arg4: crate::c_types::c_int,
+            arg5: *const crate::c_types::c_char,
+        ),
+    >,
+    pub private_p_dbg: *mut crate::c_types::c_void,
+    pub private_f_rng: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut crate::c_types::c_void,
+            arg2: *mut crate::c_types::c_uchar,
+            arg3: usize,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_p_rng: *mut crate::c_types::c_void,
+    pub private_f_get_cache: mbedtls_ssl_cache_get_t,
+    pub private_f_set_cache: mbedtls_ssl_cache_set_t,
+    pub private_p_cache: *mut crate::c_types::c_void,
+    pub private_f_sni: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut crate::c_types::c_void,
+            arg2: *mut mbedtls_ssl_context,
+            arg3: *const crate::c_types::c_uchar,
+            arg4: usize,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_p_sni: *mut crate::c_types::c_void,
+    pub private_f_vrfy: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut crate::c_types::c_void,
+            arg2: *mut mbedtls_x509_crt,
+            arg3: crate::c_types::c_int,
+            arg4: *mut u32,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_p_vrfy: *mut crate::c_types::c_void,
+    pub private_f_psk: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut crate::c_types::c_void,
+            arg2: *mut mbedtls_ssl_context,
+            arg3: *const crate::c_types::c_uchar,
+            arg4: usize,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_p_psk: *mut crate::c_types::c_void,
+    pub private_f_cookie_write: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut crate::c_types::c_void,
+            arg2: *mut *mut crate::c_types::c_uchar,
+            arg3: *mut crate::c_types::c_uchar,
+            arg4: *const crate::c_types::c_uchar,
+            arg5: usize,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_f_cookie_check: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut crate::c_types::c_void,
+            arg2: *const crate::c_types::c_uchar,
+            arg3: usize,
+            arg4: *const crate::c_types::c_uchar,
+            arg5: usize,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_p_cookie: *mut crate::c_types::c_void,
+    pub private_f_ticket_write: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut crate::c_types::c_void,
+            arg2: *const mbedtls_ssl_session,
+            arg3: *mut crate::c_types::c_uchar,
+            arg4: *const crate::c_types::c_uchar,
+            arg5: *mut usize,
+            arg6: *mut u32,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_f_ticket_parse: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut crate::c_types::c_void,
+            arg2: *mut mbedtls_ssl_session,
+            arg3: *mut crate::c_types::c_uchar,
+            arg4: usize,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_p_ticket: *mut crate::c_types::c_void,
+    pub private_cid_len: usize,
+    pub private_cert_profile: *const mbedtls_x509_crt_profile,
+    pub private_key_cert: *mut mbedtls_ssl_key_cert,
+    pub private_ca_chain: *mut mbedtls_x509_crt,
+    pub private_ca_crl: *mut mbedtls_x509_crl,
+    pub private_sig_hashes: *const crate::c_types::c_int,
+    pub private_sig_algs: *const u16,
+    pub private_curve_list: *const mbedtls_ecp_group_id,
+    pub private_group_list: *const u16,
+    pub private_dhm_P: mbedtls_mpi,
+    pub private_dhm_G: mbedtls_mpi,
+    pub private_psk: *mut crate::c_types::c_uchar,
+    pub private_psk_len: usize,
+    pub private_psk_identity: *mut crate::c_types::c_uchar,
+    pub private_psk_identity_len: usize,
+    pub private_alpn_list: *mut *const crate::c_types::c_char,
+    pub private_read_timeout: u32,
+    pub private_hs_timeout_min: u32,
+    pub private_hs_timeout_max: u32,
+    pub private_renego_max_records: crate::c_types::c_int,
+    pub private_renego_period: [crate::c_types::c_uchar; 8usize],
+    pub private_badmac_limit: crate::c_types::c_uint,
+    pub private_dhm_min_bitlen: crate::c_types::c_uint,
+    pub private_user_data: mbedtls_ssl_user_data_t,
+    pub private_f_cert_cb: mbedtls_ssl_hs_cb_t,
+    pub private_dn_hints: *const mbedtls_x509_crt,
+}
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ssl_context {
+    pub private_conf: *const mbedtls_ssl_config,
+    pub private_state: crate::c_types::c_int,
+    pub private_renego_status: crate::c_types::c_int,
+    pub private_renego_records_seen: crate::c_types::c_int,
+    pub private_tls_version: mbedtls_ssl_protocol_version,
+    pub private_badmac_seen: crate::c_types::c_uint,
+    pub private_f_vrfy: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut crate::c_types::c_void,
+            arg2: *mut mbedtls_x509_crt,
+            arg3: crate::c_types::c_int,
+            arg4: *mut u32,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_p_vrfy: *mut crate::c_types::c_void,
+    pub private_f_send: mbedtls_ssl_send_t,
+    pub private_f_recv: mbedtls_ssl_recv_t,
+    pub private_f_recv_timeout: mbedtls_ssl_recv_timeout_t,
+    pub private_p_bio: *mut crate::c_types::c_void,
+    pub private_session_in: *mut mbedtls_ssl_session,
+    pub private_session_out: *mut mbedtls_ssl_session,
+    pub private_session: *mut mbedtls_ssl_session,
+    pub private_session_negotiate: *mut mbedtls_ssl_session,
+    pub private_handshake: *mut mbedtls_ssl_handshake_params,
+    pub private_transform_in: *mut mbedtls_ssl_transform,
+    pub private_transform_out: *mut mbedtls_ssl_transform,
+    pub private_transform: *mut mbedtls_ssl_transform,
+    pub private_transform_negotiate: *mut mbedtls_ssl_transform,
+    pub private_transform_application: *mut mbedtls_ssl_transform,
+    pub private_p_timer: *mut crate::c_types::c_void,
+    pub private_f_set_timer: mbedtls_ssl_set_timer_t,
+    pub private_f_get_timer: mbedtls_ssl_get_timer_t,
+    pub private_in_buf: *mut crate::c_types::c_uchar,
+    pub private_in_ctr: *mut crate::c_types::c_uchar,
+    pub private_in_hdr: *mut crate::c_types::c_uchar,
+    pub private_in_cid: *mut crate::c_types::c_uchar,
+    pub private_in_len: *mut crate::c_types::c_uchar,
+    pub private_in_iv: *mut crate::c_types::c_uchar,
+    pub private_in_msg: *mut crate::c_types::c_uchar,
+    pub private_in_offt: *mut crate::c_types::c_uchar,
+    pub private_in_msgtype: crate::c_types::c_int,
+    pub private_in_msglen: usize,
+    pub private_in_left: usize,
+    pub private_in_epoch: u16,
+    pub private_next_record_offset: usize,
+    pub private_in_window_top: u64,
+    pub private_in_window: u64,
+    pub private_in_hslen: usize,
+    pub private_nb_zero: crate::c_types::c_int,
+    pub private_keep_current_message: crate::c_types::c_int,
+    pub private_send_alert: crate::c_types::c_uchar,
+    pub private_alert_type: crate::c_types::c_uchar,
+    pub private_alert_reason: crate::c_types::c_int,
+    pub private_disable_datagram_packing: u8,
+    pub private_out_buf: *mut crate::c_types::c_uchar,
+    pub private_out_ctr: *mut crate::c_types::c_uchar,
+    pub private_out_hdr: *mut crate::c_types::c_uchar,
+    pub private_out_cid: *mut crate::c_types::c_uchar,
+    pub private_out_len: *mut crate::c_types::c_uchar,
+    pub private_out_iv: *mut crate::c_types::c_uchar,
+    pub private_out_msg: *mut crate::c_types::c_uchar,
+    pub private_out_msgtype: crate::c_types::c_int,
+    pub private_out_msglen: usize,
+    pub private_out_left: usize,
+    pub private_cur_out_ctr: [crate::c_types::c_uchar; 8usize],
+    pub private_mtu: u16,
+    pub private_hostname: *mut crate::c_types::c_char,
+    pub private_alpn_chosen: *const crate::c_types::c_char,
+    pub private_cli_id: *mut crate::c_types::c_uchar,
+    pub private_cli_id_len: usize,
+    pub private_secure_renegotiation: crate::c_types::c_int,
+    pub private_verify_data_len: usize,
+    pub private_own_verify_data: [crate::c_types::c_char; 12usize],
+    pub private_peer_verify_data: [crate::c_types::c_char; 12usize],
+    pub private_own_cid: [crate::c_types::c_uchar; 32usize],
+    pub private_own_cid_len: u8,
+    pub private_negotiate_cid: u8,
+    pub private_f_export_keys: mbedtls_ssl_export_keys_t,
+    pub private_p_export_keys: *mut crate::c_types::c_void,
+    pub private_user_data: mbedtls_ssl_user_data_t,
+}
+extern "C" {
+    /// \brief               Return the name of the ciphersuite associated with the
+    ///                      given ID
+    ///
+    /// \param ciphersuite_id SSL ciphersuite ID
+    ///
+    /// \return              a string containing the ciphersuite name
+    pub fn mbedtls_ssl_get_ciphersuite_name(
+        ciphersuite_id: crate::c_types::c_int,
+    ) -> *const crate::c_types::c_char;
+}
+extern "C" {
+    /// \brief               Return the ID of the ciphersuite associated with the
+    ///                      given name
+    ///
+    /// \param ciphersuite_name SSL ciphersuite name
+    ///
+    /// \return              the ID with the ciphersuite or 0 if not found
+    pub fn mbedtls_ssl_get_ciphersuite_id(
+        ciphersuite_name: *const crate::c_types::c_char,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Initialize an SSL context
+    ///                 Just makes the context ready for mbedtls_ssl_setup() or
+    ///                 mbedtls_ssl_free()
+    ///
+    /// \param ssl      SSL context
+    pub fn mbedtls_ssl_init(ssl: *mut mbedtls_ssl_context);
+}
+extern "C" {
+    /// \brief          Set up an SSL context for use
+    ///
+    /// \note           No copy of the configuration context is made, it can be
+    ///                 shared by many mbedtls_ssl_context structures.
+    ///
+    /// \warning        The conf structure will be accessed during the session.
+    ///                 It must not be modified or freed as long as the session
+    ///                 is active.
+    ///
+    /// \warning        This function must be called exactly once per context.
+    ///                 Calling mbedtls_ssl_setup again is not supported, even
+    ///                 if no session is active.
+    ///
+    /// \note           If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+    ///                 subsystem must have been initialized by calling
+    ///                 psa_crypto_init() before calling this function.
+    ///
+    /// \param ssl      SSL context
+    /// \param conf     SSL configuration to use
+    ///
+    /// \return         0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED if
+    ///                 memory allocation failed
+    pub fn mbedtls_ssl_setup(
+        ssl: *mut mbedtls_ssl_context,
+        conf: *const mbedtls_ssl_config,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Reset an already initialized SSL context for re-use
+    ///                 while retaining application-set variables, function
+    ///                 pointers and data.
+    ///
+    /// \param ssl      SSL context
+    /// \return         0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED or
+    ///MBEDTLS_ERR_SSL_HW_ACCEL_FAILED
+    pub fn mbedtls_ssl_session_reset(ssl: *mut mbedtls_ssl_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Set the current endpoint type
+    ///
+    /// \param conf     SSL configuration
+    /// \param endpoint must be MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER
+    pub fn mbedtls_ssl_conf_endpoint(
+        conf: *mut mbedtls_ssl_config,
+        endpoint: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief           Set the transport type (TLS or DTLS).
+    ///                  Default: TLS
+    ///
+    /// \note            For DTLS, you must either provide a recv callback that
+    ///                  doesn't block, or one that handles timeouts, see
+    ///                  \c mbedtls_ssl_set_bio(). You also need to provide timer
+    ///                  callbacks with \c mbedtls_ssl_set_timer_cb().
+    ///
+    /// \param conf      SSL configuration
+    /// \param transport transport type:
+    ///                  MBEDTLS_SSL_TRANSPORT_STREAM for TLS,
+    ///                  MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS.
+    pub fn mbedtls_ssl_conf_transport(
+        conf: *mut mbedtls_ssl_config,
+        transport: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief          Set the certificate verification mode
+    ///                 Default: NONE on server, REQUIRED on client
+    ///
+    /// \param conf     SSL configuration
+    /// \param authmode can be:
+    ///
+    ///  MBEDTLS_SSL_VERIFY_NONE:      peer certificate is not checked
+    ///                        (default on server)
+    ///                        (insecure on client)
+    ///
+    ///  MBEDTLS_SSL_VERIFY_OPTIONAL:  peer certificate is checked, however the
+    ///                        handshake continues even if verification failed;
+    ///                        mbedtls_ssl_get_verify_result() can be called after the
+    ///                        handshake is complete.
+    ///
+    ///  MBEDTLS_SSL_VERIFY_REQUIRED:  peer *must* present a valid certificate,
+    ///                        handshake is aborted if verification failed.
+    ///                        (default on client)
+    ///
+    /// \note On client, MBEDTLS_SSL_VERIFY_REQUIRED is the recommended mode.
+    /// With MBEDTLS_SSL_VERIFY_OPTIONAL, the user needs to call mbedtls_ssl_get_verify_result() at
+    /// the right time(s), which may not be obvious, while REQUIRED always perform
+    /// the verification as soon as possible. For example, REQUIRED was protecting
+    /// against the "triple handshake" attack even before it was found.
+    pub fn mbedtls_ssl_conf_authmode(
+        conf: *mut mbedtls_ssl_config,
+        authmode: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief          Set the verification callback (Optional).
+    ///
+    ///                 If set, the provided verify callback is called for each
+    ///                 certificate in the peer's CRT chain, including the trusted
+    ///                 root. For more information, please see the documentation of
+    ///                 \c mbedtls_x509_crt_verify().
+    ///
+    /// \note           For per context callbacks and contexts, please use
+    ///                 mbedtls_ssl_set_verify() instead.
+    ///
+    /// \param conf     The SSL configuration to use.
+    /// \param f_vrfy   The verification callback to use during CRT verification.
+    /// \param p_vrfy   The opaque context to be passed to the callback.
+    pub fn mbedtls_ssl_conf_verify(
+        conf: *mut mbedtls_ssl_config,
+        f_vrfy: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut mbedtls_x509_crt,
+                arg3: crate::c_types::c_int,
+                arg4: *mut u32,
+            ) -> crate::c_types::c_int,
+        >,
+        p_vrfy: *mut crate::c_types::c_void,
+    );
+}
+extern "C" {
+    /// \brief          Set the random number generator callback
+    ///
+    /// \param conf     SSL configuration
+    /// \param f_rng    RNG function (mandatory)
+    /// \param p_rng    RNG parameter
+    pub fn mbedtls_ssl_conf_rng(
+        conf: *mut mbedtls_ssl_config,
+        f_rng: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_rng: *mut crate::c_types::c_void,
+    );
+}
+extern "C" {
+    /// \brief          Set the debug callback
+    ///
+    ///                 The callback has the following argument:
+    ///                 void *           opaque context for the callback
+    ///                 int              debug level
+    ///                 const char *     file name
+    ///                 int              line number
+    ///                 const char *     message
+    ///
+    /// \param conf     SSL configuration
+    /// \param f_dbg    debug function
+    /// \param p_dbg    debug parameter
+    pub fn mbedtls_ssl_conf_dbg(
+        conf: *mut mbedtls_ssl_config,
+        f_dbg: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: crate::c_types::c_int,
+                arg3: *const crate::c_types::c_char,
+                arg4: crate::c_types::c_int,
+                arg5: *const crate::c_types::c_char,
+            ),
+        >,
+        p_dbg: *mut crate::c_types::c_void,
+    );
+}
+extern "C" {
+    /// \brief          Set the underlying BIO callbacks for write, read and
+    ///                 read-with-timeout.
+    ///
+    /// \param ssl      SSL context
+    /// \param p_bio    parameter (context) shared by BIO callbacks
+    /// \param f_send   write callback
+    /// \param f_recv   read callback
+    /// \param f_recv_timeout blocking read callback with timeout.
+    ///
+    /// \note           One of f_recv or f_recv_timeout can be NULL, in which case
+    ///                 the other is used. If both are non-NULL, f_recv_timeout is
+    ///                 used and f_recv is ignored (as if it were NULL).
+    ///
+    /// \note           The two most common use cases are:
+    ///                 - non-blocking I/O, f_recv != NULL, f_recv_timeout == NULL
+    ///                 - blocking I/O, f_recv == NULL, f_recv_timeout != NULL
+    ///
+    /// \note           For DTLS, you need to provide either a non-NULL
+    ///                 f_recv_timeout callback, or a f_recv that doesn't block.
+    ///
+    /// \note           See the documentations of \c mbedtls_ssl_send_t,
+    ///                 \c mbedtls_ssl_recv_t and \c mbedtls_ssl_recv_timeout_t for
+    ///                 the conventions those callbacks must follow.
+    ///
+    /// \note           On some platforms, net_sockets.c provides
+    ///                 \c mbedtls_net_send(), \c mbedtls_net_recv() and
+    ///                 \c mbedtls_net_recv_timeout() that are suitable to be used
+    ///                 here.
+    pub fn mbedtls_ssl_set_bio(
+        ssl: *mut mbedtls_ssl_context,
+        p_bio: *mut crate::c_types::c_void,
+        f_send: mbedtls_ssl_send_t,
+        f_recv: mbedtls_ssl_recv_t,
+        f_recv_timeout: mbedtls_ssl_recv_timeout_t,
+    );
+}
+extern "C" {
+    /// \brief             Configure the use of the Connection ID (CID)
+    ///                    extension in the next handshake.
+    ///
+    ///                    Reference: RFC 9146 (or draft-ietf-tls-dtls-connection-id-05
+    ///                    https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05
+    ///                    for legacy version)
+    ///
+    ///                    The DTLS CID extension allows the reliable association of
+    ///                    DTLS records to DTLS connections across changes in the
+    ///                    underlying transport (changed IP and Port metadata) by
+    ///                    adding explicit connection identifiers (CIDs) to the
+    ///                    headers of encrypted DTLS records. The desired CIDs are
+    ///                    configured by the application layer and are exchanged in
+    ///                    new `ClientHello` / `ServerHello` extensions during the
+    ///                    handshake, where each side indicates the CID it wants the
+    ///                    peer to use when writing encrypted messages. The CIDs are
+    ///                    put to use once records get encrypted: the stack discards
+    ///                    any incoming records that don't include the configured CID
+    ///                    in their header, and adds the peer's requested CID to the
+    ///                    headers of outgoing messages.
+    ///
+    ///                    This API enables or disables the use of the CID extension
+    ///                    in the next handshake and sets the value of the CID to
+    ///                    be used for incoming messages.
+    ///
+    /// \param ssl         The SSL context to configure. This must be initialized.
+    /// \param enable      This value determines whether the CID extension should
+    ///                    be used or not. Possible values are:
+    ///                    - MBEDTLS_SSL_CID_ENABLED to enable the use of the CID.
+    ///                    - MBEDTLS_SSL_CID_DISABLED (default) to disable the use
+    ///                      of the CID.
+    /// \param own_cid     The address of the readable buffer holding the CID we want
+    ///                    the peer to use when sending encrypted messages to us.
+    ///                    This may be \c NULL if \p own_cid_len is \c 0.
+    ///                    This parameter is unused if \p enabled is set to
+    ///                    MBEDTLS_SSL_CID_DISABLED.
+    /// \param own_cid_len The length of \p own_cid.
+    ///                    This parameter is unused if \p enabled is set to
+    ///                    MBEDTLS_SSL_CID_DISABLED.
+    ///
+    /// \note              The value of \p own_cid_len must match the value of the
+    ///                    \c len parameter passed to mbedtls_ssl_conf_cid()
+    ///                    when configuring the ::mbedtls_ssl_config that \p ssl
+    ///                    is bound to.
+    ///
+    /// \note              This CID configuration applies to subsequent handshakes
+    ///                    performed on the SSL context \p ssl, but does not trigger
+    ///                    one. You still have to call `mbedtls_ssl_handshake()`
+    ///                    (for the initial handshake) or `mbedtls_ssl_renegotiate()`
+    ///                    (for a renegotiation handshake) explicitly after a
+    ///                    successful call to this function to run the handshake.
+    ///
+    /// \note              This call cannot guarantee that the use of the CID
+    ///                    will be successfully negotiated in the next handshake,
+    ///                    because the peer might not support it. Specifically:
+    ///                    - On the Client, enabling the use of the CID through
+    ///                      this call implies that the `ClientHello` in the next
+    ///                      handshake will include the CID extension, thereby
+    ///                      offering the use of the CID to the server. Only if
+    ///                      the `ServerHello` contains the CID extension, too,
+    ///                      the CID extension will actually be put to use.
+    ///                    - On the Server, enabling the use of the CID through
+    ///                      this call implies that the server will look for
+    ///                      the CID extension in a `ClientHello` from the client,
+    ///                      and, if present, reply with a CID extension in its
+    ///                      `ServerHello`.
+    ///
+    /// \note              To check whether the use of the CID was negotiated
+    ///                    after the subsequent handshake has completed, please
+    ///                    use the API mbedtls_ssl_get_peer_cid().
+    ///
+    /// \warning           If the use of the CID extension is enabled in this call
+    ///                    and the subsequent handshake negotiates its use, Mbed TLS
+    ///                    will silently drop every packet whose CID does not match
+    ///                    the CID configured in \p own_cid. It is the responsibility
+    ///                    of the user to adapt the underlying transport to take care
+    ///                    of CID-based demultiplexing before handing datagrams to
+    ///                    Mbed TLS.
+    ///
+    /// \return            \c 0 on success. In this case, the CID configuration
+    ///                    applies to the next handshake.
+    /// \return            A negative error code on failure.
+    pub fn mbedtls_ssl_set_cid(
+        ssl: *mut mbedtls_ssl_context,
+        enable: crate::c_types::c_int,
+        own_cid: *const crate::c_types::c_uchar,
+        own_cid_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief              Get information about our request for usage of the CID
+    ///                     extension in the current connection.
+    ///
+    /// \param ssl          The SSL context to query.
+    /// \param enabled      The address at which to store whether the CID extension
+    ///                     is requested to be used or not. If the CID is
+    ///                     requested, `*enabled` is set to
+    ///                     MBEDTLS_SSL_CID_ENABLED; otherwise, it is set to
+    ///                     MBEDTLS_SSL_CID_DISABLED.
+    /// \param own_cid      The address of the buffer in which to store our own
+    ///                     CID (if the CID extension is requested). This may be
+    ///                     \c NULL in case the value of our CID isn't needed. If
+    ///                     it is not \c NULL, \p own_cid_len must not be \c NULL.
+    /// \param own_cid_len  The address at which to store the size of our own CID
+    ///                     (if the CID extension is requested). This is also the
+    ///                     number of Bytes in \p own_cid that have been written.
+    ///                     This may be \c NULL in case the length of our own CID
+    ///                     isn't needed. If it is \c NULL, \p own_cid must be
+    ///                     \c NULL, too.
+    ///
+    ///\note                If we are requesting an empty CID this function sets
+    ///                     `*enabled` to #MBEDTLS_SSL_CID_DISABLED (the rationale
+    ///                     for this is that the resulting outcome is the
+    ///                     same as if the CID extensions wasn't requested).
+    ///
+    /// \return            \c 0 on success.
+    /// \return            A negative error code on failure.
+    pub fn mbedtls_ssl_get_own_cid(
+        ssl: *mut mbedtls_ssl_context,
+        enabled: *mut crate::c_types::c_int,
+        own_cid: *mut crate::c_types::c_uchar,
+        own_cid_len: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief              Get information about the use of the CID extension
+    ///                     in the current connection.
+    ///
+    /// \param ssl          The SSL context to query.
+    /// \param enabled      The address at which to store whether the CID extension
+    ///                     is currently in use or not. If the CID is in use,
+    ///                     `*enabled` is set to MBEDTLS_SSL_CID_ENABLED;
+    ///                     otherwise, it is set to MBEDTLS_SSL_CID_DISABLED.
+    /// \param peer_cid     The address of the buffer in which to store the CID
+    ///                     chosen by the peer (if the CID extension is used).
+    ///                     This may be \c NULL in case the value of peer CID
+    ///                     isn't needed. If it is not \c NULL, \p peer_cid_len
+    ///                     must not be \c NULL.
+    /// \param peer_cid_len The address at which to store the size of the CID
+    ///                     chosen by the peer (if the CID extension is used).
+    ///                     This is also the number of Bytes in \p peer_cid that
+    ///                     have been written.
+    ///                     This may be \c NULL in case the length of the peer CID
+    ///                     isn't needed. If it is \c NULL, \p peer_cid must be
+    ///                     \c NULL, too.
+    ///
+    /// \note               This applies to the state of the CID negotiated in
+    ///                     the last complete handshake. If a handshake is in
+    ///                     progress, this function will attempt to complete
+    ///                     the handshake first.
+    ///
+    /// \note               If CID extensions have been exchanged but both client
+    ///                     and server chose to use an empty CID, this function
+    ///                     sets `*enabled` to #MBEDTLS_SSL_CID_DISABLED
+    ///                     (the rationale for this is that the resulting
+    ///                     communication is the same as if the CID extensions
+    ///                     hadn't been used).
+    ///
+    /// \return            \c 0 on success.
+    /// \return            A negative error code on failure.
+    pub fn mbedtls_ssl_get_peer_cid(
+        ssl: *mut mbedtls_ssl_context,
+        enabled: *mut crate::c_types::c_int,
+        peer_cid: *mut crate::c_types::c_uchar,
+        peer_cid_len: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Set the Maximum Transport Unit (MTU).
+    ///                 Special value: 0 means unset (no limit).
+    ///                 This represents the maximum size of a datagram payload
+    ///                 handled by the transport layer (usually UDP) as determined
+    ///                 by the network link and stack. In practice, this controls
+    ///                 the maximum size datagram the DTLS layer will pass to the
+    ///                 \c f_send() callback set using \c mbedtls_ssl_set_bio().
+    ///
+    /// \note           The limit on datagram size is converted to a limit on
+    ///                 record payload by subtracting the current overhead of
+    ///                 encapsulation and encryption/authentication if any.
+    ///
+    /// \note           This can be called at any point during the connection, for
+    ///                 example when a Path Maximum Transfer Unit (PMTU)
+    ///                 estimate becomes available from other sources,
+    ///                 such as lower (or higher) protocol layers.
+    ///
+    /// \note           This setting only controls the size of the packets we send,
+    ///                 and does not restrict the size of the datagrams we're
+    ///                 willing to receive. Client-side, you can request the
+    ///                 server to use smaller records with \c
+    ///                 mbedtls_ssl_conf_max_frag_len().
+    ///
+    /// \note           If both a MTU and a maximum fragment length have been
+    ///                 configured (or negotiated with the peer), the resulting
+    ///                 lower limit on record payload (see first note) is used.
+    ///
+    /// \note           This can only be used to decrease the maximum size
+    ///                 of datagrams (hence records, see first note) sent. It
+    ///                 cannot be used to increase the maximum size of records over
+    ///                 the limit set by #MBEDTLS_SSL_OUT_CONTENT_LEN.
+    ///
+    /// \note           Values lower than the current record layer expansion will
+    ///                 result in an error when trying to send data.
+    ///
+    /// \param ssl      SSL context
+    /// \param mtu      Value of the path MTU in bytes
+    pub fn mbedtls_ssl_set_mtu(ssl: *mut mbedtls_ssl_context, mtu: u16);
+}
+extern "C" {
+    /// \brief          Set a connection-specific verification callback (optional).
+    ///
+    ///                 If set, the provided verify callback is called for each
+    ///                 certificate in the peer's CRT chain, including the trusted
+    ///                 root. For more information, please see the documentation of
+    ///                 \c mbedtls_x509_crt_verify().
+    ///
+    /// \note           This call is analogous to mbedtls_ssl_conf_verify() but
+    ///                 binds the verification callback and context to an SSL context
+    ///                 as opposed to an SSL configuration.
+    ///                 If mbedtls_ssl_conf_verify() and mbedtls_ssl_set_verify()
+    ///                 are both used, mbedtls_ssl_set_verify() takes precedence.
+    ///
+    /// \param ssl      The SSL context to use.
+    /// \param f_vrfy   The verification callback to use during CRT verification.
+    /// \param p_vrfy   The opaque context to be passed to the callback.
+    pub fn mbedtls_ssl_set_verify(
+        ssl: *mut mbedtls_ssl_context,
+        f_vrfy: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut mbedtls_x509_crt,
+                arg3: crate::c_types::c_int,
+                arg4: *mut u32,
+            ) -> crate::c_types::c_int,
+        >,
+        p_vrfy: *mut crate::c_types::c_void,
+    );
+}
+extern "C" {
+    /// \brief          Set the timeout period for mbedtls_ssl_read()
+    ///                 (Default: no timeout.)
+    ///
+    /// \param conf     SSL configuration context
+    /// \param timeout  Timeout value in milliseconds.
+    ///                 Use 0 for no timeout (default).
+    ///
+    /// \note           With blocking I/O, this will only work if a non-NULL
+    ///                 \c f_recv_timeout was set with \c mbedtls_ssl_set_bio().
+    ///                 With non-blocking I/O, this will only work if timer
+    ///                 callbacks were set with \c mbedtls_ssl_set_timer_cb().
+    ///
+    /// \note           With non-blocking I/O, you may also skip this function
+    ///                 altogether and handle timeouts at the application layer.
+    pub fn mbedtls_ssl_conf_read_timeout(conf: *mut mbedtls_ssl_config, timeout: u32);
+}
+extern "C" {
+    /// \brief          Check whether a buffer contains a valid and authentic record
+    ///                 that has not been seen before. (DTLS only).
+    ///
+    ///                 This function does not change the user-visible state
+    ///                 of the SSL context. Its sole purpose is to provide
+    ///                 an indication of the legitimacy of an incoming record.
+    ///
+    ///                 This can be useful e.g. in distributed server environments
+    ///                 using the DTLS Connection ID feature, in which connections
+    ///                 might need to be passed between service instances on a change
+    ///                 of peer address, but where such disruptive operations should
+    ///                 only happen after the validity of incoming records has been
+    ///                 confirmed.
+    ///
+    /// \param ssl      The SSL context to use.
+    /// \param buf      The address of the buffer holding the record to be checked.
+    ///                 This must be a read/write buffer of length \p buflen Bytes.
+    /// \param buflen   The length of \p buf in Bytes.
+    ///
+    /// \note           This routine only checks whether the provided buffer begins
+    ///                 with a valid and authentic record that has not been seen
+    ///                 before, but does not check potential data following the
+    ///                 initial record. In particular, it is possible to pass DTLS
+    ///                 datagrams containing multiple records, in which case only
+    ///                 the first record is checked.
+    ///
+    /// \note           This function modifies the input buffer \p buf. If you need
+    ///                 to preserve the original record, you have to maintain a copy.
+    ///
+    /// \return         \c 0 if the record is valid and authentic and has not been
+    ///                 seen before.
+    /// \return         MBEDTLS_ERR_SSL_INVALID_MAC if the check completed
+    ///                 successfully but the record was found to be not authentic.
+    /// \return         MBEDTLS_ERR_SSL_INVALID_RECORD if the check completed
+    ///                 successfully but the record was found to be invalid for
+    ///                 a reason different from authenticity checking.
+    /// \return         MBEDTLS_ERR_SSL_UNEXPECTED_RECORD if the check completed
+    ///                 successfully but the record was found to be unexpected
+    ///                 in the state of the SSL context, including replayed records.
+    /// \return         Another negative error code on different kinds of failure.
+    ///                 In this case, the SSL context becomes unusable and needs
+    ///                 to be freed or reset before reuse.
+    pub fn mbedtls_ssl_check_record(
+        ssl: *const mbedtls_ssl_context,
+        buf: *mut crate::c_types::c_uchar,
+        buflen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Set the timer callbacks (Mandatory for DTLS.)
+    ///
+    /// \param ssl      SSL context
+    /// \param p_timer  parameter (context) shared by timer callbacks
+    /// \param f_set_timer   set timer callback
+    /// \param f_get_timer   get timer callback. Must return:
+    ///
+    /// \note           See the documentation of \c mbedtls_ssl_set_timer_t and
+    ///                 \c mbedtls_ssl_get_timer_t for the conventions this pair of
+    ///                 callbacks must follow.
+    ///
+    /// \note           On some platforms, timing.c provides
+    ///                 \c mbedtls_timing_set_delay() and
+    ///                 \c mbedtls_timing_get_delay() that are suitable for using
+    ///                 here, except if using an event-driven style.
+    ///
+    /// \note           See also the "DTLS tutorial" article in our knowledge base.
+    ///                 https://mbed-tls.readthedocs.io/en/latest/kb/how-to/dtls-tutorial
+    pub fn mbedtls_ssl_set_timer_cb(
+        ssl: *mut mbedtls_ssl_context,
+        p_timer: *mut crate::c_types::c_void,
+        f_set_timer: mbedtls_ssl_set_timer_t,
+        f_get_timer: mbedtls_ssl_get_timer_t,
+    );
+}
+/// \brief           Callback type: generate and write session ticket
+///
+/// \note            This describes what a callback implementation should do.
+///                  This callback should generate an encrypted and
+///                  authenticated ticket for the session and write it to the
+///                  output buffer. Here, ticket means the opaque ticket part
+///                  of the NewSessionTicket structure of RFC 5077.
+///
+/// \param p_ticket  Context for the callback
+/// \param session   SSL session to be written in the ticket
+/// \param start     Start of the output buffer
+/// \param end       End of the output buffer
+/// \param tlen      On exit, holds the length written
+/// \param lifetime  On exit, holds the lifetime of the ticket in seconds
+///
+/// \return          0 if successful, or
+///                  a specific MBEDTLS_ERR_XXX code.
+pub type mbedtls_ssl_ticket_write_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        p_ticket: *mut crate::c_types::c_void,
+        session: *const mbedtls_ssl_session,
+        start: *mut crate::c_types::c_uchar,
+        end: *const crate::c_types::c_uchar,
+        tlen: *mut usize,
+        lifetime: *mut u32,
+    ) -> crate::c_types::c_int,
+>;
+/// \brief           Callback type: parse and load session ticket
+///
+/// \note            This describes what a callback implementation should do.
+///                  This callback should parse a session ticket as generated
+///                  by the corresponding mbedtls_ssl_ticket_write_t function,
+///                  and, if the ticket is authentic and valid, load the
+///                  session.
+///
+/// \note            The implementation is allowed to modify the first len
+///                  bytes of the input buffer, eg to use it as a temporary
+///                  area for the decrypted ticket contents.
+///
+/// \param p_ticket  Context for the callback
+/// \param session   SSL session to be loaded
+/// \param buf       Start of the buffer containing the ticket
+/// \param len       Length of the ticket.
+///
+/// \return          0 if successful, or
+///                  MBEDTLS_ERR_SSL_INVALID_MAC if not authentic, or
+///                  MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED if expired, or
+///                  any other non-zero code for other failures.
+pub type mbedtls_ssl_ticket_parse_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        p_ticket: *mut crate::c_types::c_void,
+        session: *mut mbedtls_ssl_session,
+        buf: *mut crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int,
+>;
+extern "C" {
+    /// \brief           Configure SSL session ticket callbacks (server only).
+    ///                  (Default: none.)
+    ///
+    /// \note            On server, session tickets are enabled by providing
+    ///                  non-NULL callbacks.
+    ///
+    /// \note            On client, use \c mbedtls_ssl_conf_session_tickets().
+    ///
+    /// \param conf      SSL configuration context
+    /// \param f_ticket_write    Callback for writing a ticket
+    /// \param f_ticket_parse    Callback for parsing a ticket
+    /// \param p_ticket          Context shared by the two callbacks
+    pub fn mbedtls_ssl_conf_session_tickets_cb(
+        conf: *mut mbedtls_ssl_config,
+        f_ticket_write: mbedtls_ssl_ticket_write_t,
+        f_ticket_parse: mbedtls_ssl_ticket_parse_t,
+        p_ticket: *mut crate::c_types::c_void,
+    );
+}
+extern "C" {
+    /// \brief   Configure a key export callback.
+    ///          (Default: none.)
+    ///
+    ///          This API can be used for two purposes:
+    ///          - Debugging: Use this API to e.g. generate an NSSKeylog
+    ///            file and use it to inspect encrypted traffic in tools
+    ///            such as Wireshark.
+    ///          - Application-specific export: Use this API to implement
+    ///            key exporters, e.g. for EAP-TLS or DTLS-SRTP.
+    ///
+    ///
+    /// \param ssl            The SSL context to which the export
+    ///                       callback should be attached.
+    /// \param f_export_keys  The callback for the key export.
+    /// \param p_export_keys  The opaque context pointer to be passed to the
+    ///                       callback \p f_export_keys.
+    pub fn mbedtls_ssl_set_export_keys_cb(
+        ssl: *mut mbedtls_ssl_context,
+        f_export_keys: mbedtls_ssl_export_keys_t,
+        p_export_keys: *mut crate::c_types::c_void,
+    );
+}
+/// \brief          Callback type: generate a cookie
+///
+/// \param ctx      Context for the callback
+/// \param p        Buffer to write to,
+///                 must be updated to point right after the cookie
+/// \param end      Pointer to one past the end of the output buffer
+/// \param info     Client ID info that was passed to
+///                 \c mbedtls_ssl_set_client_transport_id()
+/// \param ilen     Length of info in bytes
+///
+/// \return         The callback must return 0 on success,
+///                 or a negative error code.
+pub type mbedtls_ssl_cookie_write_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        ctx: *mut crate::c_types::c_void,
+        p: *mut *mut crate::c_types::c_uchar,
+        end: *mut crate::c_types::c_uchar,
+        info: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int,
+>;
+/// \brief          Callback type: verify a cookie
+///
+/// \param ctx      Context for the callback
+/// \param cookie   Cookie to verify
+/// \param clen     Length of cookie
+/// \param info     Client ID info that was passed to
+///                 \c mbedtls_ssl_set_client_transport_id()
+/// \param ilen     Length of info in bytes
+///
+/// \return         The callback must return 0 if cookie is valid,
+///                 or a negative error code.
+pub type mbedtls_ssl_cookie_check_t = ::core::option::Option<
+    unsafe extern "C" fn(
+        ctx: *mut crate::c_types::c_void,
+        cookie: *const crate::c_types::c_uchar,
+        clen: usize,
+        info: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int,
+>;
+extern "C" {
+    /// \brief           Register callbacks for DTLS cookies
+    ///                  (Server only. DTLS only.)
+    ///
+    ///                  Default: dummy callbacks that fail, in order to force you to
+    ///                  register working callbacks (and initialize their context).
+    ///
+    ///                  To disable HelloVerifyRequest, register NULL callbacks.
+    ///
+    /// \warning         Disabling hello verification allows your server to be used
+    ///                  for amplification in DoS attacks against other hosts.
+    ///                  Only disable if you known this can't happen in your
+    ///                  particular environment.
+    ///
+    /// \note            See comments on \c mbedtls_ssl_handshake() about handling
+    ///                  the MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED that is expected
+    ///                  on the first handshake attempt when this is enabled.
+    ///
+    /// \note            This is also necessary to handle client reconnection from
+    ///                  the same port as described in RFC 6347 section 4.2.8 (only
+    ///                  the variant with cookies is supported currently). See
+    ///                  comments on \c mbedtls_ssl_read() for details.
+    ///
+    /// \param conf              SSL configuration
+    /// \param f_cookie_write    Cookie write callback
+    /// \param f_cookie_check    Cookie check callback
+    /// \param p_cookie          Context for both callbacks
+    pub fn mbedtls_ssl_conf_dtls_cookies(
+        conf: *mut mbedtls_ssl_config,
+        f_cookie_write: mbedtls_ssl_cookie_write_t,
+        f_cookie_check: mbedtls_ssl_cookie_check_t,
+        p_cookie: *mut crate::c_types::c_void,
+    );
+}
+extern "C" {
+    /// \brief          Set client's transport-level identification info.
+    ///                 (Server only. DTLS only.)
+    ///
+    ///                 This is usually the IP address (and port), but could be
+    ///                 anything identify the client depending on the underlying
+    ///                 network stack. Used for HelloVerifyRequest with DTLS.
+    ///                 This is *not* used to route the actual packets.
+    ///
+    /// \param ssl      SSL context
+    /// \param info     Transport-level info identifying the client (eg IP + port)
+    /// \param ilen     Length of info in bytes
+    ///
+    /// \note           An internal copy is made, so the info buffer can be reused.
+    ///
+    /// \return         0 on success,
+    ///                 MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used on client,
+    ///                 MBEDTLS_ERR_SSL_ALLOC_FAILED if out of memory.
+    pub fn mbedtls_ssl_set_client_transport_id(
+        ssl: *mut mbedtls_ssl_context,
+        info: *const crate::c_types::c_uchar,
+        ilen: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Enable or disable anti-replay protection for DTLS.
+    ///                 (DTLS only, no effect on TLS.)
+    ///                 Default: enabled.
+    ///
+    /// \param conf     SSL configuration
+    /// \param mode     MBEDTLS_SSL_ANTI_REPLAY_ENABLED or MBEDTLS_SSL_ANTI_REPLAY_DISABLED.
+    ///
+    /// \warning        Disabling this is a security risk unless the application
+    ///                 protocol handles duplicated packets in a safe way. You
+    ///                 should not disable this without careful consideration.
+    ///                 However, if your application already detects duplicated
+    ///                 packets and needs information about them to adjust its
+    ///                 transmission strategy, then you'll want to disable this.
+    pub fn mbedtls_ssl_conf_dtls_anti_replay(
+        conf: *mut mbedtls_ssl_config,
+        mode: crate::c_types::c_char,
+    );
+}
+extern "C" {
+    /// \brief          Set a limit on the number of records with a bad MAC
+    ///                 before terminating the connection.
+    ///                 (DTLS only, no effect on TLS.)
+    ///                 Default: 0 (disabled).
+    ///
+    /// \param conf     SSL configuration
+    /// \param limit    Limit, or 0 to disable.
+    ///
+    /// \note           If the limit is N, then the connection is terminated when
+    ///                 the Nth non-authentic record is seen.
+    ///
+    /// \note           Records with an invalid header are not counted, only the
+    ///                 ones going through the authentication-decryption phase.
+    ///
+    /// \note           This is a security trade-off related to the fact that it's
+    ///                 often relatively easy for an active attacker to inject UDP
+    ///                 datagrams. On one hand, setting a low limit here makes it
+    ///                 easier for such an attacker to forcibly terminated a
+    ///                 connection. On the other hand, a high limit or no limit
+    ///                 might make us waste resources checking authentication on
+    ///                 many bogus packets.
+    pub fn mbedtls_ssl_conf_dtls_badmac_limit(
+        conf: *mut mbedtls_ssl_config,
+        limit: crate::c_types::c_uint,
+    );
+}
+extern "C" {
+    /// \brief          Allow or disallow packing of multiple handshake records
+    ///                 within a single datagram.
+    ///
+    /// \param ssl           The SSL context to configure.
+    /// \param allow_packing This determines whether datagram packing may
+    ///                      be used or not. A value of \c 0 means that every
+    ///                      record will be sent in a separate datagram; a
+    ///                      value of \c 1 means that, if space permits,
+    ///                      multiple handshake messages (including CCS) belonging to
+    ///                      a single flight may be packed within a single datagram.
+    ///
+    /// \note           This is enabled by default and should only be disabled
+    ///                 for test purposes, or if datagram packing causes
+    ///                 interoperability issues with peers that don't support it.
+    ///
+    /// \note           Allowing datagram packing reduces the network load since
+    ///                 there's less overhead if multiple messages share the same
+    ///                 datagram. Also, it increases the handshake efficiency
+    ///                 since messages belonging to a single datagram will not
+    ///                 be reordered in transit, and so future message buffering
+    ///                 or flight retransmission (if no buffering is used) as
+    ///                 means to deal with reordering are needed less frequently.
+    ///
+    /// \note           Application records are not affected by this option and
+    ///                 are currently always sent in separate datagrams.
+    pub fn mbedtls_ssl_set_datagram_packing(
+        ssl: *mut mbedtls_ssl_context,
+        allow_packing: crate::c_types::c_uint,
+    );
+}
+extern "C" {
+    /// \brief          Set retransmit timeout values for the DTLS handshake.
+    ///                 (DTLS only, no effect on TLS.)
+    ///
+    /// \param conf     SSL configuration
+    /// \param min      Initial timeout value in milliseconds.
+    ///                 Default: 1000 (1 second).
+    /// \param max      Maximum timeout value in milliseconds.
+    ///                 Default: 60000 (60 seconds).
+    ///
+    /// \note           Default values are from RFC 6347 section 4.2.4.1.
+    ///
+    /// \note           The 'min' value should typically be slightly above the
+    ///                 expected round-trip time to your peer, plus whatever time
+    ///                 it takes for the peer to process the message. For example,
+    ///                 if your RTT is about 600ms and you peer needs up to 1s to
+    ///                 do the cryptographic operations in the handshake, then you
+    ///                 should set 'min' slightly above 1600. Lower values of 'min'
+    ///                 might cause spurious resends which waste network resources,
+    ///                 while larger value of 'min' will increase overall latency
+    ///                 on unreliable network links.
+    ///
+    /// \note           The more unreliable your network connection is, the larger
+    ///                 your max / min ratio needs to be in order to achieve
+    ///                 reliable handshakes.
+    ///
+    /// \note           Messages are retransmitted up to log2(ceil(max/min)) times.
+    ///                 For example, if min = 1s and max = 5s, the retransmit plan
+    ///                 goes: send ... 1s -> resend ... 2s -> resend ... 4s ->
+    ///                 resend ... 5s -> give up and return a timeout error.
+    pub fn mbedtls_ssl_conf_handshake_timeout(conf: *mut mbedtls_ssl_config, min: u32, max: u32);
+}
+extern "C" {
+    /// \brief          Set the session cache callbacks (server-side only)
+    ///                 If not set, no session resuming is done (except if session
+    ///                 tickets are enabled too).
+    ///
+    ///                 The session cache has the responsibility to check for stale
+    ///                 entries based on timeout. See RFC 5246 for recommendations.
+    ///
+    ///                 Warning: session.peer_cert is cleared by the SSL/TLS layer on
+    ///                 connection shutdown, so do not cache the pointer! Either set
+    ///                 it to NULL or make a full copy of the certificate.
+    ///
+    ///                 The get callback is called once during the initial handshake
+    ///                 to enable session resuming. The get function has the
+    ///                 following parameters: (void *parameter, mbedtls_ssl_session *session)
+    ///                 If a valid entry is found, it should fill the master of
+    ///                 the session object with the cached values and return 0,
+    ///                 return 1 otherwise. Optionally peer_cert can be set as well
+    ///                 if it is properly present in cache entry.
+    ///
+    ///                 The set callback is called once during the initial handshake
+    ///                 to enable session resuming after the entire handshake has
+    ///                 been finished. The set function has the following parameters:
+    ///                 (void *parameter, const mbedtls_ssl_session *session). The function
+    ///                 should create a cache entry for future retrieval based on
+    ///                 the data in the session structure and should keep in mind
+    ///                 that the mbedtls_ssl_session object presented (and all its referenced
+    ///                 data) is cleared by the SSL/TLS layer when the connection is
+    ///                 terminated. It is recommended to add metadata to determine if
+    ///                 an entry is still valid in the future. Return 0 if
+    ///                 successfully cached, return 1 otherwise.
+    ///
+    /// \param conf           SSL configuration
+    /// \param p_cache        parameter (context) for both callbacks
+    /// \param f_get_cache    session get callback
+    /// \param f_set_cache    session set callback
+    pub fn mbedtls_ssl_conf_session_cache(
+        conf: *mut mbedtls_ssl_config,
+        p_cache: *mut crate::c_types::c_void,
+        f_get_cache: mbedtls_ssl_cache_get_t,
+        f_set_cache: mbedtls_ssl_cache_set_t,
+    );
+}
+extern "C" {
+    /// \brief          Load a session for session resumption.
+    ///
+    ///                 Sessions loaded through this call will be considered
+    ///                 for session resumption in the next handshake.
+    ///
+    /// \note           Even if this call succeeds, it is not guaranteed that
+    ///                 the next handshake will indeed be shortened through the
+    ///                 use of session resumption: The server is always free
+    ///                 to reject any attempt for resumption and fall back to
+    ///                 a full handshake.
+    ///
+    /// \note           This function can handle a variety of mechanisms for session
+    ///                 resumption: For TLS 1.2, both session ID-based resumption and
+    ///                 ticket-based resumption will be considered. For TLS 1.3,
+    ///                 once implemented, sessions equate to tickets, and loading
+    ///                 one or more sessions via this call will lead to their
+    ///                 corresponding tickets being advertised as resumption PSKs
+    ///                 by the client.
+    ///
+    /// \note           Calling this function multiple times will only be useful
+    ///                 once TLS 1.3 is supported. For TLS 1.2 connections, this
+    ///                 function should be called at most once.
+    ///
+    /// \param ssl      The SSL context representing the connection which should
+    ///                 be attempted to be setup using session resumption. This
+    ///                 must be initialized via mbedtls_ssl_init() and bound to
+    ///                 an SSL configuration via mbedtls_ssl_setup(), but
+    ///                 the handshake must not yet have been started.
+    /// \param session  The session to be considered for session resumption.
+    ///                 This must be a session previously exported via
+    ///                 mbedtls_ssl_get_session(), and potentially serialized and
+    ///                 deserialized through mbedtls_ssl_session_save() and
+    ///                 mbedtls_ssl_session_load() in the meantime.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         \c MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if the session
+    ///                 could not be loaded because of an implementation limitation.
+    ///                 This error is non-fatal, and has no observable effect on
+    ///                 the SSL context or the session that was attempted to be loaded.
+    /// \return         Another negative error code on other kinds of failure.
+    ///
+    /// \sa             mbedtls_ssl_get_session()
+    /// \sa             mbedtls_ssl_session_load()
+    pub fn mbedtls_ssl_set_session(
+        ssl: *mut mbedtls_ssl_context,
+        session: *const mbedtls_ssl_session,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Load serialized session data into a session structure.
+    ///                 On client, this can be used for loading saved sessions
+    ///                 before resuming them with mbedtls_ssl_set_session().
+    ///                 On server, this can be used for alternative implementations
+    ///                 of session cache or session tickets.
+    ///
+    /// \warning        If a peer certificate chain is associated with the session,
+    ///                 the serialized state will only contain the peer's
+    ///                 end-entity certificate and the result of the chain
+    ///                 verification (unless verification was disabled), but not
+    ///                 the rest of the chain.
+    ///
+    /// \see            mbedtls_ssl_session_save()
+    /// \see            mbedtls_ssl_set_session()
+    ///
+    /// \param session  The session structure to be populated. It must have been
+    ///                 initialised with mbedtls_ssl_session_init() but not
+    ///                 populated yet.
+    /// \param buf      The buffer holding the serialized session data. It must be a
+    ///                 readable buffer of at least \p len bytes.
+    /// \param len      The size of the serialized data in bytes.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed.
+    /// \return         #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid.
+    /// \return         #MBEDTLS_ERR_SSL_VERSION_MISMATCH if the serialized data
+    ///                 was generated in a different version or configuration of
+    ///                 Mbed TLS.
+    /// \return         Another negative value for other kinds of errors (for
+    ///                 example, unsupported features in the embedded certificate).
+    pub fn mbedtls_ssl_session_load(
+        session: *mut mbedtls_ssl_session,
+        buf: *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Save session structure as serialized data in a buffer.
+    ///                 On client, this can be used for saving session data,
+    ///                 potentially in non-volatile storage, for resuming later.
+    ///                 On server, this can be used for alternative implementations
+    ///                 of session cache or session tickets.
+    ///
+    /// \see            mbedtls_ssl_session_load()
+    ///
+    /// \param session  The session structure to be saved.
+    /// \param buf      The buffer to write the serialized data to. It must be a
+    ///                 writeable buffer of at least \p len bytes, or may be \c
+    ///                 NULL if \p len is \c 0.
+    /// \param buf_len  The number of bytes available for writing in \p buf.
+    /// \param olen     The size in bytes of the data that has been or would have
+    ///                 been written. It must point to a valid \c size_t.
+    ///
+    /// \note           \p olen is updated to the correct value regardless of
+    ///                 whether \p buf_len was large enough. This makes it possible
+    ///                 to determine the necessary size by calling this function
+    ///                 with \p buf set to \c NULL and \p buf_len to \c 0.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small.
+    pub fn mbedtls_ssl_session_save(
+        session: *const mbedtls_ssl_session,
+        buf: *mut crate::c_types::c_uchar,
+        buf_len: usize,
+        olen: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               Set the list of allowed ciphersuites and the preference
+    ///                      order. First in the list has the highest preference.
+    ///
+    ///                      For TLS 1.2, the notion of ciphersuite determines both
+    ///                      the key exchange mechanism and the suite of symmetric
+    ///                      algorithms to be used during and after the handshake.
+    ///
+    ///                      For TLS 1.3 (in development), the notion of ciphersuite
+    ///                      only determines the suite of symmetric algorithms to be
+    ///                      used during and after the handshake, while key exchange
+    ///                      mechanisms are configured separately.
+    ///
+    ///                      In Mbed TLS, ciphersuites for both TLS 1.2 and TLS 1.3
+    ///                      are configured via this function. For users of TLS 1.3,
+    ///                      there will be separate API for the configuration of key
+    ///                      exchange mechanisms.
+    ///
+    ///                      The list of ciphersuites passed to this function may
+    ///                      contain a mixture of TLS 1.2 and TLS 1.3 ciphersuite
+    ///                      identifiers. This is useful if negotiation of TLS 1.3
+    ///                      should be attempted, but a fallback to TLS 1.2 would
+    ///                      be tolerated.
+    ///
+    /// \note                By default, the server chooses its preferred
+    ///                      ciphersuite among those that the client supports. If
+    ///                      mbedtls_ssl_conf_preference_order() is called to prefer
+    ///                      the client's preferences, the server instead chooses
+    ///                      the client's preferred ciphersuite among those that
+    ///                      the server supports.
+    ///
+    /// \warning             The ciphersuites array \p ciphersuites is not copied.
+    ///                      It must remain valid for the lifetime of the SSL
+    ///                      configuration \p conf.
+    ///
+    /// \param conf          The SSL configuration to modify.
+    /// \param ciphersuites  A 0-terminated list of IANA identifiers of supported
+    ///                      ciphersuites, accessible through \c MBEDTLS_TLS_XXX
+    ///                      and \c MBEDTLS_TLS1_3_XXX macros defined in
+    ///                      ssl_ciphersuites.h.
+    pub fn mbedtls_ssl_conf_ciphersuites(
+        conf: *mut mbedtls_ssl_config,
+        ciphersuites: *const crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief Set the supported key exchange modes for TLS 1.3 connections.
+    ///
+    ///        In contrast to TLS 1.2, the ciphersuite concept in TLS 1.3 does not
+    ///        include the choice of key exchange mechanism. It is therefore not
+    ///        covered by the API mbedtls_ssl_conf_ciphersuites(). See the
+    ///        documentation of mbedtls_ssl_conf_ciphersuites() for more
+    ///        information on the ciphersuite concept in TLS 1.2 and TLS 1.3.
+    ///
+    ///        The present function is specific to TLS 1.3 and allows users to
+    ///        configure the set of supported key exchange mechanisms in TLS 1.3.
+    ///
+    /// \param conf       The SSL configuration the change should apply to.
+    /// \param kex_modes  A bitwise combination of one or more of the following:
+    ///                   - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK
+    ///                     This flag enables pure-PSK key exchanges.
+    ///                   - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL
+    ///                     This flag enables combined PSK-ephemeral key exchanges.
+    ///                   - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL
+    ///                     This flag enables pure-ephemeral key exchanges.
+    ///                   For convenience, the following pre-defined macros are
+    ///                   available for combinations of the above:
+    ///                   - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL
+    ///                     Includes all of pure-PSK, PSK-ephemeral and pure-ephemeral.
+    ///                   - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL
+    ///                     Includes both pure-PSK and combined PSK-ephemeral
+    ///                     key exchanges, but excludes pure-ephemeral key exchanges.
+    ///                   - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL
+    ///                     Includes both pure-ephemeral and combined PSK-ephemeral
+    ///                     key exchanges.
+    ///
+    /// \note  If a PSK-based key exchange mode shall be supported, applications
+    ///        must also use the APIs mbedtls_ssl_conf_psk() or
+    ///        mbedtls_ssl_conf_psk_cb() or mbedtls_ssl_conf_psk_opaque()
+    ///        to configure the PSKs to be used.
+    ///
+    /// \note  If a pure-ephemeral key exchange mode shall be supported,
+    ///        server-side applications must also provide a certificate via
+    ///        mbedtls_ssl_conf_own_cert().
+    pub fn mbedtls_ssl_conf_tls13_key_exchange_modes(
+        conf: *mut mbedtls_ssl_config,
+        kex_modes: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief               Specify the length of Connection IDs for incoming
+    ///                      encrypted DTLS records, as well as the behaviour
+    ///                      on unexpected CIDs.
+    ///
+    ///                      By default, the CID length is set to \c 0,
+    ///                      and unexpected CIDs are silently ignored.
+    ///
+    /// \param conf          The SSL configuration to modify.
+    /// \param len           The length in Bytes of the CID fields in encrypted
+    ///                      DTLS records using the CID mechanism. This must
+    ///                      not be larger than #MBEDTLS_SSL_CID_OUT_LEN_MAX.
+    /// \param ignore_other_cids This determines the stack's behaviour when
+    ///                          receiving a record with an unexpected CID.
+    ///                          Possible values are:
+    ///                          - #MBEDTLS_SSL_UNEXPECTED_CID_IGNORE
+    ///                            In this case, the record is silently ignored.
+    ///                          - #MBEDTLS_SSL_UNEXPECTED_CID_FAIL
+    ///                            In this case, the stack fails with the specific
+    ///                            error code #MBEDTLS_ERR_SSL_UNEXPECTED_CID.
+    ///
+    /// \note                The CID specification allows implementations to either
+    ///                      use a common length for all incoming connection IDs or
+    ///                      allow variable-length incoming IDs. Mbed TLS currently
+    ///                      requires a common length for all connections sharing the
+    ///                      same SSL configuration; this allows simpler parsing of
+    ///                      record headers.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if \p own_cid_len
+    ///                      is too large.
+    pub fn mbedtls_ssl_conf_cid(
+        conf: *mut mbedtls_ssl_config,
+        len: usize,
+        ignore_other_cids: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Set the X.509 security profile used for verification
+    ///
+    /// \note           The restrictions are enforced for all certificates in the
+    ///                 chain. However, signatures in the handshake are not covered
+    ///                 by this setting but by \b mbedtls_ssl_conf_sig_hashes().
+    ///
+    /// \param conf     SSL configuration
+    /// \param profile  Profile to use
+    pub fn mbedtls_ssl_conf_cert_profile(
+        conf: *mut mbedtls_ssl_config,
+        profile: *const mbedtls_x509_crt_profile,
+    );
+}
+extern "C" {
+    /// \brief          Set the data required to verify peer certificate
+    ///
+    /// \note           See \c mbedtls_x509_crt_verify() for notes regarding the
+    ///                 parameters ca_chain (maps to trust_ca for that function)
+    ///                 and ca_crl.
+    ///
+    /// \param conf     SSL configuration
+    /// \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs)
+    /// \param ca_crl   trusted CA CRLs
+    pub fn mbedtls_ssl_conf_ca_chain(
+        conf: *mut mbedtls_ssl_config,
+        ca_chain: *mut mbedtls_x509_crt,
+        ca_crl: *mut mbedtls_x509_crl,
+    );
+}
+extern "C" {
+    /// \brief          Set own certificate chain and private key
+    ///
+    /// \note           own_cert should contain in order from the bottom up your
+    ///                 certificate chain. The top certificate (self-signed)
+    ///                 can be omitted.
+    ///
+    /// \note           On server, this function can be called multiple times to
+    ///                 provision more than one cert/key pair (eg one ECDSA, one
+    ///                 RSA with SHA-256, one RSA with SHA-1). An adequate
+    ///                 certificate will be selected according to the client's
+    ///                 advertised capabilities. In case multiple certificates are
+    ///                 adequate, preference is given to the one set by the first
+    ///                 call to this function, then second, etc.
+    ///
+    /// \note           On client, only the first call has any effect. That is,
+    ///                 only one client certificate can be provisioned. The
+    ///                 server's preferences in its CertificateRequest message will
+    ///                 be ignored and our only cert will be sent regardless of
+    ///                 whether it matches those preferences - the server can then
+    ///                 decide what it wants to do with it.
+    ///
+    /// \note           The provided \p pk_key needs to match the public key in the
+    ///                 first certificate in \p own_cert, or all handshakes using
+    ///                 that certificate will fail. It is your responsibility
+    ///                 to ensure that; this function will not perform any check.
+    ///                 You may use mbedtls_pk_check_pair() in order to perform
+    ///                 this check yourself, but be aware that this function can
+    ///                 be computationally expensive on some key types.
+    ///
+    /// \param conf     SSL configuration
+    /// \param own_cert own public certificate chain
+    /// \param pk_key   own private key
+    ///
+    /// \return         0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED
+    pub fn mbedtls_ssl_conf_own_cert(
+        conf: *mut mbedtls_ssl_config,
+        own_cert: *mut mbedtls_x509_crt,
+        pk_key: *mut mbedtls_pk_context,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Configure pre-shared keys (PSKs) and their
+    ///                 identities to be used in PSK-based ciphersuites.
+    ///
+    ///                 Only one PSK can be registered, through either
+    ///                 mbedtls_ssl_conf_psk() or mbedtls_ssl_conf_psk_opaque().
+    ///                 If you attempt to register more than one PSK, this function
+    ///                 fails, though this may change in future versions, which
+    ///                 may add support for multiple PSKs.
+    ///
+    /// \note           This is mainly useful for clients. Servers will usually
+    ///                 want to use \c mbedtls_ssl_conf_psk_cb() instead.
+    ///
+    /// \note           A PSK set by \c mbedtls_ssl_set_hs_psk() in the PSK callback
+    ///                 takes precedence over a PSK configured by this function.
+    ///
+    /// \param conf     The SSL configuration to register the PSK with.
+    /// \param psk      The pointer to the pre-shared key to use.
+    /// \param psk_len  The length of the pre-shared key in bytes.
+    /// \param psk_identity      The pointer to the pre-shared key identity.
+    /// \param psk_identity_len  The length of the pre-shared key identity
+    ///                          in bytes.
+    ///
+    /// \note           The PSK and its identity are copied internally and
+    ///                 hence need not be preserved by the caller for the lifetime
+    ///                 of the SSL configuration.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if no more PSKs
+    ///                 can be configured. In this case, the old PSK(s) remain intact.
+    /// \return         Another negative error code on other kinds of failure.
+    pub fn mbedtls_ssl_conf_psk(
+        conf: *mut mbedtls_ssl_config,
+        psk: *const crate::c_types::c_uchar,
+        psk_len: usize,
+        psk_identity: *const crate::c_types::c_uchar,
+        psk_identity_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Set the pre-shared Key (PSK) for the current handshake.
+    ///
+    /// \note           This should only be called inside the PSK callback,
+    ///                 i.e. the function passed to \c mbedtls_ssl_conf_psk_cb().
+    ///
+    /// \note           A PSK set by this function takes precedence over a PSK
+    ///                 configured by \c mbedtls_ssl_conf_psk().
+    ///
+    /// \param ssl      The SSL context to configure a PSK for.
+    /// \param psk      The pointer to the pre-shared key.
+    /// \param psk_len  The length of the pre-shared key in bytes.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         An \c MBEDTLS_ERR_SSL_XXX error code on failure.
+    pub fn mbedtls_ssl_set_hs_psk(
+        ssl: *mut mbedtls_ssl_context,
+        psk: *const crate::c_types::c_uchar,
+        psk_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Set the PSK callback (server-side only).
+    ///
+    ///                 If set, the PSK callback is called for each
+    ///                 handshake where a PSK-based ciphersuite was negotiated.
+    ///                 The caller provides the identity received and wants to
+    ///                 receive the actual PSK data and length.
+    ///
+    ///                 The callback has the following parameters:
+    ///                 - \c void*: The opaque pointer \p p_psk.
+    ///                 - \c mbedtls_ssl_context*: The SSL context to which
+    ///                                            the operation applies.
+    ///                 - \c const unsigned char*: The PSK identity
+    ///                                            selected by the client.
+    ///                 - \c size_t: The length of the PSK identity
+    ///                              selected by the client.
+    ///
+    ///                 If a valid PSK identity is found, the callback should use
+    ///                 \c mbedtls_ssl_set_hs_psk() or
+    ///                 \c mbedtls_ssl_set_hs_psk_opaque()
+    ///                 on the SSL context to set the correct PSK and return \c 0.
+    ///                 Any other return value will result in a denied PSK identity.
+    ///
+    /// \note           A dynamic PSK (i.e. set by the PSK callback) takes
+    ///                 precedence over a static PSK (i.e. set by
+    ///                 \c mbedtls_ssl_conf_psk() or
+    ///                 \c mbedtls_ssl_conf_psk_opaque()).
+    ///                 This means that if you set a PSK callback using this
+    ///                 function, you don't need to set a PSK using
+    ///                 \c mbedtls_ssl_conf_psk() or
+    ///                 \c mbedtls_ssl_conf_psk_opaque()).
+    ///
+    /// \param conf     The SSL configuration to register the callback with.
+    /// \param f_psk    The callback for selecting and setting the PSK based
+    ///                 in the PSK identity chosen by the client.
+    /// \param p_psk    A pointer to an opaque structure to be passed to
+    ///                 the callback, for example a PSK store.
+    pub fn mbedtls_ssl_conf_psk_cb(
+        conf: *mut mbedtls_ssl_config,
+        f_psk: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut mbedtls_ssl_context,
+                arg3: *const crate::c_types::c_uchar,
+                arg4: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_psk: *mut crate::c_types::c_void,
+    );
+}
+extern "C" {
+    /// \brief          Set the Diffie-Hellman public P and G values
+    ///                 from big-endian binary presentations.
+    ///                 (Default values: MBEDTLS_DHM_RFC3526_MODP_2048_[PG]_BIN)
+    ///
+    /// \param conf     SSL configuration
+    /// \param dhm_P    Diffie-Hellman-Merkle modulus in big-endian binary form
+    /// \param P_len    Length of DHM modulus
+    /// \param dhm_G    Diffie-Hellman-Merkle generator in big-endian binary form
+    /// \param G_len    Length of DHM generator
+    ///
+    /// \return         0 if successful
+    pub fn mbedtls_ssl_conf_dh_param_bin(
+        conf: *mut mbedtls_ssl_config,
+        dhm_P: *const crate::c_types::c_uchar,
+        P_len: usize,
+        dhm_G: *const crate::c_types::c_uchar,
+        G_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Set the Diffie-Hellman public P and G values,
+    ///                 read from existing context (server-side only)
+    ///
+    /// \param conf     SSL configuration
+    /// \param dhm_ctx  Diffie-Hellman-Merkle context
+    ///
+    /// \return         0 if successful
+    pub fn mbedtls_ssl_conf_dh_param_ctx(
+        conf: *mut mbedtls_ssl_config,
+        dhm_ctx: *mut mbedtls_dhm_context,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Set the minimum length for Diffie-Hellman parameters.
+    ///                 (Client-side only.)
+    ///                 (Default: 1024 bits.)
+    ///
+    /// \param conf     SSL configuration
+    /// \param bitlen   Minimum bit length of the DHM prime
+    pub fn mbedtls_ssl_conf_dhm_min_bitlen(
+        conf: *mut mbedtls_ssl_config,
+        bitlen: crate::c_types::c_uint,
+    );
+}
+extern "C" {
+    /// \brief          Set the allowed curves in order of preference.
+    ///
+    ///                 On server: this only affects selection of the ECDHE curve;
+    ///                 the curves used for ECDH and ECDSA are determined by the
+    ///                 list of available certificates instead.
+    ///
+    ///                 On client: this affects the list of curves offered for any
+    ///                 use. The server can override our preference order.
+    ///
+    ///                 Both sides: limits the set of curves accepted for use in
+    ///                 ECDHE and in the peer's end-entity certificate.
+    ///
+    /// \deprecated     Superseded by mbedtls_ssl_conf_groups().
+    ///
+    /// \note           This has no influence on which curves are allowed inside the
+    ///                 certificate chains, see \c mbedtls_ssl_conf_cert_profile()
+    ///                 for that. For the end-entity certificate however, the key
+    ///                 will be accepted only if it is allowed both by this list
+    ///                 and by the cert profile.
+    ///
+    /// \note           This list should be ordered by decreasing preference
+    ///                 (preferred curve first).
+    ///
+    /// \note           The default list is the same set of curves that
+    ///                 #mbedtls_x509_crt_profile_default allows, plus
+    ///                 ECDHE-only curves selected according to the same criteria.
+    ///                 The order favors curves with the lowest resource usage.
+    ///
+    /// \note           New minor versions of Mbed TLS may extend this list,
+    ///                 for example if new curves are added to the library.
+    ///                 New minor versions of Mbed TLS will not remove items
+    ///                 from this list unless serious security concerns require it.
+    ///                 New minor versions of Mbed TLS may change the order in
+    ///                 keeping with the general principle of favoring the lowest
+    ///                 resource usage.
+    ///
+    /// \param conf     SSL configuration
+    /// \param curves   Ordered list of allowed curves,
+    ///                 terminated by MBEDTLS_ECP_DP_NONE.
+    pub fn mbedtls_ssl_conf_curves(
+        conf: *mut mbedtls_ssl_config,
+        curves: *const mbedtls_ecp_group_id,
+    );
+}
+extern "C" {
+    /// \brief          Set the allowed groups in order of preference.
+    ///
+    ///                 On server: This only affects the choice of key agreement mechanism
+    ///
+    ///                 On client: this affects the list of groups offered for any
+    ///                 use. The server can override our preference order.
+    ///
+    ///                 Both sides: limits the set of groups accepted for use in
+    ///                 key sharing.
+    ///
+    /// \note           This function replaces the deprecated mbedtls_ssl_conf_curves(),
+    ///                 which only allows ECP curves to be configured.
+    ///
+    /// \note           The most recent invocation of either mbedtls_ssl_conf_curves()
+    ///                 or mbedtls_ssl_conf_groups() nullifies all previous invocations
+    ///                 of both.
+    ///
+    /// \note           This list should be ordered by decreasing preference
+    ///                 (preferred group first).
+    ///
+    /// \note           When this function is not called, a default list is used,
+    ///                 consisting of all supported curves at 255 bits and above,
+    ///                 and all supported finite fields at 2048 bits and above.
+    ///                 The order favors groups with the lowest resource usage.
+    ///
+    /// \note           New minor versions of Mbed TLS will not remove items
+    ///                 from the default list unless serious security concerns require it.
+    ///                 New minor versions of Mbed TLS may change the order in
+    ///                 keeping with the general principle of favoring the lowest
+    ///                 resource usage.
+    ///
+    /// \param conf     SSL configuration
+    /// \param groups   List of allowed groups ordered by preference, terminated by 0.
+    ///                 Must contain valid IANA NamedGroup IDs (provided via either an integer
+    ///                 or using MBEDTLS_TLS1_3_NAMED_GROUP_XXX macros).
+    pub fn mbedtls_ssl_conf_groups(conf: *mut mbedtls_ssl_config, groups: *const u16);
+}
+extern "C" {
+    /// \brief          Set the allowed hashes for signatures during the handshake.
+    ///
+    /// \note           This only affects which hashes are offered and can be used
+    ///                 for signatures during the handshake. Hashes for message
+    ///                 authentication and the TLS PRF are controlled by the
+    ///                 ciphersuite, see \c mbedtls_ssl_conf_ciphersuites(). Hashes
+    ///                 used for certificate signature are controlled by the
+    ///                 verification profile, see \c mbedtls_ssl_conf_cert_profile().
+    ///
+    /// \note           This list should be ordered by decreasing preference
+    ///                 (preferred hash first).
+    ///
+    /// \note           By default, all supported hashes whose length is at least
+    ///                 256 bits are allowed. This is the same set as the default
+    ///                 for certificate verification
+    ///                 (#mbedtls_x509_crt_profile_default).
+    ///                 The preference order is currently unspecified and may
+    ///                 change in future versions.
+    ///
+    /// \note           New minor versions of Mbed TLS may extend this list,
+    ///                 for example if new curves are added to the library.
+    ///                 New minor versions of Mbed TLS will not remove items
+    ///                 from this list unless serious security concerns require it.
+    ///
+    /// \param conf     SSL configuration
+    /// \param hashes   Ordered list of allowed signature hashes,
+    ///                 terminated by \c MBEDTLS_MD_NONE.
+    pub fn mbedtls_ssl_conf_sig_hashes(
+        conf: *mut mbedtls_ssl_config,
+        hashes: *const crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief          Configure allowed signature algorithms for use in TLS 1.3
+    ///
+    /// \param conf     The SSL configuration to use.
+    /// \param sig_algs List of allowed IANA values for TLS 1.3 signature algorithms,
+    ///                 terminated by \c MBEDTLS_TLS1_3_SIG_NONE. The list must remain
+    ///                 available throughout the lifetime of the conf object. Supported
+    ///                 values are available as \c MBEDTLS_TLS1_3_SIG_XXXX
+    pub fn mbedtls_ssl_conf_sig_algs(conf: *mut mbedtls_ssl_config, sig_algs: *const u16);
+}
+extern "C" {
+    /// \brief          Set or reset the hostname to check against the received
+    ///                 server certificate. It sets the ServerName TLS extension,
+    ///                 too, if that extension is enabled. (client-side only)
+    ///
+    /// \param ssl      SSL context
+    /// \param hostname the server hostname, may be NULL to clear hostname
+    ///
+    /// \note           Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN.
+    ///
+    /// \return         0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on
+    ///                 allocation failure, MBEDTLS_ERR_SSL_BAD_INPUT_DATA on
+    ///                 too long input hostname.
+    ///
+    ///                 Hostname set to the one provided on success (cleared
+    ///                 when NULL). On allocation failure hostname is cleared.
+    ///                 On too long input failure, old hostname is unchanged.
+    pub fn mbedtls_ssl_set_hostname(
+        ssl: *mut mbedtls_ssl_context,
+        hostname: *const crate::c_types::c_char,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Retrieve SNI extension value for the current handshake.
+    ///                 Available in \p f_cert_cb of \c mbedtls_ssl_conf_cert_cb(),
+    ///                 this is the same value passed to \p f_sni callback of
+    ///                 \c mbedtls_ssl_conf_sni() and may be used instead of
+    ///                 \c mbedtls_ssl_conf_sni().
+    ///
+    /// \param ssl      SSL context
+    /// \param name_len pointer into which to store length of returned value.
+    ///                 0 if SNI extension is not present or not yet processed.
+    ///
+    /// \return         const pointer to SNI extension value.
+    ///                 - value is valid only when called in \p f_cert_cb
+    ///                   registered with \c mbedtls_ssl_conf_cert_cb().
+    ///                 - value is NULL if SNI extension is not present.
+    ///                 - value is not '\0'-terminated.  Use \c name_len for len.
+    ///                 - value must not be freed.
+    pub fn mbedtls_ssl_get_hs_sni(
+        ssl: *mut mbedtls_ssl_context,
+        name_len: *mut usize,
+    ) -> *const crate::c_types::c_uchar;
+}
+extern "C" {
+    /// \brief          Set own certificate and key for the current handshake
+    ///
+    /// \note           Same as \c mbedtls_ssl_conf_own_cert() but for use within
+    ///                 the SNI callback or the certificate selection callback.
+    ///
+    /// \note           Passing null \c own_cert clears the certificate list for
+    ///                 the current handshake.
+    ///
+    /// \param ssl      SSL context
+    /// \param own_cert own public certificate chain
+    /// \param pk_key   own private key
+    ///
+    /// \return         0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED
+    pub fn mbedtls_ssl_set_hs_own_cert(
+        ssl: *mut mbedtls_ssl_context,
+        own_cert: *mut mbedtls_x509_crt,
+        pk_key: *mut mbedtls_pk_context,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Set the data required to verify peer certificate for the
+    ///                 current handshake
+    ///
+    /// \note           Same as \c mbedtls_ssl_conf_ca_chain() but for use within
+    ///                 the SNI callback or the certificate selection callback.
+    ///
+    /// \param ssl      SSL context
+    /// \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs)
+    /// \param ca_crl   trusted CA CRLs
+    pub fn mbedtls_ssl_set_hs_ca_chain(
+        ssl: *mut mbedtls_ssl_context,
+        ca_chain: *mut mbedtls_x509_crt,
+        ca_crl: *mut mbedtls_x509_crl,
+    );
+}
+extern "C" {
+    /// \brief          Set DN hints sent to client in CertificateRequest message
+    ///
+    /// \note           Same as \c mbedtls_ssl_conf_dn_hints() but for use within
+    ///                 the SNI callback or the certificate selection callback.
+    ///
+    /// \param ssl      SSL context
+    /// \param crt      crt chain whose subject DNs are issuer DNs of client certs
+    ///                 from which the client should select client peer certificate.
+    pub fn mbedtls_ssl_set_hs_dn_hints(ssl: *mut mbedtls_ssl_context, crt: *const mbedtls_x509_crt);
+}
+extern "C" {
+    /// \brief          Set authmode for the current handshake.
+    ///
+    /// \note           Same as \c mbedtls_ssl_conf_authmode() but for use within
+    ///                 the SNI callback or the certificate selection callback.
+    ///
+    /// \param ssl      SSL context
+    /// \param authmode MBEDTLS_SSL_VERIFY_NONE, MBEDTLS_SSL_VERIFY_OPTIONAL or
+    ///                 MBEDTLS_SSL_VERIFY_REQUIRED
+    pub fn mbedtls_ssl_set_hs_authmode(
+        ssl: *mut mbedtls_ssl_context,
+        authmode: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief          Set server side ServerName TLS extension callback
+    ///                 (optional, server-side only).
+    ///
+    ///                 If set, the ServerName callback is called whenever the
+    ///                 server receives a ServerName TLS extension from the client
+    ///                 during a handshake. The ServerName callback has the
+    ///                 following parameters: (void *parameter, mbedtls_ssl_context *ssl,
+    ///                 const unsigned char *hostname, size_t len). If a suitable
+    ///                 certificate is found, the callback must set the
+    ///                 certificate(s) and key(s) to use with \c
+    ///                 mbedtls_ssl_set_hs_own_cert() (can be called repeatedly),
+    ///                 and may optionally adjust the CA and associated CRL with \c
+    ///                 mbedtls_ssl_set_hs_ca_chain() as well as the client
+    ///                 authentication mode with \c mbedtls_ssl_set_hs_authmode(),
+    ///                 then must return 0. If no matching name is found, the
+    ///                 callback may return non-zero to abort the handshake.
+    ///
+    /// \param conf     SSL configuration
+    /// \param f_sni    verification function
+    /// \param p_sni    verification parameter
+    pub fn mbedtls_ssl_conf_sni(
+        conf: *mut mbedtls_ssl_config,
+        f_sni: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut mbedtls_ssl_context,
+                arg3: *const crate::c_types::c_uchar,
+                arg4: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_sni: *mut crate::c_types::c_void,
+    );
+}
+extern "C" {
+    /// \brief          Set the supported Application Layer Protocols.
+    ///
+    /// \param conf     SSL configuration
+    /// \param protos   Pointer to a NULL-terminated list of supported protocols,
+    ///                 in decreasing preference order. The pointer to the list is
+    ///                 recorded by the library for later reference as required, so
+    ///                 the lifetime of the table must be at least as long as the
+    ///                 lifetime of the SSL configuration structure.
+    ///
+    /// \return         0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA.
+    pub fn mbedtls_ssl_conf_alpn_protocols(
+        conf: *mut mbedtls_ssl_config,
+        protos: *mut *const crate::c_types::c_char,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Get the name of the negotiated Application Layer Protocol.
+    ///                 This function should be called after the handshake is
+    ///                 completed.
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         Protocol name, or NULL if no protocol was negotiated.
+    pub fn mbedtls_ssl_get_alpn_protocol(
+        ssl: *const mbedtls_ssl_context,
+    ) -> *const crate::c_types::c_char;
+}
+extern "C" {
+    /// \brief          Set the maximum supported version sent from the client side
+    ///                 and/or accepted at the server side.
+    ///
+    ///                 See also the documentation of mbedtls_ssl_conf_min_version().
+    ///
+    /// \note           This ignores ciphersuites from higher versions.
+    ///
+    /// \note           This function is deprecated and has been replaced by
+    ///                 \c mbedtls_ssl_conf_max_tls_version().
+    ///
+    /// \param conf     SSL configuration
+    /// \param major    Major version number (#MBEDTLS_SSL_MAJOR_VERSION_3)
+    /// \param minor    Minor version number
+    ///                 (#MBEDTLS_SSL_MINOR_VERSION_3 for (D)TLS 1.2,
+    ///                 #MBEDTLS_SSL_MINOR_VERSION_4 for TLS 1.3)
+    pub fn mbedtls_ssl_conf_max_version(
+        conf: *mut mbedtls_ssl_config,
+        major: crate::c_types::c_int,
+        minor: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief          Set the minimum accepted SSL/TLS protocol version
+    ///
+    /// \note           By default, all supported versions are accepted.
+    ///                 Future versions of the library may disable older
+    ///                 protocol versions by default if they become deprecated.
+    ///
+    /// \note           The following versions are supported (if enabled at
+    ///                 compile time):
+    ///                 - (D)TLS 1.2: \p major = #MBEDTLS_SSL_MAJOR_VERSION_3,
+    ///                   \p minor = #MBEDTLS_SSL_MINOR_VERSION_3
+    ///                 - TLS 1.3: \p major = #MBEDTLS_SSL_MAJOR_VERSION_3,
+    ///                   \p minor = #MBEDTLS_SSL_MINOR_VERSION_4
+    ///
+    ///                 Note that the numbers in the constant names are the
+    ///                 TLS internal protocol numbers, and the minor versions
+    ///                 differ by one from the human-readable versions!
+    ///
+    /// \note           Input outside of the SSL_MAX_XXXXX_VERSION and
+    ///                 SSL_MIN_XXXXX_VERSION range is ignored.
+    ///
+    /// \note           After the handshake, you can call
+    ///                 mbedtls_ssl_get_version_number() to see what version was
+    ///                 negotiated.
+    ///
+    /// \note           This function is deprecated and has been replaced by
+    ///                 \c mbedtls_ssl_conf_min_tls_version().
+    ///
+    /// \param conf     SSL configuration
+    /// \param major    Major version number (#MBEDTLS_SSL_MAJOR_VERSION_3)
+    /// \param minor    Minor version number
+    ///                 (#MBEDTLS_SSL_MINOR_VERSION_3 for (D)TLS 1.2,
+    ///                 #MBEDTLS_SSL_MINOR_VERSION_4 for TLS 1.3)
+    pub fn mbedtls_ssl_conf_min_version(
+        conf: *mut mbedtls_ssl_config,
+        major: crate::c_types::c_int,
+        minor: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief           Enable or disable Encrypt-then-MAC
+    ///                  (Default: MBEDTLS_SSL_ETM_ENABLED)
+    ///
+    /// \note            This should always be enabled, it is a security
+    ///                  improvement, and should not cause any interoperability
+    ///                  issue (used only if the peer supports it too).
+    ///
+    /// \param conf      SSL configuration
+    /// \param etm       MBEDTLS_SSL_ETM_ENABLED or MBEDTLS_SSL_ETM_DISABLED
+    pub fn mbedtls_ssl_conf_encrypt_then_mac(
+        conf: *mut mbedtls_ssl_config,
+        etm: crate::c_types::c_char,
+    );
+}
+extern "C" {
+    /// \brief           Enable or disable Extended Master Secret negotiation.
+    ///                  (Default: MBEDTLS_SSL_EXTENDED_MS_ENABLED)
+    ///
+    /// \note            This should always be enabled, it is a security fix to the
+    ///                  protocol, and should not cause any interoperability issue
+    ///                  (used only if the peer supports it too).
+    ///
+    /// \param conf      SSL configuration
+    /// \param ems       MBEDTLS_SSL_EXTENDED_MS_ENABLED or MBEDTLS_SSL_EXTENDED_MS_DISABLED
+    pub fn mbedtls_ssl_conf_extended_master_secret(
+        conf: *mut mbedtls_ssl_config,
+        ems: crate::c_types::c_char,
+    );
+}
+extern "C" {
+    /// \brief          Whether to send a list of acceptable CAs in
+    ///                 CertificateRequest messages.
+    ///                 (Default: do send)
+    ///
+    /// \param conf     SSL configuration
+    /// \param cert_req_ca_list   MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED or
+    ///                          MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED
+    pub fn mbedtls_ssl_conf_cert_req_ca_list(
+        conf: *mut mbedtls_ssl_config,
+        cert_req_ca_list: crate::c_types::c_char,
+    );
+}
+extern "C" {
+    /// \brief          Set the maximum fragment length to emit and/or negotiate.
+    ///                 (Typical: the smaller of #MBEDTLS_SSL_IN_CONTENT_LEN and
+    ///                 #MBEDTLS_SSL_OUT_CONTENT_LEN, usually `2^14` bytes)
+    ///                 (Server: set maximum fragment length to emit,
+    ///                 usually negotiated by the client during handshake)
+    ///                 (Client: set maximum fragment length to emit *and*
+    ///                 negotiate with the server during handshake)
+    ///                 (Default: #MBEDTLS_SSL_MAX_FRAG_LEN_NONE)
+    ///
+    /// \note           On the client side, the maximum fragment length extension
+    ///                 *will not* be used, unless the maximum fragment length has
+    ///                 been set via this function to a value different than
+    ///                 #MBEDTLS_SSL_MAX_FRAG_LEN_NONE.
+    ///
+    /// \note           With TLS, this currently only affects ApplicationData (sent
+    ///                 with \c mbedtls_ssl_read()), not handshake messages.
+    ///                 With DTLS, this affects both ApplicationData and handshake.
+    ///
+    /// \note           This sets the maximum length for a record's payload,
+    ///                 excluding record overhead that will be added to it, see
+    ///                 \c mbedtls_ssl_get_record_expansion().
+    ///
+    /// \note           For DTLS, it is also possible to set a limit for the total
+    ///                 size of datagrams passed to the transport layer, including
+    ///                 record overhead, see \c mbedtls_ssl_set_mtu().
+    ///
+    /// \param conf     SSL configuration
+    /// \param mfl_code Code for maximum fragment length (allowed values:
+    ///                 MBEDTLS_SSL_MAX_FRAG_LEN_512,  MBEDTLS_SSL_MAX_FRAG_LEN_1024,
+    ///                 MBEDTLS_SSL_MAX_FRAG_LEN_2048, MBEDTLS_SSL_MAX_FRAG_LEN_4096)
+    ///
+    /// \return         0 if successful or MBEDTLS_ERR_SSL_BAD_INPUT_DATA
+    pub fn mbedtls_ssl_conf_max_frag_len(
+        conf: *mut mbedtls_ssl_config,
+        mfl_code: crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Pick the ciphersuites order according to the second parameter
+    ///                 in the SSL Server module (MBEDTLS_SSL_SRV_C).
+    ///                 (Default, if never called: MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER)
+    ///
+    /// \param conf     SSL configuration
+    /// \param order    Server or client (MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER
+    ///                                or MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT)
+    pub fn mbedtls_ssl_conf_preference_order(
+        conf: *mut mbedtls_ssl_config,
+        order: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief          Enable / Disable session tickets (client only).
+    ///                 (Default: MBEDTLS_SSL_SESSION_TICKETS_ENABLED.)
+    ///
+    /// \note           On server, use \c mbedtls_ssl_conf_session_tickets_cb().
+    ///
+    /// \param conf     SSL configuration
+    /// \param use_tickets   Enable or disable (MBEDTLS_SSL_SESSION_TICKETS_ENABLED or
+    ///                                         MBEDTLS_SSL_SESSION_TICKETS_DISABLED)
+    pub fn mbedtls_ssl_conf_session_tickets(
+        conf: *mut mbedtls_ssl_config,
+        use_tickets: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief   Number of NewSessionTicket messages for the server to send
+    ///          after handshake completion.
+    ///
+    /// \note    The default value is
+    ///          \c MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS.
+    ///
+    /// \note    In case of a session resumption, this setting only partially apply.
+    ///          At most one ticket is sent in that case to just renew the pool of
+    ///          tickets of the client. The rationale is to avoid the number of
+    ///          tickets on the server to become rapidly out of control when the
+    ///          server has the same configuration for all its connection instances.
+    ///
+    /// \param conf    SSL configuration
+    /// \param num_tickets    Number of NewSessionTicket.
+    pub fn mbedtls_ssl_conf_new_session_tickets(conf: *mut mbedtls_ssl_config, num_tickets: u16);
+}
+extern "C" {
+    /// \brief          Enable / Disable renegotiation support for connection when
+    ///                 initiated by peer
+    ///                 (Default: MBEDTLS_SSL_RENEGOTIATION_DISABLED)
+    ///
+    /// \warning        It is recommended to always disable renegotiation unless you
+    ///                 know you need it and you know what you're doing. In the
+    ///                 past, there have been several issues associated with
+    ///                 renegotiation or a poor understanding of its properties.
+    ///
+    /// \note           Server-side, enabling renegotiation also makes the server
+    ///                 susceptible to a resource DoS by a malicious client.
+    ///
+    /// \param conf    SSL configuration
+    /// \param renegotiation     Enable or disable (MBEDTLS_SSL_RENEGOTIATION_ENABLED or
+    ///                                             MBEDTLS_SSL_RENEGOTIATION_DISABLED)
+    pub fn mbedtls_ssl_conf_renegotiation(
+        conf: *mut mbedtls_ssl_config,
+        renegotiation: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief          Prevent or allow legacy renegotiation.
+    ///                 (Default: MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION)
+    ///
+    ///                 MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION allows connections to
+    ///                 be established even if the peer does not support
+    ///                 secure renegotiation, but does not allow renegotiation
+    ///                 to take place if not secure.
+    ///                 (Interoperable and secure option)
+    ///
+    ///                 MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION allows renegotiations
+    ///                 with non-upgraded peers. Allowing legacy renegotiation
+    ///                 makes the connection vulnerable to specific man in the
+    ///                 middle attacks. (See RFC 5746)
+    ///                 (Most interoperable and least secure option)
+    ///
+    ///                 MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE breaks off connections
+    ///                 if peer does not support secure renegotiation. Results
+    ///                 in interoperability issues with non-upgraded peers
+    ///                 that do not support renegotiation altogether.
+    ///                 (Most secure option, interoperability issues)
+    ///
+    /// \param conf     SSL configuration
+    /// \param allow_legacy  Prevent or allow (SSL_NO_LEGACY_RENEGOTIATION,
+    ///                                        SSL_ALLOW_LEGACY_RENEGOTIATION or
+    ///                                        MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE)
+    pub fn mbedtls_ssl_conf_legacy_renegotiation(
+        conf: *mut mbedtls_ssl_config,
+        allow_legacy: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief          Enforce renegotiation requests.
+    ///                 (Default: enforced, max_records = 16)
+    ///
+    ///                 When we request a renegotiation, the peer can comply or
+    ///                 ignore the request. This function allows us to decide
+    ///                 whether to enforce our renegotiation requests by closing
+    ///                 the connection if the peer doesn't comply.
+    ///
+    ///                 However, records could already be in transit from the peer
+    ///                 when the request is emitted. In order to increase
+    ///                 reliability, we can accept a number of records before the
+    ///                 expected handshake records.
+    ///
+    ///                 The optimal value is highly dependent on the specific usage
+    ///                 scenario.
+    ///
+    /// \note           With DTLS and server-initiated renegotiation, the
+    ///                 HelloRequest is retransmitted every time mbedtls_ssl_read() times
+    ///                 out or receives Application Data, until:
+    ///                 - max_records records have beens seen, if it is >= 0, or
+    ///                 - the number of retransmits that would happen during an
+    ///                 actual handshake has been reached.
+    ///                 Please remember the request might be lost a few times
+    ///                 if you consider setting max_records to a really low value.
+    ///
+    /// \warning        On client, the grace period can only happen during
+    ///                 mbedtls_ssl_read(), as opposed to mbedtls_ssl_write() and mbedtls_ssl_renegotiate()
+    ///                 which always behave as if max_record was 0. The reason is,
+    ///                 if we receive application data from the server, we need a
+    ///                 place to write it, which only happens during mbedtls_ssl_read().
+    ///
+    /// \param conf     SSL configuration
+    /// \param max_records Use MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED if you don't want to
+    ///                 enforce renegotiation, or a non-negative value to enforce
+    ///                 it but allow for a grace period of max_records records.
+    pub fn mbedtls_ssl_conf_renegotiation_enforced(
+        conf: *mut mbedtls_ssl_config,
+        max_records: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief          Set record counter threshold for periodic renegotiation.
+    ///                 (Default: 2^48 - 1)
+    ///
+    ///                 Renegotiation is automatically triggered when a record
+    ///                 counter (outgoing or incoming) crosses the defined
+    ///                 threshold. The default value is meant to prevent the
+    ///                 connection from being closed when the counter is about to
+    ///                 reached its maximal value (it is not allowed to wrap).
+    ///
+    ///                 Lower values can be used to enforce policies such as "keys
+    ///                 must be refreshed every N packets with cipher X".
+    ///
+    ///                 The renegotiation period can be disabled by setting
+    ///                 conf->disable_renegotiation to
+    ///                 MBEDTLS_SSL_RENEGOTIATION_DISABLED.
+    ///
+    /// \note           When the configured transport is
+    ///                 MBEDTLS_SSL_TRANSPORT_DATAGRAM the maximum renegotiation
+    ///                 period is 2^48 - 1, and for MBEDTLS_SSL_TRANSPORT_STREAM,
+    ///                 the maximum renegotiation period is 2^64 - 1.
+    ///
+    /// \param conf     SSL configuration
+    /// \param period   The threshold value: a big-endian 64-bit number.
+    pub fn mbedtls_ssl_conf_renegotiation_period(
+        conf: *mut mbedtls_ssl_config,
+        period: *const crate::c_types::c_uchar,
+    );
+}
+extern "C" {
+    /// \brief          Check if there is data already read from the
+    ///                 underlying transport but not yet processed.
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         0 if nothing's pending, 1 otherwise.
+    ///
+    /// \note           This is different in purpose and behaviour from
+    ///                 \c mbedtls_ssl_get_bytes_avail in that it considers
+    ///                 any kind of unprocessed data, not only unread
+    ///                 application data. If \c mbedtls_ssl_get_bytes
+    ///                 returns a non-zero value, this function will
+    ///                 also signal pending data, but the converse does
+    ///                 not hold. For example, in DTLS there might be
+    ///                 further records waiting to be processed from
+    ///                 the current underlying transport's datagram.
+    ///
+    /// \note           If this function returns 1 (data pending), this
+    ///                 does not imply that a subsequent call to
+    ///                 \c mbedtls_ssl_read will provide any data;
+    ///                 e.g., the unprocessed data might turn out
+    ///                 to be an alert or a handshake message.
+    ///
+    /// \note           This function is useful in the following situation:
+    ///                 If the SSL/TLS module successfully returns from an
+    ///                 operation - e.g. a handshake or an application record
+    ///                 read - and you're awaiting incoming data next, you
+    ///                 must not immediately idle on the underlying transport
+    ///                 to have data ready, but you need to check the value
+    ///                 of this function first. The reason is that the desired
+    ///                 data might already be read but not yet processed.
+    ///                 If, in contrast, a previous call to the SSL/TLS module
+    ///                 returned MBEDTLS_ERR_SSL_WANT_READ, it is not necessary
+    ///                 to call this function, as the latter error code entails
+    ///                 that all internal data has been processed.
+    pub fn mbedtls_ssl_check_pending(ssl: *const mbedtls_ssl_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Return the number of application data bytes
+    ///                 remaining to be read from the current record.
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         How many bytes are available in the application
+    ///                 data record read buffer.
+    ///
+    /// \note           When working over a datagram transport, this is
+    ///                 useful to detect the current datagram's boundary
+    ///                 in case \c mbedtls_ssl_read has written the maximal
+    ///                 amount of data fitting into the input buffer.
+    pub fn mbedtls_ssl_get_bytes_avail(ssl: *const mbedtls_ssl_context) -> usize;
+}
+extern "C" {
+    /// \brief          Return the result of the certificate verification
+    ///
+    /// \param ssl      The SSL context to use.
+    ///
+    /// \return         \c 0 if the certificate verification was successful.
+    /// \return         \c -1u if the result is not available. This may happen
+    ///                 e.g. if the handshake aborts early, or a verification
+    ///                 callback returned a fatal error.
+    /// \return         A bitwise combination of \c MBEDTLS_X509_BADCERT_XXX
+    ///                 and \c MBEDTLS_X509_BADCRL_XXX failure flags; see x509.h.
+    pub fn mbedtls_ssl_get_verify_result(ssl: *const mbedtls_ssl_context) -> u32;
+}
+extern "C" {
+    /// \brief          Return the id of the current ciphersuite
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         a ciphersuite id
+    pub fn mbedtls_ssl_get_ciphersuite_id_from_ssl(
+        ssl: *const mbedtls_ssl_context,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Return the name of the current ciphersuite
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         a string containing the ciphersuite name
+    pub fn mbedtls_ssl_get_ciphersuite(
+        ssl: *const mbedtls_ssl_context,
+    ) -> *const crate::c_types::c_char;
+}
+extern "C" {
+    /// \brief          Return the current TLS version
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         a string containing the TLS version
+    pub fn mbedtls_ssl_get_version(
+        ssl: *const mbedtls_ssl_context,
+    ) -> *const crate::c_types::c_char;
+}
+extern "C" {
+    /// \brief          Return the (maximum) number of bytes added by the record
+    ///                 layer: header + encryption/MAC overhead (inc. padding)
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         Current maximum record expansion in bytes
+    pub fn mbedtls_ssl_get_record_expansion(
+        ssl: *const mbedtls_ssl_context,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Return the current maximum outgoing record payload in bytes.
+    ///
+    /// \note           The logic to determine the maximum outgoing record payload is
+    ///                 version-specific. It takes into account various factors, such as
+    ///                 the mbedtls_config.h setting \c MBEDTLS_SSL_OUT_CONTENT_LEN, extensions
+    ///                 such as the max fragment length or record size limit extension if
+    ///                 used, and for DTLS the path MTU as configured and current
+    ///                 record expansion.
+    ///
+    /// \note           With DTLS, \c mbedtls_ssl_write() will return an error if
+    ///                 called with a larger length value.
+    ///                 With TLS, \c mbedtls_ssl_write() will fragment the input if
+    ///                 necessary and return the number of bytes written; it is up
+    ///                 to the caller to call \c mbedtls_ssl_write() again in
+    ///                 order to send the remaining bytes if any.
+    ///
+    /// \sa             mbedtls_ssl_get_max_out_record_payload()
+    /// \sa             mbedtls_ssl_get_record_expansion()
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         Current maximum payload for an outgoing record,
+    ///                 or a negative error code.
+    pub fn mbedtls_ssl_get_max_out_record_payload(
+        ssl: *const mbedtls_ssl_context,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Return the current maximum incoming record payload in bytes.
+    ///
+    /// \note           The logic to determine the maximum incoming record payload is
+    ///                 version-specific. It takes into account various factors, such as
+    ///                 the mbedtls_config.h setting \c MBEDTLS_SSL_IN_CONTENT_LEN, extensions
+    ///                 such as the max fragment length extension or record size limit
+    ///                 extension if used, and the current record expansion.
+    ///
+    /// \sa             mbedtls_ssl_set_mtu()
+    /// \sa             mbedtls_ssl_get_max_in_record_payload()
+    /// \sa             mbedtls_ssl_get_record_expansion()
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         Current maximum payload for an incoming record,
+    ///                 or a negative error code.
+    pub fn mbedtls_ssl_get_max_in_record_payload(
+        ssl: *const mbedtls_ssl_context,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Return the peer certificate from the current connection.
+    ///
+    /// \param  ssl     The SSL context to use. This must be initialized and setup.
+    ///
+    /// \return         The current peer certificate, if available.
+    ///                 The returned certificate is owned by the SSL context and
+    ///                 is valid only until the next call to the SSL API.
+    /// \return         \c NULL if no peer certificate is available. This might
+    ///                 be because the chosen ciphersuite doesn't use CRTs
+    ///                 (PSK-based ciphersuites, for example), or because
+    ///                 #MBEDTLS_SSL_KEEP_PEER_CERTIFICATE has been disabled,
+    ///                 allowing the stack to free the peer's CRT to save memory.
+    ///
+    /// \note           For one-time inspection of the peer's certificate during
+    ///                 the handshake, consider registering an X.509 CRT verification
+    ///                 callback through mbedtls_ssl_conf_verify() instead of calling
+    ///                 this function. Using mbedtls_ssl_conf_verify() also comes at
+    ///                 the benefit of allowing you to influence the verification
+    ///                 process, for example by masking expected and tolerated
+    ///                 verification failures.
+    ///
+    /// \warning        You must not use the pointer returned by this function
+    ///                 after any further call to the SSL API, including
+    ///                 mbedtls_ssl_read() and mbedtls_ssl_write(); this is
+    ///                 because the pointer might change during renegotiation,
+    ///                 which happens transparently to the user.
+    ///                 If you want to use the certificate across API calls,
+    ///                 you must make a copy.
+    pub fn mbedtls_ssl_get_peer_cert(ssl: *const mbedtls_ssl_context) -> *const mbedtls_x509_crt;
+}
+extern "C" {
+    /// \brief          Export a session in order to resume it later.
+    ///
+    /// \param ssl      The SSL context representing the connection for which to
+    ///                 to export a session structure for later resumption.
+    /// \param session  The target structure in which to store the exported session.
+    ///                 This must have been initialized with mbedtls_ssl_init_session()
+    ///                 but otherwise be unused.
+    ///
+    /// \note           This function can handle a variety of mechanisms for session
+    ///                 resumption: For TLS 1.2, both session ID-based resumption and
+    ///                 ticket-based resumption will be considered. For TLS 1.3,
+    ///                 once implemented, sessions equate to tickets, and calling
+    ///                 this function multiple times will export the available
+    ///                 tickets one a time until no further tickets are available,
+    ///                 in which case MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE will
+    ///                 be returned.
+    ///
+    /// \note           Calling this function multiple times will only be useful
+    ///                 once TLS 1.3 is supported. For TLS 1.2 connections, this
+    ///                 function should be called at most once.
+    ///
+    /// \return         \c 0 if successful. In this case, \p session can be used for
+    ///                 session resumption by passing it to mbedtls_ssl_set_session(),
+    ///                 and serialized for storage via mbedtls_ssl_session_save().
+    /// \return         #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if no further session
+    ///                 is available for export.
+    ///                 This error is a non-fatal, and has no observable effect on
+    ///                 the SSL context or the destination session.
+    /// \return         Another negative error code on other kinds of failure.
+    ///
+    /// \sa             mbedtls_ssl_set_session()
+    /// \sa             mbedtls_ssl_session_save()
+    pub fn mbedtls_ssl_get_session(
+        ssl: *const mbedtls_ssl_context,
+        session: *mut mbedtls_ssl_session,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform the SSL handshake
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_SSL_WANT_READ or #MBEDTLS_ERR_SSL_WANT_WRITE
+    ///                 if the handshake is incomplete and waiting for data to
+    ///                 be available for reading from or writing to the underlying
+    ///                 transport - in this case you must call this function again
+    ///                 when the underlying transport is ready for the operation.
+    /// \return         #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if an asynchronous
+    ///                 operation is in progress (see
+    ///                 mbedtls_ssl_conf_async_private_cb()) - in this case you
+    ///                 must call this function again when the operation is ready.
+    /// \return         #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS if a cryptographic
+    ///                 operation is in progress (see mbedtls_ecp_set_max_ops()) -
+    ///                 in this case you must call this function again to complete
+    ///                 the handshake when you're done attending other tasks.
+    /// \return         #MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED if DTLS is in use
+    ///                 and the client did not demonstrate reachability yet - in
+    ///                 this case you must stop using the context (see below).
+    /// \return         Another SSL error code - in this case you must stop using
+    ///                 the context (see below).
+    ///
+    /// \warning        If this function returns something other than
+    ///                 \c 0,
+    ///                 #MBEDTLS_ERR_SSL_WANT_READ,
+    ///                 #MBEDTLS_ERR_SSL_WANT_WRITE,
+    ///                 #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or
+    ///                 #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS,
+    ///                 you must stop using the SSL context for reading or writing,
+    ///                 and either free it or call \c mbedtls_ssl_session_reset()
+    ///                 on it before re-using it for a new connection; the current
+    ///                 connection must be closed.
+    ///
+    /// \note           If DTLS is in use, then you may choose to handle
+    ///                 #MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED specially for logging
+    ///                 purposes, as it is an expected return value rather than an
+    ///                 actual error, but you still need to reset/free the context.
+    ///
+    /// \note           Remarks regarding event-driven DTLS:
+    ///                 If the function returns #MBEDTLS_ERR_SSL_WANT_READ, no datagram
+    ///                 from the underlying transport layer is currently being processed,
+    ///                 and it is safe to idle until the timer or the underlying transport
+    ///                 signal a new event. This is not true for a successful handshake,
+    ///                 in which case the datagram of the underlying transport that is
+    ///                 currently being processed might or might not contain further
+    ///                 DTLS records.
+    ///
+    /// \note           If the context is configured to allow TLS 1.3, or if
+    ///                 #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+    ///                 subsystem must have been initialized by calling
+    ///                 psa_crypto_init() before calling this function.
+    pub fn mbedtls_ssl_handshake(ssl: *mut mbedtls_ssl_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Perform a single step of the SSL handshake
+    ///
+    /// \note           The state of the context (ssl->state) will be at
+    ///                 the next state after this function returns \c 0. Do not
+    ///                 call this function if mbedtls_ssl_is_handshake_over()
+    ///                 returns \c 1.
+    ///
+    /// \warning        Whilst in the past you may have used direct access to the
+    ///                 context state (ssl->state) in order to ascertain when to
+    ///                 stop calling this function and although you can still do
+    ///                 so with something like ssl->MBEDTLS_PRIVATE(state) or by
+    ///                 defining MBEDTLS_ALLOW_PRIVATE_ACCESS, this is now
+    ///                 considered deprecated and could be broken in any future
+    ///                 release. If you still find you have good reason for such
+    ///                 direct access, then please do contact the team to explain
+    ///                 this (raise an issue or post to the mailing list), so that
+    ///                 we can add a solution to your problem that will be
+    ///                 guaranteed to work in the future.
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         See mbedtls_ssl_handshake().
+    ///
+    /// \warning        If this function returns something other than \c 0,
+    ///                 #MBEDTLS_ERR_SSL_WANT_READ, #MBEDTLS_ERR_SSL_WANT_WRITE,
+    ///                 #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or
+    ///                 #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, you must stop using
+    ///                 the SSL context for reading or writing, and either free it
+    ///                 or call \c mbedtls_ssl_session_reset() on it before
+    ///                 re-using it for a new connection; the current connection
+    ///                 must be closed.
+    pub fn mbedtls_ssl_handshake_step(ssl: *mut mbedtls_ssl_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Initiate an SSL renegotiation on the running connection.
+    ///                 Client: perform the renegotiation right now.
+    ///                 Server: request renegotiation, which will be performed
+    ///                 during the next call to mbedtls_ssl_read() if honored by
+    ///                 client.
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return         0 if successful, or any mbedtls_ssl_handshake() return
+    ///                 value except #MBEDTLS_ERR_SSL_CLIENT_RECONNECT that can't
+    ///                 happen during a renegotiation.
+    ///
+    /// \warning        If this function returns something other than \c 0,
+    ///                 #MBEDTLS_ERR_SSL_WANT_READ, #MBEDTLS_ERR_SSL_WANT_WRITE,
+    ///                 #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or
+    ///                 #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, you must stop using
+    ///                 the SSL context for reading or writing, and either free it
+    ///                 or call \c mbedtls_ssl_session_reset() on it before
+    ///                 re-using it for a new connection; the current connection
+    ///                 must be closed.
+    pub fn mbedtls_ssl_renegotiate(ssl: *mut mbedtls_ssl_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Read at most 'len' application data bytes
+    ///
+    /// \param ssl      SSL context
+    /// \param buf      buffer that will hold the data
+    /// \param len      maximum number of bytes to read
+    ///
+    /// \return         The (positive) number of bytes read if successful.
+    /// \return         \c 0 if the read end of the underlying transport was closed
+    ///                 without sending a CloseNotify beforehand, which might happen
+    ///                 because of various reasons (internal error of an underlying
+    ///                 stack, non-conformant peer not sending a CloseNotify and
+    ///                 such) - in this case you must stop using the context
+    ///                 (see below).
+    /// \return         #MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY if the underlying
+    ///                 transport is still functional, but the peer has
+    ///                 acknowledged to not send anything anymore.
+    /// \return         #MBEDTLS_ERR_SSL_WANT_READ or #MBEDTLS_ERR_SSL_WANT_WRITE
+    ///                 if the handshake is incomplete and waiting for data to
+    ///                 be available for reading from or writing to the underlying
+    ///                 transport - in this case you must call this function again
+    ///                 when the underlying transport is ready for the operation.
+    /// \return         #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if an asynchronous
+    ///                 operation is in progress (see
+    ///                 mbedtls_ssl_conf_async_private_cb()) - in this case you
+    ///                 must call this function again when the operation is ready.
+    /// \return         #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS if a cryptographic
+    ///                 operation is in progress (see mbedtls_ecp_set_max_ops()) -
+    ///                 in this case you must call this function again to complete
+    ///                 the handshake when you're done attending other tasks.
+    /// \return         #MBEDTLS_ERR_SSL_CLIENT_RECONNECT if we're at the server
+    ///                 side of a DTLS connection and the client is initiating a
+    ///                 new connection using the same source port. See below.
+    /// \return         Another SSL error code - in this case you must stop using
+    ///                 the context (see below).
+    ///
+    /// \warning        If this function returns something other than
+    ///                 a positive value,
+    ///                 #MBEDTLS_ERR_SSL_WANT_READ,
+    ///                 #MBEDTLS_ERR_SSL_WANT_WRITE,
+    ///                 #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS,
+    ///                 #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS or
+    ///                 #MBEDTLS_ERR_SSL_CLIENT_RECONNECT,
+    ///                 you must stop using the SSL context for reading or writing,
+    ///                 and either free it or call \c mbedtls_ssl_session_reset()
+    ///                 on it before re-using it for a new connection; the current
+    ///                 connection must be closed.
+    ///
+    /// \note           When this function returns #MBEDTLS_ERR_SSL_CLIENT_RECONNECT
+    ///                 (which can only happen server-side), it means that a client
+    ///                 is initiating a new connection using the same source port.
+    ///                 You can either treat that as a connection close and wait
+    ///                 for the client to resend a ClientHello, or directly
+    ///                 continue with \c mbedtls_ssl_handshake() with the same
+    ///                 context (as it has been reset internally). Either way, you
+    ///                 must make sure this is seen by the application as a new
+    ///                 connection: application state, if any, should be reset, and
+    ///                 most importantly the identity of the client must be checked
+    ///                 again. WARNING: not validating the identity of the client
+    ///                 again, or not transmitting the new identity to the
+    ///                 application layer, would allow authentication bypass!
+    ///
+    /// \note           Remarks regarding event-driven DTLS:
+    ///                 - If the function returns #MBEDTLS_ERR_SSL_WANT_READ, no datagram
+    ///                   from the underlying transport layer is currently being processed,
+    ///                   and it is safe to idle until the timer or the underlying transport
+    ///                   signal a new event.
+    ///                 - This function may return MBEDTLS_ERR_SSL_WANT_READ even if data was
+    ///                   initially available on the underlying transport, as this data may have
+    ///                   been only e.g. duplicated messages or a renegotiation request.
+    ///                   Therefore, you must be prepared to receive MBEDTLS_ERR_SSL_WANT_READ even
+    ///                   when reacting to an incoming-data event from the underlying transport.
+    ///                 - On success, the datagram of the underlying transport that is currently
+    ///                   being processed may contain further DTLS records. You should call
+    ///                   \c mbedtls_ssl_check_pending to check for remaining records.
+    pub fn mbedtls_ssl_read(
+        ssl: *mut mbedtls_ssl_context,
+        buf: *mut crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Try to write exactly 'len' application data bytes
+    ///
+    /// \warning        This function will do partial writes in some cases. If the
+    ///                 return value is non-negative but less than length, the
+    ///                 function must be called again with updated arguments:
+    ///                 buf + ret, len - ret (if ret is the return value) until
+    ///                 it returns a value equal to the last 'len' argument.
+    ///
+    /// \param ssl      SSL context
+    /// \param buf      buffer holding the data
+    /// \param len      how many bytes must be written
+    ///
+    /// \return         The (non-negative) number of bytes actually written if
+    ///                 successful (may be less than \p len).
+    /// \return         #MBEDTLS_ERR_SSL_WANT_READ or #MBEDTLS_ERR_SSL_WANT_WRITE
+    ///                 if the handshake is incomplete and waiting for data to
+    ///                 be available for reading from or writing to the underlying
+    ///                 transport - in this case you must call this function again
+    ///                 when the underlying transport is ready for the operation.
+    /// \return         #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if an asynchronous
+    ///                 operation is in progress (see
+    ///                 mbedtls_ssl_conf_async_private_cb()) - in this case you
+    ///                 must call this function again when the operation is ready.
+    /// \return         #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS if a cryptographic
+    ///                 operation is in progress (see mbedtls_ecp_set_max_ops()) -
+    ///                 in this case you must call this function again to complete
+    ///                 the handshake when you're done attending other tasks.
+    /// \return         Another SSL error code - in this case you must stop using
+    ///                 the context (see below).
+    ///
+    /// \warning        If this function returns something other than
+    ///                 a non-negative value,
+    ///                 #MBEDTLS_ERR_SSL_WANT_READ,
+    ///                 #MBEDTLS_ERR_SSL_WANT_WRITE,
+    ///                 #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or
+    ///                 #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS,
+    ///                 you must stop using the SSL context for reading or writing,
+    ///                 and either free it or call \c mbedtls_ssl_session_reset()
+    ///                 on it before re-using it for a new connection; the current
+    ///                 connection must be closed.
+    ///
+    /// \note           When this function returns #MBEDTLS_ERR_SSL_WANT_WRITE/READ,
+    ///                 it must be called later with the *same* arguments,
+    ///                 until it returns a value greater than or equal to 0. When
+    ///                 the function returns #MBEDTLS_ERR_SSL_WANT_WRITE there may be
+    ///                 some partial data in the output buffer, however this is not
+    ///                 yet sent.
+    ///
+    /// \note           If the requested length is greater than the maximum
+    ///                 fragment length (either the built-in limit or the one set
+    ///                 or negotiated with the peer), then:
+    ///                 - with TLS, less bytes than requested are written.
+    ///                 - with DTLS, MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned.
+    ///                 \c mbedtls_ssl_get_max_out_record_payload() may be used to
+    ///                 query the active maximum fragment length.
+    ///
+    /// \note           Attempting to write 0 bytes will result in an empty TLS
+    ///                 application record being sent.
+    pub fn mbedtls_ssl_write(
+        ssl: *mut mbedtls_ssl_context,
+        buf: *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Send an alert message
+    ///
+    /// \param ssl       SSL context
+    /// \param level     The alert level of the message
+    ///                  (MBEDTLS_SSL_ALERT_LEVEL_WARNING or MBEDTLS_SSL_ALERT_LEVEL_FATAL)
+    /// \param message   The alert message (SSL_ALERT_MSG_*)
+    ///
+    /// \return          0 if successful, or a specific SSL error code.
+    ///
+    /// \note           If this function returns something other than 0 or
+    ///                 MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using
+    ///                 the SSL context for reading or writing, and either free it or
+    ///                 call \c mbedtls_ssl_session_reset() on it before re-using it
+    ///                 for a new connection; the current connection must be closed.
+    pub fn mbedtls_ssl_send_alert_message(
+        ssl: *mut mbedtls_ssl_context,
+        level: crate::c_types::c_uchar,
+        message: crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Notify the peer that the connection is being closed
+    ///
+    /// \param ssl      SSL context
+    ///
+    /// \return          0 if successful, or a specific SSL error code.
+    ///
+    /// \note           If this function returns something other than 0 or
+    ///                 MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using
+    ///                 the SSL context for reading or writing, and either free it or
+    ///                 call \c mbedtls_ssl_session_reset() on it before re-using it
+    ///                 for a new connection; the current connection must be closed.
+    pub fn mbedtls_ssl_close_notify(ssl: *mut mbedtls_ssl_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Free referenced items in an SSL context and clear memory
+    ///
+    /// \param ssl      SSL context
+    pub fn mbedtls_ssl_free(ssl: *mut mbedtls_ssl_context);
+}
+extern "C" {
+    /// \brief          Save an active connection as serialized data in a buffer.
+    ///                 This allows the freeing or re-using of the SSL context
+    ///                 while still picking up the connection later in a way that
+    ///                 it entirely transparent to the peer.
+    ///
+    /// \see            mbedtls_ssl_context_load()
+    ///
+    /// \note           The serialized data only contains the data that is
+    ///                 necessary to resume the connection: negotiated protocol
+    ///                 options, session identifier, keys, etc.
+    ///                 Loading a saved SSL context does not restore settings and
+    ///                 state related to how the application accesses the context,
+    ///                 such as configured callback functions, user data, pending
+    ///                 incoming or outgoing data, etc.
+    ///
+    /// \note           This feature is currently only available under certain
+    ///                 conditions, see the documentation of the return value
+    ///                 #MBEDTLS_ERR_SSL_BAD_INPUT_DATA for details.
+    ///
+    /// \note           When this function succeeds, it calls
+    ///                 mbedtls_ssl_session_reset() on \p ssl which as a result is
+    ///                 no longer associated with the connection that has been
+    ///                 serialized. This avoids creating copies of the connection
+    ///                 state. You're then free to either re-use the context
+    ///                 structure for a different connection, or call
+    ///                 mbedtls_ssl_free() on it. See the documentation of
+    ///                 mbedtls_ssl_session_reset() for more details.
+    ///
+    /// \param ssl      The SSL context to save. On success, it is no longer
+    ///                 associated with the connection that has been serialized.
+    /// \param buf      The buffer to write the serialized data to. It must be a
+    ///                 writeable buffer of at least \p buf_len bytes, or may be \c
+    ///                 NULL if \p buf_len is \c 0.
+    /// \param buf_len  The number of bytes available for writing in \p buf.
+    /// \param olen     The size in bytes of the data that has been or would have
+    ///                 been written. It must point to a valid \c size_t.
+    ///
+    /// \note           \p olen is updated to the correct value regardless of
+    ///                 whether \p buf_len was large enough. This makes it possible
+    ///                 to determine the necessary size by calling this function
+    ///                 with \p buf set to \c NULL and \p buf_len to \c 0. However,
+    ///                 the value of \p olen is only guaranteed to be correct when
+    ///                 the function returns #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL or
+    ///                 \c 0. If the return value is different, then the value of
+    ///                 \p olen is undefined.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small.
+    /// \return         #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed
+    ///                 while resetting the context.
+    /// \return         #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if a handshake is in
+    ///                 progress, or there is pending data for reading or sending,
+    ///                 or the connection does not use DTLS 1.2 with an AEAD
+    ///                 ciphersuite, or renegotiation is enabled.
+    pub fn mbedtls_ssl_context_save(
+        ssl: *mut mbedtls_ssl_context,
+        buf: *mut crate::c_types::c_uchar,
+        buf_len: usize,
+        olen: *mut usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Load serialized connection data to an SSL context.
+    ///
+    /// \see            mbedtls_ssl_context_save()
+    ///
+    /// \warning        The same serialized data must never be loaded into more
+    ///                 that one context. In order to ensure that, after
+    ///                 successfully loading serialized data to an SSL context, you
+    ///                 should immediately destroy or invalidate all copies of the
+    ///                 serialized data that was loaded. Loading the same data in
+    ///                 more than one context would cause severe security failures
+    ///                 including but not limited to loss of confidentiality.
+    ///
+    /// \note           Before calling this function, the SSL context must be
+    ///                 prepared in one of the two following ways. The first way is
+    ///                 to take a context freshly initialised with
+    ///                 mbedtls_ssl_init() and call mbedtls_ssl_setup() on it with
+    ///                 the same ::mbedtls_ssl_config structure that was used in
+    ///                 the original connection. The second way is to
+    ///                 call mbedtls_ssl_session_reset() on a context that was
+    ///                 previously prepared as above but used in the meantime.
+    ///                 Either way, you must not use the context to perform a
+    ///                 handshake between calling mbedtls_ssl_setup() or
+    ///                 mbedtls_ssl_session_reset() and calling this function. You
+    ///                 may however call other setter functions in that time frame
+    ///                 as indicated in the note below.
+    ///
+    /// \note           Before or after calling this function successfully, you
+    ///                 also need to configure some connection-specific callbacks
+    ///                 and settings before you can use the connection again
+    ///                 (unless they were already set before calling
+    ///                 mbedtls_ssl_session_reset() and the values are suitable for
+    ///                 the present connection). Specifically, you want to call
+    ///                 at least mbedtls_ssl_set_bio(),
+    ///                 mbedtls_ssl_set_timer_cb(), and
+    ///                 mbedtls_ssl_set_user_data_n() or
+    ///                 mbedtls_ssl_set_user_data_p() if they were set originally.
+    ///                 All other SSL setter functions
+    ///                 are not necessary to call, either because they're only used
+    ///                 in handshakes, or because the setting is already saved. You
+    ///                 might choose to call them anyway, for example in order to
+    ///                 share code between the cases of establishing a new
+    ///                 connection and the case of loading an already-established
+    ///                 connection.
+    ///
+    /// \note           If you have new information about the path MTU, you want to
+    ///                 call mbedtls_ssl_set_mtu() after calling this function, as
+    ///                 otherwise this function would overwrite your
+    ///                 newly-configured value with the value that was active when
+    ///                 the context was saved.
+    ///
+    /// \note           When this function returns an error code, it calls
+    ///                 mbedtls_ssl_free() on \p ssl. In this case, you need to
+    ///                 prepare the context with the usual sequence starting with a
+    ///                 call to mbedtls_ssl_init() if you want to use it again.
+    ///
+    /// \param ssl      The SSL context structure to be populated. It must have
+    ///                 been prepared as described in the note above.
+    /// \param buf      The buffer holding the serialized connection data. It must
+    ///                 be a readable buffer of at least \p len bytes.
+    /// \param len      The size of the serialized data in bytes.
+    ///
+    /// \return         \c 0 if successful.
+    /// \return         #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed.
+    /// \return         #MBEDTLS_ERR_SSL_VERSION_MISMATCH if the serialized data
+    ///                 comes from a different Mbed TLS version or build.
+    /// \return         #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid.
+    pub fn mbedtls_ssl_context_load(
+        ssl: *mut mbedtls_ssl_context,
+        buf: *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Initialize an SSL configuration context
+    ///                 Just makes the context ready for
+    ///                 mbedtls_ssl_config_defaults() or mbedtls_ssl_config_free().
+    ///
+    /// \note           You need to call mbedtls_ssl_config_defaults() unless you
+    ///                 manually set all of the relevant fields yourself.
+    ///
+    /// \param conf     SSL configuration context
+    pub fn mbedtls_ssl_config_init(conf: *mut mbedtls_ssl_config);
+}
+extern "C" {
+    /// \brief          Load reasonable default SSL configuration values.
+    ///                 (You need to call mbedtls_ssl_config_init() first.)
+    ///
+    /// \param conf     SSL configuration context
+    /// \param endpoint MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER
+    /// \param transport MBEDTLS_SSL_TRANSPORT_STREAM for TLS, or
+    ///                  MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS
+    /// \param preset   a MBEDTLS_SSL_PRESET_XXX value
+    ///
+    /// \note           See \c mbedtls_ssl_conf_transport() for notes on DTLS.
+    ///
+    /// \return         0 if successful, or
+    ///                 MBEDTLS_ERR_XXX_ALLOC_FAILED on memory allocation error.
+    pub fn mbedtls_ssl_config_defaults(
+        conf: *mut mbedtls_ssl_config,
+        endpoint: crate::c_types::c_int,
+        transport: crate::c_types::c_int,
+        preset: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Free an SSL configuration context
+    ///
+    /// \param conf     SSL configuration context
+    pub fn mbedtls_ssl_config_free(conf: *mut mbedtls_ssl_config);
+}
+extern "C" {
+    /// \brief          Initialize SSL session structure
+    ///
+    /// \param session  SSL session
+    pub fn mbedtls_ssl_session_init(session: *mut mbedtls_ssl_session);
+}
+extern "C" {
+    /// \brief          Free referenced items in an SSL session including the
+    ///                 peer certificate and clear memory
+    ///
+    /// \note           A session object can be freed even if the SSL context
+    ///                 that was used to retrieve the session is still in use.
+    ///
+    /// \param session  SSL session
+    pub fn mbedtls_ssl_session_free(session: *mut mbedtls_ssl_session);
+}
+extern "C" {
+    /// \brief          TLS-PRF function for key derivation.
+    ///
+    /// \param prf      The tls_prf type function type to be used.
+    /// \param secret   Secret for the key derivation function.
+    /// \param slen     Length of the secret.
+    /// \param label    String label for the key derivation function,
+    ///                 terminated with null character.
+    /// \param random   Random bytes.
+    /// \param rlen     Length of the random bytes buffer.
+    /// \param dstbuf   The buffer holding the derived key.
+    /// \param dlen     Length of the output buffer.
+    ///
+    /// \return         0 on success. An SSL specific error on failure.
+    pub fn mbedtls_ssl_tls_prf(
+        prf: mbedtls_tls_prf_types,
+        secret: *const crate::c_types::c_uchar,
+        slen: usize,
+        label: *const crate::c_types::c_char,
+        random: *const crate::c_types::c_uchar,
+        rlen: usize,
+        dstbuf: *mut crate::c_types::c_uchar,
+        dlen: usize,
+    ) -> crate::c_types::c_int;
+}
+/// \brief           Entropy poll callback pointer
+///
+/// \param data      Callback-specific data pointer
+/// \param output    Data to fill
+/// \param len       Maximum size to provide
+/// \param olen      The actual amount of bytes put into the buffer (Can be 0)
+///
+/// \return          0 if no critical failures occurred,
+///                  MBEDTLS_ERR_ENTROPY_SOURCE_FAILED otherwise
+pub type mbedtls_entropy_f_source_ptr = ::core::option::Option<
+    unsafe extern "C" fn(
+        data: *mut crate::c_types::c_void,
+        output: *mut crate::c_types::c_uchar,
+        len: usize,
+        olen: *mut usize,
+    ) -> crate::c_types::c_int,
+>;
+/// \brief           Entropy source state
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_entropy_source_state {
+    pub private_f_source: mbedtls_entropy_f_source_ptr,
+    pub private_p_source: *mut crate::c_types::c_void,
+    pub private_size: usize,
+    pub private_threshold: usize,
+    pub private_strong: crate::c_types::c_int,
+}
+/// \brief           Entropy context structure
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_entropy_context {
+    pub private_accumulator_started: crate::c_types::c_int,
+    pub private_accumulator: mbedtls_sha512_context,
+    pub private_source_count: crate::c_types::c_int,
+    pub private_source: [mbedtls_entropy_source_state; 20usize],
+}
+extern "C" {
+    /// \brief           Initialize the context
+    ///
+    /// \param ctx       Entropy context to initialize
+    pub fn mbedtls_entropy_init(ctx: *mut mbedtls_entropy_context);
+}
+extern "C" {
+    /// \brief           Free the data in the context
+    ///
+    /// \param ctx       Entropy context to free
+    pub fn mbedtls_entropy_free(ctx: *mut mbedtls_entropy_context);
+}
+extern "C" {
+    /// \brief           Adds an entropy source to poll
+    ///                  (Thread-safe if MBEDTLS_THREADING_C is enabled)
+    ///
+    /// \param ctx       Entropy context
+    /// \param f_source  Entropy function
+    /// \param p_source  Function data
+    /// \param threshold Minimum required from source before entropy is released
+    ///                  ( with mbedtls_entropy_func() ) (in bytes)
+    /// \param strong    MBEDTLS_ENTROPY_SOURCE_STRONG or
+    ///                  MBEDTLS_ENTROPY_SOURCE_WEAK.
+    ///                  At least one strong source needs to be added.
+    ///                  Weaker sources (such as the cycle counter) can be used as
+    ///                  a complement.
+    ///
+    /// \return          0 if successful or MBEDTLS_ERR_ENTROPY_MAX_SOURCES
+    pub fn mbedtls_entropy_add_source(
+        ctx: *mut mbedtls_entropy_context,
+        f_source: mbedtls_entropy_f_source_ptr,
+        p_source: *mut crate::c_types::c_void,
+        threshold: usize,
+        strong: crate::c_types::c_int,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Trigger an extra gather poll for the accumulator
+    ///                  (Thread-safe if MBEDTLS_THREADING_C is enabled)
+    ///
+    /// \param ctx       Entropy context
+    ///
+    /// \return          0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+    pub fn mbedtls_entropy_gather(ctx: *mut mbedtls_entropy_context) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Retrieve entropy from the accumulator
+    ///                  (Maximum length: MBEDTLS_ENTROPY_BLOCK_SIZE)
+    ///                  (Thread-safe if MBEDTLS_THREADING_C is enabled)
+    ///
+    /// \param data      Entropy context
+    /// \param output    Buffer to fill
+    /// \param len       Number of bytes desired, must be at most MBEDTLS_ENTROPY_BLOCK_SIZE
+    ///
+    /// \return          0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+    pub fn mbedtls_entropy_func(
+        data: *mut crate::c_types::c_void,
+        output: *mut crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Add data to the accumulator manually
+    ///                  (Thread-safe if MBEDTLS_THREADING_C is enabled)
+    ///
+    /// \param ctx       Entropy context
+    /// \param data      Data to add
+    /// \param len       Length of data
+    ///
+    /// \return          0 if successful
+    pub fn mbedtls_entropy_update_manual(
+        ctx: *mut mbedtls_entropy_context,
+        data: *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Checkup routine
+    ///
+    ///                 This module self-test also calls the entropy self-test,
+    ///                 mbedtls_entropy_source_self_test();
+    ///
+    /// \return         0 if successful, or 1 if a test failed
+    pub fn mbedtls_entropy_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief   Set the threshold error level to handle globally all debug output.
+    ///          Debug messages that have a level over the threshold value are
+    ///          discarded.
+    ///          (Default value: 0 = No debug )
+    ///
+    /// \param threshold     threshold level of messages to filter on. Messages at a
+    ///                      higher level will be discarded.
+    ///                          - Debug levels
+    ///                              - 0 No debug
+    ///                              - 1 Error
+    ///                              - 2 State change
+    ///                              - 3 Informational
+    ///                              - 4 Verbose
+    pub fn mbedtls_debug_set_threshold(threshold: crate::c_types::c_int);
+}
+extern "C" {
+    /// \brief    Print a message to the debug output. This function is always used
+    ///          through the MBEDTLS_SSL_DEBUG_MSG() macro, which supplies the ssl
+    ///          context, file and line number parameters.
+    ///
+    /// \param ssl       SSL context
+    /// \param level     error level of the debug message
+    /// \param file      file the message has occurred in
+    /// \param line      line number the message has occurred at
+    /// \param format    format specifier, in printf format
+    /// \param ...       variables used by the format specifier
+    ///
+    /// \attention       This function is intended for INTERNAL usage within the
+    ///                  library only.
+    pub fn mbedtls_debug_print_msg(
+        ssl: *const mbedtls_ssl_context,
+        level: crate::c_types::c_int,
+        file: *const crate::c_types::c_char,
+        line: crate::c_types::c_int,
+        format: *const crate::c_types::c_char,
+        ...
+    );
+}
+extern "C" {
+    /// \brief   Print the return value of a function to the debug output. This
+    ///          function is always used through the MBEDTLS_SSL_DEBUG_RET() macro,
+    ///          which supplies the ssl context, file and line number parameters.
+    ///
+    /// \param ssl       SSL context
+    /// \param level     error level of the debug message
+    /// \param file      file the error has occurred in
+    /// \param line      line number the error has occurred in
+    /// \param text      the name of the function that returned the error
+    /// \param ret       the return code value
+    ///
+    /// \attention       This function is intended for INTERNAL usage within the
+    ///                  library only.
+    pub fn mbedtls_debug_print_ret(
+        ssl: *const mbedtls_ssl_context,
+        level: crate::c_types::c_int,
+        file: *const crate::c_types::c_char,
+        line: crate::c_types::c_int,
+        text: *const crate::c_types::c_char,
+        ret: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief   Output a buffer of size len bytes to the debug output. This function
+    ///          is always used through the MBEDTLS_SSL_DEBUG_BUF() macro,
+    ///          which supplies the ssl context, file and line number parameters.
+    ///
+    /// \param ssl       SSL context
+    /// \param level     error level of the debug message
+    /// \param file      file the error has occurred in
+    /// \param line      line number the error has occurred in
+    /// \param text      a name or label for the buffer being dumped. Normally the
+    ///                  variable or buffer name
+    /// \param buf       the buffer to be outputted
+    /// \param len       length of the buffer
+    ///
+    /// \attention       This function is intended for INTERNAL usage within the
+    ///                  library only.
+    pub fn mbedtls_debug_print_buf(
+        ssl: *const mbedtls_ssl_context,
+        level: crate::c_types::c_int,
+        file: *const crate::c_types::c_char,
+        line: crate::c_types::c_int,
+        text: *const crate::c_types::c_char,
+        buf: *const crate::c_types::c_uchar,
+        len: usize,
+    );
+}
+extern "C" {
+    /// \brief   Print a MPI variable to the debug output. This function is always
+    ///          used through the MBEDTLS_SSL_DEBUG_MPI() macro, which supplies the
+    ///          ssl context, file and line number parameters.
+    ///
+    /// \param ssl       SSL context
+    /// \param level     error level of the debug message
+    /// \param file      file the error has occurred in
+    /// \param line      line number the error has occurred in
+    /// \param text      a name or label for the MPI being output. Normally the
+    ///                  variable name
+    /// \param X         the MPI variable
+    ///
+    /// \attention       This function is intended for INTERNAL usage within the
+    ///                  library only.
+    pub fn mbedtls_debug_print_mpi(
+        ssl: *const mbedtls_ssl_context,
+        level: crate::c_types::c_int,
+        file: *const crate::c_types::c_char,
+        line: crate::c_types::c_int,
+        text: *const crate::c_types::c_char,
+        X: *const mbedtls_mpi,
+    );
+}
+extern "C" {
+    /// \brief   Print an ECP point to the debug output. This function is always
+    ///          used through the MBEDTLS_SSL_DEBUG_ECP() macro, which supplies the
+    ///          ssl context, file and line number parameters.
+    ///
+    /// \param ssl       SSL context
+    /// \param level     error level of the debug message
+    /// \param file      file the error has occurred in
+    /// \param line      line number the error has occurred in
+    /// \param text      a name or label for the ECP point being output. Normally the
+    ///                  variable name
+    /// \param X         the ECP point
+    ///
+    /// \attention       This function is intended for INTERNAL usage within the
+    ///                  library only.
+    pub fn mbedtls_debug_print_ecp(
+        ssl: *const mbedtls_ssl_context,
+        level: crate::c_types::c_int,
+        file: *const crate::c_types::c_char,
+        line: crate::c_types::c_int,
+        text: *const crate::c_types::c_char,
+        X: *const mbedtls_ecp_point,
+    );
+}
+extern "C" {
+    /// \brief   Print a X.509 certificate structure to the debug output. This
+    ///          function is always used through the MBEDTLS_SSL_DEBUG_CRT() macro,
+    ///          which supplies the ssl context, file and line number parameters.
+    ///
+    /// \param ssl       SSL context
+    /// \param level     error level of the debug message
+    /// \param file      file the error has occurred in
+    /// \param line      line number the error has occurred in
+    /// \param text      a name or label for the certificate being output
+    /// \param crt       X.509 certificate structure
+    ///
+    /// \attention       This function is intended for INTERNAL usage within the
+    ///                  library only.
+    pub fn mbedtls_debug_print_crt(
+        ssl: *const mbedtls_ssl_context,
+        level: crate::c_types::c_int,
+        file: *const crate::c_types::c_char,
+        line: crate::c_types::c_int,
+        text: *const crate::c_types::c_char,
+        crt: *const mbedtls_x509_crt,
+    );
+}
+pub const mbedtls_debug_ecdh_attr_MBEDTLS_DEBUG_ECDH_Q: mbedtls_debug_ecdh_attr = 0;
+pub const mbedtls_debug_ecdh_attr_MBEDTLS_DEBUG_ECDH_QP: mbedtls_debug_ecdh_attr = 1;
+pub const mbedtls_debug_ecdh_attr_MBEDTLS_DEBUG_ECDH_Z: mbedtls_debug_ecdh_attr = 2;
+pub type mbedtls_debug_ecdh_attr = crate::c_types::c_uint;
+extern "C" {
+    /// \brief   Print a field of the ECDH structure in the SSL context to the debug
+    ///          output. This function is always used through the
+    ///          MBEDTLS_SSL_DEBUG_ECDH() macro, which supplies the ssl context, file
+    ///          and line number parameters.
+    ///
+    /// \param ssl       SSL context
+    /// \param level     error level of the debug message
+    /// \param file      file the error has occurred in
+    /// \param line      line number the error has occurred in
+    /// \param ecdh      the ECDH context
+    /// \param attr      the identifier of the attribute being output
+    ///
+    /// \attention       This function is intended for INTERNAL usage within the
+    ///                  library only.
+    pub fn mbedtls_debug_printf_ecdh(
+        ssl: *const mbedtls_ssl_context,
+        level: crate::c_types::c_int,
+        file: *const crate::c_types::c_char,
+        line: crate::c_types::c_int,
+        ecdh: *const mbedtls_ecdh_context,
+        attr: mbedtls_debug_ecdh_attr,
+    );
+}
+/// \brief The AES context-type definition.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_aes_context {
+    pub private_nr: crate::c_types::c_int,
+    pub private_rk_offset: usize,
+    pub private_buf: [u32; 68usize],
+}
+/// \brief The AES XTS context-type definition.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_aes_xts_context {
+    pub private_crypt: mbedtls_aes_context,
+    pub private_tweak: mbedtls_aes_context,
+}
+extern "C" {
+    /// \brief          This function initializes the specified AES context.
+    ///
+    ///                 It must be the first API called before using
+    ///                 the context.
+    ///
+    /// \param ctx      The AES context to initialize. This must not be \c NULL.
+    pub fn mbedtls_aes_init(ctx: *mut mbedtls_aes_context);
+}
+extern "C" {
+    /// \brief          This function releases and clears the specified AES context.
+    ///
+    /// \param ctx      The AES context to clear.
+    ///                 If this is \c NULL, this function does nothing.
+    ///                 Otherwise, the context must have been at least initialized.
+    pub fn mbedtls_aes_free(ctx: *mut mbedtls_aes_context);
+}
+extern "C" {
+    /// \brief          This function initializes the specified AES XTS context.
+    ///
+    ///                 It must be the first API called before using
+    ///                 the context.
+    ///
+    /// \param ctx      The AES XTS context to initialize. This must not be \c NULL.
+    pub fn mbedtls_aes_xts_init(ctx: *mut mbedtls_aes_xts_context);
+}
+extern "C" {
+    /// \brief          This function releases and clears the specified AES XTS context.
+    ///
+    /// \param ctx      The AES XTS context to clear.
+    ///                 If this is \c NULL, this function does nothing.
+    ///                 Otherwise, the context must have been at least initialized.
+    pub fn mbedtls_aes_xts_free(ctx: *mut mbedtls_aes_xts_context);
+}
+extern "C" {
+    /// \brief          This function sets the encryption key.
+    ///
+    /// \param ctx      The AES context to which the key should be bound.
+    ///                 It must be initialized.
+    /// \param key      The encryption key.
+    ///                 This must be a readable buffer of size \p keybits bits.
+    /// \param keybits  The size of data passed in bits. Valid options are:
+    ///                 <ul><li>128 bits</li>
+    ///                 <li>192 bits</li>
+    ///                 <li>256 bits</li></ul>
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
+    pub fn mbedtls_aes_setkey_enc(
+        ctx: *mut mbedtls_aes_context,
+        key: *const crate::c_types::c_uchar,
+        keybits: crate::c_types::c_uint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function sets the decryption key.
+    ///
+    /// \param ctx      The AES context to which the key should be bound.
+    ///                 It must be initialized.
+    /// \param key      The decryption key.
+    ///                 This must be a readable buffer of size \p keybits bits.
+    /// \param keybits  The size of data passed. Valid options are:
+    ///                 <ul><li>128 bits</li>
+    ///                 <li>192 bits</li>
+    ///                 <li>256 bits</li></ul>
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
+    pub fn mbedtls_aes_setkey_dec(
+        ctx: *mut mbedtls_aes_context,
+        key: *const crate::c_types::c_uchar,
+        keybits: crate::c_types::c_uint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function prepares an XTS context for encryption and
+    ///                 sets the encryption key.
+    ///
+    /// \param ctx      The AES XTS context to which the key should be bound.
+    ///                 It must be initialized.
+    /// \param key      The encryption key. This is comprised of the XTS key1
+    ///                 concatenated with the XTS key2.
+    ///                 This must be a readable buffer of size \p keybits bits.
+    /// \param keybits  The size of \p key passed in bits. Valid options are:
+    ///                 <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li>
+    ///                 <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul>
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
+    pub fn mbedtls_aes_xts_setkey_enc(
+        ctx: *mut mbedtls_aes_xts_context,
+        key: *const crate::c_types::c_uchar,
+        keybits: crate::c_types::c_uint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function prepares an XTS context for decryption and
+    ///                 sets the decryption key.
+    ///
+    /// \param ctx      The AES XTS context to which the key should be bound.
+    ///                 It must be initialized.
+    /// \param key      The decryption key. This is comprised of the XTS key1
+    ///                 concatenated with the XTS key2.
+    ///                 This must be a readable buffer of size \p keybits bits.
+    /// \param keybits  The size of \p key passed in bits. Valid options are:
+    ///                 <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li>
+    ///                 <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul>
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
+    pub fn mbedtls_aes_xts_setkey_dec(
+        ctx: *mut mbedtls_aes_xts_context,
+        key: *const crate::c_types::c_uchar,
+        keybits: crate::c_types::c_uint,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          This function performs an AES single-block encryption or
+    ///                 decryption operation.
+    ///
+    ///                 It performs the operation defined in the \p mode parameter
+    ///                 (encrypt or decrypt), on the input data buffer defined in
+    ///                 the \p input parameter.
+    ///
+    ///                 mbedtls_aes_init(), and either mbedtls_aes_setkey_enc() or
+    ///                 mbedtls_aes_setkey_dec() must be called before the first
+    ///                 call to this API with the same context.
+    ///
+    /// \param ctx      The AES context to use for encryption or decryption.
+    ///                 It must be initialized and bound to a key.
+    /// \param mode     The AES operation: #MBEDTLS_AES_ENCRYPT or
+    ///                 #MBEDTLS_AES_DECRYPT.
+    /// \param input    The buffer holding the input data.
+    ///                 It must be readable and at least \c 16 Bytes long.
+    /// \param output   The buffer where the output data will be written.
+    ///                 It must be writeable and at least \c 16 Bytes long.
+    ///
+    /// \return         \c 0 on success.
+    pub fn mbedtls_aes_crypt_ecb(
+        ctx: *mut mbedtls_aes_context,
+        mode: crate::c_types::c_int,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief  This function performs an AES-CBC encryption or decryption operation
+    ///         on full blocks.
+    ///
+    ///         It performs the operation defined in the \p mode
+    ///         parameter (encrypt/decrypt), on the input data buffer defined in
+    ///         the \p input parameter.
+    ///
+    ///         It can be called as many times as needed, until all the input
+    ///         data is processed. mbedtls_aes_init(), and either
+    ///         mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called
+    ///         before the first call to this API with the same context.
+    ///
+    /// \note   This function operates on full blocks, that is, the input size
+    ///         must be a multiple of the AES block size of \c 16 Bytes.
+    ///
+    /// \note   Upon exit, the content of the IV is updated so that you can
+    ///         call the same function again on the next
+    ///         block(s) of data and get the same result as if it was
+    ///         encrypted in one call. This allows a "streaming" usage.
+    ///         If you need to retain the contents of the IV, you should
+    ///         either save it manually or use the cipher module instead.
+    ///
+    ///
+    /// \param ctx      The AES context to use for encryption or decryption.
+    ///                 It must be initialized and bound to a key.
+    /// \param mode     The AES operation: #MBEDTLS_AES_ENCRYPT or
+    ///                 #MBEDTLS_AES_DECRYPT.
+    /// \param length   The length of the input data in Bytes. This must be a
+    ///                 multiple of the block size (\c 16 Bytes).
+    /// \param iv       Initialization vector (updated after use).
+    ///                 It must be a readable and writeable buffer of \c 16 Bytes.
+    /// \param input    The buffer holding the input data.
+    ///                 It must be readable and of size \p length Bytes.
+    /// \param output   The buffer holding the output data.
+    ///                 It must be writeable and of size \p length Bytes.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
+    ///                 on failure.
+    pub fn mbedtls_aes_crypt_cbc(
+        ctx: *mut mbedtls_aes_context,
+        mode: crate::c_types::c_int,
+        length: usize,
+        iv: *mut crate::c_types::c_uchar,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief      This function performs an AES-XTS encryption or decryption
+    ///             operation for an entire XTS data unit.
+    ///
+    ///             AES-XTS encrypts or decrypts blocks based on their location as
+    ///             defined by a data unit number. The data unit number must be
+    ///             provided by \p data_unit.
+    ///
+    ///             NIST SP 800-38E limits the maximum size of a data unit to 2^20
+    ///             AES blocks. If the data unit is larger than this, this function
+    ///             returns #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH.
+    ///
+    /// \param ctx          The AES XTS context to use for AES XTS operations.
+    ///                     It must be initialized and bound to a key.
+    /// \param mode         The AES operation: #MBEDTLS_AES_ENCRYPT or
+    ///                     #MBEDTLS_AES_DECRYPT.
+    /// \param length       The length of a data unit in Bytes. This can be any
+    ///                     length between 16 bytes and 2^24 bytes inclusive
+    ///                     (between 1 and 2^20 block cipher blocks).
+    /// \param data_unit    The address of the data unit encoded as an array of 16
+    ///                     bytes in little-endian format. For disk encryption, this
+    ///                     is typically the index of the block device sector that
+    ///                     contains the data.
+    /// \param input        The buffer holding the input data (which is an entire
+    ///                     data unit). This function reads \p length Bytes from \p
+    ///                     input.
+    /// \param output       The buffer holding the output data (which is an entire
+    ///                     data unit). This function writes \p length Bytes to \p
+    ///                     output.
+    ///
+    /// \return             \c 0 on success.
+    /// \return             #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH if \p length is
+    ///                     smaller than an AES block in size (16 Bytes) or if \p
+    ///                     length is larger than 2^20 blocks (16 MiB).
+    pub fn mbedtls_aes_crypt_xts(
+        ctx: *mut mbedtls_aes_xts_context,
+        mode: crate::c_types::c_int,
+        length: usize,
+        data_unit: *const crate::c_types::c_uchar,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief This function performs an AES-CFB128 encryption or decryption
+    ///        operation.
+    ///
+    ///        It performs the operation defined in the \p mode
+    ///        parameter (encrypt or decrypt), on the input data buffer
+    ///        defined in the \p input parameter.
+    ///
+    ///        For CFB, you must set up the context with mbedtls_aes_setkey_enc(),
+    ///        regardless of whether you are performing an encryption or decryption
+    ///        operation, that is, regardless of the \p mode parameter. This is
+    ///        because CFB mode uses the same key schedule for encryption and
+    ///        decryption.
+    ///
+    /// \note  Upon exit, the content of the IV is updated so that you can
+    ///        call the same function again on the next
+    ///        block(s) of data and get the same result as if it was
+    ///        encrypted in one call. This allows a "streaming" usage.
+    ///        If you need to retain the contents of the
+    ///        IV, you must either save it manually or use the cipher
+    ///        module instead.
+    ///
+    ///
+    /// \param ctx      The AES context to use for encryption or decryption.
+    ///                 It must be initialized and bound to a key.
+    /// \param mode     The AES operation: #MBEDTLS_AES_ENCRYPT or
+    ///                 #MBEDTLS_AES_DECRYPT.
+    /// \param length   The length of the input data in Bytes.
+    /// \param iv_off   The offset in IV (updated after use).
+    ///                 It must point to a valid \c size_t.
+    /// \param iv       The initialization vector (updated after use).
+    ///                 It must be a readable and writeable buffer of \c 16 Bytes.
+    /// \param input    The buffer holding the input data.
+    ///                 It must be readable and of size \p length Bytes.
+    /// \param output   The buffer holding the output data.
+    ///                 It must be writeable and of size \p length Bytes.
+    ///
+    /// \return         \c 0 on success.
+    pub fn mbedtls_aes_crypt_cfb128(
+        ctx: *mut mbedtls_aes_context,
+        mode: crate::c_types::c_int,
+        length: usize,
+        iv_off: *mut usize,
+        iv: *mut crate::c_types::c_uchar,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief This function performs an AES-CFB8 encryption or decryption
+    ///        operation.
+    ///
+    ///        It performs the operation defined in the \p mode
+    ///        parameter (encrypt/decrypt), on the input data buffer defined
+    ///        in the \p input parameter.
+    ///
+    ///        Due to the nature of CFB, you must use the same key schedule for
+    ///        both encryption and decryption operations. Therefore, you must
+    ///        use the context initialized with mbedtls_aes_setkey_enc() for
+    ///        both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT.
+    ///
+    /// \note  Upon exit, the content of the IV is updated so that you can
+    ///        call the same function again on the next
+    ///        block(s) of data and get the same result as if it was
+    ///        encrypted in one call. This allows a "streaming" usage.
+    ///        If you need to retain the contents of the
+    ///        IV, you should either save it manually or use the cipher
+    ///        module instead.
+    ///
+    ///
+    /// \param ctx      The AES context to use for encryption or decryption.
+    ///                 It must be initialized and bound to a key.
+    /// \param mode     The AES operation: #MBEDTLS_AES_ENCRYPT or
+    ///                 #MBEDTLS_AES_DECRYPT
+    /// \param length   The length of the input data.
+    /// \param iv       The initialization vector (updated after use).
+    ///                 It must be a readable and writeable buffer of \c 16 Bytes.
+    /// \param input    The buffer holding the input data.
+    ///                 It must be readable and of size \p length Bytes.
+    /// \param output   The buffer holding the output data.
+    ///                 It must be writeable and of size \p length Bytes.
+    ///
+    /// \return         \c 0 on success.
+    pub fn mbedtls_aes_crypt_cfb8(
+        ctx: *mut mbedtls_aes_context,
+        mode: crate::c_types::c_int,
+        length: usize,
+        iv: *mut crate::c_types::c_uchar,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief       This function performs an AES-OFB (Output Feedback Mode)
+    ///              encryption or decryption operation.
+    ///
+    ///              For OFB, you must set up the context with
+    ///              mbedtls_aes_setkey_enc(), regardless of whether you are
+    ///              performing an encryption or decryption operation. This is
+    ///              because OFB mode uses the same key schedule for encryption and
+    ///              decryption.
+    ///
+    ///              The OFB operation is identical for encryption or decryption,
+    ///              therefore no operation mode needs to be specified.
+    ///
+    /// \note        Upon exit, the content of iv, the Initialisation Vector, is
+    ///              updated so that you can call the same function again on the next
+    ///              block(s) of data and get the same result as if it was encrypted
+    ///              in one call. This allows a "streaming" usage, by initialising
+    ///              iv_off to 0 before the first call, and preserving its value
+    ///              between calls.
+    ///
+    ///              For non-streaming use, the iv should be initialised on each call
+    ///              to a unique value, and iv_off set to 0 on each call.
+    ///
+    ///              If you need to retain the contents of the initialisation vector,
+    ///              you must either save it manually or use the cipher module
+    ///              instead.
+    ///
+    /// \warning     For the OFB mode, the initialisation vector must be unique
+    ///              every encryption operation. Reuse of an initialisation vector
+    ///              will compromise security.
+    ///
+    /// \param ctx      The AES context to use for encryption or decryption.
+    ///                 It must be initialized and bound to a key.
+    /// \param length   The length of the input data.
+    /// \param iv_off   The offset in IV (updated after use).
+    ///                 It must point to a valid \c size_t.
+    /// \param iv       The initialization vector (updated after use).
+    ///                 It must be a readable and writeable buffer of \c 16 Bytes.
+    /// \param input    The buffer holding the input data.
+    ///                 It must be readable and of size \p length Bytes.
+    /// \param output   The buffer holding the output data.
+    ///                 It must be writeable and of size \p length Bytes.
+    ///
+    /// \return         \c 0 on success.
+    pub fn mbedtls_aes_crypt_ofb(
+        ctx: *mut mbedtls_aes_context,
+        length: usize,
+        iv_off: *mut usize,
+        iv: *mut crate::c_types::c_uchar,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief      This function performs an AES-CTR encryption or decryption
+    ///             operation.
+    ///
+    ///             Due to the nature of CTR, you must use the same key schedule
+    ///             for both encryption and decryption operations. Therefore, you
+    ///             must use the context initialized with mbedtls_aes_setkey_enc()
+    ///             for both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT.
+    ///
+    /// \warning    You must never reuse a nonce value with the same key. Doing so
+    ///             would void the encryption for the two messages encrypted with
+    ///             the same nonce and key.
+    ///
+    ///             There are two common strategies for managing nonces with CTR:
+    ///
+    ///             1. You can handle everything as a single message processed over
+    ///             successive calls to this function. In that case, you want to
+    ///             set \p nonce_counter and \p nc_off to 0 for the first call, and
+    ///             then preserve the values of \p nonce_counter, \p nc_off and \p
+    ///             stream_block across calls to this function as they will be
+    ///             updated by this function.
+    ///
+    ///             With this strategy, you must not encrypt more than 2**128
+    ///             blocks of data with the same key.
+    ///
+    ///             2. You can encrypt separate messages by dividing the \p
+    ///             nonce_counter buffer in two areas: the first one used for a
+    ///             per-message nonce, handled by yourself, and the second one
+    ///             updated by this function internally.
+    ///
+    ///             For example, you might reserve the first 12 bytes for the
+    ///             per-message nonce, and the last 4 bytes for internal use. In that
+    ///             case, before calling this function on a new message you need to
+    ///             set the first 12 bytes of \p nonce_counter to your chosen nonce
+    ///             value, the last 4 to 0, and \p nc_off to 0 (which will cause \p
+    ///             stream_block to be ignored). That way, you can encrypt at most
+    ///             2**96 messages of up to 2**32 blocks each with the same key.
+    ///
+    ///             The per-message nonce (or information sufficient to reconstruct
+    ///             it) needs to be communicated with the ciphertext and must be unique.
+    ///             The recommended way to ensure uniqueness is to use a message
+    ///             counter. An alternative is to generate random nonces, but this
+    ///             limits the number of messages that can be securely encrypted:
+    ///             for example, with 96-bit random nonces, you should not encrypt
+    ///             more than 2**32 messages with the same key.
+    ///
+    ///             Note that for both strategies, sizes are measured in blocks and
+    ///             that an AES block is 16 bytes.
+    ///
+    /// \warning    Upon return, \p stream_block contains sensitive data. Its
+    ///             content must not be written to insecure storage and should be
+    ///             securely discarded as soon as it's no longer needed.
+    ///
+    /// \param ctx              The AES context to use for encryption or decryption.
+    ///                         It must be initialized and bound to a key.
+    /// \param length           The length of the input data.
+    /// \param nc_off           The offset in the current \p stream_block, for
+    ///                         resuming within the current cipher stream. The
+    ///                         offset pointer should be 0 at the start of a stream.
+    ///                         It must point to a valid \c size_t.
+    /// \param nonce_counter    The 128-bit nonce and counter.
+    ///                         It must be a readable-writeable buffer of \c 16 Bytes.
+    /// \param stream_block     The saved stream block for resuming. This is
+    ///                         overwritten by the function.
+    ///                         It must be a readable-writeable buffer of \c 16 Bytes.
+    /// \param input            The buffer holding the input data.
+    ///                         It must be readable and of size \p length Bytes.
+    /// \param output           The buffer holding the output data.
+    ///                         It must be writeable and of size \p length Bytes.
+    ///
+    /// \return                 \c 0 on success.
+    pub fn mbedtls_aes_crypt_ctr(
+        ctx: *mut mbedtls_aes_context,
+        length: usize,
+        nc_off: *mut usize,
+        nonce_counter: *mut crate::c_types::c_uchar,
+        stream_block: *mut crate::c_types::c_uchar,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Internal AES block encryption function. This is only
+    ///                  exposed to allow overriding it using
+    ///                  \c MBEDTLS_AES_ENCRYPT_ALT.
+    ///
+    /// \param ctx       The AES context to use for encryption.
+    /// \param input     The plaintext block.
+    /// \param output    The output (ciphertext) block.
+    ///
+    /// \return          \c 0 on success.
+    pub fn mbedtls_internal_aes_encrypt(
+        ctx: *mut mbedtls_aes_context,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief           Internal AES block decryption function. This is only
+    ///                  exposed to allow overriding it using see
+    ///                  \c MBEDTLS_AES_DECRYPT_ALT.
+    ///
+    /// \param ctx       The AES context to use for decryption.
+    /// \param input     The ciphertext block.
+    /// \param output    The output (plaintext) block.
+    ///
+    /// \return          \c 0 on success.
+    pub fn mbedtls_internal_aes_decrypt(
+        ctx: *mut mbedtls_aes_context,
+        input: *const crate::c_types::c_uchar,
+        output: *mut crate::c_types::c_uchar,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief          Checkup routine.
+    ///
+    /// \return         \c 0 on success.
+    /// \return         \c 1 on failure.
+    pub fn mbedtls_aes_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
+/// \brief          The CTR_DRBG context structure.
+#[repr(C)]
+#[derive(Copy, Clone)]
+pub struct mbedtls_ctr_drbg_context {
+    pub private_counter: [crate::c_types::c_uchar; 16usize],
+    pub private_reseed_counter: crate::c_types::c_int,
+    pub private_prediction_resistance: crate::c_types::c_int,
+    pub private_entropy_len: usize,
+    pub private_reseed_interval: crate::c_types::c_int,
+    pub private_aes_ctx: mbedtls_aes_context,
+    pub private_f_entropy: ::core::option::Option<
+        unsafe extern "C" fn(
+            arg1: *mut crate::c_types::c_void,
+            arg2: *mut crate::c_types::c_uchar,
+            arg3: usize,
+        ) -> crate::c_types::c_int,
+    >,
+    pub private_p_entropy: *mut crate::c_types::c_void,
+}
+extern "C" {
+    /// \brief               This function initializes the CTR_DRBG context,
+    ///                      and prepares it for mbedtls_ctr_drbg_seed()
+    ///                      or mbedtls_ctr_drbg_free().
+    ///
+    /// \note                The reseed interval is
+    ///                      #MBEDTLS_CTR_DRBG_RESEED_INTERVAL by default.
+    ///                      You can override it by calling
+    ///                      mbedtls_ctr_drbg_set_reseed_interval().
+    ///
+    /// \param ctx           The CTR_DRBG context to initialize.
+    pub fn mbedtls_ctr_drbg_init(ctx: *mut mbedtls_ctr_drbg_context);
+}
+extern "C" {
+    /// - The \p custom string.
+    ///
+    /// \note                To achieve the nominal security strength permitted
+    ///                      by CTR_DRBG, the entropy length must be:
+    ///                      - at least 16 bytes for a 128-bit strength
+    ///                      (maximum achievable strength when using AES-128);
+    ///                      - at least 32 bytes for a 256-bit strength
+    ///                      (maximum achievable strength when using AES-256).
+    ///
+    ///                      In addition, if you do not pass a nonce in \p custom,
+    ///                      the sum of the entropy length
+    ///                      and the entropy nonce length must be:
+    ///                      - at least 24 bytes for a 128-bit strength
+    ///                      (maximum achievable strength when using AES-128);
+    ///                      - at least 48 bytes for a 256-bit strength
+    ///                      (maximum achievable strength when using AES-256).
+    ///
+    /// \param ctx           The CTR_DRBG context to seed.
+    ///                      It must have been initialized with
+    ///                      mbedtls_ctr_drbg_init().
+    ///                      After a successful call to mbedtls_ctr_drbg_seed(),
+    ///                      you may not call mbedtls_ctr_drbg_seed() again on
+    ///                      the same context unless you call
+    ///                      mbedtls_ctr_drbg_free() and mbedtls_ctr_drbg_init()
+    ///                      again first.
+    ///                      After a failed call to mbedtls_ctr_drbg_seed(),
+    ///                      you must call mbedtls_ctr_drbg_free().
+    /// \param f_entropy     The entropy callback, taking as arguments the
+    ///                      \p p_entropy context, the buffer to fill, and the
+    ///                      length of the buffer.
+    ///                      \p f_entropy is always called with a buffer size
+    ///                      less than or equal to the entropy length.
+    /// \param p_entropy     The entropy context to pass to \p f_entropy.
+    /// \param custom        The personalization string.
+    ///                      This can be \c NULL, in which case the personalization
+    ///                      string is empty regardless of the value of \p len.
+    /// \param len           The length of the personalization string.
+    ///                      This must be at most
+    ///                      #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT
+    ///                      - #MBEDTLS_CTR_DRBG_ENTROPY_LEN.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
+    pub fn mbedtls_ctr_drbg_seed(
+        ctx: *mut mbedtls_ctr_drbg_context,
+        f_entropy: ::core::option::Option<
+            unsafe extern "C" fn(
+                arg1: *mut crate::c_types::c_void,
+                arg2: *mut crate::c_types::c_uchar,
+                arg3: usize,
+            ) -> crate::c_types::c_int,
+        >,
+        p_entropy: *mut crate::c_types::c_void,
+        custom: *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function resets CTR_DRBG context to the state immediately
+    ///                      after initial call of mbedtls_ctr_drbg_init().
+    ///
+    /// \param ctx           The CTR_DRBG context to clear.
+    pub fn mbedtls_ctr_drbg_free(ctx: *mut mbedtls_ctr_drbg_context);
+}
+extern "C" {
+    /// \brief               This function turns prediction resistance on or off.
+    ///                      The default value is off.
+    ///
+    /// \note                If enabled, entropy is gathered at the beginning of
+    ///                      every call to mbedtls_ctr_drbg_random_with_add()
+    ///                      or mbedtls_ctr_drbg_random().
+    ///                      Only use this if your entropy source has sufficient
+    ///                      throughput.
+    ///
+    /// \param ctx           The CTR_DRBG context.
+    /// \param resistance    #MBEDTLS_CTR_DRBG_PR_ON or #MBEDTLS_CTR_DRBG_PR_OFF.
+    pub fn mbedtls_ctr_drbg_set_prediction_resistance(
+        ctx: *mut mbedtls_ctr_drbg_context,
+        resistance: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief               This function sets the amount of entropy grabbed on each
+    ///                      seed or reseed.
+    ///
+    /// The default value is #MBEDTLS_CTR_DRBG_ENTROPY_LEN.
+    ///
+    /// \note                The security strength of CTR_DRBG is bounded by the
+    ///                      entropy length. Thus:
+    ///                      - When using AES-256
+    ///                        (\c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is disabled,
+    ///                        which is the default),
+    ///                        \p len must be at least 32 (in bytes)
+    ///                        to achieve a 256-bit strength.
+    ///                      - When using AES-128
+    ///                        (\c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is enabled)
+    ///                        \p len must be at least 16 (in bytes)
+    ///                        to achieve a 128-bit strength.
+    ///
+    /// \param ctx           The CTR_DRBG context.
+    /// \param len           The amount of entropy to grab, in bytes.
+    ///                      This must be at most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT
+    ///                      and at most the maximum length accepted by the
+    ///                      entropy function that is set in the context.
+    pub fn mbedtls_ctr_drbg_set_entropy_len(ctx: *mut mbedtls_ctr_drbg_context, len: usize);
+}
+extern "C" {
+    /// \brief               This function sets the amount of entropy grabbed
+    ///                      as a nonce for the initial seeding.
+    ///
+    /// Call this function before calling mbedtls_ctr_drbg_seed() to read
+    /// a nonce from the entropy source during the initial seeding.
+    ///
+    /// \param ctx           The CTR_DRBG context.
+    /// \param len           The amount of entropy to grab for the nonce, in bytes.
+    ///                      This must be at most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT
+    ///                      and at most the maximum length accepted by the
+    ///                      entropy function that is set in the context.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if \p len is
+    ///                      more than #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
+    /// \return              #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
+    ///                      if the initial seeding has already taken place.
+    pub fn mbedtls_ctr_drbg_set_nonce_len(
+        ctx: *mut mbedtls_ctr_drbg_context,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               This function sets the reseed interval.
+    ///
+    /// The reseed interval is the number of calls to mbedtls_ctr_drbg_random()
+    /// or mbedtls_ctr_drbg_random_with_add() after which the entropy function
+    /// is called again.
+    ///
+    /// The default value is #MBEDTLS_CTR_DRBG_RESEED_INTERVAL.
+    ///
+    /// \param ctx           The CTR_DRBG context.
+    /// \param interval      The reseed interval.
+    pub fn mbedtls_ctr_drbg_set_reseed_interval(
+        ctx: *mut mbedtls_ctr_drbg_context,
+        interval: crate::c_types::c_int,
+    );
+}
+extern "C" {
+    /// \brief               This function reseeds the CTR_DRBG context, that is
+    ///                      extracts data from the entropy source.
+    ///
+    /// \note                This function is not thread-safe. It is not safe
+    ///                      to call this function if another thread might be
+    ///                      concurrently obtaining random numbers from the same
+    ///                      context or updating or reseeding the same context.
+    ///
+    /// \param ctx           The CTR_DRBG context.
+    /// \param additional    Additional data to add to the state. Can be \c NULL.
+    /// \param len           The length of the additional data.
+    ///                      This must be less than
+    ///                      #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - \c entropy_len
+    ///                      where \c entropy_len is the entropy length
+    ///                      configured for the context.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
+    pub fn mbedtls_ctr_drbg_reseed(
+        ctx: *mut mbedtls_ctr_drbg_context,
+        additional: *const crate::c_types::c_uchar,
+        len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief              This function updates the state of the CTR_DRBG context.
+    ///
+    /// \note                This function is not thread-safe. It is not safe
+    ///                      to call this function if another thread might be
+    ///                      concurrently obtaining random numbers from the same
+    ///                      context or updating or reseeding the same context.
+    ///
+    /// \param ctx          The CTR_DRBG context.
+    /// \param additional   The data to update the state with. This must not be
+    ///                     \c NULL unless \p add_len is \c 0.
+    /// \param add_len      Length of \p additional in bytes. This must be at
+    ///                     most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
+    ///
+    /// \return             \c 0 on success.
+    /// \return             #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if
+    ///                     \p add_len is more than
+    ///                     #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
+    /// \return             An error from the underlying AES cipher on failure.
+    pub fn mbedtls_ctr_drbg_update(
+        ctx: *mut mbedtls_ctr_drbg_context,
+        additional: *const crate::c_types::c_uchar,
+        add_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief   This function updates a CTR_DRBG instance with additional
+    ///          data and uses it to generate random data.
+    ///
+    /// This function automatically reseeds if the reseed counter is exceeded
+    /// or prediction resistance is enabled.
+    ///
+    /// \note                This function is not thread-safe. It is not safe
+    ///                      to call this function if another thread might be
+    ///                      concurrently obtaining random numbers from the same
+    ///                      context or updating or reseeding the same context.
+    ///
+    /// \param p_rng         The CTR_DRBG context. This must be a pointer to a
+    ///                      #mbedtls_ctr_drbg_context structure.
+    /// \param output        The buffer to fill.
+    /// \param output_len    The length of the buffer in bytes.
+    /// \param additional    Additional data to update. Can be \c NULL, in which
+    ///                      case the additional data is empty regardless of
+    ///                      the value of \p add_len.
+    /// \param add_len       The length of the additional data
+    ///                      if \p additional is not \c NULL.
+    ///                      This must be less than #MBEDTLS_CTR_DRBG_MAX_INPUT
+    ///                      and less than
+    ///                      #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - \c entropy_len
+    ///                      where \c entropy_len is the entropy length
+    ///                      configured for the context.
+    ///
+    /// \return    \c 0 on success.
+    /// \return    #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
+    ///            #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure.
+    pub fn mbedtls_ctr_drbg_random_with_add(
+        p_rng: *mut crate::c_types::c_void,
+        output: *mut crate::c_types::c_uchar,
+        output_len: usize,
+        additional: *const crate::c_types::c_uchar,
+        add_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \param p_rng         The CTR_DRBG context. This must be a pointer to a
+    ///                      #mbedtls_ctr_drbg_context structure.
+    /// \param output        The buffer to fill.
+    /// \param output_len    The length of the buffer in bytes.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
+    ///                      #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure.
+    pub fn mbedtls_ctr_drbg_random(
+        p_rng: *mut crate::c_types::c_void,
+        output: *mut crate::c_types::c_uchar,
+        output_len: usize,
+    ) -> crate::c_types::c_int;
+}
+extern "C" {
+    /// \brief               The CTR_DRBG checkup routine.
+    ///
+    /// \return              \c 0 on success.
+    /// \return              \c 1 on failure.
+    pub fn mbedtls_ctr_drbg_self_test(verbose: crate::c_types::c_int) -> crate::c_types::c_int;
+}
diff --git a/esp-mbedtls-sys/src/lib.rs b/esp-mbedtls-sys/src/lib.rs
index 8dbce9d..bf1f67a 100644
--- a/esp-mbedtls-sys/src/lib.rs
+++ b/esp-mbedtls-sys/src/lib.rs
@@ -1,4 +1,9 @@
 #![no_std]
 
-pub mod bindings;
 pub mod c_types;
+
+#[cfg_attr(feature = "esp32", path = "include/esp32.rs")]
+#[cfg_attr(feature = "esp32c3", path = "include/esp32c3.rs")]
+#[cfg_attr(feature = "esp32s2", path = "include/esp32s2.rs")]
+#[cfg_attr(feature = "esp32s3", path = "include/esp32s3.rs")]
+pub mod bindings;
diff --git a/esp-mbedtls/Cargo.toml b/esp-mbedtls/Cargo.toml
index 61e8bc4..ed87ba4 100644
--- a/esp-mbedtls/Cargo.toml
+++ b/esp-mbedtls/Cargo.toml
@@ -7,6 +7,14 @@ edition = "2021"
 esp-mbedtls-sys = { path = "../esp-mbedtls-sys" }
 log = "0.4.17"
 embedded-io = "0.4.0"
+esp32-hal = { version = "0.15.0", optional = true }
+esp32c3-hal = { version = "0.12.0", optional = true }
+esp32s2-hal = { version = "0.12.0", optional = true }
+esp32s3-hal = { version = "0.12.0", optional = true }
 
 [features]
 async = ["embedded-io/async"]
+esp32 = ["esp32-hal", "esp-mbedtls-sys/esp32"]
+esp32c3 = ["esp32c3-hal", "esp-mbedtls-sys/esp32c3"]
+esp32s2 = ["esp32s2-hal", "esp-mbedtls-sys/esp32s2"]
+esp32s3 = ["esp32s3-hal", "esp-mbedtls-sys/esp32s3"]
diff --git a/esp-mbedtls/src/lib.rs b/esp-mbedtls/src/lib.rs
index e0170f2..f787044 100644
--- a/esp-mbedtls/src/lib.rs
+++ b/esp-mbedtls/src/lib.rs
@@ -4,6 +4,19 @@
 #![feature(impl_trait_projections)]
 #![allow(incomplete_features)]
 
+#[doc(hidden)]
+#[cfg(feature = "esp32")]
+pub use esp32_hal as hal;
+#[doc(hidden)]
+#[cfg(feature = "esp32c3")]
+pub use esp32c3_hal as hal;
+#[doc(hidden)]
+#[cfg(feature = "esp32s2")]
+pub use esp32s2_hal as hal;
+#[doc(hidden)]
+#[cfg(feature = "esp32s3")]
+pub use esp32s3_hal as hal;
+
 mod compat;
 
 use core::ffi::CStr;
@@ -325,7 +338,7 @@ impl<'a> Certificates<'a> {
                 error_checked!(mbedtls_x509_crt_parse(
                     crt,
                     ca_chain.as_ptr(),
-                    ca_chain.len() as u32,
+                    ca_chain.len(),
                 ))?;
             }
 
@@ -334,19 +347,19 @@ impl<'a> Certificates<'a> {
                 error_checked!(mbedtls_x509_crt_parse(
                     certificate,
                     cert.as_ptr(),
-                    cert.len() as u32,
+                    cert.len(),
                 ))?;
 
                 // Private key
                 let (password_ptr, password_len) = if let Some(password) = self.password {
-                    (password.as_ptr(), password.len() as u32)
+                    (password.as_ptr(), password.len())
                 } else {
                     (core::ptr::null(), 0)
                 };
                 error_checked!(mbedtls_pk_parse_key(
                     private_key,
                     key.as_ptr(),
-                    key.len() as u32,
+                    key.len(),
                     password_ptr,
                     password_len,
                     None,
@@ -441,7 +454,7 @@ where
                 None,
             );
 
-            mbedtls_ssl_write(self.ssl_context, buf.as_ptr(), buf.len() as u32)
+            mbedtls_ssl_write(self.ssl_context, buf.as_ptr(), buf.len())
         }
     }
 
@@ -455,11 +468,11 @@ where
                 None,
             );
 
-            mbedtls_ssl_read(self.ssl_context, buf.as_mut_ptr(), buf.len() as u32)
+            mbedtls_ssl_read(self.ssl_context, buf.as_mut_ptr(), buf.len())
         }
     }
 
-    unsafe extern "C" fn send(ctx: *mut c_void, buf: *const c_uchar, len: u32) -> c_int {
+    unsafe extern "C" fn send(ctx: *mut c_void, buf: *const c_uchar, len: usize) -> c_int {
         let session = ctx as *mut Session<T>;
         let stream = &mut (*session).stream;
         let slice = core::ptr::slice_from_raw_parts(buf as *const u8, len as usize);
@@ -477,7 +490,7 @@ where
         }
     }
 
-    unsafe extern "C" fn receive(ctx: *mut c_void, buf: *mut c_uchar, len: u32) -> c_int {
+    unsafe extern "C" fn receive(ctx: *mut c_void, buf: *mut c_uchar, len: usize) -> c_int {
         let session = ctx as *mut Session<T>;
         let stream = &mut (*session).stream;
         let mut buffer = core::slice::from_raw_parts_mut(buf as *mut u8, len as usize);
@@ -736,7 +749,7 @@ pub mod asynch {
                 );
                 self.drain_tx_buffer().await?;
 
-                let len = mbedtls_ssl_write(self.ssl_context, buf.as_ptr(), buf.len() as u32);
+                let len = mbedtls_ssl_write(self.ssl_context, buf.as_ptr(), buf.len());
                 self.drain_tx_buffer().await?;
 
                 Ok(len)
@@ -772,8 +785,7 @@ pub mod asynch {
 
                 if !self.rx_buffer.empty() {
                     log::debug!("<<< read data from mbedtls");
-                    let res =
-                        mbedtls_ssl_read(self.ssl_context, buf.as_mut_ptr(), buf.len() as u32);
+                    let res = mbedtls_ssl_read(self.ssl_context, buf.as_mut_ptr(), buf.len());
                     log::debug!("<<< mbedtls returned {res}");
 
                     if res == MBEDTLS_ERR_SSL_WANT_READ {
@@ -790,7 +802,7 @@ pub mod asynch {
             }
         }
 
-        unsafe extern "C" fn sync_send(ctx: *mut c_void, buf: *const c_uchar, len: u32) -> c_int {
+        unsafe extern "C" fn sync_send(ctx: *mut c_void, buf: *const c_uchar, len: usize) -> c_int {
             log::debug!("*** sync send called, bytes={len}");
             let session = ctx as *mut Session<T, BUFFER_SIZE>;
             let slice = core::ptr::slice_from_raw_parts(
@@ -808,7 +820,11 @@ pub mod asynch {
             }
         }
 
-        unsafe extern "C" fn sync_receive(ctx: *mut c_void, buf: *mut c_uchar, len: u32) -> c_int {
+        unsafe extern "C" fn sync_receive(
+            ctx: *mut c_void,
+            buf: *mut c_uchar,
+            len: usize,
+        ) -> c_int {
             log::debug!("*** sync rcv, len={}", len);
             let session = ctx as *mut Session<T, BUFFER_SIZE>;
 
@@ -974,7 +990,7 @@ unsafe extern "C" fn dbg_print(
     );
 }
 
-unsafe extern "C" fn rng(_param: *mut c_void, buffer: *mut c_uchar, len: u32) -> c_int {
+unsafe extern "C" fn rng(_param: *mut c_void, buffer: *mut c_uchar, len: usize) -> c_int {
     for i in 0..len {
         buffer
             .offset(i as isize)
@@ -995,8 +1011,8 @@ unsafe extern "C" fn mbedtls_platform_zeroize(dst: *mut u8, len: u32) {
 unsafe extern "C" fn mbedtls_psa_external_get_random(
     _ctx: *mut (),
     output: *mut u8,
-    out_size: u32,
-    output_len: *mut u32,
+    out_size: usize,
+    output_len: *mut usize,
 ) -> i32 {
     *output_len = out_size;
     rng(core::ptr::null_mut(), output, out_size);
diff --git a/examples/async_client.rs b/examples/async_client.rs
index 568a916..1944c2c 100644
--- a/examples/async_client.rs
+++ b/examples/async_client.rs
@@ -11,6 +11,9 @@ pub use esp32_hal as hal;
 #[cfg(feature = "esp32c3")]
 pub use esp32c3_hal as hal;
 #[doc(hidden)]
+#[cfg(feature = "esp32s2")]
+pub use esp32s2_hal as hal;
+#[doc(hidden)]
 #[cfg(feature = "esp32s3")]
 pub use esp32s3_hal as hal;
 
@@ -28,9 +31,9 @@ use esp_println::logger::init_logger;
 use esp_println::{print, println};
 use esp_wifi::wifi::{WifiController, WifiDevice, WifiEvent, WifiMode, WifiState};
 use esp_wifi::{initialize, EspWifiInitFor};
-use hal::clock::{ClockControl, CpuClock};
+use hal::clock::ClockControl;
 use hal::Rng;
-use hal::{embassy, peripherals::Peripherals, prelude::*, timer::TimerGroup, Rtc};
+use hal::{embassy, peripherals::Peripherals, prelude::*, timer::TimerGroup};
 
 const SSID: &str = env!("SSID");
 const PASSWORD: &str = env!("PASSWORD");
@@ -56,21 +59,11 @@ fn main() -> ! {
     #[cfg(not(feature = "esp32"))]
     #[allow(unused_mut)]
     let mut system = peripherals.SYSTEM.split();
-    #[cfg(feature = "esp32c3")]
-    let clocks = ClockControl::configure(system.clock_control, CpuClock::Clock160MHz).freeze();
-    #[cfg(any(feature = "esp32", feature = "esp32s3"))]
-    let clocks = ClockControl::configure(system.clock_control, CpuClock::Clock240MHz).freeze();
-
-    let mut rtc = Rtc::new(peripherals.RTC_CNTL);
-
-    // Disable watchdog timers
-    #[cfg(not(feature = "esp32"))]
-    rtc.swd.disable();
-    rtc.rwdt.disable();
+    let clocks = ClockControl::max(system.clock_control).freeze();
 
     #[cfg(feature = "esp32c3")]
     let timer = hal::systimer::SystemTimer::new(peripherals.SYSTIMER).alarm0;
-    #[cfg(any(feature = "esp32", feature = "esp32s3"))]
+    #[cfg(any(feature = "esp32", feature = "esp32s2", feature = "esp32s3"))]
     let timer = hal::timer::TimerGroup::new(
         peripherals.TIMG1,
         &clocks,
@@ -86,8 +79,12 @@ fn main() -> ! {
     )
     .unwrap();
 
+    #[cfg(feature = "esp32s2")]
+    let wifi = peripherals.RADIO.split();
+    #[cfg(not(feature = "esp32s2"))]
     let (wifi, _) = peripherals.RADIO.split();
-    let (wifi_interface, controller) = esp_wifi::wifi::new_with_mode(&init, wifi, WifiMode::Sta);
+    let (wifi_interface, controller) =
+        esp_wifi::wifi::new_with_mode(&init, wifi, WifiMode::Sta).unwrap();
 
     let timer_group0 = TimerGroup::new(
         peripherals.TIMG0,
diff --git a/examples/async_client_mTLS.rs b/examples/async_client_mTLS.rs
index c1a389c..bbda903 100644
--- a/examples/async_client_mTLS.rs
+++ b/examples/async_client_mTLS.rs
@@ -11,6 +11,9 @@ pub use esp32_hal as hal;
 #[cfg(feature = "esp32c3")]
 pub use esp32c3_hal as hal;
 #[doc(hidden)]
+#[cfg(feature = "esp32s2")]
+pub use esp32s2_hal as hal;
+#[doc(hidden)]
 #[cfg(feature = "esp32s3")]
 pub use esp32s3_hal as hal;
 
@@ -28,9 +31,9 @@ use esp_println::logger::init_logger;
 use esp_println::{print, println};
 use esp_wifi::wifi::{WifiController, WifiDevice, WifiEvent, WifiMode, WifiState};
 use esp_wifi::{initialize, EspWifiInitFor};
-use hal::clock::{ClockControl, CpuClock};
+use hal::clock::ClockControl;
 use hal::Rng;
-use hal::{embassy, peripherals::Peripherals, prelude::*, timer::TimerGroup, Rtc};
+use hal::{embassy, peripherals::Peripherals, prelude::*, timer::TimerGroup};
 
 const SSID: &str = env!("SSID");
 const PASSWORD: &str = env!("PASSWORD");
@@ -56,21 +59,11 @@ fn main() -> ! {
     #[cfg(not(feature = "esp32"))]
     #[allow(unused_mut)]
     let mut system = peripherals.SYSTEM.split();
-    #[cfg(feature = "esp32c3")]
-    let clocks = ClockControl::configure(system.clock_control, CpuClock::Clock160MHz).freeze();
-    #[cfg(any(feature = "esp32", feature = "esp32s3"))]
-    let clocks = ClockControl::configure(system.clock_control, CpuClock::Clock240MHz).freeze();
-
-    let mut rtc = Rtc::new(peripherals.RTC_CNTL);
-
-    // Disable watchdog timers
-    #[cfg(not(feature = "esp32"))]
-    rtc.swd.disable();
-    rtc.rwdt.disable();
+    let clocks = ClockControl::max(system.clock_control).freeze();
 
     #[cfg(feature = "esp32c3")]
     let timer = hal::systimer::SystemTimer::new(peripherals.SYSTIMER).alarm0;
-    #[cfg(any(feature = "esp32", feature = "esp32s3"))]
+    #[cfg(any(feature = "esp32", feature = "esp32s2", feature = "esp32s3"))]
     let timer = hal::timer::TimerGroup::new(
         peripherals.TIMG1,
         &clocks,
@@ -86,8 +79,12 @@ fn main() -> ! {
     )
     .unwrap();
 
+    #[cfg(feature = "esp32s2")]
+    let wifi = peripherals.RADIO.split();
+    #[cfg(not(feature = "esp32s2"))]
     let (wifi, _) = peripherals.RADIO.split();
-    let (wifi_interface, controller) = esp_wifi::wifi::new_with_mode(&init, wifi, WifiMode::Sta);
+    let (wifi_interface, controller) =
+        esp_wifi::wifi::new_with_mode(&init, wifi, WifiMode::Sta).unwrap();
 
     let timer_group0 = TimerGroup::new(
         peripherals.TIMG0,
diff --git a/examples/async_server.rs b/examples/async_server.rs
index 0f76a4f..a8beeb3 100644
--- a/examples/async_server.rs
+++ b/examples/async_server.rs
@@ -14,6 +14,9 @@ pub use esp32_hal as hal;
 #[cfg(feature = "esp32c3")]
 pub use esp32c3_hal as hal;
 #[doc(hidden)]
+#[cfg(feature = "esp32s2")]
+pub use esp32s2_hal as hal;
+#[doc(hidden)]
 #[cfg(feature = "esp32s3")]
 pub use esp32s3_hal as hal;
 
@@ -31,9 +34,9 @@ use esp_println::logger::init_logger;
 use esp_println::{print, println};
 use esp_wifi::wifi::{WifiController, WifiDevice, WifiEvent, WifiMode, WifiState};
 use esp_wifi::{initialize, EspWifiInitFor};
-use hal::clock::{ClockControl, CpuClock};
+use hal::clock::ClockControl;
 use hal::Rng;
-use hal::{embassy, peripherals::Peripherals, prelude::*, timer::TimerGroup, Rtc};
+use hal::{embassy, peripherals::Peripherals, prelude::*, timer::TimerGroup};
 use smoltcp::wire::IpListenEndpoint;
 
 const SSID: &str = env!("SSID");
@@ -60,21 +63,11 @@ fn main() -> ! {
     #[cfg(not(feature = "esp32"))]
     #[allow(unused_mut)]
     let mut system = peripherals.SYSTEM.split();
-    #[cfg(feature = "esp32c3")]
-    let clocks = ClockControl::configure(system.clock_control, CpuClock::Clock160MHz).freeze();
-    #[cfg(any(feature = "esp32", feature = "esp32s3"))]
-    let clocks = ClockControl::configure(system.clock_control, CpuClock::Clock240MHz).freeze();
-
-    let mut rtc = Rtc::new(peripherals.RTC_CNTL);
-
-    // Disable watchdog timers
-    #[cfg(not(feature = "esp32"))]
-    rtc.swd.disable();
-    rtc.rwdt.disable();
+    let clocks = ClockControl::max(system.clock_control).freeze();
 
     #[cfg(feature = "esp32c3")]
     let timer = hal::systimer::SystemTimer::new(peripherals.SYSTIMER).alarm0;
-    #[cfg(any(feature = "esp32", feature = "esp32s3"))]
+    #[cfg(any(feature = "esp32", feature = "esp32s2", feature = "esp32s3"))]
     let timer = hal::timer::TimerGroup::new(
         peripherals.TIMG1,
         &clocks,
@@ -90,8 +83,12 @@ fn main() -> ! {
     )
     .unwrap();
 
+    #[cfg(feature = "esp32s2")]
+    let wifi = peripherals.RADIO.split();
+    #[cfg(not(feature = "esp32s2"))]
     let (wifi, _) = peripherals.RADIO.split();
-    let (wifi_interface, controller) = esp_wifi::wifi::new_with_mode(&init, wifi, WifiMode::Sta);
+    let (wifi_interface, controller) =
+        esp_wifi::wifi::new_with_mode(&init, wifi, WifiMode::Sta).unwrap();
 
     let timer_group0 = TimerGroup::new(
         peripherals.TIMG0,
diff --git a/examples/async_server_mTLS.rs b/examples/async_server_mTLS.rs
index a41e1da..824ee3e 100644
--- a/examples/async_server_mTLS.rs
+++ b/examples/async_server_mTLS.rs
@@ -31,6 +31,9 @@ pub use esp32_hal as hal;
 #[cfg(feature = "esp32c3")]
 pub use esp32c3_hal as hal;
 #[doc(hidden)]
+#[cfg(feature = "esp32s2")]
+pub use esp32s2_hal as hal;
+#[doc(hidden)]
 #[cfg(feature = "esp32s3")]
 pub use esp32s3_hal as hal;
 
@@ -48,9 +51,9 @@ use esp_println::logger::init_logger;
 use esp_println::{print, println};
 use esp_wifi::wifi::{WifiController, WifiDevice, WifiEvent, WifiMode, WifiState};
 use esp_wifi::{initialize, EspWifiInitFor};
-use hal::clock::{ClockControl, CpuClock};
+use hal::clock::ClockControl;
 use hal::Rng;
-use hal::{embassy, peripherals::Peripherals, prelude::*, timer::TimerGroup, Rtc};
+use hal::{embassy, peripherals::Peripherals, prelude::*, timer::TimerGroup};
 use smoltcp::wire::IpListenEndpoint;
 
 const SSID: &str = env!("SSID");
@@ -77,21 +80,11 @@ fn main() -> ! {
     #[cfg(not(feature = "esp32"))]
     #[allow(unused_mut)]
     let mut system = peripherals.SYSTEM.split();
-    #[cfg(feature = "esp32c3")]
-    let clocks = ClockControl::configure(system.clock_control, CpuClock::Clock160MHz).freeze();
-    #[cfg(any(feature = "esp32", feature = "esp32s3"))]
-    let clocks = ClockControl::configure(system.clock_control, CpuClock::Clock240MHz).freeze();
-
-    let mut rtc = Rtc::new(peripherals.RTC_CNTL);
-
-    // Disable watchdog timers
-    #[cfg(not(feature = "esp32"))]
-    rtc.swd.disable();
-    rtc.rwdt.disable();
+    let clocks = ClockControl::max(system.clock_control).freeze();
 
     #[cfg(feature = "esp32c3")]
     let timer = hal::systimer::SystemTimer::new(peripherals.SYSTIMER).alarm0;
-    #[cfg(any(feature = "esp32", feature = "esp32s3"))]
+    #[cfg(any(feature = "esp32", feature = "esp32s2", feature = "esp32s3"))]
     let timer = hal::timer::TimerGroup::new(
         peripherals.TIMG1,
         &clocks,
@@ -107,8 +100,12 @@ fn main() -> ! {
     )
     .unwrap();
 
+    #[cfg(feature = "esp32s2")]
+    let wifi = peripherals.RADIO.split();
+    #[cfg(not(feature = "esp32s2"))]
     let (wifi, _) = peripherals.RADIO.split();
-    let (wifi_interface, controller) = esp_wifi::wifi::new_with_mode(&init, wifi, WifiMode::Sta);
+    let (wifi_interface, controller) =
+        esp_wifi::wifi::new_with_mode(&init, wifi, WifiMode::Sta).unwrap();
 
     let timer_group0 = TimerGroup::new(
         peripherals.TIMG0,
diff --git a/examples/sync_client.rs b/examples/sync_client.rs
index 970d4db..f82b4a3 100644
--- a/examples/sync_client.rs
+++ b/examples/sync_client.rs
@@ -10,6 +10,9 @@ pub use esp32_hal as hal;
 #[cfg(feature = "esp32c3")]
 pub use esp32c3_hal as hal;
 #[doc(hidden)]
+#[cfg(feature = "esp32s2")]
+pub use esp32s2_hal as hal;
+#[doc(hidden)]
 #[cfg(feature = "esp32s3")]
 pub use esp32s3_hal as hal;
 
@@ -28,12 +31,7 @@ use esp_wifi::{
     wifi_interface::WifiStack,
     EspWifiInitFor,
 };
-use hal::{
-    clock::{ClockControl, CpuClock},
-    peripherals::Peripherals,
-    prelude::*,
-    Rng, Rtc,
-};
+use hal::{clock::ClockControl, peripherals::Peripherals, prelude::*, Rng};
 use smoltcp::{iface::SocketStorage, wire::IpAddress};
 
 const SSID: &str = env!("SSID");
@@ -49,21 +47,11 @@ fn main() -> ! {
     #[cfg(not(feature = "esp32"))]
     #[allow(unused_mut)]
     let mut system = peripherals.SYSTEM.split();
-    #[cfg(feature = "esp32c3")]
-    let clocks = ClockControl::configure(system.clock_control, CpuClock::Clock160MHz).freeze();
-    #[cfg(any(feature = "esp32", feature = "esp32s3"))]
-    let clocks = ClockControl::configure(system.clock_control, CpuClock::Clock240MHz).freeze();
-
-    let mut rtc = Rtc::new(peripherals.RTC_CNTL);
-
-    // Disable watchdog timers
-    #[cfg(not(feature = "esp32"))]
-    rtc.swd.disable();
-    rtc.rwdt.disable();
+    let clocks = ClockControl::max(system.clock_control).freeze();
 
     #[cfg(feature = "esp32c3")]
     let timer = hal::systimer::SystemTimer::new(peripherals.SYSTIMER).alarm0;
-    #[cfg(any(feature = "esp32", feature = "esp32s3"))]
+    #[cfg(any(feature = "esp32", feature = "esp32s2", feature = "esp32s3"))]
     let timer = hal::timer::TimerGroup::new(
         peripherals.TIMG1,
         &clocks,
@@ -79,10 +67,13 @@ fn main() -> ! {
     )
     .unwrap();
 
+    #[cfg(feature = "esp32s2")]
+    let wifi = peripherals.RADIO.split();
+    #[cfg(not(feature = "esp32s2"))]
     let (wifi, _) = peripherals.RADIO.split();
     let mut socket_set_entries: [SocketStorage; 3] = Default::default();
     let (iface, device, mut controller, sockets) =
-        create_network_interface(&init, wifi, WifiMode::Sta, &mut socket_set_entries);
+        create_network_interface(&init, wifi, WifiMode::Sta, &mut socket_set_entries).unwrap();
     let wifi_stack = WifiStack::new(iface, device, sockets, current_millis);
 
     println!("Call wifi_connect");
diff --git a/examples/sync_client_mTLS.rs b/examples/sync_client_mTLS.rs
index c38006b..be6916b 100644
--- a/examples/sync_client_mTLS.rs
+++ b/examples/sync_client_mTLS.rs
@@ -10,6 +10,9 @@ pub use esp32_hal as hal;
 #[cfg(feature = "esp32c3")]
 pub use esp32c3_hal as hal;
 #[doc(hidden)]
+#[cfg(feature = "esp32s2")]
+pub use esp32s2_hal as hal;
+#[doc(hidden)]
 #[cfg(feature = "esp32s3")]
 pub use esp32s3_hal as hal;
 
@@ -28,12 +31,7 @@ use esp_wifi::{
     wifi_interface::WifiStack,
     EspWifiInitFor,
 };
-use hal::{
-    clock::{ClockControl, CpuClock},
-    peripherals::Peripherals,
-    prelude::*,
-    Rng, Rtc,
-};
+use hal::{clock::ClockControl, peripherals::Peripherals, prelude::*, Rng};
 use smoltcp::{iface::SocketStorage, wire::IpAddress};
 
 const SSID: &str = env!("SSID");
@@ -49,21 +47,11 @@ fn main() -> ! {
     #[cfg(not(feature = "esp32"))]
     #[allow(unused_mut)]
     let mut system = peripherals.SYSTEM.split();
-    #[cfg(feature = "esp32c3")]
-    let clocks = ClockControl::configure(system.clock_control, CpuClock::Clock160MHz).freeze();
-    #[cfg(any(feature = "esp32", feature = "esp32s3"))]
-    let clocks = ClockControl::configure(system.clock_control, CpuClock::Clock240MHz).freeze();
-
-    let mut rtc = Rtc::new(peripherals.RTC_CNTL);
-
-    // Disable watchdog timers
-    #[cfg(not(feature = "esp32"))]
-    rtc.swd.disable();
-    rtc.rwdt.disable();
+    let clocks = ClockControl::max(system.clock_control).freeze();
 
     #[cfg(feature = "esp32c3")]
     let timer = hal::systimer::SystemTimer::new(peripherals.SYSTIMER).alarm0;
-    #[cfg(any(feature = "esp32", feature = "esp32s3"))]
+    #[cfg(any(feature = "esp32", feature = "esp32s2", feature = "esp32s3"))]
     let timer = hal::timer::TimerGroup::new(
         peripherals.TIMG1,
         &clocks,
@@ -79,10 +67,13 @@ fn main() -> ! {
     )
     .unwrap();
 
+    #[cfg(feature = "esp32s2")]
+    let wifi = peripherals.RADIO.split();
+    #[cfg(not(feature = "esp32s2"))]
     let (wifi, _) = peripherals.RADIO.split();
     let mut socket_set_entries: [SocketStorage; 3] = Default::default();
     let (iface, device, mut controller, sockets) =
-        create_network_interface(&init, wifi, WifiMode::Sta, &mut socket_set_entries);
+        create_network_interface(&init, wifi, WifiMode::Sta, &mut socket_set_entries).unwrap();
     let wifi_stack = WifiStack::new(iface, device, sockets, current_millis);
 
     println!("Call wifi_connect");
diff --git a/examples/sync_server.rs b/examples/sync_server.rs
index 8826c11..662dade 100644
--- a/examples/sync_server.rs
+++ b/examples/sync_server.rs
@@ -13,6 +13,9 @@ pub use esp32_hal as hal;
 #[cfg(feature = "esp32c3")]
 pub use esp32c3_hal as hal;
 #[doc(hidden)]
+#[cfg(feature = "esp32s2")]
+pub use esp32s2_hal as hal;
+#[doc(hidden)]
 #[cfg(feature = "esp32s3")]
 pub use esp32s3_hal as hal;
 
@@ -31,12 +34,7 @@ use esp_wifi::{
     wifi_interface::WifiStack,
     EspWifiInitFor,
 };
-use hal::{
-    clock::{ClockControl, CpuClock},
-    peripherals::Peripherals,
-    prelude::*,
-    Rng, Rtc,
-};
+use hal::{clock::ClockControl, peripherals::Peripherals, prelude::*, Rng};
 use smoltcp::iface::SocketStorage;
 
 const SSID: &str = env!("SSID");
@@ -52,21 +50,11 @@ fn main() -> ! {
     #[cfg(not(feature = "esp32"))]
     #[allow(unused_mut)]
     let mut system = peripherals.SYSTEM.split();
-    #[cfg(feature = "esp32c3")]
-    let clocks = ClockControl::configure(system.clock_control, CpuClock::Clock160MHz).freeze();
-    #[cfg(any(feature = "esp32", feature = "esp32s3"))]
-    let clocks = ClockControl::configure(system.clock_control, CpuClock::Clock240MHz).freeze();
-
-    let mut rtc = Rtc::new(peripherals.RTC_CNTL);
-
-    // Disable watchdog timers
-    #[cfg(not(feature = "esp32"))]
-    rtc.swd.disable();
-    rtc.rwdt.disable();
+    let clocks = ClockControl::max(system.clock_control).freeze();
 
     #[cfg(feature = "esp32c3")]
     let timer = hal::systimer::SystemTimer::new(peripherals.SYSTIMER).alarm0;
-    #[cfg(any(feature = "esp32", feature = "esp32s3"))]
+    #[cfg(any(feature = "esp32", feature = "esp32s2", feature = "esp32s3"))]
     let timer = hal::timer::TimerGroup::new(
         peripherals.TIMG1,
         &clocks,
@@ -82,10 +70,13 @@ fn main() -> ! {
     )
     .unwrap();
 
+    #[cfg(feature = "esp32s2")]
+    let wifi = peripherals.RADIO.split();
+    #[cfg(not(feature = "esp32s2"))]
     let (wifi, _) = peripherals.RADIO.split();
     let mut socket_set_entries: [SocketStorage; 3] = Default::default();
     let (iface, device, mut controller, sockets) =
-        create_network_interface(&init, wifi, WifiMode::Sta, &mut socket_set_entries);
+        create_network_interface(&init, wifi, WifiMode::Sta, &mut socket_set_entries).unwrap();
     let wifi_stack = WifiStack::new(iface, device, sockets, current_millis);
 
     println!("Call wifi_connect");
diff --git a/examples/sync_server_mTLS.rs b/examples/sync_server_mTLS.rs
index 162447b..f93199d 100644
--- a/examples/sync_server_mTLS.rs
+++ b/examples/sync_server_mTLS.rs
@@ -30,6 +30,9 @@ pub use esp32_hal as hal;
 #[cfg(feature = "esp32c3")]
 pub use esp32c3_hal as hal;
 #[doc(hidden)]
+#[cfg(feature = "esp32s2")]
+pub use esp32s2_hal as hal;
+#[doc(hidden)]
 #[cfg(feature = "esp32s3")]
 pub use esp32s3_hal as hal;
 
@@ -48,12 +51,7 @@ use esp_wifi::{
     wifi_interface::WifiStack,
     EspWifiInitFor,
 };
-use hal::{
-    clock::{ClockControl, CpuClock},
-    peripherals::Peripherals,
-    prelude::*,
-    Rng, Rtc,
-};
+use hal::{clock::ClockControl, peripherals::Peripherals, prelude::*, Rng};
 use smoltcp::iface::SocketStorage;
 
 const SSID: &str = env!("SSID");
@@ -69,21 +67,11 @@ fn main() -> ! {
     #[cfg(not(feature = "esp32"))]
     #[allow(unused_mut)]
     let mut system = peripherals.SYSTEM.split();
-    #[cfg(feature = "esp32c3")]
-    let clocks = ClockControl::configure(system.clock_control, CpuClock::Clock160MHz).freeze();
-    #[cfg(any(feature = "esp32", feature = "esp32s3"))]
-    let clocks = ClockControl::configure(system.clock_control, CpuClock::Clock240MHz).freeze();
-
-    let mut rtc = Rtc::new(peripherals.RTC_CNTL);
-
-    // Disable watchdog timers
-    #[cfg(not(feature = "esp32"))]
-    rtc.swd.disable();
-    rtc.rwdt.disable();
+    let clocks = ClockControl::max(system.clock_control).freeze();
 
     #[cfg(feature = "esp32c3")]
     let timer = hal::systimer::SystemTimer::new(peripherals.SYSTIMER).alarm0;
-    #[cfg(any(feature = "esp32", feature = "esp32s3"))]
+    #[cfg(any(feature = "esp32", feature = "esp32s2", feature = "esp32s3"))]
     let timer = hal::timer::TimerGroup::new(
         peripherals.TIMG1,
         &clocks,
@@ -99,10 +87,13 @@ fn main() -> ! {
     )
     .unwrap();
 
+    #[cfg(feature = "esp32s2")]
+    let wifi = peripherals.RADIO.split();
+    #[cfg(not(feature = "esp32s2"))]
     let (wifi, _) = peripherals.RADIO.split();
     let mut socket_set_entries: [SocketStorage; 3] = Default::default();
     let (iface, device, mut controller, sockets) =
-        create_network_interface(&init, wifi, WifiMode::Sta, &mut socket_set_entries);
+        create_network_interface(&init, wifi, WifiMode::Sta, &mut socket_set_entries).unwrap();
     let wifi_stack = WifiStack::new(iface, device, sockets, current_millis);
 
     println!("Call wifi_connect");
diff --git a/genssl.sh b/genssl.sh
index 5458ec3..0d8f7ba 100755
--- a/genssl.sh
+++ b/genssl.sh
@@ -38,7 +38,7 @@ openssl x509 \
     -CA $CERTS_DIR/ca_cert.pem \
     -CAkey $CERTS_DIR/ca_key.pem \
     -out $CERTS_DIR/certificate.pem \
-    -set_serial 01 \
+    -CAcreateserial \
     -days 365
 
 # Remove csr
diff --git a/libs/riscv32imc-unknown-none-elf/libmbedcrypto.a b/libs/riscv32imc-unknown-none-elf/libmbedcrypto.a
index 91dd3af..3959f1c 100644
Binary files a/libs/riscv32imc-unknown-none-elf/libmbedcrypto.a and b/libs/riscv32imc-unknown-none-elf/libmbedcrypto.a differ
diff --git a/libs/riscv32imc-unknown-none-elf/libmbedtls.a b/libs/riscv32imc-unknown-none-elf/libmbedtls.a
index a4d396d..386d96f 100644
Binary files a/libs/riscv32imc-unknown-none-elf/libmbedtls.a and b/libs/riscv32imc-unknown-none-elf/libmbedtls.a differ
diff --git a/libs/riscv32imc-unknown-none-elf/libmbedx509.a b/libs/riscv32imc-unknown-none-elf/libmbedx509.a
index 268b26e..386589a 100644
Binary files a/libs/riscv32imc-unknown-none-elf/libmbedx509.a and b/libs/riscv32imc-unknown-none-elf/libmbedx509.a differ
diff --git a/libs/xtensa-esp32-none-elf/libmbedcrypto.a b/libs/xtensa-esp32-none-elf/libmbedcrypto.a
index 3faa570..248fbd8 100644
Binary files a/libs/xtensa-esp32-none-elf/libmbedcrypto.a and b/libs/xtensa-esp32-none-elf/libmbedcrypto.a differ
diff --git a/libs/xtensa-esp32-none-elf/libmbedtls.a b/libs/xtensa-esp32-none-elf/libmbedtls.a
index 84aa12a..0e8d78c 100644
Binary files a/libs/xtensa-esp32-none-elf/libmbedtls.a and b/libs/xtensa-esp32-none-elf/libmbedtls.a differ
diff --git a/libs/xtensa-esp32-none-elf/libmbedx509.a b/libs/xtensa-esp32-none-elf/libmbedx509.a
index 7d169a9..6ee249a 100644
Binary files a/libs/xtensa-esp32-none-elf/libmbedx509.a and b/libs/xtensa-esp32-none-elf/libmbedx509.a differ
diff --git a/libs/xtensa-esp32s2-none-elf/libmbedcrypto.a b/libs/xtensa-esp32s2-none-elf/libmbedcrypto.a
index 3faa570..14c6f34 100644
Binary files a/libs/xtensa-esp32s2-none-elf/libmbedcrypto.a and b/libs/xtensa-esp32s2-none-elf/libmbedcrypto.a differ
diff --git a/libs/xtensa-esp32s2-none-elf/libmbedtls.a b/libs/xtensa-esp32s2-none-elf/libmbedtls.a
index 84aa12a..13b0b16 100644
Binary files a/libs/xtensa-esp32s2-none-elf/libmbedtls.a and b/libs/xtensa-esp32s2-none-elf/libmbedtls.a differ
diff --git a/libs/xtensa-esp32s2-none-elf/libmbedx509.a b/libs/xtensa-esp32s2-none-elf/libmbedx509.a
index 7d169a9..b4b166f 100644
Binary files a/libs/xtensa-esp32s2-none-elf/libmbedx509.a and b/libs/xtensa-esp32s2-none-elf/libmbedx509.a differ
diff --git a/libs/xtensa-esp32s3-none-elf/libmbedcrypto.a b/libs/xtensa-esp32s3-none-elf/libmbedcrypto.a
index 3faa570..248fbd8 100644
Binary files a/libs/xtensa-esp32s3-none-elf/libmbedcrypto.a and b/libs/xtensa-esp32s3-none-elf/libmbedcrypto.a differ
diff --git a/libs/xtensa-esp32s3-none-elf/libmbedtls.a b/libs/xtensa-esp32s3-none-elf/libmbedtls.a
index 84aa12a..0e8d78c 100644
Binary files a/libs/xtensa-esp32s3-none-elf/libmbedtls.a and b/libs/xtensa-esp32s3-none-elf/libmbedtls.a differ
diff --git a/libs/xtensa-esp32s3-none-elf/libmbedx509.a b/libs/xtensa-esp32s3-none-elf/libmbedx509.a
index 7d169a9..6ee249a 100644
Binary files a/libs/xtensa-esp32s3-none-elf/libmbedx509.a and b/libs/xtensa-esp32s3-none-elf/libmbedx509.a differ
diff --git a/xtask/Cargo.toml b/xtask/Cargo.toml
index 1cd0e48..17cbadd 100644
--- a/xtask/Cargo.toml
+++ b/xtask/Cargo.toml
@@ -5,7 +5,11 @@ edition = "2021"
 
 [dependencies]
 anyhow      = "1.0.68"
-bindgen     = "0.59.2"
+bindgen     = "0.68.1"
 directories = "4.0.1"
 env_logger  = "0.10.0"
-log         = "0.4.17"
\ No newline at end of file
+log         = "0.4.17"
+cmake       = "0.1.50"
+tempdir     = "0.3.7"
+fs_extra    = "1.3.0"
+clap        = { version = "4.4.2", features = ["derive"] }
diff --git a/xtask/src/main.rs b/xtask/src/main.rs
index f8460cc..881e596 100644
--- a/xtask/src/main.rs
+++ b/xtask/src/main.rs
@@ -1,9 +1,88 @@
-use std::{path::PathBuf, process::Command};
+use std::{
+    env,
+    fs::{self, rename},
+    io::{Read, Write},
+    path::{Path, PathBuf},
+    process::Command,
+};
 
 use anyhow::{anyhow, Result};
 use bindgen::Builder;
+use clap::{Parser, Subcommand, ValueEnum};
+use cmake::Config;
 use directories::UserDirs;
+use fs_extra::dir::{copy, CopyOptions};
 use log::LevelFilter;
+use tempdir::TempDir;
+
+// Arguments
+#[derive(Parser, Debug)]
+#[command(author, version, about = "Compile and generate bindings for mbedtls to be used in Rust.", long_about = None, subcommand_required = true)]
+struct Args {
+    #[command(subcommand)]
+    command: Option<Commands>,
+}
+
+#[derive(Subcommand, Debug)]
+enum Commands {
+    /// Generate Rust bindings for mbedtls
+    Bindings {
+        #[arg(long, value_name = "TARGET", value_enum)]
+        chip: Option<Soc>,
+    },
+    /// Build mbedtls and generate .a libraries
+    Compile {
+        #[arg(long, value_name = "TARGET", value_enum)]
+        chip: Option<Soc>,
+    },
+}
+
+/// All SOCs available for compiling and binding
+#[derive(ValueEnum, Copy, Clone, Debug, PartialEq, Eq)]
+enum Soc {
+    ESP32,
+    ESP32C3,
+    ESP32S2,
+    ESP32S3,
+}
+
+impl core::fmt::Display for Soc {
+    fn fmt(&self, f: &mut core::fmt::Formatter) -> core::fmt::Result {
+        match self {
+            Soc::ESP32 => write!(f, "esp32"),
+            Soc::ESP32C3 => write!(f, "esp32c3"),
+            Soc::ESP32S2 => write!(f, "esp32s2"),
+            Soc::ESP32S3 => write!(f, "esp32s3"),
+        }
+    }
+}
+
+#[derive(Debug, PartialEq)]
+enum Arch {
+    RiscV,
+    Xtensa,
+}
+
+/// Data for binding compiling on a target
+struct CompilationTarget<'a> {
+    /// Chip of the target
+    soc: Soc,
+
+    /// The chip architecture
+    arch: Arch,
+
+    /// Target triple
+    target: &'a str,
+
+    /// cmake toolchain file
+    toolchain_file: PathBuf,
+
+    /// Path for headers files for compiling (where mbedtls_config.h is stored)
+    compile_include_path: PathBuf,
+
+    /// Sysroot path for bindings
+    sysroot_path: PathBuf,
+}
 
 fn main() -> Result<()> {
     env_logger::Builder::new()
@@ -18,24 +97,107 @@ fn main() -> Result<()> {
     // Determine the $HOME directory, and subsequently the Espressif tools
     // directory:
     let home = UserDirs::new().unwrap().home_dir().to_path_buf();
-    let tools = home.join(".espressif").join("tools");
-
-    generate_bindings(
-        &workspace,
-        tools.join(
-            "riscv32-esp-elf/esp-2021r2-patch5-8_4_0/riscv32-esp-elf/riscv32-esp-elf/include/",
-        ),
-        tools.join("riscv32-esp-elf/esp-2021r2-patch5-8_4_0/riscv32-esp-elf/"),
-    )?;
+    // We use the tools that come installed with the toolchain
+    let toolchain_dir = home.join(".rustup").join("toolchains").join("esp");
+
+    let compilation_targets: Vec<CompilationTarget> = vec![
+        CompilationTarget {
+            soc: Soc::ESP32,
+            arch: Arch::Xtensa,
+            target: "xtensa-esp32-none-elf",
+            toolchain_file: workspace
+                .join("xtask/toolchains/toolchain-esp32.cmake")
+                .canonicalize()
+                .unwrap(),
+            compile_include_path: workspace.join("esp-mbedtls-sys").join("headers/esp32/"),
+            sysroot_path: toolchain_dir.join(
+                "xtensa-esp32-elf/esp-2021r2-patch5-8_4_0/xtensa-esp32-elf/xtensa-esp32-elf/",
+            ),
+        },
+        CompilationTarget {
+            soc: Soc::ESP32C3,
+            arch: Arch::RiscV,
+            target: "riscv32imc-unknown-none-elf",
+            toolchain_file: workspace
+                .join("xtask/toolchains/toolchain-esp32c3.cmake")
+                .canonicalize()
+                .unwrap(),
+            compile_include_path: workspace.join("esp-mbedtls-sys").join("headers/esp32c3/"),
+            sysroot_path: toolchain_dir
+                .join("riscv32-esp-elf/esp-2021r2-patch5-8_4_0/riscv32-esp-elf/riscv32-esp-elf/"),
+        },
+        CompilationTarget {
+            soc: Soc::ESP32S2,
+            arch: Arch::Xtensa,
+            target: "xtensa-esp32s2-none-elf",
+            toolchain_file: workspace
+                .join("xtask/toolchains/toolchain-esp32s2.cmake")
+                .canonicalize()
+                .unwrap(),
+            compile_include_path: workspace.join("esp-mbedtls-sys").join("headers/esp32s2/"),
+            sysroot_path: toolchain_dir.join(
+                "xtensa-esp32s2-elf/esp-2021r2-patch5-8_4_0/xtensa-esp32s2-elf/xtensa-esp32s2-elf/",
+            ),
+        },
+        CompilationTarget {
+            soc: Soc::ESP32S3,
+            arch: Arch::Xtensa,
+            target: "xtensa-esp32s3-none-elf",
+            toolchain_file: workspace
+                .join("xtask/toolchains/toolchain-esp32s3.cmake")
+                .canonicalize()
+                .unwrap(),
+            compile_include_path: workspace.join("esp-mbedtls-sys").join("headers/esp32s3/"),
+            sysroot_path: toolchain_dir.join(
+                "xtensa-esp32s3-elf/esp-2021r2-patch5-8_4_0/xtensa-esp32s3-elf/xtensa-esp32s3-elf/",
+            ),
+        },
+    ];
+    let args = Args::parse();
+
+    match args.command {
+        Some(Commands::Compile { chip }) => match chip {
+            Some(chip) => {
+                compile(
+                    &workspace,
+                    compilation_targets
+                        .iter()
+                        .find(|&target| target.soc == chip)
+                        .expect("Compilation target not found"),
+                )?;
+            }
+            None => {
+                for target in compilation_targets {
+                    compile(&workspace, &target)?;
+                }
+            }
+        },
+        Some(Commands::Bindings { chip }) => match chip {
+            Some(chip) => {
+                generate_bindings(
+                    &workspace,
+                    compilation_targets
+                        .iter()
+                        .find(|&target| target.soc == chip)
+                        .expect("Compilation target not found"),
+                )?;
+            }
+            None => {
+                for target in compilation_targets {
+                    generate_bindings(&workspace, &target)?;
+                }
+            }
+        },
+        _ => {
+            unreachable!();
+        }
+    }
 
     Ok(())
 }
 
-fn generate_bindings(
-    workspace: &PathBuf,
-    include_path: PathBuf,
-    sysroot_path: PathBuf,
-) -> Result<()> {
+/// Generate bindings for esp-mbedtls-sys
+fn generate_bindings(workspace: &Path, compilation_target: &CompilationTarget) -> Result<()> {
     let sys_path = workspace.join("esp-mbedtls-sys");
 
     // Generate the bindings using `bindgen`:
@@ -44,11 +206,11 @@ fn generate_bindings(
         .clang_args([
             &format!(
                 "-I{}",
-                sys_path
-                    .join("../build_mbedtls")
+                &compilation_target
+                    .compile_include_path
                     .display()
                     .to_string()
-                    .replace("\\", "/")
+                    .replace('\\', "/")
                     .replace("//?/C:", "")
             ),
             &format!(
@@ -57,7 +219,7 @@ fn generate_bindings(
                     .join("../mbedtls/include/")
                     .display()
                     .to_string()
-                    .replace("\\", "/")
+                    .replace('\\', "/")
                     .replace("//?/C:", "")
             ),
             &format!(
@@ -66,27 +228,35 @@ fn generate_bindings(
                     .join("include")
                     .display()
                     .to_string()
-                    .replace("\\", "/")
+                    .replace('\\', "/")
                     .replace("//?/C:", "")
             ),
             &format!(
                 "-I{}",
-                include_path
+                compilation_target
+                    .sysroot_path
+                    .join("include")
                     .display()
                     .to_string()
-                    .replace("\\", "/")
+                    .replace('\\', "/")
                     .replace("//?/C:", "")
             ),
             &format!(
                 "--sysroot={}",
-                sysroot_path
+                compilation_target
+                    .sysroot_path
                     .display()
                     .to_string()
-                    .replace("\\", "/")
+                    .replace('\\', "/")
                     .replace("//?/C:", "")
             ),
             &format!(
-                "--target=riscv32"
+                "--target={}",
+                if compilation_target.arch == Arch::Xtensa {
+                    "xtensa"
+                } else {
+                    "riscv32"
+                }
             ),
         ])
         .ctypes_prefix("crate::c_types")
@@ -101,14 +271,119 @@ fn generate_bindings(
     // Write out the bindings to the appropriate path:
     let path = sys_path
         .join("src")
-        .join("bindings.rs");
+        .join("include")
+        .join(format!("{}.rs", compilation_target.soc.to_string()));
     log::info!("Writing out bindings to: {}", path.display());
     bindings.write_to_file(&path)?;
 
     // Format the bindings:
     Command::new("rustfmt")
         .arg(path.to_string_lossy().to_string())
+        .arg("--config")
+        .arg("normalize_doc_attributes=true")
         .output()?;
 
     Ok(())
 }
+
+/// Compile mbedtls for the given target and copy the libraries into /libs/
+fn compile(workspace: &Path, compilation_target: &CompilationTarget) -> Result<()> {
+    log::info!(
+        "Initializing directory for compiling {:?}",
+        compilation_target.soc
+    );
+    let mbedtls_path = workspace.join("mbedtls");
+    let tmp = TempDir::new("tmp").expect("Failed to create tmp directory for building");
+
+    let tmpsrc = TempDir::new_in(tmp.path(), "tmpsrc")
+        .expect("Failed to create tmpsrc directory for building");
+    let target_dir = TempDir::new_in(tmp.path(), "target")
+        .expect("Failed to create target directory for building");
+    let copy_options = CopyOptions::new().overwrite(true); //Initialize default values for CopyOptions
+
+    // Copy mbedtls into the building directory
+    copy(mbedtls_path, tmpsrc.path(), &copy_options)?;
+    // Copy header files for building
+    copy(
+        &compilation_target.compile_include_path,
+        tmpsrc
+            .path()
+            .join("mbedtls")
+            .join("include")
+            .join("mbedtls"),
+        &copy_options.content_only(true),
+    )?;
+    // Move config.h back to mbedtls_config.h
+    rename(
+        tmpsrc
+            .path()
+            .join("mbedtls")
+            .join("include")
+            .join("mbedtls")
+            .join("config.h"),
+        tmpsrc
+            .path()
+            .join("mbedtls")
+            .join("include")
+            .join("mbedtls")
+            .join("mbedtls_config.h"),
+    )?;
+
+    // Remove "-Wdocumentation" since Clang will complain
+    let mut file = fs::File::open(
+        tmpsrc
+            .path()
+            .join("mbedtls")
+            .join("library")
+            .join("CMakeLists.txt"),
+    )?;
+    let mut content = String::new();
+    file.read_to_string(&mut content)?;
+    let mut file = fs::File::create(
+        tmpsrc
+            .path()
+            .join("mbedtls")
+            .join("library")
+            .join("CMakeLists.txt"),
+    )?;
+    file.write_all(content.replace("-Wdocumentation", "").as_bytes())?;
+
+    // Compile mbedtls and generate libraries to link against
+    log::info!("Compiling mbedtls");
+    let dst = Config::new(tmpsrc.path().join("mbedtls"))
+        .define("USE_SHARED_MBEDTLS_LIBRARY", "OFF")
+        .define("USE_STATIC_MBEDTLS_LIBRARY", "ON")
+        .define("ENABLE_PROGRAMS", "OFF")
+        .define("ENABLE_TESTING", "OFF")
+        .define("CMAKE_EXPORT_COMPILE_COMMANDS", "ON")
+        .define("CMAKE_TOOLCHAIN_FILE", &compilation_target.toolchain_file)
+        .target(compilation_target.target)
+        .host("riscv32")
+        .profile("Release")
+        .out_dir(target_dir)
+        .build();
+
+    log::info!("Copying libraries into workspace");
+    fs::copy(
+        dst.join("lib").join("libmbedcrypto.a"),
+        workspace
+            .join("libs")
+            .join(compilation_target.target)
+            .join("libmbedcrypto.a"),
+    )?;
+    fs::copy(
+        dst.join("lib").join("libmbedx509.a"),
+        workspace
+            .join("libs")
+            .join(compilation_target.target)
+            .join("libmbedx509.a"),
+    )?;
+    fs::copy(
+        dst.join("lib").join("libmbedtls.a"),
+        workspace
+            .join("libs")
+            .join(compilation_target.target)
+            .join("libmbedtls.a"),
+    )?;
+    Ok(())
+}
diff --git a/xtask/toolchains/toolchain-esp32.cmake b/xtask/toolchains/toolchain-esp32.cmake
new file mode 100755
index 0000000..a47426b
--- /dev/null
+++ b/xtask/toolchains/toolchain-esp32.cmake
@@ -0,0 +1,8 @@
+set(CMAKE_SYSTEM_NAME Generic)
+
+set(CMAKE_C_COMPILER xtensa-esp32-elf-gcc)
+set(CMAKE_CXX_COMPILER xtensa-esp32-elf-g++)
+set(CMAKE_ASM_COMPILER xtensa-esp32-elf-gcc)
+
+set(CMAKE_C_FLAGS "-mlongcalls -Wno-frame-address" CACHE STRING "C Compiler Base Flags" FORCE)
+set(CMAKE_CXX_FLAGS "-mlongcalls -Wno-frame-address" CACHE STRING "C++ Compiler Base Flags" FORCE)
diff --git a/xtask/toolchains/toolchain-esp32c3.cmake b/xtask/toolchains/toolchain-esp32c3.cmake
new file mode 100755
index 0000000..4b09631
--- /dev/null
+++ b/xtask/toolchains/toolchain-esp32c3.cmake
@@ -0,0 +1,9 @@
+set(CMAKE_SYSTEM_NAME Generic)
+
+set(CMAKE_C_COMPILER riscv32-esp-elf-gcc)
+set(CMAKE_CXX_COMPILER riscv32-esp-elf-g++)
+set(CMAKE_ASM_COMPILER riscv32-esp-elf-gcc)
+
+set(CMAKE_C_FLAGS "-march=rv32imc" CACHE STRING "C Compiler Base Flags" FORCE)
+set(CMAKE_CXX_FLAGS "-march=rv32imc" CACHE STRING "C++ Compiler Base Flags" FORCE)
+set(CMAKE_EXE_LINKER_FLAGS "-nostartfiles -march=rv32imc --specs=nosys.specs" CACHE STRING "Linker Base Flags" FORCE)
diff --git a/xtask/toolchains/toolchain-esp32s2.cmake b/xtask/toolchains/toolchain-esp32s2.cmake
new file mode 100755
index 0000000..620ed2e
--- /dev/null
+++ b/xtask/toolchains/toolchain-esp32s2.cmake
@@ -0,0 +1,8 @@
+set(CMAKE_SYSTEM_NAME Generic)
+
+set(CMAKE_C_COMPILER xtensa-esp32s2-elf-gcc)
+set(CMAKE_CXX_COMPILER xtensa-esp32s2-elf-g++)
+set(CMAKE_ASM_COMPILER xtensa-esp32s2-elf-gcc)
+
+set(CMAKE_C_FLAGS "-mlongcalls" CACHE STRING "C Compiler Base Flags" FORCE)
+set(CMAKE_CXX_FLAGS "-mlongcalls" CACHE STRING "C++ Compiler Base Flags" FORCE)
diff --git a/xtask/toolchains/toolchain-esp32s3.cmake b/xtask/toolchains/toolchain-esp32s3.cmake
new file mode 100755
index 0000000..7bbf4a5
--- /dev/null
+++ b/xtask/toolchains/toolchain-esp32s3.cmake
@@ -0,0 +1,8 @@
+set(CMAKE_SYSTEM_NAME Generic)
+
+set(CMAKE_C_COMPILER xtensa-esp32s3-elf-gcc)
+set(CMAKE_CXX_COMPILER xtensa-esp32s3-elf-g++)
+set(CMAKE_ASM_COMPILER xtensa-esp32s3-elf-gcc)
+
+set(CMAKE_C_FLAGS "-mlongcalls" CACHE STRING "C Compiler Base Flags" FORCE)
+set(CMAKE_CXX_FLAGS "-mlongcalls" CACHE STRING "C++ Compiler Base Flags" FORCE)